[ { "path": ".changeset/README.md", "content": "# Changesets\n\nHello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works with multi-package repos, or single-package repos to help you version and publish your code. You can find the full documentation for it\n[in our repository](https://github.com/changesets/changesets)\n\nWe have a quick list of common questions to get you started engaging with this project in [our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)\n" }, { "path": ".changeset/add-hono-peer-dep.md", "content": "---\n'@modelcontextprotocol/node': patch\n---\n\nAdd missing `hono` peer dependency to `@modelcontextprotocol/node`. The package already depends on `@hono/node-server` which requires `hono` at runtime, but `hono` was only listed in the workspace root, not as a peer dependency of the package itself.\n" }, { "path": ".changeset/brave-lions-glow.md", "content": "---\n'@modelcontextprotocol/node': patch\n---\n\nPrevent Hono from overriding global Response object by passing `overrideGlobalObjects: false` to `getRequestListener()`. This fixes compatibility with frameworks like Next.js whose response classes extend the native Response.\n" }, { "path": ".changeset/busy-weeks-hang.md", "content": "---\n'@modelcontextprotocol/core': patch\n'@modelcontextprotocol/server': patch\n---\n\nFix ReDoS vulnerability in UriTemplate regex patterns (CVE-2026-0621)\n" }, { "path": ".changeset/config.json", "content": "{\n \"$schema\": \"https://unpkg.com/@changesets/config@3.1.2/schema.json\",\n \"changelog\": [\"@changesets/changelog-github\", { \"repo\": \"modelcontextprotocol/typescript-sdk\" }],\n \"commit\": false,\n \"fixed\": [],\n \"linked\": [],\n \"access\": \"public\",\n \"baseBranch\": \"main\",\n \"updateInternalDependencies\": \"patch\",\n \"ignore\": [\n \"@modelcontextprotocol/examples-client\",\n \"@modelcontextprotocol/examples-client-quickstart\",\n \"@modelcontextprotocol/examples-server\",\n \"@modelcontextprotocol/examples-server-quickstart\",\n \"@modelcontextprotocol/examples-shared\"\n ]\n}\n" }, { "path": ".changeset/cyan-cycles-pump.md", "content": "---\n'@modelcontextprotocol/server': patch\n---\n\nmissing change for fix(client): replace body.cancel() with text() to prevent hanging\n" }, { "path": ".changeset/expose-auth-server-discovery.md", "content": "---\n'@modelcontextprotocol/client': minor\n---\n\nAdd `discoverOAuthServerInfo()` function and unified discovery state caching for OAuth\n\n- New `discoverOAuthServerInfo(serverUrl)` export that performs RFC 9728 protected resource metadata discovery followed by authorization server metadata discovery in a single call. Use this for operations like token refresh and revocation that need the authorization server URL outside of `auth()`.\n- New `OAuthDiscoveryState` type and optional `OAuthClientProvider` methods `saveDiscoveryState()` / `discoveryState()` allow providers to persist all discovery results (auth server URL, resource metadata URL, resource metadata, auth server metadata) across sessions. This avoids redundant discovery requests and handles browser redirect scenarios where discovery state would otherwise be lost.\n- New `'discovery'` scope for `invalidateCredentials()` to clear cached discovery state.\n- New `OAuthServerInfo` type exported for the return value of `discoverOAuthServerInfo()`.\n" }, { "path": ".changeset/fix-task-session-isolation.md", "content": "---\n'@modelcontextprotocol/core': patch\n---\n\nFix InMemoryTaskStore to enforce session isolation. Previously, sessionId was accepted but ignored on all TaskStore methods, allowing any session to enumerate, read, and mutate tasks created by other sessions. The store now persists sessionId at creation time and enforces ownership on all reads and writes.\n" }, { "path": ".changeset/fix-unknown-tool-protocol-error.md", "content": "---\n\"@modelcontextprotocol/core\": minor\n\"@modelcontextprotocol/server\": major\n---\n\nFix error handling for unknown tools and resources per MCP spec.\n\n**Tools:** Unknown or disabled tool calls now return JSON-RPC protocol errors with\ncode `-32602` (InvalidParams) instead of `CallToolResult` with `isError: true`.\nCallers who checked `result.isError` for unknown tools should catch rejected promises instead.\n\n**Resources:** Unknown resource reads now return error code `-32002` (ResourceNotFound)\ninstead of `-32602` (InvalidParams).\n\nAdded `ProtocolErrorCode.ResourceNotFound`.\n" }, { "path": ".changeset/funky-baths-attack.md", "content": "---\n'@modelcontextprotocol/node': patch\n'@modelcontextprotocol/test-integration': patch\n'@modelcontextprotocol/server': patch\n'@modelcontextprotocol/core': patch\n---\n\nremove deprecated .tool, .prompt, .resource method signatures\n" }, { "path": ".changeset/heavy-walls-swim.md", "content": "---\n'@modelcontextprotocol/server': patch\n---\n\nreverting application/json in notifications\n" }, { "path": ".changeset/oauth-error-http200.md", "content": "---\n'@modelcontextprotocol/client': patch\n---\n\nFix OAuth error handling for servers returning errors with HTTP 200 status\n\nSome OAuth servers (e.g., GitHub) return error responses with HTTP 200 status instead of 4xx. The SDK now checks for an `error` field in the JSON response before attempting to parse it as tokens, providing users with meaningful error messages.\n" }, { "path": ".changeset/quick-islands-occur.md", "content": "---\n'@modelcontextprotocol/express': patch\n'@modelcontextprotocol/hono': patch\n'@modelcontextprotocol/node': patch\n'@modelcontextprotocol/client': patch\n'@modelcontextprotocol/server': patch\n'@modelcontextprotocol/core': patch\n---\n\nremove npm references, use pnpm\n" }, { "path": ".changeset/respect-capability-negotiation.md", "content": "---\n'@modelcontextprotocol/client': patch\n---\n\nRespect capability negotiation in list methods by returning empty lists when server lacks capability\n\nThe Client now returns empty lists instead of sending requests to servers that don't advertise the corresponding capability:\n\n- `listPrompts()` returns `{ prompts: [] }` if server lacks prompts capability\n- `listResources()` returns `{ resources: [] }` if server lacks resources capability\n- `listResourceTemplates()` returns `{ resourceTemplates: [] }` if server lacks resources capability\n- `listTools()` returns `{ tools: [] }` if server lacks tools capability\n\nThis respects the MCP spec requirement that \"Both parties SHOULD respect capability negotiation\" and avoids unnecessary server warnings and traffic. The existing `enforceStrictCapabilities` option continues to throw errors when set to `true`.\n" }, { "path": ".changeset/rich-hounds-report.md", "content": "---\n'@modelcontextprotocol/express': patch\n'@modelcontextprotocol/hono': patch\n'@modelcontextprotocol/node': patch\n'@modelcontextprotocol/client': patch\n'@modelcontextprotocol/server': patch\n'@modelcontextprotocol/core': patch\n---\n\nclean up package manager usage, all pnpm\n" }, { "path": ".changeset/shy-times-learn.md", "content": "---\n'@modelcontextprotocol/node': patch\n'@modelcontextprotocol/test-integration': patch\n'@modelcontextprotocol/server': patch\n'@modelcontextprotocol/core': patch\n---\n\ndeprecated .tool, .prompt, .resource method removal\n" }, { "path": ".changeset/tender-snails-fold.md", "content": "---\n'@modelcontextprotocol/client': patch\n'@modelcontextprotocol/server': patch\n---\n\nInitial 2.0.0-alpha.0 client and server package\n" }, { "path": ".changeset/twelve-dodos-taste.md", "content": "---\n\"@modelcontextprotocol/express\": patch\n---\n\nAdd jsonLimit option to createMcpExpressApp\n" }, { "path": ".changeset/use-scopes-supported-in-dcr.md", "content": "---\n'@modelcontextprotocol/client': minor\n---\n\nApply resolved scope consistently to both DCR and the authorization URL (SEP-835)\n\nWhen `scopes_supported` is present in the protected resource metadata (`/.well-known/oauth-protected-resource`), the SDK already uses it as the default scope for the authorization URL. This change applies the same resolved scope to the dynamic client registration request body, ensuring both use a consistent value.\n\n- `registerClient()` now accepts an optional `scope` parameter that overrides `clientMetadata.scope` in the registration body.\n- `auth()` now computes the resolved scope once (WWW-Authenticate → PRM `scopes_supported` → `clientMetadata.scope`) and passes it to both DCR and the authorization request.\n" }, { "path": ".git-blame-ignore-revs", "content": "" }, { "path": ".github/CODEOWNERS", "content": "# TypeScript SDK Code Owners\n\n# Default owners for everything in the repo\n* @modelcontextprotocol/typescript-sdk\n\n# Auth team owns all auth-related code\n/src/server/auth/ @modelcontextprotocol/typescript-sdk-auth\n/src/client/auth* @modelcontextprotocol/typescript-sdk-auth\n/src/shared/auth* @modelcontextprotocol/typescript-sdk-auth\n/src/examples/client/simpleOAuthClient.ts @modelcontextprotocol/typescript-sdk-auth\n/src/examples/server/demoInMemoryOAuthProvider.ts @modelcontextprotocol/typescript-sdk-auth" }, { "path": ".github/workflows/claude-code-review.yml", "content": "# Source: https://github.com/anthropics/claude-code-action/blob/main/docs/code-review.md\nname: Claude Code Review\n\non:\n pull_request:\n types: [opened, synchronize, ready_for_review, reopened]\n\njobs:\n claude-review:\n if: github.event.pull_request.head.repo.fork == false && github.actor != 'dependabot[bot]'\n runs-on: ubuntu-latest\n permissions:\n contents: read\n pull-requests: read\n issues: read\n id-token: write\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v6\n with:\n fetch-depth: 1\n\n - name: Run Claude Code Review\n id: claude-review\n uses: anthropics/claude-code-action@v1\n with:\n anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}\n plugin_marketplaces: \"https://github.com/anthropics/claude-code.git\"\n plugins: \"code-review@claude-code-plugins\"\n prompt: \"/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}\"\n" }, { "path": ".github/workflows/claude.yml", "content": "# Source: https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md\nname: Claude Code\n\non:\n issue_comment:\n types: [created]\n pull_request_review_comment:\n types: [created]\n issues:\n types: [opened, assigned]\n pull_request_review:\n types: [submitted]\n\njobs:\n claude:\n if: |\n (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||\n (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||\n (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||\n (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))\n runs-on: ubuntu-latest\n permissions:\n contents: read\n pull-requests: read\n issues: read\n id-token: write\n actions: read\n steps:\n - name: Checkout repository\n uses: actions/checkout@v6\n with:\n fetch-depth: 1\n\n - name: Run Claude Code\n id: claude\n uses: anthropics/claude-code-action@v1\n with:\n anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}\n use_commit_signing: true\n additional_permissions: |\n actions: read\n" }, { "path": ".github/workflows/conformance.yml", "content": "name: Conformance Tests\n\non:\n push:\n branches: [main]\n pull_request:\n workflow_dispatch:\n\nconcurrency:\n group: conformance-${{ github.ref }}\n cancel-in-progress: true\n\npermissions:\n contents: read\n\njobs:\n client-conformance:\n runs-on: ubuntu-latest\n continue-on-error: true\n steps:\n - uses: actions/checkout@v4\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n - uses: actions/setup-node@v4\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n - run: pnpm install\n - run: pnpm run build:all\n - run: pnpm run test:conformance:client:all\n\n server-conformance:\n runs-on: ubuntu-latest\n continue-on-error: true\n steps:\n - uses: actions/checkout@v4\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n - uses: actions/setup-node@v4\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n - run: pnpm install\n - run: pnpm run build:all\n - run: pnpm run test:conformance:server\n" }, { "path": ".github/workflows/deploy-docs.yml", "content": "name: Deploy Docs\n\non:\n push:\n branches:\n - main\n - v1.x\n workflow_dispatch:\n\nconcurrency:\n group: deploy-docs\n cancel-in-progress: true\n\njobs:\n deploy-docs:\n runs-on: ubuntu-latest\n\n permissions:\n contents: read\n pages: write\n id-token: write\n\n environment:\n name: github-pages\n url: ${{ steps.deployment.outputs.page_url }}\n\n steps:\n - uses: actions/checkout@v4\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n - uses: actions/setup-node@v4\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n\n - name: Generate multi-version docs\n run: bash scripts/generate-multidoc.sh tmp/docs-combined\n\n - name: Configure Pages\n uses: actions/configure-pages@v5\n\n - name: Upload Pages artifact\n uses: actions/upload-pages-artifact@v3\n with:\n path: tmp/docs-combined\n\n - name: Deploy to GitHub Pages\n id: deployment\n uses: actions/deploy-pages@v4\n" }, { "path": ".github/workflows/main.yml", "content": "on:\n push:\n branches:\n - main\n pull_request:\n workflow_dispatch:\n release:\n types: [published]\n\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n build:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v6\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n id: pnpm-install\n with:\n run_install: false\n - uses: actions/setup-node@v6\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n\n - run: pnpm install\n - run: pnpm run check:all\n - run: pnpm run build:all\n\n test:\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n node-version: [20, 22, 24]\n\n steps:\n - uses: actions/checkout@v6\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n id: pnpm-install\n with:\n run_install: false\n - uses: actions/setup-node@v6\n with:\n node-version: ${{ matrix.node-version }}\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n\n - run: pnpm install\n\n - run: pnpm test:all\n\n test-runtimes:\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n include:\n - runtime: bun\n version: \"1.x\"\n - runtime: deno\n version: v2.x\n steps:\n - uses: actions/checkout@v6\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n - uses: actions/setup-node@v6\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n - name: Set up Bun\n if: matrix.runtime == 'bun'\n uses: oven-sh/setup-bun@v2\n with:\n bun-version: ${{ matrix.version }}\n - name: Set up Deno\n if: matrix.runtime == 'deno'\n uses: denoland/setup-deno@v2\n with:\n deno-version: ${{ matrix.version }}\n - run: pnpm install\n - run: pnpm build:all\n - name: Run ${{ matrix.runtime }} integration tests\n run: pnpm --filter @modelcontextprotocol/test-integration test:integration:${{ matrix.runtime }}\n\n publish:\n runs-on: ubuntu-latest\n if: github.event_name == 'release'\n environment: release\n needs: [build, test, test-runtimes]\n\n permissions:\n contents: read\n id-token: write\n\n steps:\n - uses: actions/checkout@v4\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n id: pnpm-install\n with:\n run_install: false\n - uses: actions/setup-node@v4\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n registry-url: 'https://registry.npmjs.org'\n - run: pnpm install\n\n - name: Determine npm tag\n id: npm-tag\n run: |\n VERSION=$(node -p \"require('./package.json').version\")\n # Check if this is a beta release\n if [[ \"$VERSION\" == *\"-beta\"* ]]; then\n echo \"tag=--tag beta\" >> $GITHUB_OUTPUT\n # Check if this release is from a non-primary branch (patch/maintenance release)\n elif [[ \"${{ github.event.release.target_commitish }}\" != \"main\" && \"${{ github.event.release.target_commitish }}\" != \"v1.x\" ]]; then\n # Use \"release-X.Y\" as tag for old branch releases (e.g., \"release-1.23\" for 1.23.x)\n # npm tags are mutable pointers to versions (like \"latest\" pointing to 1.24.3).\n # Using \"release-1.23\" means users can `npm install @modelcontextprotocol/sdk@release-1.23`\n # to get the latest patch on that minor version, and the tag updates if we\n # release 1.23.2, 1.23.3, etc.\n # Note: Can't use \"v1.23\" because npm rejects tags that look like semver ranges.\n MAJOR_MINOR=$(echo \"$VERSION\" | cut -d. -f1,2)\n echo \"tag=--tag release-${MAJOR_MINOR}\" >> $GITHUB_OUTPUT\n else\n echo \"tag=\" >> $GITHUB_OUTPUT\n fi\n\n - run: pnpm publish --provenance --access public ${{ steps.npm-tag.outputs.tag }}\n env:\n NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}\n" }, { "path": ".github/workflows/publish.yml", "content": "name: Publish Any Commit\n\npermissions:\n contents: read\n\non:\n pull_request:\n push:\n branches:\n - '**'\n tags:\n - '!**'\n\njobs:\n pkg-publish:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v6\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n\n - name: Setup Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n registry-url: 'https://registry.npmjs.org'\n\n - name: Install dependencies\n run: pnpm install\n\n - name: Build packages\n run: pnpm run build:all\n\n - name: Publish preview packages\n run:\n pnpm dlx pkg-pr-new publish --packageManager=npm --pnpm './packages/server' './packages/client'\n './packages/middleware/express' './packages/middleware/hono' './packages/middleware/node'\n" }, { "path": ".github/workflows/release.yml", "content": "name: Release\n\npermissions:\n contents: write\n pull-requests: write\n\non:\n push:\n branches:\n - main\n\nconcurrency: ${{ github.workflow }}-${{ github.ref }}\n\njobs:\n release:\n name: Release\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n with:\n run_install: false\n\n - name: Setup Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n registry-url: 'https://registry.npmjs.org'\n\n - name: Install dependencies\n run: pnpm install\n\n - name: Create Release Pull Request or Publish to npm\n id: changesets\n uses: changesets/action@v1\n with:\n publish: pnpm run build:all && pnpm changeset publish\n env:\n GITHUB_TOKEN: ${{ github.token }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}\n" }, { "path": ".github/workflows/update-spec-types.yml", "content": "name: Update Spec Types\n\non:\n schedule:\n # Run nightly at 4 AM UTC\n - cron: '0 4 * * *'\n workflow_dispatch:\n\npermissions:\n contents: write\n pull-requests: write\n\njobs:\n update-spec-types:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout repository\n uses: actions/checkout@v6\n\n - name: Install pnpm\n uses: pnpm/action-setup@v4\n id: pnpm-install\n with:\n run_install: false\n\n - name: Setup Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n cache: pnpm\n cache-dependency-path: pnpm-lock.yaml\n\n - name: Install dependencies\n run: pnpm install\n\n - name: Fetch latest spec types\n run: pnpm run fetch:spec-types\n\n - name: Check for changes\n id: check_changes\n run: |\n if git diff --quiet packages/core/src/types/spec.types.ts; then\n echo \"has_changes=false\" >> $GITHUB_OUTPUT\n else\n echo \"has_changes=true\" >> $GITHUB_OUTPUT\n LATEST_SHA=$(grep \"Last updated from commit:\" packages/core/src/types/spec.types.ts | cut -d: -f2 | tr -d ' ')\n echo \"sha=$LATEST_SHA\" >> $GITHUB_OUTPUT\n fi\n\n - name: Create Pull Request\n if: steps.check_changes.outputs.has_changes == 'true'\n env:\n GH_TOKEN: ${{ github.token }}\n run: |\n git config user.name \"github-actions[bot]\"\n git config user.email \"github-actions[bot]@users.noreply.github.com\"\n\n git checkout -B update-spec-types\n git add packages/core/src/types/spec.types.ts\n git commit -m \"chore: update spec.types.ts from upstream\"\n git push -f origin update-spec-types\n\n # Create PR if it doesn't exist, or update if it does\n PR_BODY=\"This PR updates \\`packages/core/src/types/spec.types.ts\\` from the Model Context Protocol specification.\n\n Source file: https://github.com/modelcontextprotocol/modelcontextprotocol/blob/${{ steps.check_changes.outputs.sha }}/schema/draft/schema.ts\n\n This is an automated update triggered by the nightly cron job.\"\n\n if gh pr view update-spec-types &>/dev/null; then\n echo \"PR already exists, updating description...\"\n gh pr edit update-spec-types --body \"$PR_BODY\"\n else\n gh pr create \\\n --title \"chore: update spec.types.ts from upstream\" \\\n --body \"$PR_BODY\" \\\n --base main \\\n --head update-spec-types\n fi\n" }, { "path": ".gitignore", "content": "# Temporary files\ntmp/\n\n# Logs\nlogs\n*.log\n.pnpm-debug.log*\n\n# Diagnostic reports (https://nodejs.org/api/report.html)\nreport.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json\n\n# node-waf configuration\n.lock-wscript\n\n# Compiled binary addons (https://nodejs.org/api/addons.html)\nbuild/Release\n\n# Dependency directories\nnode_modules/\n\n# TypeScript cache\n*.tsbuildinfo\n\n# Optional eslint cache\n.eslintcache\n\n# Optional REPL history\n.node_repl_history\n\n# Output of 'npm pack'\n*.tgz\n\n# dotenv environment variable files\n.env\n.env.development.local\n.env.test.local\n.env.production.local\n.env.local\n\n# Stores VSCode versions used for testing VSCode extensions\n.vscode-test\n\n.DS_Store\ndist/\n\n# IDE\n.idea/\n.cursor/\n\n# Git worktrees for local doc generation\n.worktrees/\n\n# Conformance test results\nresults/\n" }, { "path": ".npmrc", "content": "registry = \"https://registry.npmjs.org/\"\n" }, { "path": ".prettierignore", "content": "# Ignore artifacts:\nbuild\ndist\ncoverage\n*-lock.*\nnode_modules\n**/build\n**/dist\n.github/CODEOWNERS\npnpm-lock.yaml\n\n# Ignore generated files\nsrc/spec.types.ts\n\n# Quickstart examples uses 2-space indent to match ecosystem conventions\nexamples/client-quickstart/\nexamples/server-quickstart/\n" }, { "path": ".prettierrc.json", "content": "{\n \"printWidth\": 140,\n \"tabWidth\": 4,\n \"useTabs\": false,\n \"semi\": true,\n \"singleQuote\": true,\n \"trailingComma\": \"none\",\n \"bracketSpacing\": true,\n \"bracketSameLine\": false,\n \"proseWrap\": \"always\",\n \"arrowParens\": \"avoid\",\n \"overrides\": [\n {\n \"files\": \"**/*.md\",\n \"options\": {\n \"printWidth\": 280\n }\n }\n ]\n}\n" }, { "path": "CLAUDE.md", "content": "# CLAUDE.md\n\nThis file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.\n\n## Build & Test Commands\n\n```sh\npnpm install # Install all workspace dependencies\n\npnpm build:all # Build all packages\npnpm lint:all # Run ESLint + Prettier checks across all packages\npnpm lint:fix:all # Auto-fix lint and formatting issues across all packages\npnpm typecheck:all # Type-check all packages\npnpm test:all # Run all tests (vitest) across all packages\npnpm check:all # typecheck + lint across all packages\n\n# Run a single package script (examples)\n# Run a single package script from the repo root with pnpm filter\npnpm --filter @modelcontextprotocol/core test # vitest run (core)\npnpm --filter @modelcontextprotocol/core test:watch # vitest (watch)\npnpm --filter @modelcontextprotocol/core test -- path/to/file.test.ts\npnpm --filter @modelcontextprotocol/core test -- -t \"test name\"\n```\n\n## Breaking Changes\n\nWhen making breaking changes, document them in **both**:\n\n- `docs/migration.md` — human-readable guide with before/after code examples\n- `docs/migration-SKILL.md` — LLM-optimized mapping tables for mechanical migration\n\nInclude what changed, why, and how to migrate. Search for related sections and group related changes together rather than adding new standalone sections.\n\n## Code Style Guidelines\n\n- **TypeScript**: Strict type checking, ES modules, explicit return types\n- **Naming**: PascalCase for classes/types, camelCase for functions/variables\n- **Files**: Lowercase with hyphens, test files with `.test.ts` suffix\n- **Imports**: ES module style, include `.js` extension, group imports logically\n- **Formatting**: 2-space indentation, semicolons required, single quotes preferred\n- **Testing**: Co-locate tests with source files, use descriptive test names\n- **Comments**: JSDoc for public APIs, inline comments for complex logic\n\n### JSDoc `@example` Code Snippets\n\nJSDoc `@example` tags should pull type-checked code from companion `.examples.ts` files (e.g., `client.ts` → `client.examples.ts`). Use `` ```ts source=\"./file.examples.ts#regionName\" `` fences referencing `//#region regionName` blocks; region names follow `exportedName_variant` or `ClassName_methodName_variant` pattern (e.g., `applyMiddlewares_basicUsage`, `Client_connect_basicUsage`). For whole-file inclusion (any file type), omit the `#regionName`.\n\nRun `pnpm sync:snippets` to sync example content into JSDoc comments and markdown files.\n\n## Architecture Overview\n\n### Core Layers\n\nThe SDK is organized into three main layers:\n\n1. **Types Layer** (`packages/core/src/types/types.ts`) - Protocol types generated from the MCP specification. All JSON-RPC message types, schemas, and protocol constants are defined here using Zod v4.\n\n2. **Protocol Layer** (`packages/core/src/shared/protocol.ts`) - The abstract `Protocol` class that handles JSON-RPC message routing, request/response correlation, capability negotiation, and transport management. Both `Client` and `Server` extend this class.\n\n3. **High-Level APIs**:\n - `Client` (`packages/client/src/client/client.ts`) - Client implementation extending Protocol with typed methods for MCP operations\n - `Server` (`packages/server/src/server/server.ts`) - Server implementation extending Protocol with request handler registration\n - `McpServer` (`packages/server/src/server/mcp.ts`) - High-level server API with simplified resource/tool/prompt registration\n\n### Transport System\n\nTransports (`packages/core/src/shared/transport.ts`) provide the communication layer:\n\n- **Streamable HTTP** (`packages/server/src/server/streamableHttp.ts`, `packages/client/src/client/streamableHttp.ts`) - Recommended transport for remote servers, supports SSE for streaming\n- **SSE** (`packages/server/src/server/sse.ts`, `packages/client/src/client/sse.ts`) - Legacy HTTP+SSE transport for backwards compatibility\n- **stdio** (`packages/server/src/server/stdio.ts`, `packages/client/src/client/stdio.ts`) - For local process-spawned integrations\n\n### Server-Side Features\n\n- **Tools/Resources/Prompts**: Registered via `McpServer.tool()`, `.resource()`, `.prompt()` methods\n- **OAuth/Auth**: Full OAuth 2.0 server implementation in `packages/server/src/server/auth/`\n- **Completions**: Auto-completion support via `packages/server/src/server/completable.ts`\n\n### Client-Side Features\n\n- **Auth**: OAuth client support in `packages/client/src/client/auth.ts` and `packages/client/src/client/auth-extensions.ts`\n- **Client middleware**: Request middleware in `packages/client/src/client/middleware.ts` (unrelated to the framework adapter packages below)\n- **Sampling**: Clients can handle `sampling/createMessage` requests from servers (LLM completions)\n- **Elicitation**: Clients can handle `elicitation/create` requests for user input (form or URL mode)\n- **Roots**: Clients can expose filesystem roots to servers via `roots/list`\n\n### Middleware packages (framework/runtime adapters)\n\nThe repo also ships “middleware” packages under `packages/middleware/` (e.g. `@modelcontextprotocol/express`, `@modelcontextprotocol/hono`, `@modelcontextprotocol/node`). These are thin integration layers for specific frameworks/runtimes and should not add new MCP functionality.\n\n### Experimental Features\n\nLocated in `packages/*/src/experimental/`:\n\n- **Tasks**: Long-running task support with polling/resumption (`packages/core/src/experimental/tasks/`)\n\n### Zod Schemas\n\nThe SDK uses `zod/v4` internally. Schema utilities live in:\n\n- `packages/core/src/util/schema.ts` - AnySchema alias and helpers for inspecting Zod objects\n\n### Validation\n\nPluggable JSON Schema validation (`packages/core/src/validators/`):\n\n- `ajvProvider.ts` - Default Ajv-based validator\n- `cfWorkerProvider.ts` - Cloudflare Workers-compatible alternative\n\n### Examples\n\nRunnable examples in `examples/`:\n\n- `examples/server/src/` - Various server configurations (stateful, stateless, OAuth, etc.)\n- `examples/client/src/` - Client examples (basic, OAuth, parallel calls, etc.)\n- `examples/shared/src/` - Shared utilities (OAuth demo provider, etc.)\n\n## Message Flow (Bidirectional Protocol)\n\nMCP is bidirectional: both client and server can send requests. Understanding this flow is essential when implementing new request types.\n\n### Class Hierarchy\n\n```\nProtocol (abstract base)\n├── Client (packages/client/src/client/client.ts) - can send requests TO server, handle requests FROM server\n└── Server (packages/server/src/server/server.ts) - can send requests TO client, handle requests FROM client\n └── McpServer (packages/server/src/server/mcp.ts) - high-level wrapper around Server\n```\n\n### Outbound Flow: Sending Requests\n\nWhen code calls `client.callTool()` or `server.createMessage()`:\n\n1. **High-level method** (e.g., `Client.callTool()`) calls `this.request()`\n2. **`Protocol.request()`**:\n - Assigns unique message ID\n - Checks capabilities via `assertCapabilityForMethod()` (abstract, implemented by Client/Server)\n - Creates response handler promise\n - Calls `transport.send()` with JSON-RPC request\n - Waits for response handler to resolve\n3. **Transport** serializes and sends over wire (HTTP, stdio, etc.)\n4. **`Protocol._onresponse()`** resolves the promise when response arrives\n\n### Inbound Flow: Handling Requests\n\nWhen a request arrives from the remote side:\n\n1. **Transport** receives message, calls `transport.onmessage()`\n2. **`Protocol.connect()`** routes to `_onrequest()`, `_onresponse()`, or `_onnotification()`\n3. **`Protocol._onrequest()`**:\n - Looks up handler in `_requestHandlers` map (keyed by method name)\n - Creates `BaseContext` with `signal`, `sessionId`, `sendNotification`, `sendRequest`, etc.\n - Calls `buildContext()` to let subclasses enrich the context (e.g., Server adds `requestInfo`)\n - Invokes handler, sends JSON-RPC response back via transport\n4. **Handler** was registered via `setRequestHandler('method', handler)`\n\n### Handler Registration\n\n```typescript\n// In Client (for server→client requests like sampling, elicitation)\nclient.setRequestHandler('sampling/createMessage', async (request, ctx) => {\n // Handle sampling request from server\n return { role: \"assistant\", content: {...}, model: \"...\" };\n});\n\n// In Server (for client→server requests like tools/call)\nserver.setRequestHandler('tools/call', async (request, ctx) => {\n // Handle tool call from client\n return { content: [...] };\n});\n```\n\n### Request Handler Context\n\nThe `ctx` parameter in handlers provides a structured context:\n\n**`BaseContext`** (common to both Server and Client), fields organized into nested groups:\n\n- `sessionId?`: Transport session identifier\n- `mcpReq`: Request-level concerns\n - `id`: JSON-RPC message ID\n - `method`: Request method string (e.g., 'tools/call')\n - `_meta?`: Request metadata\n - `signal`: AbortSignal for cancellation\n - `send(request, schema, options?)`: Send related request (for bidirectional flows)\n - `notify(notification)`: Send related notification back\n- `http?`: HTTP transport info (undefined for stdio)\n - `authInfo?`: Validated auth token info\n- `task?`: Task context (`{ id?, store, requestedTtl? }`) when task storage is configured\n\n**`ServerContext`** extends `BaseContext.mcpReq` and `BaseContext.http?` via type intersection:\n\n- `mcpReq` adds: `log(level, data, logger?)`, `elicitInput(params, options?)`, `requestSampling(params, options?)`\n- `http?` adds: `req?` (HTTP request info), `closeSSE?`, `closeStandaloneSSE?`\n\n**`ClientContext`** is currently identical to `BaseContext`.\n\n### Capability Checking\n\nBoth sides declare capabilities during initialization. The SDK enforces these:\n\n- **Client→Server**: `Client.assertCapabilityForMethod()` checks `_serverCapabilities`\n- **Server→Client**: `Server.assertCapabilityForMethod()` checks `_clientCapabilities`\n- **Handler registration**: `assertRequestHandlerCapability()` validates local capabilities\n\n### Adding a New Request Type\n\n1. **Define schema** in `src/types.ts` (request params, result schema)\n2. **Add capability** to `ClientCapabilities` or `ServerCapabilities` in types\n3. **Implement sender** method in Client or Server class\n4. **Add capability check** in the appropriate `assertCapabilityForMethod()`\n5. **Register handler** on the receiving side with `setRequestHandler()`\n6. **For McpServer**: Add high-level wrapper method if needed\n\n### Server-Initiated Requests (Sampling, Elicitation)\n\nServer can request actions from client (requires client capability):\n\n```typescript\n// Server sends sampling request to client\nconst result = await server.createMessage({\n messages: [...],\n maxTokens: 100\n});\n\n// Client must have registered handler:\nclient.setRequestHandler('sampling/createMessage', async (request, extra) => {\n // Client-side LLM call\n return { role: \"assistant\", content: {...} };\n});\n```\n\n## Key Patterns\n\n### Request Handler Registration (Low-Level Server)\n\n```typescript\nserver.setRequestHandler('tools/call', async (request, extra) => {\n // extra contains sessionId, authInfo, sendNotification, etc.\n return {\n /* result */\n };\n});\n```\n\n### Tool Registration (High-Level McpServer)\n\n```typescript\nmcpServer.tool('tool-name', { param: z.string() }, async ({ param }, extra) => {\n return { content: [{ type: 'text', text: 'result' }] };\n});\n```\n\n### Transport Connection\n\n```typescript\n// Server\n// (Node.js IncomingMessage/ServerResponse wrapper; exported by @modelcontextprotocol/node)\nconst transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID() });\nawait server.connect(transport);\n\n// Client\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'));\nawait client.connect(transport);\n```\n" }, { "path": "CODE_OF_CONDUCT.md", "content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience,\neducation, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.\n\nWe pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.\n\n## Our Standards\n\nExamples of behavior that contributes to a positive environment for our community include:\n\n- Demonstrating empathy and kindness toward other people\n- Being respectful of differing opinions, viewpoints, and experiences\n- Giving and gracefully accepting constructive feedback\n- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience\n- Focusing on what is best not just for us as individuals, but for the overall community\n\nExamples of unacceptable behavior include:\n\n- The use of sexualized language or imagery, and sexual attention or advances of any kind\n- Trolling, insulting or derogatory comments, and personal or political attacks\n- Public or private harassment\n- Publishing others' private information, such as a physical or email address, without their explicit permission\n- Other conduct which could reasonably be considered inappropriate in a professional setting\n\n## Enforcement Responsibilities\n\nCommunity leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.\n\nCommunity leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.\n\n## Scope\n\nThis Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account,\nor acting as an appointed representative at an online or offline event.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at . All complaints will be reviewed and investigated promptly and fairly.\n\nAll community leaders are obligated to respect the privacy and security of the reporter of any incident.\n\n## Enforcement Guidelines\n\nCommunity leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:\n\n### 1. Correction\n\n**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.\n\n**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.\n\n### 2. Warning\n\n**Community Impact**: A violation through a single incident or series of actions.\n\n**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as\nwell as external channels like social media. Violating these terms may lead to a temporary or permanent ban.\n\n### 3. Temporary Ban\n\n**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.\n\n**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is\nallowed during this period. Violating these terms may lead to a permanent ban.\n\n### 4. Permanent Ban\n\n**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.\n\n**Consequence**: A permanent ban from any sort of public interaction within the community.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at .\n\nCommunity Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).\n\n[homepage]: https://www.contributor-covenant.org\n\nFor answers to common questions about this code of conduct, see the FAQ at . Translations are available at .\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing to MCP TypeScript SDK\n\nWelcome, and thanks for your interest in contributing! We're glad you're here.\n\nThis document outlines how to contribute effectively to the TypeScript SDK.\n\n## Issues\n\n### Discuss Before You Code\n\n**Please open an issue before starting work on new features or significant changes.** This gives us a chance to align on approach and save you time if we see potential issues.\n\nWe'll close PRs for undiscussed features—not because we don't appreciate the effort, but because every merged feature becomes an ongoing maintenance burden for our small team of maintainers. Talking first helps us figure out together whether something belongs in the SDK.\n\nStraightforward bug fixes (a few lines of code with tests demonstrating the fix) can skip this step. For complex bugs that need significant changes, consider opening an issue first.\n\n### What Counts as \"Significant\"?\n\n- New public APIs or classes\n- Architectural changes or refactoring\n- Changes that touch multiple modules\n- Features that might require spec changes (these need a [SEP](https://modelcontextprotocol.io/community/sep-guidelines) first)\n\n### Writing Good Issues\n\nHelp us help you:\n\n- Lead with what's broken or what you need\n- Include code we can run to see the problem\n- Keep it focused—a clear problem statement goes a long way\n\nWe're a small team, so issues that include some upfront debugging help us move faster. Low-effort or obviously AI-generated issues will be closed.\n\n### Finding Issues to Work On\n\n| Label | For | Description |\n| ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | --------------------------------------------- |\n| [`good first issue`](https://github.com/modelcontextprotocol/typescript-sdk/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) | Newcomers | Can tackle without deep codebase knowledge |\n| [`help wanted`](https://github.com/modelcontextprotocol/typescript-sdk/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) | Experienced contributors | Maintainers probably won't get to this |\n| [`ready for work`](https://github.com/modelcontextprotocol/typescript-sdk/issues?q=is%3Aopen+is%3Aissue+label%3A%22ready+for+work%22) | Maintainers | Triaged and ready for a maintainer to pick up |\n\nIssues labeled `needs confirmation`, `needs repro`, or `needs design` are **not** ready for work—wait for maintainer input before starting.\n\nBefore starting work, comment on the issue so we can assign it to you. This lets others know and avoids duplicate effort.\n\n## Pull Requests\n\nBy the time you open a PR, the \"what\" and \"why\" should already be settled in an issue. This keeps PR reviews focused on implementation rather than revisiting whether we should do it at all.\n\n### Branches\n\nThis repository has two main branches:\n\n- **`main`** – v2 of the SDK (currently in development). This is a monorepo with split packages.\n- **`v1.x`** – stable v1 release. Bug fixes and patches for v1 should target this branch.\n\n**Which branch should I use as a base?**\n\n- For **new features** or **v2-related work**: base your PR on `main`\n- For **v1 bug fixes** or **patches**: base your PR on `v1.x`\n\n### Scope\n\nSmall PRs get reviewed fast. Large PRs sit in the queue.\n\nWe can review a few dozen lines in a few minutes. But a PR touching hundreds of lines across many files takes real effort to verify—and things inevitably slip through. If your change is big, break it into a stack of smaller PRs or get clear alignment from a maintainer on your\napproach in an issue before submitting a large PR.\n\n### What Gets Rejected\n\nPRs may be rejected for:\n\n- **Lack of prior discussion** — Features or significant changes without an approved issue\n- **Scope creep** — Changes that go beyond what was discussed or add unrequested features\n- **Misalignment with SDK direction** — Even well-implemented features may be rejected if they don't fit the SDK's goals\n- **Insufficient quality** — Code that doesn't meet clarity, maintainability, or style standards\n- **Overengineering** — Unnecessary complexity or abstraction for simple problems\n\n### Submitting Your PR\n\n1. Follow the existing code style\n2. Include tests for new functionality\n3. Update documentation as needed\n4. Keep changes focused and atomic\n5. Provide a clear description of changes\n\n## Development\n\n### Getting Started\n\nThis project uses [pnpm](https://pnpm.io/) as its package manager. If you don't have pnpm installed, enable it via [corepack](https://nodejs.org/api/corepack.html) (included with Node.js 16.9+):\n\n```bash\ncorepack enable\n```\n\nThen:\n\n1. Fork the repository\n2. Clone your fork: `git clone https://github.com/YOUR-USERNAME/typescript-sdk.git`\n3. Install dependencies: `pnpm install`\n4. Build the project: `pnpm build:all`\n5. Run tests: `pnpm test:all`\n\n### Workflow\n\n1. Create a new branch for your changes (based on `main` or `v1.x` as appropriate)\n2. Make your changes\n3. Run `pnpm lint:all` to ensure code style compliance\n4. Run `pnpm test:all` to verify all tests pass\n5. Submit a pull request\n\n### Running Examples\n\nSee [`examples/server/README.md`](examples/server/README.md) and [`examples/client/README.md`](examples/client/README.md) for a full list of runnable examples.\n\nQuick start:\n\n```bash\n# Run a server example\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts\n\n# Run a client example (in another terminal)\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/simpleStreamableHttp.ts\n```\n\n## Releasing v1.x Patches\n\nThe `v1.x` branch contains the stable v1 release. To release a patch:\n\n### Latest v1.x (e.g., v1.25.3)\n\n```bash\ngit checkout v1.x\ngit pull origin v1.x\n# Apply your fix or cherry-pick commits\nnpm version patch # Bumps version and creates tag (e.g., v1.25.3)\ngit push origin v1.x --tags\n```\n\nThe tag push automatically triggers the release workflow.\n\n### Older minor versions (e.g., v1.23.2)\n\nFor patching older minor versions that aren't on the `v1.x` branch:\n\n```bash\n# 1. Create a release branch from the last release tag\ngit checkout -b release/1.23 v1.23.1\n\n# 2. Apply your fixes (cherry-pick or manual)\ngit cherry-pick \n\n# 3. Bump version and push\nnpm version patch # Creates v1.23.2 tag\ngit push origin release/1.23 --tags\n```\n\nThen manually trigger the \"Publish v1.x\" workflow from [GitHub Actions](https://github.com/modelcontextprotocol/typescript-sdk/actions/workflows/release-v1x.yml), specifying the tag (e.g., `v1.23.2`).\n\n### npm Tags\n\nv1.x releases are published with `release-X.Y` npm tags (e.g., `release-1.25`), not `latest`. To install a specific minor version:\n\n```bash\nnpm install @modelcontextprotocol/sdk@release-1.25\n```\n\n## Policies\n\n### Code of Conduct\n\nThis project follows our [Code of Conduct](CODE_OF_CONDUCT.md). Please review it before contributing.\n\n### Reporting Issues\n\n- Use the [GitHub issue tracker](https://github.com/modelcontextprotocol/typescript-sdk/issues)\n- Search existing issues before creating a new one\n- Provide clear reproduction steps\n\n### Security Issues\n\nPlease review our [Security Policy](SECURITY.md) for reporting security vulnerabilities.\n\n### License\n\nBy contributing, you agree that your code contributions will be licensed under the Apache License 2.0. Documentation contributions (excluding specifications) are licensed under CC-BY 4.0. See the [LICENSE](LICENSE) file for details.\n" }, { "path": "LICENSE", "content": "The MCP project is undergoing a licensing transition from the MIT License to the Apache License, Version 2.0 (\"Apache-2.0\"). All new code and specification contributions to the project are licensed under Apache-2.0. Documentation contributions (excluding specifications) are licensed under CC-BY-4.0.\n\nContributions for which relicensing consent has been obtained are licensed under Apache-2.0. Contributions made by authors who originally licensed their work under the MIT License and who have not yet granted explicit permission to relicense remain licensed under the MIT License.\n\nNo rights beyond those granted by the applicable original license are conveyed for such contributions.\n\n---\n\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to the Licensor for inclusion in the Work by the copyright\n owner or by an individual or Legal Entity authorized to submit on behalf\n of the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n---\n\nMIT License\n\nCopyright (c) 2024-2025 Model Context Protocol a Series of LF Projects, LLC.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n---\n\nCreative Commons Attribution 4.0 International (CC-BY-4.0)\n\nDocumentation in this project (excluding specifications) is licensed under\nCC-BY-4.0. See https://creativecommons.org/licenses/by/4.0/legalcode for\nthe full license text.\n" }, { "path": "README.md", "content": "# MCP TypeScript SDK\n\n> [!IMPORTANT] **This is the `main` branch which contains v2 of the SDK (currently in development, pre-alpha).**\n>\n> We anticipate a stable v2 release in Q1 2026. Until then, **v1.x remains the recommended version** for production use. v1.x will continue to receive bug fixes and security updates for at least 6 months after v2 ships to give people time to upgrade.\n>\n> For v1 documentation, see the [V1 API docs](https://ts.sdk.modelcontextprotocol.io/). For v2 API docs, see [`/v2/`](https://ts.sdk.modelcontextprotocol.io/v2/).\n\n![NPM Version](https://img.shields.io/npm/v/%40modelcontextprotocol%2Fserver) ![NPM Version](https://img.shields.io/npm/v/%40modelcontextprotocol%2Fclient) ![MIT licensed](https://img.shields.io/npm/l/%40modelcontextprotocol%2Fserver)\n\n
\nTable of Contents\n\n- [Overview](#overview)\n- [Packages](#packages)\n- [Installation](#installation)\n- [Quick Start (runnable examples)](#quick-start-runnable-examples)\n- [Documentation](#documentation)\n- [Contributing](#contributing)\n- [License](#license)\n\n
\n\n## Overview\n\nThe Model Context Protocol (MCP) allows applications to provide context for LLMs in a standardized way, separating the concerns of providing context from the actual LLM interaction.\n\nThis repository contains the TypeScript SDK implementation of the MCP specification. It runs on **Node.js**, **Bun**, and **Deno**, and ships:\n\n- MCP **server** libraries (tools/resources/prompts, Streamable HTTP, stdio, auth helpers)\n- MCP **client** libraries (transports, high-level helpers, OAuth helpers)\n- Optional **middleware packages** for specific runtimes/frameworks (Express, Hono, Node.js HTTP)\n- Runnable **examples** (under [`examples/`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples))\n\n## Packages\n\nThis monorepo publishes split packages:\n\n- **`@modelcontextprotocol/server`**: build MCP servers\n- **`@modelcontextprotocol/client`**: build MCP clients\n\nBoth packages have a **required peer dependency** on `zod` for schema validation. The SDK uses Zod v4.\n\n### Middleware packages (optional)\n\nThe SDK also publishes small \"middleware\" packages under [`packages/middleware/`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/packages/middleware) that help you **wire MCP into a specific runtime or web framework**.\n\nThey are intentionally thin adapters: they should not introduce new MCP functionality or business logic. See [`packages/middleware/README.md`](packages/middleware/README.md) for details.\n\n- **`@modelcontextprotocol/node`**: Node.js Streamable HTTP transport wrapper for `IncomingMessage` / `ServerResponse`\n- **`@modelcontextprotocol/express`**: Express helpers (app defaults + Host header validation)\n- **`@modelcontextprotocol/hono`**: Hono helpers (app defaults + JSON body parsing hook + Host header validation)\n\n## Installation\n\n### Server\n\n```bash\nnpm install @modelcontextprotocol/server zod\n# or\nbun add @modelcontextprotocol/server zod\n# or\ndeno add npm:@modelcontextprotocol/server npm:zod\n```\n\n### Client\n\n```bash\nnpm install @modelcontextprotocol/client zod\n# or\nbun add @modelcontextprotocol/client zod\n# or\ndeno add npm:@modelcontextprotocol/client npm:zod\n```\n\n### Optional middleware packages\n\nThe SDK also publishes optional “middleware” packages that help you **wire MCP into a specific runtime or web framework** (for example Express, Hono, or Node.js `http`).\n\nThese packages are intentionally thin adapters and should not introduce additional MCP features or business logic. See [`packages/middleware/README.md`](packages/middleware/README.md) for details.\n\n```bash\n# Node.js HTTP (IncomingMessage/ServerResponse) Streamable HTTP transport:\nnpm install @modelcontextprotocol/node\n\n# Express integration:\nnpm install @modelcontextprotocol/express express\n\n# Hono integration:\nnpm install @modelcontextprotocol/hono hono\n```\n\n## Quick Start (runnable examples)\n\nThe runnable examples live under `examples/` and are kept in sync with the docs.\n\n1. **Install dependencies** (from repo root):\n\n```bash\npnpm install\n```\n\n2. **Run a Streamable HTTP example server**:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts\n```\n\nAlternatively, from within the example package:\n\n```bash\ncd examples/server\npnpm tsx src/simpleStreamableHttp.ts\n```\n\n3. **Run the interactive client in another terminal**:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/simpleStreamableHttp.ts\n```\n\nAlternatively, from within the example package:\n\n```bash\ncd examples/client\npnpm tsx src/simpleStreamableHttp.ts\n```\n\nNext steps:\n\n- Server examples index: [`examples/server/README.md`](examples/server/README.md)\n- Client examples index: [`examples/client/README.md`](examples/client/README.md)\n- Guided walkthroughs: [`docs/server.md`](docs/server.md) and [`docs/client.md`](docs/client.md)\n\n## Documentation\n\n- Local SDK docs:\n - [docs/server.md](docs/server.md) – building MCP servers, transports, tools/resources/prompts, sampling, elicitation, tasks, and deployment patterns.\n - [docs/client.md](docs/client.md) – building MCP clients: connecting, tools, resources, prompts, server-initiated requests, and error handling\n - [docs/faq.md](docs/faq.md) – frequently asked questions and troubleshooting\n- External references:\n - [SDK API documentation](https://ts.sdk.modelcontextprotocol.io/)\n - [Model Context Protocol documentation](https://modelcontextprotocol.io)\n - [MCP Specification](https://spec.modelcontextprotocol.io)\n - [Example Servers](https://github.com/modelcontextprotocol/servers)\n\n### Building docs locally\n\nTo generate the API reference documentation locally:\n\n```bash\npnpm docs # Generate V2 docs only (output: tmp/docs/)\npnpm docs:multi # Generate combined V1 + V2 docs (output: tmp/docs-combined/)\n```\n\nThe `docs:multi` script checks out both the `v1.x` and `main` branches via git worktrees, builds each, and produces a combined site with V1 docs at the root and V2 docs under `/v2/`.\n\n## v1 (legacy) documentation and fixes\n\nIf you are using the **v1** generation of the SDK, the **v1 API documentation** is available at [`https://ts.sdk.modelcontextprotocol.io/`](https://ts.sdk.modelcontextprotocol.io/). The v1 source code and any v1-specific fixes live on the long-lived [`v1.x` branch](https://github.com/modelcontextprotocol/typescript-sdk/tree/v1.x). V2 API docs are at [`/v2/`](https://ts.sdk.modelcontextprotocol.io/v2/).\n\n## Contributing\n\nIssues and pull requests are welcome on GitHub at .\n\n## License\n\nThis project is licensed under the Apache License 2.0 for new contributions, with existing code under MIT. See the [LICENSE](LICENSE) file for details.\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\nThank you for helping keep the Model Context Protocol and its ecosystem secure.\n\n## Reporting Security Issues\n\nIf you discover a security vulnerability in this repository, please report it through\nthe [GitHub Security Advisory process](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)\nfor this repository.\n\nPlease **do not** report security vulnerabilities through public GitHub issues, discussions,\nor pull requests.\n\n## What to Include\n\nTo help us triage and respond quickly, please include:\n\n- A description of the vulnerability\n- Steps to reproduce the issue\n- The potential impact\n- Any suggested fixes (optional)\n" }, { "path": "common/eslint-config/eslint.config.mjs", "content": "// @ts-check\nimport path from 'node:path';\nimport { fileURLToPath } from 'node:url';\n\nimport eslint from '@eslint/js';\nimport { defineConfig } from 'eslint/config';\nimport eslintConfigPrettier from 'eslint-config-prettier/flat';\nimport importPlugin from 'eslint-plugin-import';\nimport nodePlugin from 'eslint-plugin-n';\nimport simpleImportSortPlugin from 'eslint-plugin-simple-import-sort';\nimport eslintPluginUnicorn from 'eslint-plugin-unicorn';\nimport { configs } from 'typescript-eslint';\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url));\n\nexport default defineConfig(\n eslint.configs.recommended,\n ...configs.recommended,\n importPlugin.flatConfigs.recommended,\n importPlugin.flatConfigs.typescript,\n eslintPluginUnicorn.configs.recommended,\n {\n languageOptions: {\n parserOptions: {\n // Ensure consumers of this shared config get a stable tsconfig root\n tsconfigRootDir: __dirname\n }\n },\n linterOptions: {\n reportUnusedDisableDirectives: false\n },\n plugins: {\n n: nodePlugin,\n 'simple-import-sort': simpleImportSortPlugin\n },\n settings: {\n 'import/resolver': {\n typescript: {\n // Let the TS resolver handle NodeNext-style imports like \"./foo.js\"\n extensions: ['.js', '.jsx', '.ts', '.tsx', '.d.ts'],\n // Use the tsconfig in each package root (when running ESLint from that package)\n project: 'tsconfig.json'\n }\n }\n },\n rules: {\n 'unicorn/prevent-abbreviations': 'off',\n 'unicorn/no-null': 'off',\n 'unicorn/prefer-add-event-listener': 'off',\n 'unicorn/no-useless-undefined': ['error', { checkArguments: false }],\n '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],\n 'n/prefer-node-protocol': 'error',\n '@typescript-eslint/consistent-type-imports': ['error', { disallowTypeAnnotations: false }],\n 'simple-import-sort/imports': 'warn',\n 'simple-import-sort/exports': 'warn',\n 'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],\n 'import/no-extraneous-dependencies': [\n 'error',\n {\n devDependencies: [\n '**/test/**',\n '**/*.test.ts',\n '**/*.test.tsx',\n '**/scripts/**',\n '**/vitest.config.*',\n '**/tsdown.config.*',\n '**/eslint.config.*',\n '**/vitest.setup.*'\n ],\n optionalDependencies: false,\n peerDependencies: true\n }\n ],\n 'unicorn/filename-case': [\n 'error',\n {\n case: 'camelCase'\n }\n ]\n }\n },\n {\n // Disable consistent-function-scoping in test files where helper functions are common\n files: ['**/*.test.ts', '**/*.test.tsx', '**/test/**'],\n rules: {\n 'unicorn/consistent-function-scoping': 'off'\n }\n },\n {\n // Example files contain intentionally unused functions (one per region)\n files: ['**/*.examples.ts'],\n rules: {\n '@typescript-eslint/no-unused-vars': 'off',\n 'no-console': 'off'\n }\n },\n {\n // Ignore generated protocol types everywhere\n ignores: ['**/spec.types.ts']\n },\n {\n files: ['packages/client/**/*.ts', 'packages/server/**/*.ts'],\n ignores: ['**/*.test.ts'],\n rules: {\n 'no-console': 'error'\n }\n },\n eslintConfigPrettier\n);\n" }, { "path": "common/eslint-config/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/eslint-config\",\n \"private\": true,\n \"main\": \"eslint.config.mjs\",\n \"type\": \"module\",\n \"exports\": {\n \".\": \"./eslint.config.mjs\"\n },\n \"dependencies\": {\n \"typescript\": \"catalog:devTools\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"bugs\": {\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\"\n },\n \"homepage\": \"https://github.com/modelcontextprotocol/typescript-sdk/tree/develop/common/eslint-config\",\n \"publishConfig\": {\n \"registry\": \"https://npm.pkg.github.com/\"\n },\n \"version\": \"2.0.0\",\n \"devDependencies\": {\n \"@eslint/js\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-import-resolver-typescript\": \"^4.4.4\",\n \"eslint-plugin-import\": \"^2.32.0\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"eslint-plugin-simple-import-sort\": \"^12.1.1\",\n \"eslint-plugin-unicorn\": \"^62.0.0\",\n \"prettier\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\"\n }\n}\n" }, { "path": "common/tsconfig/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/tsconfig\",\n \"private\": true,\n \"main\": \"tsconfig.json\",\n \"type\": \"module\",\n \"dependencies\": {\n \"typescript\": \"catalog:devTools\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"bugs\": {\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\"\n },\n \"homepage\": \"https://github.com/modelcontextprotocol/typescript-sdk/tree/develop/common/ts-config\",\n \"publishConfig\": {\n \"registry\": \"https://npm.pkg.github.com/\"\n },\n \"version\": \"2.0.0\"\n}\n" }, { "path": "common/tsconfig/tsconfig.json", "content": "{\n \"compilerOptions\": {\n \"target\": \"esnext\",\n \"lib\": [\"esnext\"],\n \"module\": \"NodeNext\",\n \"moduleResolution\": \"NodeNext\",\n \"noFallthroughCasesInSwitch\": true,\n \"noUncheckedIndexedAccess\": true,\n \"noImplicitOverride\": true,\n \"experimentalDecorators\": true,\n \"emitDecoratorMetadata\": true,\n \"libReplacement\": false,\n \"noImplicitReturns\": true,\n \"incremental\": true,\n \"declaration\": true,\n \"declarationMap\": true,\n \"sourceMap\": true,\n \"outDir\": \"./dist\",\n \"strict\": true,\n \"esModuleInterop\": true,\n \"allowSyntheticDefaultImports\": true,\n \"forceConsistentCasingInFileNames\": true,\n \"resolveJsonModule\": true,\n \"isolatedModules\": true,\n \"skipLibCheck\": true,\n \"paths\": {\n \"pkce-challenge\": [\"./node_modules/pkce-challenge/dist/index.node\"]\n },\n \"types\": [\"node\", \"vitest/globals\"]\n }\n}\n" }, { "path": "common/vitest-config/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/vitest-config\",\n \"private\": true,\n \"main\": \"vitest.config.mjs\",\n \"type\": \"module\",\n \"exports\": {\n \".\": \"./vitest.config.js\"\n },\n \"dependencies\": {\n \"typescript\": \"catalog:devTools\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"bugs\": {\n \"url\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\"\n },\n \"homepage\": \"https://github.com/modelcontextprotocol/typescript-sdk/tree/develop/common/vitest-config\",\n \"publishConfig\": {\n \"registry\": \"https://npm.pkg.github.com/\"\n },\n \"version\": \"2.0.0\",\n \"devDependencies\": {\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"vite-tsconfig-paths\": \"catalog:devTools\"\n }\n}\n" }, { "path": "common/vitest-config/tsconfig.json", "content": "{\n \"include\": [\"./\"],\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"compilerOptions\": {\n \"noEmit\": true,\n \"allowJs\": true\n }\n}\n" }, { "path": "common/vitest-config/vitest.config.js", "content": "import { defineConfig } from 'vitest/config';\nimport tsconfigPaths from 'vite-tsconfig-paths';\nimport path from 'node:path';\nimport url from 'node:url';\n\nconst ignorePatterns = ['**/dist/**'];\nconst __dirname = path.dirname(url.fileURLToPath(import.meta.url));\n\nexport default defineConfig({\n test: {\n globals: true,\n environment: 'node',\n include: ['test/**/*.test.ts'],\n exclude: ignorePatterns,\n deps: {\n moduleDirectories: ['node_modules', path.resolve(__dirname, '../../packages'), path.resolve(__dirname, '../../common')]\n }\n },\n poolOptions: {\n threads: {\n useAtomics: true\n }\n },\n plugins: [tsconfigPaths()]\n});\n" }, { "path": "docs/client-quickstart.md", "content": "---\ntitle: Client Quickstart\n---\n\n# Quickstart: Build an LLM-powered chatbot\n\nIn this tutorial, we'll build an LLM-powered chatbot that connects to an MCP server, discovers its tools, and uses Claude to call them.\n\nBefore you begin, it helps to have gone through the [server quickstart](./server-quickstart.md) so you understand how clients and servers communicate.\n\n[You can find the complete code for this tutorial here.](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples/client-quickstart)\n\n## Prerequisites\n\nThis quickstart assumes you have familiarity with:\n\n- TypeScript\n- LLMs like Claude\n\nBefore starting, ensure your system meets these requirements:\n\n- Node.js 20 or higher installed (or **Bun** / **Deno** — the SDK supports all three runtimes)\n- Latest version of `npm` installed\n- An Anthropic API key from the [Anthropic Console](https://console.anthropic.com/settings/keys)\n\n> [!TIP]\n> This tutorial uses Node.js and npm, but you can substitute `bun` or `deno` commands where appropriate. For example, use `bun add` instead of `npm install`, or run the client with `bun run` / `deno run`.\n\n## Set up your environment\n\nFirst, let's create and set up our project:\n\n**macOS/Linux:**\n\n```bash\n# Create project directory\nmkdir mcp-client\ncd mcp-client\n\n# Initialize npm project\nnpm init -y\n\n# Install dependencies\nnpm install @anthropic-ai/sdk @modelcontextprotocol/client\n\n# Install dev dependencies\nnpm install -D @types/node typescript\n\n# Create source file\nmkdir src\ntouch src/index.ts\n```\n\n**Windows:**\n\n```powershell\n# Create project directory\nmd mcp-client\ncd mcp-client\n\n# Initialize npm project\nnpm init -y\n\n# Install dependencies\nnpm install @anthropic-ai/sdk @modelcontextprotocol/client\n\n# Install dev dependencies\nnpm install -D @types/node typescript\n\n# Create source file\nmd src\nnew-item src\\index.ts\n```\n\nUpdate your `package.json` to set `type: \"module\"` and a build script:\n\n```json\n{\n \"type\": \"module\",\n \"scripts\": {\n \"build\": \"tsc\"\n }\n}\n```\n\nCreate a `tsconfig.json` in the root of your project:\n\n```json\n{\n \"compilerOptions\": {\n \"target\": \"ES2023\",\n \"lib\": [\"ES2023\"],\n \"module\": \"Node16\",\n \"moduleResolution\": \"Node16\",\n \"outDir\": \"./build\",\n \"rootDir\": \"./src\",\n \"strict\": true,\n \"esModuleInterop\": true,\n \"skipLibCheck\": true,\n \"forceConsistentCasingInFileNames\": true\n },\n \"include\": [\"src/**/*\"],\n \"exclude\": [\"node_modules\"]\n}\n```\n\n## Creating the client\n\n### Basic client structure\n\nFirst, let's set up our imports and create the basic client class in `src/index.ts`:\n\n```ts source=\"../examples/client-quickstart/src/index.ts#prelude\"\nimport Anthropic from '@anthropic-ai/sdk';\nimport { Client, StdioClientTransport } from '@modelcontextprotocol/client';\nimport readline from 'readline/promises';\n\nconst ANTHROPIC_MODEL = 'claude-sonnet-4-5';\n\nclass MCPClient {\n private mcp: Client;\n private _anthropic: Anthropic | null = null;\n private transport: StdioClientTransport | null = null;\n private tools: Anthropic.Tool[] = [];\n\n constructor() {\n // Initialize MCP client\n this.mcp = new Client({ name: 'mcp-client-cli', version: '1.0.0' });\n }\n\n private get anthropic(): Anthropic {\n // Lazy-initialize Anthropic client when needed\n return this._anthropic ??= new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });\n }\n```\n\n### Server connection management\n\nNext, we'll implement the method to connect to an MCP server:\n\n```ts source=\"../examples/client-quickstart/src/index.ts#connectToServer\"\n async connectToServer(serverScriptPath: string) {\n try {\n // Determine script type and appropriate command\n const isJs = serverScriptPath.endsWith('.js');\n const isPy = serverScriptPath.endsWith('.py');\n if (!isJs && !isPy) {\n throw new Error('Server script must be a .js or .py file');\n }\n const command = isPy\n ? (process.platform === 'win32' ? 'python' : 'python3')\n : process.execPath;\n\n // Initialize transport and connect to server\n this.transport = new StdioClientTransport({ command, args: [serverScriptPath] });\n await this.mcp.connect(this.transport);\n\n // List available tools\n const toolsResult = await this.mcp.listTools();\n this.tools = toolsResult.tools.map((tool) => ({\n name: tool.name,\n description: tool.description ?? '',\n input_schema: tool.inputSchema as Anthropic.Tool.InputSchema,\n }));\n console.log('Connected to server with tools:', this.tools.map(({ name }) => name));\n } catch (e) {\n console.log('Failed to connect to MCP server: ', e);\n throw e;\n }\n }\n```\n\n### Query processing logic\n\nNow let's add the core functionality for processing queries and handling tool calls:\n\n```ts source=\"../examples/client-quickstart/src/index.ts#processQuery\"\n async processQuery(query: string) {\n const messages: Anthropic.MessageParam[] = [\n {\n role: 'user',\n content: query,\n },\n ];\n\n // Initial Claude API call\n const response = await this.anthropic.messages.create({\n model: ANTHROPIC_MODEL,\n max_tokens: 1000,\n messages,\n tools: this.tools,\n });\n\n // Process response and handle tool calls\n const finalText = [];\n\n for (const content of response.content) {\n if (content.type === 'text') {\n finalText.push(content.text);\n } else if (content.type === 'tool_use') {\n // Execute tool call\n const toolName = content.name;\n const toolArgs = content.input as Record | undefined;\n const result = await this.mcp.callTool({\n name: toolName,\n arguments: toolArgs,\n });\n\n finalText.push(`[Calling tool ${toolName} with args ${JSON.stringify(toolArgs)}]`);\n\n // Extract text from tool result content blocks\n const toolResultText = result.content\n .filter((block) => block.type === 'text')\n .map((block) => block.text)\n .join('\\n');\n\n // Continue conversation with tool results\n messages.push({\n role: 'assistant',\n content: response.content,\n });\n messages.push({\n role: 'user',\n content: [{\n type: 'tool_result',\n tool_use_id: content.id,\n content: toolResultText,\n }],\n });\n\n // Get next response from Claude\n const followUp = await this.anthropic.messages.create({\n model: ANTHROPIC_MODEL,\n max_tokens: 1000,\n messages,\n });\n\n finalText.push(followUp.content[0].type === 'text' ? followUp.content[0].text : '');\n }\n }\n\n return finalText.join('\\n');\n }\n```\n\n### Interactive chat interface\n\nNow we'll add the chat loop and cleanup functionality:\n\n```ts source=\"../examples/client-quickstart/src/index.ts#chatLoop\"\n async chatLoop() {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stdout,\n });\n\n try {\n console.log('\\nMCP Client Started!');\n console.log('Type your queries or \"quit\" to exit.');\n\n while (true) {\n const message = await rl.question('\\nQuery: ');\n if (message.toLowerCase() === 'quit') {\n break;\n }\n const response = await this.processQuery(message);\n console.log('\\n' + response);\n }\n } finally {\n rl.close();\n }\n }\n\n async cleanup() {\n await this.mcp.close();\n }\n}\n```\n\n### Main entry point\n\nFinally, we'll add the main execution logic:\n\n```ts source=\"../examples/client-quickstart/src/index.ts#main\"\nasync function main() {\n if (process.argv.length < 3) {\n console.log('Usage: node build/index.js ');\n return;\n }\n const mcpClient = new MCPClient();\n try {\n await mcpClient.connectToServer(process.argv[2]);\n\n // Check if we have a valid API key to continue\n const apiKey = process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n console.log(\n '\\nNo ANTHROPIC_API_KEY found. To query these tools with Claude, set your API key:'\n + '\\n export ANTHROPIC_API_KEY=your-api-key-here'\n );\n return;\n }\n\n await mcpClient.chatLoop();\n } catch (e) {\n console.error('Error:', e);\n process.exit(1);\n } finally {\n await mcpClient.cleanup();\n process.exit(0);\n }\n}\n\nmain();\n```\n\n## Running the client\n\nTo run your client with any MCP server:\n\n**macOS/Linux:**\n\n```bash\n# Build TypeScript\nnpm run build\n\n# Run the client with a Node.js MCP server\nANTHROPIC_API_KEY=your-key-here node build/index.js path/to/server/build/index.js\n\n# Example: connect to the weather server from the server quickstart\nANTHROPIC_API_KEY=your-key-here node build/index.js /absolute/path/to/weather/build/index.js\n```\n\n**Windows:**\n\n```powershell\n# Build TypeScript\nnpm run build\n\n# Run the client with a Node.js MCP server\n$env:ANTHROPIC_API_KEY=\"your-key-here\"; node build/index.js path\\to\\server\\build\\index.js\n```\n\n**The client will:**\n\n1. Connect to the specified server\n2. List available tools\n3. Start an interactive chat session where you can:\n - Enter queries\n - See tool executions\n - Get responses from Claude\n\n## What's happening under the hood\n\nWhen you submit a query:\n\n1. Your query is sent to Claude along with the tool descriptions discovered during connection\n2. Claude decides which tools (if any) to use\n3. The client executes any requested tool calls through the server\n4. Results are sent back to Claude\n5. Claude provides a natural language response\n6. The response is displayed to you\n\n## Troubleshooting\n\n### Server Path Issues\n\n- Double-check the path to your server script is correct\n- Use the absolute path if the relative path isn't working\n- For Windows users, make sure to use forward slashes (`/`) or escaped backslashes (`\\\\`) in the path\n- Verify the server file has the correct extension (`.js` for Node.js or `.py` for Python)\n\nExample of correct path usage:\n\n**macOS/Linux:**\n\n```bash\n# Relative path\nnode build/index.js ./server/build/index.js\n\n# Absolute path\nnode build/index.js /Users/username/projects/mcp-server/build/index.js\n```\n\n**Windows:**\n\n```powershell\n# Relative path\nnode build/index.js .\\server\\build\\index.js\n\n# Absolute path (either format works)\nnode build/index.js C:\\projects\\mcp-server\\build\\index.js\nnode build/index.js C:/projects/mcp-server/build/index.js\n```\n\n### Response Timing\n\n- The first response might take up to 30 seconds to return\n- This is normal and happens while:\n - The server initializes\n - Claude processes the query\n - Tools are being executed\n- Subsequent responses are typically faster\n- Don't interrupt the process during this initial waiting period\n\n### Common Error Messages\n\nIf you see:\n\n- `Error: Cannot find module`: Check your build folder and ensure TypeScript compilation succeeded\n- `Connection refused`: Ensure the server is running and the path is correct\n- `Tool execution failed`: Verify the tool's required environment variables are set\n- `ANTHROPIC_API_KEY is not set`: Check your environment variables (e.g., `export ANTHROPIC_API_KEY=...`)\n- `TypeError`: Ensure you're using the correct types for tool arguments\n- `BadRequestError`: Ensure you have enough credits to access the Anthropic API\n\n## Next steps\n\nNow that you have a working client, here are some ways to go further:\n\n- [**Client guide**](./client.md) — Add OAuth, middleware, sampling, and more to your client.\n- [**Example clients**](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples/client) — Browse runnable client examples.\n- [**FAQ**](./faq.md) — Troubleshoot common errors.\n" }, { "path": "docs/client.md", "content": "---\ntitle: Client Guide\n---\n\n# Building MCP clients\n\nThis guide covers the TypeScript SDK APIs for building MCP clients. For protocol-level concepts, see the [MCP overview](https://modelcontextprotocol.io/docs/learn/architecture).\n\nA client connects to a server, discovers what it offers — tools, resources, prompts — and invokes them. Beyond that core loop, this guide covers authentication, error handling, and responding to server-initiated requests like sampling and elicitation.\n\n## Imports\n\nThe examples below use these imports. Adjust based on which features and transport you need:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#imports\"\nimport type { Prompt, Resource, Tool } from '@modelcontextprotocol/client';\nimport {\n applyMiddlewares,\n Client,\n ClientCredentialsProvider,\n createMiddleware,\n CrossAppAccessProvider,\n discoverAndRequestJwtAuthGrant,\n PrivateKeyJwtProvider,\n ProtocolError,\n SdkError,\n SdkErrorCode,\n SSEClientTransport,\n StdioClientTransport,\n StreamableHTTPClientTransport\n} from '@modelcontextprotocol/client';\n```\n\n## Connecting to a server\n\n### Streamable HTTP\n\nFor remote HTTP servers, use {@linkcode @modelcontextprotocol/client!client/streamableHttp.StreamableHTTPClientTransport | StreamableHTTPClientTransport}:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#connect_streamableHttp\"\nconst client = new Client({ name: 'my-client', version: '1.0.0' });\n\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'));\n\nawait client.connect(transport);\n```\n\nFor a full interactive client over Streamable HTTP, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleStreamableHttp.ts).\n\n### stdio\n\nFor local, process-spawned servers (Claude Desktop, CLI tools), use {@linkcode @modelcontextprotocol/client!client/stdio.StdioClientTransport | StdioClientTransport}. The transport spawns the server process and communicates over stdin/stdout:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#connect_stdio\"\nconst client = new Client({ name: 'my-client', version: '1.0.0' });\n\nconst transport = new StdioClientTransport({\n command: 'node',\n args: ['server.js']\n});\n\nawait client.connect(transport);\n```\n\n### SSE fallback for legacy servers\n\nTo support both modern Streamable HTTP and legacy SSE servers, try {@linkcode @modelcontextprotocol/client!client/streamableHttp.StreamableHTTPClientTransport | StreamableHTTPClientTransport} first and fall back to {@linkcode @modelcontextprotocol/client!client/sse.SSEClientTransport | SSEClientTransport} on failure:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#connect_sseFallback\"\nconst baseUrl = new URL(url);\n\ntry {\n // Try modern Streamable HTTP transport first\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n} catch {\n // Fall back to legacy SSE transport\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new SSEClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n}\n```\n\nFor a complete example with error reporting, see [`streamableHttpWithSseFallbackClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/streamableHttpWithSseFallbackClient.ts).\n\n### Disconnecting\n\nCall {@linkcode @modelcontextprotocol/client!client/client.Client#close | await client.close() } to disconnect. Pending requests are rejected with a {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.ConnectionClosed | CONNECTION_CLOSED} error.\n\nFor Streamable HTTP, terminate the server-side session first (per the MCP specification):\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#disconnect_streamableHttp\"\nawait transport.terminateSession(); // notify the server (recommended)\nawait client.close();\n```\n\nFor stdio, `client.close()` handles graceful process shutdown (closes stdin, then SIGTERM, then SIGKILL if needed).\n\n### Server instructions\n\nServers can provide an `instructions` string during initialization that describes how to use them — cross-tool relationships, workflow patterns, and constraints (see [Instructions](https://modelcontextprotocol.io/specification/latest/basic/lifecycle#instructions) in the MCP specification). Retrieve it after connecting and include it in the model's system prompt:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#serverInstructions_basic\"\nconst instructions = client.getInstructions();\n\nconst systemPrompt = ['You are a helpful assistant.', instructions].filter(Boolean).join('\\n\\n');\n\nconsole.log(systemPrompt);\n```\n\n## Authentication\n\nMCP servers can require OAuth 2.0 authentication before accepting client connections (see [Authorization](https://modelcontextprotocol.io/specification/latest/basic/authorization) in the MCP specification). Pass an `authProvider` to {@linkcode @modelcontextprotocol/client!client/streamableHttp.StreamableHTTPClientTransport | StreamableHTTPClientTransport} to enable this — the SDK provides built-in providers for common machine-to-machine flows, or you can implement the full {@linkcode @modelcontextprotocol/client!client/auth.OAuthClientProvider | OAuthClientProvider} interface for user-facing OAuth.\n\n### Client credentials\n\n{@linkcode @modelcontextprotocol/client!client/authExtensions.ClientCredentialsProvider | ClientCredentialsProvider} handles the `client_credentials` grant flow for service-to-service communication:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#auth_clientCredentials\"\nconst authProvider = new ClientCredentialsProvider({\n clientId: 'my-service',\n clientSecret: 'my-secret'\n});\n\nconst client = new Client({ name: 'my-client', version: '1.0.0' });\n\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n\nawait client.connect(transport);\n```\n\n### Private key JWT\n\n{@linkcode @modelcontextprotocol/client!client/authExtensions.PrivateKeyJwtProvider | PrivateKeyJwtProvider} signs JWT assertions for the `private_key_jwt` token endpoint auth method, avoiding a shared client secret:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#auth_privateKeyJwt\"\nconst authProvider = new PrivateKeyJwtProvider({\n clientId: 'my-service',\n privateKey: pemEncodedKey,\n algorithm: 'RS256'\n});\n\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n```\n\nFor a runnable example supporting both auth methods via environment variables, see [`simpleClientCredentials.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleClientCredentials.ts).\n\n### Full OAuth with user authorization\n\nFor user-facing applications, implement the {@linkcode @modelcontextprotocol/client!client/auth.OAuthClientProvider | OAuthClientProvider} interface to handle the full authorization code flow (redirects, code verifiers, token storage, dynamic client registration). The {@linkcode @modelcontextprotocol/client!client/client.Client#connect | connect()} call will throw {@linkcode @modelcontextprotocol/client!client/auth.UnauthorizedError | UnauthorizedError} when authorization is needed — catch it, complete the browser flow, call {@linkcode @modelcontextprotocol/client!client/streamableHttp.StreamableHTTPClientTransport#finishAuth | transport.finishAuth(code)}, and reconnect.\n\nFor a complete working OAuth flow, see [`simpleOAuthClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleOAuthClient.ts) and [`simpleOAuthClientProvider.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleOAuthClientProvider.ts).\n\n### Cross-App Access (Enterprise Managed Authorization)\n\n{@linkcode @modelcontextprotocol/client!client/authExtensions.CrossAppAccessProvider | CrossAppAccessProvider} implements Enterprise Managed Authorization (SEP-990) for scenarios where users authenticate with an enterprise identity provider (IdP) and clients need to access protected MCP servers on their behalf.\n\nThis provider handles a two-step OAuth flow:\n1. Exchange the user's ID Token from the enterprise IdP for a JWT Authorization Grant (JAG) via RFC 8693 token exchange\n2. Exchange the JAG for an access token from the MCP server via RFC 7523 JWT bearer grant\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#auth_crossAppAccess\"\nconst authProvider = new CrossAppAccessProvider({\n assertion: async ctx => {\n // ctx provides: authorizationServerUrl, resourceUrl, scope, fetchFn\n const result = await discoverAndRequestJwtAuthGrant({\n idpUrl: 'https://idp.example.com',\n audience: ctx.authorizationServerUrl,\n resource: ctx.resourceUrl,\n idToken: await getIdToken(),\n clientId: 'my-idp-client',\n clientSecret: 'my-idp-secret',\n scope: ctx.scope,\n fetchFn: ctx.fetchFn\n });\n return result.jwtAuthGrant;\n },\n clientId: 'my-mcp-client',\n clientSecret: 'my-mcp-secret'\n});\n\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n```\n\nThe `assertion` callback receives a context object with:\n- `authorizationServerUrl` – The MCP server's authorization server (discovered automatically)\n- `resourceUrl` – The MCP resource URL (discovered automatically)\n- `scope` – Optional scope passed to `auth()` or from `clientMetadata`\n- `fetchFn` – Fetch implementation to use for HTTP requests\n\nFor manual control over the token exchange steps, use the Layer 2 utilities from `@modelcontextprotocol/client`:\n- `requestJwtAuthorizationGrant()` – Exchange ID Token for JAG at IdP\n- `discoverAndRequestJwtAuthGrant()` – Discovery + JAG acquisition\n- `exchangeJwtAuthGrant()` – Exchange JAG for access token at MCP server\n\n> [!NOTE]\n> See [RFC 8693 (Token Exchange)](https://datatracker.ietf.org/doc/html/rfc8693), [RFC 7523 (JWT Bearer Grant)](https://datatracker.ietf.org/doc/html/rfc7523), and [RFC 9728 (Resource Discovery)](https://datatracker.ietf.org/doc/html/rfc9728) for the underlying OAuth standards.\n\n## Tools\n\nTools are callable actions offered by servers — discovering and invoking them is usually how your client enables an LLM to take action (see [Tools](https://modelcontextprotocol.io/docs/learn/server-concepts#tools) in the MCP overview).\n\nUse {@linkcode @modelcontextprotocol/client!client/client.Client#listTools | listTools()} to discover available tools, and {@linkcode @modelcontextprotocol/client!client/client.Client#callTool | callTool()} to invoke one. Results may be paginated — loop on `nextCursor` to collect all pages:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#callTool_basic\"\nconst allTools: Tool[] = [];\nlet toolCursor: string | undefined;\ndo {\n const { tools, nextCursor } = await client.listTools({ cursor: toolCursor });\n allTools.push(...tools);\n toolCursor = nextCursor;\n} while (toolCursor);\nconsole.log(\n 'Available tools:',\n allTools.map(t => t.name)\n);\n\nconst result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n});\nconsole.log(result.content);\n```\n\nTool results may include a `structuredContent` field — a machine-readable JSON object for programmatic use by the client application, complementing `content` which is for the LLM:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#callTool_structuredOutput\"\nconst result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n});\n\n// Machine-readable output for the client application\nif (result.structuredContent) {\n console.log(result.structuredContent); // e.g. { bmi: 22.86 }\n}\n```\n\n### Tracking progress\n\nPass `onprogress` to receive incremental progress notifications from long-running tools. Use `resetTimeoutOnProgress` to keep the request alive while the server is actively reporting, and `maxTotalTimeout` as an absolute cap:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#callTool_progress\"\nconst result = await client.callTool(\n { name: 'long-operation', arguments: {} },\n {\n onprogress: ({ progress, total }: { progress: number; total?: number }) => {\n console.log(`Progress: ${progress}/${total ?? '?'}`);\n },\n resetTimeoutOnProgress: true,\n maxTotalTimeout: 600_000\n }\n);\nconsole.log(result.content);\n```\n\n## Resources\n\nResources are read-only data — files, database schemas, configuration — that your application can retrieve from a server and attach as context for the model (see [Resources](https://modelcontextprotocol.io/docs/learn/server-concepts#resources) in the MCP overview).\n\nUse {@linkcode @modelcontextprotocol/client!client/client.Client#listResources | listResources()} and {@linkcode @modelcontextprotocol/client!client/client.Client#readResource | readResource()} to discover and read server-provided data. Results may be paginated — loop on `nextCursor` to collect all pages:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#readResource_basic\"\nconst allResources: Resource[] = [];\nlet resourceCursor: string | undefined;\ndo {\n const { resources, nextCursor } = await client.listResources({ cursor: resourceCursor });\n allResources.push(...resources);\n resourceCursor = nextCursor;\n} while (resourceCursor);\nconsole.log(\n 'Available resources:',\n allResources.map(r => r.name)\n);\n\nconst { contents } = await client.readResource({ uri: 'config://app' });\nfor (const item of contents) {\n console.log(item);\n}\n```\n\nTo discover URI templates for dynamic resources, use {@linkcode @modelcontextprotocol/client!client/client.Client#listResourceTemplates | listResourceTemplates()}.\n\n### Subscribing to resource changes\n\nIf the server supports resource subscriptions, use {@linkcode @modelcontextprotocol/client!client/client.Client#subscribeResource | subscribeResource()} to receive notifications when a resource changes, then re-read it:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#subscribeResource_basic\"\nawait client.subscribeResource({ uri: 'config://app' });\n\nclient.setNotificationHandler('notifications/resources/updated', async notification => {\n if (notification.params.uri === 'config://app') {\n const { contents } = await client.readResource({ uri: 'config://app' });\n console.log('Config updated:', contents);\n }\n});\n\n// Later: stop receiving updates\nawait client.unsubscribeResource({ uri: 'config://app' });\n```\n\n## Prompts\n\nPrompts are reusable message templates that servers offer to help structure interactions with models (see [Prompts](https://modelcontextprotocol.io/docs/learn/server-concepts#prompts) in the MCP overview).\n\nUse {@linkcode @modelcontextprotocol/client!client/client.Client#listPrompts | listPrompts()} and {@linkcode @modelcontextprotocol/client!client/client.Client#getPrompt | getPrompt()} to list available prompts and retrieve them with arguments. Results may be paginated — loop on `nextCursor` to collect all pages:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#getPrompt_basic\"\nconst allPrompts: Prompt[] = [];\nlet promptCursor: string | undefined;\ndo {\n const { prompts, nextCursor } = await client.listPrompts({ cursor: promptCursor });\n allPrompts.push(...prompts);\n promptCursor = nextCursor;\n} while (promptCursor);\nconsole.log(\n 'Available prompts:',\n allPrompts.map(p => p.name)\n);\n\nconst { messages } = await client.getPrompt({\n name: 'review-code',\n arguments: { code: 'console.log(\"hello\")' }\n});\nconsole.log(messages);\n```\n\n## Completions\n\nBoth prompts and resources can support argument completions. Use {@linkcode @modelcontextprotocol/client!client/client.Client#complete | complete()} to request autocompletion suggestions from the server as a user types:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#complete_basic\"\nconst { completion } = await client.complete({\n ref: {\n type: 'ref/prompt',\n name: 'review-code'\n },\n argument: {\n name: 'language',\n value: 'type'\n }\n});\nconsole.log(completion.values); // e.g. ['typescript']\n```\n\n## Notifications\n\n### Automatic list-change tracking\n\nThe {@linkcode @modelcontextprotocol/client!client/client.ClientOptions | listChanged} client option keeps a local cache of tools, prompts, or resources in sync with the server. It provides automatic server capability gating, debouncing (300 ms by default), auto-refresh, and error-first callbacks:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#listChanged_basic\"\nconst client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n onChanged: (error, tools) => {\n if (error) {\n console.error('Failed to refresh tools:', error);\n return;\n }\n console.log('Tools updated:', tools);\n }\n },\n prompts: {\n onChanged: (error, prompts) => console.log('Prompts updated:', prompts)\n }\n }\n }\n);\n```\n\n### Manual notification handlers\n\nFor full control — or for notification types not covered by `listChanged` (such as log messages) — register handlers directly with {@linkcode @modelcontextprotocol/client!client/client.Client#setNotificationHandler | setNotificationHandler()}:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#notificationHandler_basic\"\n// Server log messages (sent by the server during request processing)\nclient.setNotificationHandler('notifications/message', notification => {\n const { level, data } = notification.params;\n console.log(`[${level}]`, data);\n});\n\n// Server's resource list changed — re-fetch the list\nclient.setNotificationHandler('notifications/resources/list_changed', async () => {\n const { resources } = await client.listResources();\n console.log('Resources changed:', resources.length);\n});\n```\n\nTo control the minimum severity of log messages the server sends, use {@linkcode @modelcontextprotocol/client!client/client.Client#setLoggingLevel | setLoggingLevel()}:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#setLoggingLevel_basic\"\nawait client.setLoggingLevel('warning');\n```\n\n> [!WARNING]\n> `listChanged` and {@linkcode @modelcontextprotocol/client!client/client.Client#setNotificationHandler | setNotificationHandler()} are mutually exclusive per notification type — using both for the same notification will cause the manual handler to be overwritten.\n\n## Handling server-initiated requests\n\nMCP is bidirectional — servers can send requests *to* the client during tool execution, as long as the client declares matching capabilities (see [Architecture](https://modelcontextprotocol.io/docs/learn/architecture) in the MCP overview). Declare the corresponding capability when constructing the {@linkcode @modelcontextprotocol/client!client/client.Client | Client} and register a request handler:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#capabilities_declaration\"\nconst client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n capabilities: {\n sampling: {},\n elicitation: { form: {} }\n }\n }\n);\n```\n\n### Sampling\n\nWhen a server needs an LLM completion during tool execution, it sends a `sampling/createMessage` request to the client (see [Sampling](https://modelcontextprotocol.io/docs/learn/client-concepts#sampling) in the MCP overview). Register a handler to fulfill it:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#sampling_handler\"\nclient.setRequestHandler('sampling/createMessage', async request => {\n const lastMessage = request.params.messages.at(-1);\n console.log('Sampling request:', lastMessage);\n\n // In production, send messages to your LLM here\n return {\n model: 'my-model',\n role: 'assistant' as const,\n content: {\n type: 'text' as const,\n text: 'Response from the model'\n }\n };\n});\n```\n\n### Elicitation\n\nWhen a server needs user input during tool execution, it sends an `elicitation/create` request to the client (see [Elicitation](https://modelcontextprotocol.io/docs/learn/client-concepts#elicitation) in the MCP overview). The client should present the form to the user and return the collected data, or `{ action: 'decline' }`:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#elicitation_handler\"\nclient.setRequestHandler('elicitation/create', async request => {\n console.log('Server asks:', request.params.message);\n\n if (request.params.mode === 'form') {\n // Present the schema-driven form to the user\n console.log('Schema:', request.params.requestedSchema);\n return { action: 'accept', content: { confirm: true } };\n }\n\n return { action: 'decline' };\n});\n```\n\nFor a full form-based elicitation handler with AJV validation, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleStreamableHttp.ts). For URL elicitation mode, see [`elicitationUrlExample.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/elicitationUrlExample.ts).\n\n### Roots\n\nRoots let the client expose filesystem boundaries to the server (see [Roots](https://modelcontextprotocol.io/docs/learn/client-concepts#roots) in the MCP overview). Declare the `roots` capability and register a `roots/list` handler:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#roots_handler\"\nclient.setRequestHandler('roots/list', async () => {\n return {\n roots: [\n { uri: 'file:///home/user/projects/my-app', name: 'My App' },\n { uri: 'file:///home/user/data', name: 'Data' }\n ]\n };\n});\n```\n\nWhen the available roots change, notify the server with {@linkcode @modelcontextprotocol/client!client/client.Client#sendRootsListChanged | client.sendRootsListChanged()}.\n\n## Error handling\n\n### Tool errors vs protocol errors\n\n{@linkcode @modelcontextprotocol/client!client/client.Client#callTool | callTool()} has two error surfaces: the tool can *run but report failure* via `isError: true` in the result, or the *request itself can fail* and throw an exception. Always check both:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#errorHandling_toolErrors\"\ntry {\n const result = await client.callTool({\n name: 'fetch-data',\n arguments: { url: 'https://example.com' }\n });\n\n // Tool-level error: the tool ran but reported a problem\n if (result.isError) {\n console.error('Tool error:', result.content);\n return;\n }\n\n console.log('Success:', result.content);\n} catch (error) {\n // Protocol-level error: the request itself failed\n if (error instanceof ProtocolError) {\n console.error(`Protocol error ${error.code}: ${error.message}`);\n } else if (error instanceof SdkError) {\n console.error(`SDK error [${error.code}]: ${error.message}`);\n } else {\n throw error;\n }\n}\n```\n\n{@linkcode @modelcontextprotocol/client!index.ProtocolError | ProtocolError} represents JSON-RPC errors from the server (method not found, invalid params, internal error). {@linkcode @modelcontextprotocol/client!index.SdkError | SdkError} represents local SDK errors — {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.RequestTimeout | REQUEST_TIMEOUT}, {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.ConnectionClosed | CONNECTION_CLOSED}, {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.CapabilityNotSupported | CAPABILITY_NOT_SUPPORTED}, and others.\n\n### Connection lifecycle\n\nSet {@linkcode @modelcontextprotocol/client!client/client.Client#onerror | client.onerror} to catch out-of-band transport errors (SSE disconnects, parse errors). Set {@linkcode @modelcontextprotocol/client!client/client.Client#onclose | client.onclose} to detect when the connection drops — pending requests are rejected with a {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.ConnectionClosed | CONNECTION_CLOSED} error:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#errorHandling_lifecycle\"\n// Out-of-band errors (SSE disconnects, parse errors)\nclient.onerror = error => {\n console.error('Transport error:', error.message);\n};\n\n// Connection closed (pending requests are rejected with CONNECTION_CLOSED)\nclient.onclose = () => {\n console.log('Connection closed');\n};\n```\n\n### Timeouts\n\nAll requests have a 60-second default timeout. Pass a custom `timeout` in the options to override it. On timeout, the SDK sends a cancellation notification to the server and rejects the promise with {@linkcode @modelcontextprotocol/client!index.SdkErrorCode.RequestTimeout | SdkErrorCode.RequestTimeout}:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#errorHandling_timeout\"\ntry {\n const result = await client.callTool(\n { name: 'slow-task', arguments: {} },\n { timeout: 120_000 } // 2 minutes instead of the default 60 seconds\n );\n console.log(result.content);\n} catch (error) {\n if (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) {\n console.error('Request timed out');\n }\n}\n```\n\n## Client middleware\n\nUse {@linkcode @modelcontextprotocol/client!client/middleware.createMiddleware | createMiddleware()} and {@linkcode @modelcontextprotocol/client!client/middleware.applyMiddlewares | applyMiddlewares()} to compose fetch middleware pipelines. Middleware wraps the underlying `fetch` call and can add headers, handle retries, or log requests. Pass the enhanced fetch to the transport via the `fetch` option:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#middleware_basic\"\nconst authMiddleware = createMiddleware(async (next, input, init) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Custom-Header', 'my-value');\n return next(input, { ...init, headers });\n});\n\nconst transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), {\n fetch: applyMiddlewares(authMiddleware)(fetch)\n});\n```\n\n## Resumption tokens\n\nWhen using SSE-based streaming, the server can assign event IDs. Pass `onresumptiontoken` to track them, and `resumptionToken` to resume from where you left off after a disconnection:\n\n```ts source=\"../examples/client/src/clientGuide.examples.ts#resumptionToken_basic\"\nlet lastToken: string | undefined;\n\nconst result = await client.request(\n {\n method: 'tools/call',\n params: { name: 'long-running-task', arguments: {} }\n },\n {\n resumptionToken: lastToken,\n onresumptiontoken: (token: string) => {\n lastToken = token;\n // Persist token to survive restarts\n }\n }\n);\nconsole.log(result);\n```\n\nFor an end-to-end example of server-initiated SSE disconnection and automatic client reconnection with event replay, see [`ssePollingClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/ssePollingClient.ts).\n\n## Tasks (experimental)\n\n> [!WARNING]\n> The tasks API is experimental and may change without notice.\n\nTask-based execution enables \"call-now, fetch-later\" patterns for long-running operations (see [Tasks](https://modelcontextprotocol.io/specification/latest/basic/utilities/tasks) in the MCP specification). Instead of returning a result immediately, a tool creates a task that can be polled or resumed later. To use tasks:\n\n- Call {@linkcode @modelcontextprotocol/client!experimental/tasks/client.ExperimentalClientTasks#callToolStream | client.experimental.tasks.callToolStream(...)} to start a tool call that may create a task and emit status updates over time.\n- Call {@linkcode @modelcontextprotocol/client!experimental/tasks/client.ExperimentalClientTasks#getTask | client.experimental.tasks.getTask(...)} and {@linkcode @modelcontextprotocol/client!experimental/tasks/client.ExperimentalClientTasks#getTaskResult | getTaskResult(...)} to check status and fetch results after reconnecting.\n\nFor a full runnable example, see [`simpleTaskInteractiveClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/simpleTaskInteractiveClient.ts).\n\n## See also\n\n- [`examples/client/`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples/client) — Full runnable client examples\n- [Server guide](./server.md) — Building MCP servers with this SDK\n- [MCP overview](https://modelcontextprotocol.io/docs/learn/architecture) — Protocol-level concepts: participants, layers, primitives\n- [Migration guide](./migration.md) — Upgrading from previous SDK versions\n- [FAQ](./faq.md) — Frequently asked questions and troubleshooting\n\n### Additional examples\n\n| Feature | Description | Example |\n|---------|-------------|---------|\n| Parallel tool calls | Run multiple tool calls concurrently via `Promise.all` | [`parallelToolCallsClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/parallelToolCallsClient.ts) |\n| SSE disconnect / reconnection | Server-initiated SSE disconnect with automatic reconnection and event replay | [`ssePollingClient.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/ssePollingClient.ts) |\n| Multiple clients | Independent client lifecycles to the same server | [`multipleClientsParallel.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/multipleClientsParallel.ts) |\n| URL elicitation | Handle sensitive data collection via browser | [`elicitationUrlExample.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/client/src/elicitationUrlExample.ts) |\n" }, { "path": "docs/documents.md", "content": "---\ntitle: Documents\nchildren:\n - ./server-quickstart.md\n - ./server.md\n - ./client-quickstart.md\n - ./client.md\n - ./faq.md\n---\n\n# Documents\n\n- [Server Quickstart](./server-quickstart.md) – build a weather server from scratch and connect it to VS Code\n- [Server](./server.md) – building MCP servers, transports, tools/resources/prompts, sampling, elicitation, tasks, and deployment patterns\n- [Client Quickstart](./client-quickstart.md) – build an LLM-powered chatbot that connects to an MCP server and calls its tools\n- [Client](./client.md) – building MCP clients: connecting, tools, resources, prompts, server-initiated requests, and error handling\n- [FAQ](./faq.md) – frequently asked questions and troubleshooting\n" }, { "path": "docs/faq.md", "content": "---\ntitle: FAQ\n---\n\n## FAQ\n\n
\nTable of Contents\n\n- [General](#general)\n- [Clients](#clients)\n- [Servers](#servers)\n- [v1 (legacy)](#v1-legacy)\n\n
\n\n## General\n\n### Why do I see `TS2589: Type instantiation is excessively deep and possibly infinite` after upgrading the SDK?\n\nThis TypeScript error can appear when upgrading to newer SDK versions that support Zod v4 (for example, from older `@modelcontextprotocol/sdk` releases to newer `@modelcontextprotocol/client` / `@modelcontextprotocol/server` releases) **and** your project ends up with multiple\n`zod` versions in the dependency tree.\n\nWhen there are multiple copies or versions of `zod`, TypeScript may try to instantiate very complex, cross-version types and hit its recursion limits, resulting in `TS2589`. This scenario is discussed in GitHub issue\n[#1180](https://github.com/modelcontextprotocol/typescript-sdk/issues/1180#event-21236550401).\n\nTo diagnose and fix this:\n\n- **Inspect your installed `zod` versions**:\n - Run `npm ls zod` or `npm explain zod`, `pnpm list zod` or `pnpm why zod`, or `yarn why zod` and check whether more than one version is installed.\n- **Align on a single `zod` version**:\n - Make sure all packages that depend on `zod` use a compatible version range so that your package manager can hoist a single copy.\n - In monorepos, consider declaring `zod` at the workspace root and using compatible ranges in individual packages.\n- **Use overrides/resolutions if necessary**:\n - With npm, Yarn, or pnpm, you can use `overrides` / `resolutions` to force a single `zod` version if some transitive dependencies pull in a different one.\n\nOnce your project is using a single, compatible `zod` version, the `TS2589` error should no longer occur.\n\n## Clients\n\n### How do I enable Web Crypto (`globalThis.crypto`) for client authentication in older Node.js versions?\n\nThe SDK’s OAuth client authentication helpers (for example, those in `packages/client/src/client/auth-extensions.ts` that use `jose`) rely on the Web Crypto API exposed as `globalThis.crypto`. This is especially important for **client credentials** and **JWT-based**\nauthentication flows used by MCP clients.\n\n- **Node.js v19.0.0 and later**: `globalThis.crypto` is available by default.\n- **Node.js v18.x**: `globalThis.crypto` may not be defined by default. In this repository we polyfill it for tests (see `packages/client/vitest.setup.js`), and you should do the same in your app if it is missing – or alternatively, run Node with `--experimental-global-webcrypto`\n as per your Node version documentation. (See https://nodejs.org/dist/latest-v18.x/docs/api/globals.html#crypto )\n\nIf you run clients on Node.js versions where `globalThis.crypto` is missing, you can polyfill it using the built-in `node:crypto` module, similar to the SDK's own `vitest.setup.ts`:\n\n```typescript\nimport { webcrypto } from 'node:crypto';\n\nif (typeof globalThis.crypto === 'undefined') {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (globalThis as any).crypto = webcrypto as unknown as Crypto;\n}\n```\n\nFor production use, you can either:\n\n- Run clients on a Node.js version where `globalThis.crypto` is available by default (recommended), or\n- Apply a similar polyfill early in your client's startup code when targeting older Node.js runtimes, so that OAuth client authentication works reliably.\n\n## Servers\n\n### Where can I find runnable server examples?\n\nThe SDK ships several runnable server examples under `examples/server/src`. Start from the server examples index in [`examples/server/README.md`](../examples/server/README.md) and the entry-point quick start in the root [`README.md`](../README.md).\n\n### Why did we remove `server` auth exports?\n\nServer authentication & authorization is outside of the scope of the SDK, and the recommendation is to use packages that focus on this area specifically (or a full-fledged Authorization Server for those who use such). Example packages provide an example with `better-auth`.\n\n### Why did we remove `server` SSE transport?\n\nThe SSE transport has been deprecated for a long time, and `v2` will not support it on the server side any more. Client side will keep supporting it in order to be able to connect to legacy SSE servers via the `v2` SDK, but serving SSE from `v2` will not be possible. Servers\nwanting to switch to `v2` and using SSE should migrate to Streamable HTTP.\n\n## v1 (legacy)\n\n### Where do v1 documentation and v1-specific fixes live?\n\nThe v1 API documentation is available at [`https://ts.sdk.modelcontextprotocol.io/`](https://ts.sdk.modelcontextprotocol.io/). The v1 source code and any v1-specific fixes live on the long-lived [`v1.x` branch](https://github.com/modelcontextprotocol/typescript-sdk/tree/v1.x). V2 API docs are at [`/v2/`](https://ts.sdk.modelcontextprotocol.io/v2/).\n" }, { "path": "docs/migration-SKILL.md", "content": "---\nname: migrate-v1-to-v2\ndescription: Migrate MCP TypeScript SDK code from v1 (@modelcontextprotocol/sdk) to v2 (@modelcontextprotocol/core, /client, /server). Use when a user asks to migrate, upgrade, or port their MCP TypeScript code from v1 to v2.\n---\n\n# MCP TypeScript SDK: v1 → v2 Migration\n\nApply these changes in order: dependencies → imports → API calls → type aliases.\n\n## 1. Environment\n\n- Node.js 20+ required (v18 dropped)\n- ESM only (CJS dropped). If the project uses `require()`, convert to `import`/`export` or use dynamic `import()`.\n\n## 2. Dependencies\n\nRemove the old package and install only what you need:\n\n```bash\nnpm uninstall @modelcontextprotocol/sdk\n```\n\n| You need | Install |\n| --------------------- | ------------------------------------------------------------------------ |\n| Client only | `npm install @modelcontextprotocol/client` |\n| Server only | `npm install @modelcontextprotocol/server` |\n| Server + Node.js HTTP | `npm install @modelcontextprotocol/server @modelcontextprotocol/node` |\n| Server + Express | `npm install @modelcontextprotocol/server @modelcontextprotocol/express` |\n| Server + Hono | `npm install @modelcontextprotocol/server @modelcontextprotocol/hono` |\n\n`@modelcontextprotocol/core` is installed automatically as a dependency.\n\n## 3. Import Mapping\n\nReplace all `@modelcontextprotocol/sdk/...` imports using this table.\n\n### Client imports\n\n| v1 import path | v2 package |\n| ---------------------------------------------------- | ------------------------------ |\n| `@modelcontextprotocol/sdk/client/index.js` | `@modelcontextprotocol/client` |\n| `@modelcontextprotocol/sdk/client/auth.js` | `@modelcontextprotocol/client` |\n| `@modelcontextprotocol/sdk/client/streamableHttp.js` | `@modelcontextprotocol/client` |\n| `@modelcontextprotocol/sdk/client/sse.js` | `@modelcontextprotocol/client` |\n| `@modelcontextprotocol/sdk/client/stdio.js` | `@modelcontextprotocol/client` |\n| `@modelcontextprotocol/sdk/client/websocket.js` | `@modelcontextprotocol/client` |\n\n### Server imports\n\n| v1 import path | v2 package |\n| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `@modelcontextprotocol/sdk/server/mcp.js` | `@modelcontextprotocol/server` |\n| `@modelcontextprotocol/sdk/server/index.js` | `@modelcontextprotocol/server` |\n| `@modelcontextprotocol/sdk/server/stdio.js` | `@modelcontextprotocol/server` |\n| `@modelcontextprotocol/sdk/server/streamableHttp.js` | `@modelcontextprotocol/node` (class renamed to `NodeStreamableHTTPServerTransport`) OR `@modelcontextprotocol/server` (web-standard `WebStandardStreamableHTTPServerTransport` for Cloudflare Workers, Deno, etc.) |\n| `@modelcontextprotocol/sdk/server/sse.js` | REMOVED (migrate to Streamable HTTP) |\n| `@modelcontextprotocol/sdk/server/auth/*` | REMOVED (use external auth library) |\n| `@modelcontextprotocol/sdk/server/middleware.js` | `@modelcontextprotocol/express` (signature changed, see section 8) |\n\n### Types / shared imports\n\n| v1 import path | v2 package |\n| ------------------------------------------------- | ---------------------------- |\n| `@modelcontextprotocol/sdk/types.js` | `@modelcontextprotocol/core` |\n| `@modelcontextprotocol/sdk/shared/protocol.js` | `@modelcontextprotocol/core` |\n| `@modelcontextprotocol/sdk/shared/transport.js` | `@modelcontextprotocol/core` |\n| `@modelcontextprotocol/sdk/shared/stdio.js` | `@modelcontextprotocol/core` |\n| `@modelcontextprotocol/sdk/shared/uriTemplate.js` | `@modelcontextprotocol/core` |\n| `@modelcontextprotocol/sdk/shared/auth.js` | `@modelcontextprotocol/core` |\n\nNotes:\n\n- `@modelcontextprotocol/client` and `@modelcontextprotocol/server` both re-export everything from `@modelcontextprotocol/core`, so you can import types from whichever package you already depend on.\n- When multiple v1 imports map to the same v2 package, consolidate them into a single import statement.\n- If code imports from `sdk/client/...`, install `@modelcontextprotocol/client`. If from `sdk/server/...`, install `@modelcontextprotocol/server`. If from `sdk/types.js` or `sdk/shared/...` only, install `@modelcontextprotocol/core`.\n\n## 4. Renamed Symbols\n\n| v1 symbol | v2 symbol | v2 package |\n| ------------------------------- | ----------------------------------- | ---------------------------- |\n| `StreamableHTTPServerTransport` | `NodeStreamableHTTPServerTransport` | `@modelcontextprotocol/node` |\n\n## 5. Removed / Renamed Type Aliases and Symbols\n\n| v1 (removed) | v2 (replacement) |\n| ---------------------------------------- | -------------------------------------------------------- |\n| `JSONRPCError` | `JSONRPCErrorResponse` |\n| `JSONRPCErrorSchema` | `JSONRPCErrorResponseSchema` |\n| `isJSONRPCError` | `isJSONRPCErrorResponse` |\n| `isJSONRPCResponse` | `isJSONRPCResultResponse` |\n| `ResourceReference` | `ResourceTemplateReference` |\n| `ResourceReferenceSchema` | `ResourceTemplateReferenceSchema` |\n| `IsomorphicHeaders` | REMOVED (use Web Standard `Headers`) |\n| `AuthInfo` (from `server/auth/types.js`) | `AuthInfo` (now in `@modelcontextprotocol/core`) |\n| `McpError` | `ProtocolError` |\n| `ErrorCode` | `ProtocolErrorCode` |\n| `ErrorCode.RequestTimeout` | `SdkErrorCode.RequestTimeout` |\n| `ErrorCode.ConnectionClosed` | `SdkErrorCode.ConnectionClosed` |\n| `StreamableHTTPError` | REMOVED (use `SdkError` with `SdkErrorCode.ClientHttp*`) |\n\nAll other symbols from `@modelcontextprotocol/sdk/types.js` retain their original names (e.g., `CallToolResultSchema`, `ListToolsResultSchema`, etc.).\n\n### Error class changes\n\nTwo error classes now exist:\n\n- **`ProtocolError`** (renamed from `McpError`): Protocol errors that cross the wire as JSON-RPC responses\n- **`SdkError`** (new): Local SDK errors that never cross the wire\n\n| Error scenario | v1 type | v2 type |\n| -------------------------------- | -------------------------------------------- | ----------------------------------------------------------------- |\n| Request timeout | `McpError` with `ErrorCode.RequestTimeout` | `SdkError` with `SdkErrorCode.RequestTimeout` |\n| Connection closed | `McpError` with `ErrorCode.ConnectionClosed` | `SdkError` with `SdkErrorCode.ConnectionClosed` |\n| Capability not supported | `new Error(...)` | `SdkError` with `SdkErrorCode.CapabilityNotSupported` |\n| Not connected | `new Error('Not connected')` | `SdkError` with `SdkErrorCode.NotConnected` |\n| Invalid params (server response) | `McpError` with `ErrorCode.InvalidParams` | `ProtocolError` with `ProtocolErrorCode.InvalidParams` |\n| HTTP transport error | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttp*` |\n| Failed to open SSE stream | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttpFailedToOpenStream` |\n| 401 after auth flow | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttpAuthentication` |\n| 403 after upscoping | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttpForbidden` |\n| Unexpected content type | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttpUnexpectedContent` |\n| Session termination failed | `StreamableHTTPError` | `SdkError` with `SdkErrorCode.ClientHttpFailedToTerminateSession` |\n\nNew `SdkErrorCode` enum values:\n\n- `SdkErrorCode.NotConnected` = `'NOT_CONNECTED'`\n- `SdkErrorCode.AlreadyConnected` = `'ALREADY_CONNECTED'`\n- `SdkErrorCode.NotInitialized` = `'NOT_INITIALIZED'`\n- `SdkErrorCode.CapabilityNotSupported` = `'CAPABILITY_NOT_SUPPORTED'`\n- `SdkErrorCode.RequestTimeout` = `'REQUEST_TIMEOUT'`\n- `SdkErrorCode.ConnectionClosed` = `'CONNECTION_CLOSED'`\n- `SdkErrorCode.SendFailed` = `'SEND_FAILED'`\n- `SdkErrorCode.ClientHttpNotImplemented` = `'CLIENT_HTTP_NOT_IMPLEMENTED'`\n- `SdkErrorCode.ClientHttpAuthentication` = `'CLIENT_HTTP_AUTHENTICATION'`\n- `SdkErrorCode.ClientHttpForbidden` = `'CLIENT_HTTP_FORBIDDEN'`\n- `SdkErrorCode.ClientHttpUnexpectedContent` = `'CLIENT_HTTP_UNEXPECTED_CONTENT'`\n- `SdkErrorCode.ClientHttpFailedToOpenStream` = `'CLIENT_HTTP_FAILED_TO_OPEN_STREAM'`\n- `SdkErrorCode.ClientHttpFailedToTerminateSession` = `'CLIENT_HTTP_FAILED_TO_TERMINATE_SESSION'`\n\nUpdate error handling:\n\n```typescript\n// v1\nif (error instanceof McpError && error.code === ErrorCode.RequestTimeout) { ... }\n\n// v2\nimport { SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\nif (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) { ... }\n```\n\nUpdate HTTP transport error handling:\n\n```typescript\n// v1\nimport { StreamableHTTPError } from '@modelcontextprotocol/sdk/client/streamableHttp.js';\nif (error instanceof StreamableHTTPError) {\n console.log('HTTP status:', error.code);\n}\n\n// v2\nimport { SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\nif (error instanceof SdkError && error.code === SdkErrorCode.ClientHttpFailedToOpenStream) {\n const status = (error.data as { status?: number })?.status;\n}\n```\n\n### OAuth error consolidation\n\nIndividual OAuth error classes replaced with single `OAuthError` class and `OAuthErrorCode` enum:\n\n| v1 Class | v2 Equivalent |\n| ------------------------------ | ---------------------------------------------------------- |\n| `InvalidRequestError` | `OAuthError` with `OAuthErrorCode.InvalidRequest` |\n| `InvalidClientError` | `OAuthError` with `OAuthErrorCode.InvalidClient` |\n| `InvalidGrantError` | `OAuthError` with `OAuthErrorCode.InvalidGrant` |\n| `UnauthorizedClientError` | `OAuthError` with `OAuthErrorCode.UnauthorizedClient` |\n| `UnsupportedGrantTypeError` | `OAuthError` with `OAuthErrorCode.UnsupportedGrantType` |\n| `InvalidScopeError` | `OAuthError` with `OAuthErrorCode.InvalidScope` |\n| `AccessDeniedError` | `OAuthError` with `OAuthErrorCode.AccessDenied` |\n| `ServerError` | `OAuthError` with `OAuthErrorCode.ServerError` |\n| `TemporarilyUnavailableError` | `OAuthError` with `OAuthErrorCode.TemporarilyUnavailable` |\n| `UnsupportedResponseTypeError` | `OAuthError` with `OAuthErrorCode.UnsupportedResponseType` |\n| `UnsupportedTokenTypeError` | `OAuthError` with `OAuthErrorCode.UnsupportedTokenType` |\n| `InvalidTokenError` | `OAuthError` with `OAuthErrorCode.InvalidToken` |\n| `MethodNotAllowedError` | `OAuthError` with `OAuthErrorCode.MethodNotAllowed` |\n| `TooManyRequestsError` | `OAuthError` with `OAuthErrorCode.TooManyRequests` |\n| `InvalidClientMetadataError` | `OAuthError` with `OAuthErrorCode.InvalidClientMetadata` |\n| `InsufficientScopeError` | `OAuthError` with `OAuthErrorCode.InsufficientScope` |\n| `InvalidTargetError` | `OAuthError` with `OAuthErrorCode.InvalidTarget` |\n| `CustomOAuthError` | `new OAuthError(customCode, message)` |\n\nRemoved: `OAUTH_ERRORS` constant.\n\nUpdate OAuth error handling:\n\n```typescript\n// v1\nimport { InvalidClientError, InvalidGrantError } from '@modelcontextprotocol/core';\nif (error instanceof InvalidClientError) { ... }\n\n// v2\nimport { OAuthError, OAuthErrorCode } from '@modelcontextprotocol/core';\nif (error instanceof OAuthError && error.code === OAuthErrorCode.InvalidClient) { ... }\n```\n\n**Unchanged APIs** (only import paths changed): `Client` constructor and most methods, `McpServer` constructor, `server.connect()`, `server.close()`, all client transports (`StreamableHTTPClientTransport`, `SSEClientTransport`, `StdioClientTransport`), `StdioServerTransport`, all Zod schemas, all callback return types. Note: `callTool()` and `request()` signatures changed (schema parameter removed, see section 11).\n\n## 6. McpServer API Changes\n\nThe variadic `.tool()`, `.prompt()`, `.resource()` methods are removed. Use the `register*` methods with a config object.\n\n**IMPORTANT**: v2 requires full Zod schemas — raw shapes like `{ name: z.string() }` are no longer supported. You must wrap with `z.object()`. This applies to `inputSchema`, `outputSchema`, and `argsSchema`.\n\n### Tools\n\n```typescript\n// v1: server.tool(name, schema, callback) - raw shape worked\nserver.tool('greet', { name: z.string() }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// v1: server.tool(name, description, schema, callback)\nserver.tool('greet', 'Greet a user', { name: z.string() }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// v2: server.registerTool(name, config, callback)\nserver.registerTool(\n 'greet',\n {\n description: 'Greet a user',\n inputSchema: z.object({ name: z.string() })\n },\n async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n }\n);\n```\n\nConfig object fields: `title?`, `description?`, `inputSchema?`, `outputSchema?`, `annotations?`, `_meta?`\n\n### Prompts\n\n```typescript\n// v1: server.prompt(name, schema, callback) - raw shape worked\nserver.prompt('summarize', { text: z.string() }, async ({ text }) => {\n return { messages: [{ role: 'user', content: { type: 'text', text } }] };\n});\n\n// v2: server.registerPrompt(name, config, callback)\nserver.registerPrompt(\n 'summarize',\n {\n argsSchema: z.object({ text: z.string() })\n },\n async ({ text }) => {\n return { messages: [{ role: 'user', content: { type: 'text', text } }] };\n }\n);\n```\n\nConfig object fields: `title?`, `description?`, `argsSchema?`\n\n### Resources\n\n```typescript\n// v1: server.resource(name, uri, callback)\nserver.resource('config', 'config://app', async uri => {\n return { contents: [{ uri: uri.href, text: '{}' }] };\n});\n\n// v2: server.registerResource(name, uri, metadata, callback)\nserver.registerResource('config', 'config://app', {}, async uri => {\n return { contents: [{ uri: uri.href, text: '{}' }] };\n});\n```\n\nNote: the third argument (`metadata`) is required — pass `{}` if no metadata.\n\n### Schema Migration Quick Reference\n\n| v1 (raw shape) | v2 (Zod schema) |\n|----------------|-----------------|\n| `{ name: z.string() }` | `z.object({ name: z.string() })` |\n| `{ count: z.number().optional() }` | `z.object({ count: z.number().optional() })` |\n| `{}` (empty) | `z.object({})` |\n| `undefined` (no schema) | `undefined` or omit the field |\n\n## 7. Headers API\n\nTransport constructors and `RequestInfo.headers` now use the Web Standard `Headers` object instead of plain objects.\n\n```typescript\n// v1: plain object, bracket access\nheaders: { 'Authorization': 'Bearer token' }\nextra.requestInfo?.headers['mcp-session-id']\n\n// v2: Headers object, .get() access\nheaders: new Headers({ 'Authorization': 'Bearer token' })\nctx.http?.req?.headers.get('mcp-session-id')\n```\n\n## 8. Removed Server Features\n\n### SSE server transport\n\n`SSEServerTransport` removed entirely. Migrate to `NodeStreamableHTTPServerTransport` (from `@modelcontextprotocol/node`). Client-side `SSEClientTransport` still available for connecting to legacy servers.\n\n### Server-side auth\n\nAll server OAuth exports removed: `mcpAuthRouter`, `OAuthServerProvider`, `OAuthTokenVerifier`, `requireBearerAuth`, `authenticateClient`, `ProxyOAuthServerProvider`, `allowedMethods`, and associated types. Use an external auth library (e.g., `better-auth`). See\n`examples/server/src/` for demos.\n\n### Host header validation (Express)\n\n`hostHeaderValidation()` and `localhostHostValidation()` moved from server package to `@modelcontextprotocol/express`. Signature changed: takes `string[]` instead of options object.\n\n```typescript\n// v1\nimport { hostHeaderValidation } from '@modelcontextprotocol/sdk/server/middleware.js';\napp.use(hostHeaderValidation({ allowedHosts: ['example.com'] }));\n\n// v2\nimport { hostHeaderValidation } from '@modelcontextprotocol/express';\napp.use(hostHeaderValidation(['example.com']));\n```\n\nThe server package now exports framework-agnostic alternatives: `validateHostHeader()`, `localhostAllowedHostnames()`, `hostHeaderValidationResponse()`.\n\n## 9. `setRequestHandler` / `setNotificationHandler` API\n\nThe low-level handler registration methods now take a method string instead of a Zod schema.\n\n```typescript\n// v1: schema-based\nserver.setRequestHandler(InitializeRequestSchema, async (request) => { ... });\nserver.setNotificationHandler(LoggingMessageNotificationSchema, (notification) => { ... });\n\n// v2: method string\nserver.setRequestHandler('initialize', async (request) => { ... });\nserver.setNotificationHandler('notifications/message', (notification) => { ... });\n```\n\nSchema to method string mapping:\n\n| v1 Schema | v2 Method String |\n| --------------------------------------- | ---------------------------------------- |\n| `InitializeRequestSchema` | `'initialize'` |\n| `CallToolRequestSchema` | `'tools/call'` |\n| `ListToolsRequestSchema` | `'tools/list'` |\n| `ListPromptsRequestSchema` | `'prompts/list'` |\n| `GetPromptRequestSchema` | `'prompts/get'` |\n| `ListResourcesRequestSchema` | `'resources/list'` |\n| `ReadResourceRequestSchema` | `'resources/read'` |\n| `CreateMessageRequestSchema` | `'sampling/createMessage'` |\n| `ElicitRequestSchema` | `'elicitation/create'` |\n| `SetLevelRequestSchema` | `'logging/setLevel'` |\n| `PingRequestSchema` | `'ping'` |\n| `LoggingMessageNotificationSchema` | `'notifications/message'` |\n| `ToolListChangedNotificationSchema` | `'notifications/tools/list_changed'` |\n| `ResourceListChangedNotificationSchema` | `'notifications/resources/list_changed'` |\n| `PromptListChangedNotificationSchema` | `'notifications/prompts/list_changed'` |\n| `ProgressNotificationSchema` | `'notifications/progress'` |\n| `CancelledNotificationSchema` | `'notifications/cancelled'` |\n| `InitializedNotificationSchema` | `'notifications/initialized'` |\n\nRequest/notification params remain fully typed. Remove unused schema imports after migration.\n\n## 10. Request Handler Context Types\n\n`RequestHandlerExtra` → structured context types with nested groups. Rename `extra` → `ctx` in all handler callbacks.\n\n| v1 | v2 |\n|----|-----|\n| `RequestHandlerExtra` | `ServerContext` (server) / `ClientContext` (client) / `BaseContext` (base) |\n| `extra` (param name) | `ctx` |\n| `extra.signal` | `ctx.mcpReq.signal` |\n| `extra.requestId` | `ctx.mcpReq.id` |\n| `extra._meta` | `ctx.mcpReq._meta` |\n| `extra.sendRequest(...)` | `ctx.mcpReq.send(...)` |\n| `extra.sendNotification(...)` | `ctx.mcpReq.notify(...)` |\n| `extra.authInfo` | `ctx.http?.authInfo` |\n| `extra.sessionId` | `ctx.sessionId` |\n| `extra.requestInfo` | `ctx.http?.req` (only `ServerContext`) |\n| `extra.closeSSEStream` | `ctx.http?.closeSSE` (only `ServerContext`) |\n| `extra.closeStandaloneSSEStream` | `ctx.http?.closeStandaloneSSE` (only `ServerContext`) |\n| `extra.taskStore` | `ctx.task?.store` |\n| `extra.taskId` | `ctx.task?.id` |\n| `extra.taskRequestedTtl` | `ctx.task?.requestedTtl` |\n\n`ServerContext` convenience methods (new in v2, no v1 equivalent):\n\n| Method | Description | Replaces |\n|--------|-------------|----------|\n| `ctx.mcpReq.log(level, data, logger?)` | Send log notification (respects client's level filter) | `server.sendLoggingMessage(...)` from within handler |\n| `ctx.mcpReq.elicitInput(params, options?)` | Elicit user input (form or URL) | `server.elicitInput(...)` from within handler |\n| `ctx.mcpReq.requestSampling(params, options?)` | Request LLM sampling from client | `server.createMessage(...)` from within handler |\n\n## 11. Schema parameter removed from `request()`, `send()`, and `callTool()`\n\n`Protocol.request()`, `BaseContext.mcpReq.send()`, and `Client.callTool()` no longer take a Zod result schema argument. The SDK resolves the schema internally from the method name.\n\n```typescript\n// v1: schema required\nimport { CallToolResultSchema, ElicitResultSchema } from '@modelcontextprotocol/sdk/types.js';\nconst result = await client.request({ method: 'tools/call', params: { ... } }, CallToolResultSchema);\nconst elicit = await ctx.mcpReq.send({ method: 'elicitation/create', params: { ... } }, ElicitResultSchema);\nconst tool = await client.callTool({ name: 'my-tool', arguments: {} }, CompatibilityCallToolResultSchema);\n\n// v2: no schema argument\nconst result = await client.request({ method: 'tools/call', params: { ... } });\nconst elicit = await ctx.mcpReq.send({ method: 'elicitation/create', params: { ... } });\nconst tool = await client.callTool({ name: 'my-tool', arguments: {} });\n```\n\n| v1 call | v2 call |\n|---------|---------|\n| `client.request(req, ResultSchema)` | `client.request(req)` |\n| `client.request(req, ResultSchema, options)` | `client.request(req, options)` |\n| `ctx.mcpReq.send(req, ResultSchema)` | `ctx.mcpReq.send(req)` |\n| `ctx.mcpReq.send(req, ResultSchema, options)` | `ctx.mcpReq.send(req, options)` |\n| `client.callTool(params, CompatibilityCallToolResultSchema)` | `client.callTool(params)` |\n| `client.callTool(params, schema, options)` | `client.callTool(params, options)` |\n\nRemove unused schema imports: `CallToolResultSchema`, `CompatibilityCallToolResultSchema`, `ElicitResultSchema`, `CreateMessageResultSchema`, etc., when they were only used in `request()`/`send()`/`callTool()` calls.\n\n## 12. Client Behavioral Changes\n\n`Client.listPrompts()`, `listResources()`, `listResourceTemplates()`, `listTools()` now return empty results when the server lacks the corresponding capability (instead of sending the request). Set `enforceStrictCapabilities: true` in `ClientOptions` to throw an error instead.\n\n## 13. Runtime-Specific JSON Schema Validators (Enhancement)\n\nThe SDK now auto-selects the appropriate JSON Schema validator based on runtime:\n- Node.js → `AjvJsonSchemaValidator` (no change from v1)\n- Cloudflare Workers (workerd) → `CfWorkerJsonSchemaValidator` (previously required manual config)\n\n**No action required** for most users. Cloudflare Workers users can remove explicit `jsonSchemaValidator` configuration:\n\n```typescript\n// v1 (Cloudflare Workers): Required explicit validator\nnew McpServer({ name: 'server', version: '1.0.0' }, {\n jsonSchemaValidator: new CfWorkerJsonSchemaValidator()\n});\n\n// v2 (Cloudflare Workers): Auto-selected, explicit config optional\nnew McpServer({ name: 'server', version: '1.0.0' }, {});\n```\n\nAccess validators via `_shims` export: `import { DefaultJsonSchemaValidator } from '@modelcontextprotocol/server/_shims';`\n\n## 14. Migration Steps (apply in this order)\n\n1. Update `package.json`: `npm uninstall @modelcontextprotocol/sdk`, install the appropriate v2 packages\n2. Replace all imports from `@modelcontextprotocol/sdk/...` using the import mapping tables (sections 3-4), including `StreamableHTTPServerTransport` → `NodeStreamableHTTPServerTransport`\n3. Replace removed type aliases (`JSONRPCError` → `JSONRPCErrorResponse`, etc.) per section 5\n4. Replace `.tool()` / `.prompt()` / `.resource()` calls with `registerTool` / `registerPrompt` / `registerResource` per section 6\n5. **Wrap all raw Zod shapes with `z.object()`**: Change `inputSchema: { name: z.string() }` → `inputSchema: z.object({ name: z.string() })`. Same for `outputSchema` in tools and `argsSchema` in prompts.\n6. Replace plain header objects with `new Headers({...})` and bracket access (`headers['x']`) with `.get()` calls per section 7\n7. If using `hostHeaderValidation` from server, update import and signature per section 8\n8. If using server SSE transport, migrate to Streamable HTTP\n9. If using server auth from the SDK, migrate to an external auth library\n10. If relying on `listTools()`/`listPrompts()`/etc. throwing on missing capabilities, set `enforceStrictCapabilities: true`\n11. Verify: build with `tsc` / run tests\n" }, { "path": "docs/migration.md", "content": "# Migration Guide: v1 to v2\n\nThis guide covers the breaking changes introduced in v2 of the MCP TypeScript SDK and how to update your code.\n\n## Overview\n\nVersion 2 of the MCP TypeScript SDK introduces several breaking changes to improve modularity, reduce dependency bloat, and provide a cleaner API surface. The biggest change is the split from a single `@modelcontextprotocol/sdk` package into separate `@modelcontextprotocol/core`,\n`@modelcontextprotocol/client`, and `@modelcontextprotocol/server` packages.\n\n## Breaking Changes\n\n### Package split (monorepo)\n\nThe single `@modelcontextprotocol/sdk` package has been split into three packages:\n\n| v1 | v2 |\n| --------------------------- | ---------------------------------------------------------- |\n| `@modelcontextprotocol/sdk` | `@modelcontextprotocol/core` (types, protocol, transports) |\n| | `@modelcontextprotocol/client` (client implementation) |\n| | `@modelcontextprotocol/server` (server implementation) |\n\nRemove the old package and install only the packages you need:\n\n```bash\nnpm uninstall @modelcontextprotocol/sdk\n\n# If you only need a client\nnpm install @modelcontextprotocol/client\n\n# If you only need a server\nnpm install @modelcontextprotocol/server\n\n# Both packages depend on @modelcontextprotocol/core automatically\n```\n\nUpdate your imports accordingly:\n\n**Before (v1):**\n\n```typescript\nimport { Client } from '@modelcontextprotocol/sdk/client/index.js';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport { CallToolResultSchema } from '@modelcontextprotocol/sdk/types.js';\nimport { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';\nimport { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';\n```\n\n**After (v2):**\n\n```typescript\nimport { Client, StreamableHTTPClientTransport, StdioClientTransport } from '@modelcontextprotocol/client';\nimport { McpServer, StdioServerTransport, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\nimport { CallToolResultSchema } from '@modelcontextprotocol/core';\n\n// Node.js HTTP server transport is in the @modelcontextprotocol/node package\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\n```\n\nNote: `@modelcontextprotocol/client` and `@modelcontextprotocol/server` both re-export everything from `@modelcontextprotocol/core`, so you can import types from whichever package you already depend on.\n\n### Dropped Node.js 18 and CommonJS\n\nv2 requires **Node.js 20+** and ships **ESM only** (no more CommonJS builds).\n\nIf your project uses CommonJS (`require()`), you will need to either:\n\n- Migrate to ESM (`import`/`export`)\n- Use dynamic `import()` to load the SDK\n\n### Server decoupled from HTTP frameworks\n\nThe server package no longer depends on Express or Hono. HTTP framework integrations are now separate middleware packages:\n\n| v1 | v2 |\n| -------------------------------------- | ------------------------------------------- |\n| Built into `@modelcontextprotocol/sdk` | `@modelcontextprotocol/node` (Node.js HTTP) |\n| | `@modelcontextprotocol/express` (Express) |\n| | `@modelcontextprotocol/hono` (Hono) |\n\nInstall the middleware package for your framework:\n\n```bash\nnpm install @modelcontextprotocol/node # Node.js native http\nnpm install @modelcontextprotocol/express # Express\nnpm install @modelcontextprotocol/hono # Hono\n```\n\n### `StreamableHTTPServerTransport` renamed\n\n`StreamableHTTPServerTransport` has been renamed to `NodeStreamableHTTPServerTransport` and moved to `@modelcontextprotocol/node`.\n\n**Before (v1):**\n\n```typescript\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\n\nconst transport = new StreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID() });\n```\n\n**After (v2):**\n\n```typescript\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\n\nconst transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID() });\n```\n\n### Server-side SSE transport removed\n\nThe SSE transport has been removed from the server. Servers should migrate to Streamable HTTP. The client-side SSE transport remains available for connecting to legacy SSE servers.\n\n### Server auth removed\n\nServer-side OAuth/auth has been removed entirely from the SDK. This includes `mcpAuthRouter`, `OAuthServerProvider`, `OAuthTokenVerifier`, `requireBearerAuth`, `authenticateClient`, `ProxyOAuthServerProvider`, `allowedMethods`, and all associated types.\n\nUse a dedicated auth library (e.g., `better-auth`) or a full Authorization Server instead. See the [examples](../examples/server/src/) for a working demo with `better-auth`.\n\nNote: `AuthInfo` has moved from `server/auth/types.ts` to `@modelcontextprotocol/core` (it's now a core type).\n\n### `Headers` object instead of plain objects\n\nTransport APIs and `RequestInfo.headers` now use the Web Standard `Headers` object instead of plain `Record` (`IsomorphicHeaders` has been removed).\n\nThis affects both transport constructors and request handler code that reads headers:\n\n**Before (v1):**\n\n```typescript\n// Transport headers\nconst transport = new StreamableHTTPClientTransport(url, {\n requestInit: {\n headers: {\n Authorization: 'Bearer token',\n 'X-Custom': 'value'\n }\n }\n});\n\n// Reading headers in a request handler\nconst sessionId = extra.requestInfo?.headers['mcp-session-id'];\n```\n\n**After (v2):**\n\n```typescript\n// Transport headers\nconst transport = new StreamableHTTPClientTransport(url, {\n requestInit: {\n headers: new Headers({\n Authorization: 'Bearer token',\n 'X-Custom': 'value'\n })\n }\n});\n\n// Reading headers in a request handler\nconst sessionId = ctx.http?.req?.headers.get('mcp-session-id');\n```\n\n### `McpServer.tool()`, `.prompt()`, `.resource()` removed\n\nThe deprecated variadic-overload methods have been removed. Use `registerTool`, `registerPrompt`, and `registerResource` instead. These use an explicit config object rather than positional arguments.\n\n**Before (v1):**\n\n```typescript\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\n\nconst server = new McpServer({ name: 'demo', version: '1.0.0' });\n\n// Tool with schema\nserver.tool('greet', { name: z.string() }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// Tool with description\nserver.tool('greet', 'Greet a user', { name: z.string() }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// Prompt\nserver.prompt('summarize', { text: z.string() }, async ({ text }) => {\n return { messages: [{ role: 'user', content: { type: 'text', text: `Summarize: ${text}` } }] };\n});\n\n// Resource\nserver.resource('config', 'config://app', async uri => {\n return { contents: [{ uri: uri.href, text: '{}' }] };\n});\n```\n\n**After (v2):**\n\n```typescript\nimport { McpServer } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nconst server = new McpServer({ name: 'demo', version: '1.0.0' });\n\n// Tool with schema\nserver.registerTool('greet', { inputSchema: { name: z.string() } }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// Tool with description\nserver.registerTool('greet', { description: 'Greet a user', inputSchema: { name: z.string() } }, async ({ name }) => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n});\n\n// Prompt\nserver.registerPrompt('summarize', { argsSchema: { text: z.string() } }, async ({ text }) => {\n return { messages: [{ role: 'user', content: { type: 'text', text: `Summarize: ${text}` } }] };\n});\n\n// Resource\nserver.registerResource('config', 'config://app', {}, async uri => {\n return { contents: [{ uri: uri.href, text: '{}' }] };\n});\n```\n\n### Zod schemas required (raw shapes no longer supported)\n\nv2 requires full Zod schemas for `inputSchema` and `argsSchema`. Raw object shapes are no longer accepted.\n\n**Before (v1):**\n\n```typescript\n// Raw shape (object with Zod fields) - worked in v1\nserver.tool('greet', { name: z.string() }, async ({ name }) => { ... });\n\nserver.registerTool('greet', {\n inputSchema: { name: z.string() } // raw shape\n}, callback);\n```\n\n**After (v2):**\n\n```typescript\nimport * as z from 'zod/v4';\n\n// Must wrap with z.object()\nserver.registerTool('greet', {\n inputSchema: z.object({ name: z.string() }) // full Zod schema\n}, async ({ name }) => { ... });\n\n// For tools with no parameters, use z.object({})\nserver.registerTool('ping', {\n inputSchema: z.object({})\n}, async () => { ... });\n```\n\nThis applies to:\n- `inputSchema` in `registerTool()`\n- `outputSchema` in `registerTool()`\n- `argsSchema` in `registerPrompt()`\n\n### Host header validation moved\n\nExpress-specific middleware (`hostHeaderValidation()`, `localhostHostValidation()`) moved from the server package to `@modelcontextprotocol/express`. The server package now exports framework-agnostic functions instead: `validateHostHeader()`, `localhostAllowedHostnames()`,\n`hostHeaderValidationResponse()`.\n\n**Before (v1):**\n\n```typescript\nimport { hostHeaderValidation } from '@modelcontextprotocol/sdk/server/middleware.js';\napp.use(hostHeaderValidation({ allowedHosts: ['example.com'] }));\n```\n\n**After (v2):**\n\n```typescript\nimport { hostHeaderValidation } from '@modelcontextprotocol/express';\napp.use(hostHeaderValidation(['example.com']));\n```\n\nNote: the v2 signature takes a plain `string[]` instead of an options object.\n\n### `setRequestHandler` and `setNotificationHandler` use method strings\n\nThe low-level `setRequestHandler` and `setNotificationHandler` methods on `Client`, `Server`, and `Protocol` now take a method string instead of a Zod schema.\n\n**Before (v1):**\n\n```typescript\nimport { Server, InitializeRequestSchema, LoggingMessageNotificationSchema } from '@modelcontextprotocol/sdk/server/index.js';\n\nconst server = new Server({ name: 'my-server', version: '1.0.0' });\n\n// Request handler with schema\nserver.setRequestHandler(InitializeRequestSchema, async request => {\n return { protocolVersion: '...', capabilities: {}, serverInfo: { name: '...', version: '...' } };\n});\n\n// Notification handler with schema\nserver.setNotificationHandler(LoggingMessageNotificationSchema, notification => {\n console.log(notification.params.data);\n});\n```\n\n**After (v2):**\n\n```typescript\nimport { Server } from '@modelcontextprotocol/server';\n\nconst server = new Server({ name: 'my-server', version: '1.0.0' });\n\n// Request handler with method string\nserver.setRequestHandler('initialize', async request => {\n return { protocolVersion: '...', capabilities: {}, serverInfo: { name: '...', version: '...' } };\n});\n\n// Notification handler with method string\nserver.setNotificationHandler('notifications/message', notification => {\n console.log(notification.params.data);\n});\n```\n\nThe request and notification parameters remain fully typed via `RequestTypeMap` and `NotificationTypeMap`. You no longer need to import the individual `*RequestSchema` or `*NotificationSchema` constants for handler registration.\n\nCommon method string replacements:\n\n| Schema (v1) | Method string (v2) |\n| --------------------------------------- | ---------------------------------------- |\n| `InitializeRequestSchema` | `'initialize'` |\n| `CallToolRequestSchema` | `'tools/call'` |\n| `ListToolsRequestSchema` | `'tools/list'` |\n| `ListPromptsRequestSchema` | `'prompts/list'` |\n| `GetPromptRequestSchema` | `'prompts/get'` |\n| `ListResourcesRequestSchema` | `'resources/list'` |\n| `ReadResourceRequestSchema` | `'resources/read'` |\n| `CreateMessageRequestSchema` | `'sampling/createMessage'` |\n| `ElicitRequestSchema` | `'elicitation/create'` |\n| `LoggingMessageNotificationSchema` | `'notifications/message'` |\n| `ToolListChangedNotificationSchema` | `'notifications/tools/list_changed'` |\n| `ResourceListChangedNotificationSchema` | `'notifications/resources/list_changed'` |\n| `PromptListChangedNotificationSchema` | `'notifications/prompts/list_changed'` |\n\n### `Protocol.request()`, `ctx.mcpReq.send()`, and `Client.callTool()` no longer take a schema parameter\n\nThe public `Protocol.request()`, `BaseContext.mcpReq.send()`, and `Client.callTool()` methods no longer accept a Zod result schema argument. The SDK now resolves the correct result schema internally based on the method name. This means you no longer need to import result schemas like `CallToolResultSchema` or `ElicitResultSchema` when making requests.\n\n**`client.request()` — Before (v1):**\n\n```typescript\nimport { CallToolResultSchema } from '@modelcontextprotocol/sdk/types.js';\n\nconst result = await client.request(\n { method: 'tools/call', params: { name: 'my-tool', arguments: {} } },\n CallToolResultSchema\n);\n```\n\n**After (v2):**\n\n```typescript\nconst result = await client.request(\n { method: 'tools/call', params: { name: 'my-tool', arguments: {} } }\n);\n```\n\n**`ctx.mcpReq.send()` — Before (v1):**\n\n```typescript\nimport { CreateMessageResultSchema } from '@modelcontextprotocol/sdk/types.js';\n\nserver.setRequestHandler('tools/call', async (request, ctx) => {\n const samplingResult = await ctx.mcpReq.send(\n { method: 'sampling/createMessage', params: { messages: [...], maxTokens: 100 } },\n CreateMessageResultSchema\n );\n return { content: [{ type: 'text', text: 'done' }] };\n});\n```\n\n**After (v2):**\n\n```typescript\nserver.setRequestHandler('tools/call', async (request, ctx) => {\n const samplingResult = await ctx.mcpReq.send(\n { method: 'sampling/createMessage', params: { messages: [...], maxTokens: 100 } }\n );\n return { content: [{ type: 'text', text: 'done' }] };\n});\n```\n\n**`client.callTool()` — Before (v1):**\n\n```typescript\nimport { CompatibilityCallToolResultSchema } from '@modelcontextprotocol/sdk/types.js';\n\nconst result = await client.callTool(\n { name: 'my-tool', arguments: {} },\n CompatibilityCallToolResultSchema\n);\n```\n\n**After (v2):**\n\n```typescript\nconst result = await client.callTool({ name: 'my-tool', arguments: {} });\n```\n\nThe return type is now inferred from the method name via `ResultTypeMap`. For example, `client.request({ method: 'tools/call', ... })` returns `Promise`.\n\n### Client list methods return empty results for missing capabilities\n\n`Client.listPrompts()`, `listResources()`, `listResourceTemplates()`, and `listTools()` now return empty results when the server didn't advertise the corresponding capability, instead of sending the request. This respects the MCP spec's capability negotiation.\n\nTo restore v1 behavior (throw an error when capabilities are missing), set `enforceStrictCapabilities: true`:\n\n```typescript\nconst client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n enforceStrictCapabilities: true\n }\n);\n```\n\n### Removed type aliases and deprecated exports\n\nThe following deprecated type aliases have been removed from `@modelcontextprotocol/core`:\n\n| Removed | Replacement |\n| ---------------------------------------- | ------------------------------------------------ |\n| `JSONRPCError` | `JSONRPCErrorResponse` |\n| `JSONRPCErrorSchema` | `JSONRPCErrorResponseSchema` |\n| `isJSONRPCError` | `isJSONRPCErrorResponse` |\n| `isJSONRPCResponse` | `isJSONRPCResultResponse` |\n| `ResourceReferenceSchema` | `ResourceTemplateReferenceSchema` |\n| `ResourceReference` | `ResourceTemplateReference` |\n| `IsomorphicHeaders` | Use Web Standard `Headers` |\n| `AuthInfo` (from `server/auth/types.js`) | `AuthInfo` (now in `@modelcontextprotocol/core`) |\n\nAll other types and schemas exported from `@modelcontextprotocol/sdk/types.js` retain their original names in `@modelcontextprotocol/core`.\n\n**Before (v1):**\n\n```typescript\nimport { JSONRPCError, ResourceReference, isJSONRPCError } from '@modelcontextprotocol/sdk/types.js';\n```\n\n**After (v2):**\n\n```typescript\nimport { JSONRPCErrorResponse, ResourceTemplateReference, isJSONRPCErrorResponse } from '@modelcontextprotocol/core';\n```\n\n### Request handler context types\n\nThe `RequestHandlerExtra` type has been replaced with a structured context type hierarchy using nested groups:\n\n| v1 | v2 |\n|----|-----|\n| `RequestHandlerExtra` (flat, all fields) | `ServerContext` (server handlers) or `ClientContext` (client handlers) |\n| `extra` parameter name | `ctx` parameter name |\n| `extra.signal` | `ctx.mcpReq.signal` |\n| `extra.requestId` | `ctx.mcpReq.id` |\n| `extra._meta` | `ctx.mcpReq._meta` |\n| `extra.sendRequest(...)` | `ctx.mcpReq.send(...)` |\n| `extra.sendNotification(...)` | `ctx.mcpReq.notify(...)` |\n| `extra.authInfo` | `ctx.http?.authInfo` |\n| `extra.requestInfo` | `ctx.http?.req` (only on `ServerContext`) |\n| `extra.closeSSEStream` | `ctx.http?.closeSSE` (only on `ServerContext`) |\n| `extra.closeStandaloneSSEStream` | `ctx.http?.closeStandaloneSSE` (only on `ServerContext`) |\n| `extra.sessionId` | `ctx.sessionId` |\n| `extra.taskStore` | `ctx.task?.store` |\n| `extra.taskId` | `ctx.task?.id` |\n| `extra.taskRequestedTtl` | `ctx.task?.requestedTtl` |\n\n**Before (v1):**\n\n```typescript\nserver.setRequestHandler(CallToolRequestSchema, async (request, extra) => {\n const headers = extra.requestInfo?.headers;\n const taskStore = extra.taskStore;\n await extra.sendNotification({ method: 'notifications/progress', params: { progressToken: 'abc', progress: 50, total: 100 } });\n return { content: [{ type: 'text', text: 'result' }] };\n});\n```\n\n**After (v2):**\n\n```typescript\nserver.setRequestHandler('tools/call', async (request, ctx) => {\n const headers = ctx.http?.req?.headers;\n const taskStore = ctx.task?.store;\n await ctx.mcpReq.notify({ method: 'notifications/progress', params: { progressToken: 'abc', progress: 50, total: 100 } });\n return { content: [{ type: 'text', text: 'result' }] };\n});\n```\n\nContext fields are organized into 4 groups:\n\n- **`mcpReq`** — request-level concerns: `id`, `method`, `_meta`, `signal`, `send()`, `notify()`, plus server-only `log()`, `elicitInput()`, and `requestSampling()`\n- **`http?`** — HTTP transport concerns (undefined for stdio): `authInfo`, plus server-only `req`, `closeSSE`, `closeStandaloneSSE`\n- **`task?`** — task lifecycle: `id`, `store`, `requestedTtl`\n\n`BaseContext` is the common base type shared by both `ServerContext` and `ClientContext`. `ServerContext` extends each group with server-specific additions via type intersection.\n\n`ServerContext` also provides convenience methods for common server→client operations:\n\n```typescript\nserver.setRequestHandler('tools/call', async (request, ctx) => {\n // Send a log message (respects client's log level filter)\n await ctx.mcpReq.log('info', 'Processing tool call', 'my-logger');\n\n // Request client to sample an LLM\n const samplingResult = await ctx.mcpReq.requestSampling({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n maxTokens: 100,\n });\n\n // Elicit user input via a form\n const elicitResult = await ctx.mcpReq.elicitInput({\n message: 'Please provide details',\n requestedSchema: { type: 'object', properties: { name: { type: 'string' } } },\n });\n\n return { content: [{ type: 'text', text: 'done' }] };\n});\n```\n\nThese replace the pattern of calling `server.sendLoggingMessage()`, `server.createMessage()`, and `server.elicitInput()` from within handlers.\n\n### Error hierarchy refactoring\n\nThe SDK now distinguishes between two types of errors:\n\n1. **`ProtocolError`** (renamed from `McpError`): Protocol errors that cross the wire as JSON-RPC error responses\n2. **`SdkError`**: Local SDK errors that never cross the wire (timeouts, connection issues, capability checks)\n\n#### Renamed exports\n\n| v1 | v2 |\n| ---------------------------- | ------------------------------- |\n| `McpError` | `ProtocolError` |\n| `ErrorCode` | `ProtocolErrorCode` |\n| `ErrorCode.RequestTimeout` | `SdkErrorCode.RequestTimeout` |\n| `ErrorCode.ConnectionClosed` | `SdkErrorCode.ConnectionClosed` |\n\n**Before (v1):**\n\n```typescript\nimport { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js';\n\ntry {\n await client.callTool({ name: 'test', arguments: {} });\n} catch (error) {\n if (error instanceof McpError && error.code === ErrorCode.RequestTimeout) {\n console.log('Request timed out');\n }\n if (error instanceof McpError && error.code === ErrorCode.InvalidParams) {\n console.log('Invalid parameters');\n }\n}\n```\n\n**After (v2):**\n\n```typescript\nimport { ProtocolError, ProtocolErrorCode, SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\n\ntry {\n await client.callTool({ name: 'test', arguments: {} });\n} catch (error) {\n // Local timeout/connection errors are now SdkError\n if (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) {\n console.log('Request timed out');\n }\n // Protocol errors from the server are still ProtocolError\n if (error instanceof ProtocolError && error.code === ProtocolErrorCode.InvalidParams) {\n console.log('Invalid parameters');\n }\n}\n```\n\n#### New `SdkErrorCode` enum\n\nThe new `SdkErrorCode` enum contains string-valued codes for local SDK errors:\n\n| Code | Description |\n| ------------------------------------------------- | ------------------------------------------ |\n| `SdkErrorCode.NotConnected` | Transport is not connected |\n| `SdkErrorCode.AlreadyConnected` | Transport is already connected |\n| `SdkErrorCode.NotInitialized` | Protocol is not initialized |\n| `SdkErrorCode.CapabilityNotSupported` | Required capability is not supported |\n| `SdkErrorCode.RequestTimeout` | Request timed out waiting for response |\n| `SdkErrorCode.ConnectionClosed` | Connection was closed |\n| `SdkErrorCode.SendFailed` | Failed to send message |\n| `SdkErrorCode.ClientHttpNotImplemented` | HTTP POST request failed |\n| `SdkErrorCode.ClientHttpAuthentication` | Server returned 401 after successful auth |\n| `SdkErrorCode.ClientHttpForbidden` | Server returned 403 after trying upscoping |\n| `SdkErrorCode.ClientHttpUnexpectedContent` | Unexpected content type in HTTP response |\n| `SdkErrorCode.ClientHttpFailedToOpenStream` | Failed to open SSE stream |\n| `SdkErrorCode.ClientHttpFailedToTerminateSession` | Failed to terminate session |\n\n#### `StreamableHTTPError` removed\n\nThe `StreamableHTTPError` class has been removed. HTTP transport errors are now thrown as `SdkError` with specific `SdkErrorCode` values that provide more granular error information:\n\n**Before (v1):**\n\n```typescript\nimport { StreamableHTTPError } from '@modelcontextprotocol/sdk/client/streamableHttp.js';\n\ntry {\n await transport.send(message);\n} catch (error) {\n if (error instanceof StreamableHTTPError) {\n console.log('HTTP error:', error.code); // HTTP status code\n }\n}\n```\n\n**After (v2):**\n\n```typescript\nimport { SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\n\ntry {\n await transport.send(message);\n} catch (error) {\n if (error instanceof SdkError) {\n switch (error.code) {\n case SdkErrorCode.ClientHttpAuthentication:\n console.log('Auth failed after completing auth flow');\n break;\n case SdkErrorCode.ClientHttpForbidden:\n console.log('Forbidden after upscoping attempt');\n break;\n case SdkErrorCode.ClientHttpFailedToOpenStream:\n console.log('Failed to open SSE stream');\n break;\n case SdkErrorCode.ClientHttpNotImplemented:\n console.log('HTTP request failed');\n break;\n }\n // Access HTTP status code from error.data if needed\n const httpStatus = (error.data as { status?: number })?.status;\n }\n}\n```\n\n#### Why this change?\n\nPreviously, `ErrorCode.RequestTimeout` (-32001) and `ErrorCode.ConnectionClosed` (-32000) were used for local timeout/connection errors. However, these errors never cross the wire as JSON-RPC responses - they are rejected locally. Using protocol error codes for local errors was semantically inconsistent.\n\nThe new design:\n\n- `ProtocolError` with `ProtocolErrorCode`: For errors that are serialized and sent as JSON-RPC error responses\n- `SdkError` with `SdkErrorCode`: For local errors that are thrown/rejected locally and never leave the SDK\n\n### OAuth error refactoring\n\nThe OAuth error classes have been consolidated into a single `OAuthError` class with an `OAuthErrorCode` enum.\n\n#### Removed classes\n\nThe following individual error classes have been removed in favor of `OAuthError` with the appropriate code:\n\n| v1 Class | v2 Equivalent |\n| ------------------------------ | ----------------------------------------------------------------- |\n| `InvalidRequestError` | `new OAuthError(OAuthErrorCode.InvalidRequest, message)` |\n| `InvalidClientError` | `new OAuthError(OAuthErrorCode.InvalidClient, message)` |\n| `InvalidGrantError` | `new OAuthError(OAuthErrorCode.InvalidGrant, message)` |\n| `UnauthorizedClientError` | `new OAuthError(OAuthErrorCode.UnauthorizedClient, message)` |\n| `UnsupportedGrantTypeError` | `new OAuthError(OAuthErrorCode.UnsupportedGrantType, message)` |\n| `InvalidScopeError` | `new OAuthError(OAuthErrorCode.InvalidScope, message)` |\n| `AccessDeniedError` | `new OAuthError(OAuthErrorCode.AccessDenied, message)` |\n| `ServerError` | `new OAuthError(OAuthErrorCode.ServerError, message)` |\n| `TemporarilyUnavailableError` | `new OAuthError(OAuthErrorCode.TemporarilyUnavailable, message)` |\n| `UnsupportedResponseTypeError` | `new OAuthError(OAuthErrorCode.UnsupportedResponseType, message)` |\n| `UnsupportedTokenTypeError` | `new OAuthError(OAuthErrorCode.UnsupportedTokenType, message)` |\n| `InvalidTokenError` | `new OAuthError(OAuthErrorCode.InvalidToken, message)` |\n| `MethodNotAllowedError` | `new OAuthError(OAuthErrorCode.MethodNotAllowed, message)` |\n| `TooManyRequestsError` | `new OAuthError(OAuthErrorCode.TooManyRequests, message)` |\n| `InvalidClientMetadataError` | `new OAuthError(OAuthErrorCode.InvalidClientMetadata, message)` |\n| `InsufficientScopeError` | `new OAuthError(OAuthErrorCode.InsufficientScope, message)` |\n| `InvalidTargetError` | `new OAuthError(OAuthErrorCode.InvalidTarget, message)` |\n| `CustomOAuthError` | `new OAuthError(customCode, message)` |\n\nThe `OAUTH_ERRORS` constant has also been removed.\n\n**Before (v1):**\n\n```typescript\nimport { InvalidClientError, InvalidGrantError, ServerError } from '@modelcontextprotocol/core';\n\ntry {\n await refreshToken();\n} catch (error) {\n if (error instanceof InvalidClientError) {\n // Handle invalid client\n } else if (error instanceof InvalidGrantError) {\n // Handle invalid grant\n } else if (error instanceof ServerError) {\n // Handle server error\n }\n}\n```\n\n**After (v2):**\n\n```typescript\nimport { OAuthError, OAuthErrorCode } from '@modelcontextprotocol/core';\n\ntry {\n await refreshToken();\n} catch (error) {\n if (error instanceof OAuthError) {\n switch (error.code) {\n case OAuthErrorCode.InvalidClient:\n // Handle invalid client\n break;\n case OAuthErrorCode.InvalidGrant:\n // Handle invalid grant\n break;\n case OAuthErrorCode.ServerError:\n // Handle server error\n break;\n }\n }\n}\n```\n\n## Enhancements\n\n### Automatic JSON Schema validator selection by runtime\n\nThe SDK now automatically selects the appropriate JSON Schema validator based on your runtime environment:\n\n- **Node.js**: Uses `AjvJsonSchemaValidator` (same as v1 default)\n- **Cloudflare Workers**: Uses `CfWorkerJsonSchemaValidator` (previously required manual configuration)\n\nThis means Cloudflare Workers users no longer need to explicitly pass the validator:\n\n**Before (v1) - Cloudflare Workers required explicit configuration:**\n\n```typescript\nimport { McpServer, CfWorkerJsonSchemaValidator } from '@modelcontextprotocol/server';\n\nconst server = new McpServer(\n { name: 'my-server', version: '1.0.0' },\n {\n capabilities: { tools: {} },\n jsonSchemaValidator: new CfWorkerJsonSchemaValidator() // Required in v1\n }\n);\n```\n\n**After (v2) - Works automatically:**\n\n```typescript\nimport { McpServer } from '@modelcontextprotocol/server';\n\nconst server = new McpServer(\n { name: 'my-server', version: '1.0.0' },\n { capabilities: { tools: {} } }\n // Validator auto-selected based on runtime\n);\n```\n\nYou can still explicitly override the validator if needed. The validators are available via the `_shims` export:\n\n```typescript\nimport { DefaultJsonSchemaValidator } from '@modelcontextprotocol/server/_shims';\n// or\nimport { AjvJsonSchemaValidator, CfWorkerJsonSchemaValidator } from '@modelcontextprotocol/server';\n```\n\n## Unchanged APIs\n\nThe following APIs are unchanged between v1 and v2 (only the import paths changed):\n\n- `Client` constructor and most client methods (`connect`, `listTools`, `listPrompts`, `listResources`, `readResource`, etc.) — note: `callTool()` signature changed (schema parameter removed)\n- `McpServer` constructor, `server.connect(transport)`, `server.close()`\n- `Server` (low-level) constructor and all methods\n- `StreamableHTTPClientTransport`, `SSEClientTransport`, `StdioClientTransport` constructors and options\n- `StdioServerTransport` constructor and options\n- All Zod schemas and type definitions from `types.ts` (except the aliases listed above)\n- Tool, prompt, and resource callback return types\n\n## Using an LLM to migrate your code\n\nAn LLM-optimized version of this guide is available at [`docs/migration-SKILL.md`](migration-SKILL.md). It contains dense mapping tables designed for tools like Claude Code to mechanically apply all the changes described above. You can paste it into your LLM context or load it as\na skill.\n\n## Need Help?\n\nIf you encounter issues during migration:\n\n1. Check the [FAQ](faq.md) for common questions about v2 changes\n2. Review the [examples](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples) for updated usage patterns\n3. Open an issue on [GitHub](https://github.com/modelcontextprotocol/typescript-sdk/issues) if you find a bug or need further assistance\n" }, { "path": "docs/server-quickstart.md", "content": "---\ntitle: Server Quickstart\n---\n\n# Quickstart: Build a weather server\n\nIn this tutorial, we'll build a simple MCP weather server and connect it to a host.\n\n## What we'll be building\n\nWe'll build a server that exposes two tools: `get-alerts` and `get-forecast`. Then we'll connect the server to an MCP host (in this case, VS Code with GitHub Copilot).\n\n## Core MCP Concepts\n\nMCP servers can provide three main types of capabilities:\n\n1. **[Resources](https://modelcontextprotocol.io/docs/learn/server-concepts#resources)**: File-like data that can be read by clients (like API responses or file contents)\n2. **[Tools](https://modelcontextprotocol.io/docs/learn/server-concepts#tools)**: Functions that can be called by the LLM (with user approval)\n3. **[Prompts](https://modelcontextprotocol.io/docs/learn/server-concepts#prompts)**: Pre-written templates that help users accomplish specific tasks\n\nThis tutorial will primarily focus on tools.\n\nLet's get started with building our weather server! [You can find the complete code for what we'll be building here.](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples/server-quickstart)\n\n## Prerequisites\n\nThis quickstart assumes you have familiarity with:\n\n- TypeScript\n- LLMs like Claude\n\nMake sure you have Node.js version 20 or higher installed. You can verify your installation:\n\n```bash\nnode --version\nnpm --version\n```\n\n> [!TIP]\n> The MCP SDK also works with **Bun** and **Deno**. This tutorial uses Node.js, but you can substitute `bun` or `deno` commands where appropriate. For HTTP-based servers on Bun or Deno, use `WebStandardStreamableHTTPServerTransport` instead of the Node.js-specific transport — see the [server guide](./server.md) for details.\n\n## Set up your environment\n\nFirst, let's install Node.js and npm if you haven't already. You can download them from [nodejs.org](https://nodejs.org/).\n\nNow, let's create and set up our project:\n\n**macOS/Linux:**\n\n```bash\n# Create a new directory for our project\nmkdir weather\ncd weather\n\n# Initialize a new npm project\nnpm init -y\n\n# Install dependencies\nnpm install @modelcontextprotocol/server zod\nnpm install -D @types/node typescript\n\n# Create our files\nmkdir src\ntouch src/index.ts\n```\n\n**Windows:**\n\n```powershell\n# Create a new directory for our project\nmd weather\ncd weather\n\n# Initialize a new npm project\nnpm init -y\n\n# Install dependencies\nnpm install @modelcontextprotocol/server zod\nnpm install -D @types/node typescript\n\n# Create our files\nmd src\nnew-item src\\index.ts\n```\n\nUpdate your `package.json` to add `type: \"module\"` and a build script:\n\n```json\n{\n \"type\": \"module\",\n \"bin\": {\n \"weather\": \"./build/index.js\"\n },\n \"scripts\": {\n \"build\": \"tsc && chmod 755 build/index.js\"\n },\n \"files\": [\"build\"]\n}\n```\n\nCreate a `tsconfig.json` in the root of your project:\n\n```json\n{\n \"compilerOptions\": {\n \"target\": \"ES2022\",\n \"module\": \"Node16\",\n \"moduleResolution\": \"Node16\",\n \"outDir\": \"./build\",\n \"rootDir\": \"./src\",\n \"strict\": true,\n \"esModuleInterop\": true,\n \"skipLibCheck\": true,\n \"forceConsistentCasingInFileNames\": true\n },\n \"include\": [\"src/**/*\"],\n \"exclude\": [\"node_modules\"]\n}\n```\n\nNow let's dive into building your server.\n\n## Building your server\n\n### Importing packages and setting up the instance\n\nAdd these to the top of your `src/index.ts`:\n\n```ts source=\"../examples/server-quickstart/src/index.ts#prelude\"\nimport { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nconst NWS_API_BASE = 'https://api.weather.gov';\nconst USER_AGENT = 'weather-app/1.0';\n\n// Create server instance\nconst server = new McpServer({\n name: 'weather',\n version: '1.0.0',\n});\n```\n\n### Helper functions\n\nNext, let's add our helper functions for querying and formatting the data from the National Weather Service API:\n\n```ts source=\"../examples/server-quickstart/src/index.ts#helpers\"\n// Helper function for making NWS API requests\nasync function makeNWSRequest(url: string): Promise {\n const headers = {\n 'User-Agent': USER_AGENT,\n Accept: 'application/geo+json',\n };\n\n try {\n const response = await fetch(url, { headers });\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n return (await response.json()) as T;\n } catch (error) {\n console.error('Error making NWS request:', error);\n return null;\n }\n}\n\ninterface AlertFeature {\n properties: {\n event?: string;\n areaDesc?: string;\n severity?: string;\n status?: string;\n headline?: string;\n };\n}\n\n// Format alert data\nfunction formatAlert(feature: AlertFeature): string {\n const props = feature.properties;\n return [\n `Event: ${props.event || 'Unknown'}`,\n `Area: ${props.areaDesc || 'Unknown'}`,\n `Severity: ${props.severity || 'Unknown'}`,\n `Status: ${props.status || 'Unknown'}`,\n `Headline: ${props.headline || 'No headline'}`,\n '---',\n ].join('\\n');\n}\n\ninterface ForecastPeriod {\n name?: string;\n temperature?: number;\n temperatureUnit?: string;\n windSpeed?: string;\n windDirection?: string;\n shortForecast?: string;\n}\n\ninterface AlertsResponse {\n features: AlertFeature[];\n}\n\ninterface PointsResponse {\n properties: {\n forecast?: string;\n };\n}\n\ninterface ForecastResponse {\n properties: {\n periods: ForecastPeriod[];\n };\n}\n```\n\n### Registering tools\n\nEach tool is registered with {@linkcode @modelcontextprotocol/server!server/mcp.McpServer#registerTool | server.registerTool()}, which takes the tool name, a configuration object (with description and input schema), and a callback that implements the tool logic. Let's register our two weather tools:\n\n```ts source=\"../examples/server-quickstart/src/index.ts#registerTools\"\n// Register weather tools\nserver.registerTool(\n 'get-alerts',\n {\n title: 'Get Weather Alerts',\n description: 'Get weather alerts for a state',\n inputSchema: z.object({\n state: z.string().length(2)\n .describe('Two-letter state code (e.g. CA, NY)'),\n }),\n },\n async ({ state }) => {\n const stateCode = state.toUpperCase();\n const alertsUrl = `${NWS_API_BASE}/alerts?area=${stateCode}`;\n const alertsData = await makeNWSRequest(alertsUrl);\n\n if (!alertsData) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to retrieve alerts data',\n }],\n };\n }\n\n const features = alertsData.features || [];\n\n if (features.length === 0) {\n return {\n content: [{\n type: 'text' as const,\n text: `No active alerts for ${stateCode}`,\n }],\n };\n }\n\n const formattedAlerts = features.map(formatAlert);\n\n return {\n content: [{\n type: 'text' as const,\n text: `Active alerts for ${stateCode}:\\n\\n${formattedAlerts.join('\\n')}`,\n }],\n };\n },\n);\n\nserver.registerTool(\n 'get-forecast',\n {\n title: 'Get Weather Forecast',\n description: 'Get weather forecast for a location',\n inputSchema: z.object({\n latitude: z.number().min(-90).max(90)\n .describe('Latitude of the location'),\n longitude: z.number().min(-180).max(180)\n .describe('Longitude of the location'),\n }),\n },\n async ({ latitude, longitude }) => {\n // Get grid point data\n const pointsUrl = `${NWS_API_BASE}/points/${latitude.toFixed(4)},${longitude.toFixed(4)}`;\n const pointsData = await makeNWSRequest(pointsUrl);\n\n if (!pointsData) {\n return {\n content: [{\n type: 'text' as const,\n text: `Failed to retrieve grid point data for coordinates: ${latitude}, ${longitude}. This location may not be supported by the NWS API (only US locations are supported).`,\n }],\n };\n }\n\n const forecastUrl = pointsData.properties?.forecast;\n if (!forecastUrl) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to get forecast URL from grid point data',\n }],\n };\n }\n\n // Get forecast data\n const forecastData = await makeNWSRequest(forecastUrl);\n if (!forecastData) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to retrieve forecast data',\n }],\n };\n }\n\n const periods = forecastData.properties?.periods || [];\n if (periods.length === 0) {\n return {\n content: [{\n type: 'text' as const,\n text: 'No forecast periods available',\n }],\n };\n }\n\n // Format forecast periods\n const formattedForecast = periods.map((period: ForecastPeriod) =>\n [\n `${period.name || 'Unknown'}:`,\n `Temperature: ${period.temperature || 'Unknown'}°${period.temperatureUnit || 'F'}`,\n `Wind: ${period.windSpeed || 'Unknown'} ${period.windDirection || ''}`,\n `${period.shortForecast || 'No forecast available'}`,\n '---',\n ].join('\\n'),\n );\n\n return {\n content: [{\n type: 'text' as const,\n text: `Forecast for ${latitude}, ${longitude}:\\n\\n${formattedForecast.join('\\n')}`,\n }],\n };\n },\n);\n```\n\n### Running the server\n\nFinally, implement the main function to run the server:\n\n```ts source=\"../examples/server-quickstart/src/index.ts#main\"\nasync function main() {\n const transport = new StdioServerTransport();\n await server.connect(transport);\n console.error('Weather MCP Server running on stdio');\n}\n\nmain().catch((error) => {\n console.error('Fatal error in main():', error);\n process.exit(1);\n});\n```\n\n> [!IMPORTANT]\n> Always use `console.error()` instead of `console.log()` in stdio-based MCP servers. Standard output is reserved for JSON-RPC protocol messages, and writing to it with `console.log()` will corrupt the communication channel.\n\nMake sure to run `npm run build` to build your server! This is a very important step in getting your server to connect.\n\nLet's now test your server from an existing MCP host.\n\n## Testing your server in VS Code\n\n[VS Code](https://code.visualstudio.com/) with [GitHub Copilot](https://github.com/features/copilot) can discover and invoke MCP tools via agent mode. [Copilot Free](https://github.com/features/copilot/plans) is sufficient to follow along.\n\n> [!NOTE]\n> Servers can connect to any client. We've chosen VS Code here for simplicity, but we also have a guide on [building your own client](./client-quickstart.md) as well as a [list of other clients here](https://modelcontextprotocol.io/clients).\n\n### Prerequisites\n\n1. Install [VS Code](https://code.visualstudio.com/) (version 1.99 or later).\n2. Install the **GitHub Copilot** extension from the VS Code Extensions marketplace.\n3. Sign in to your GitHub account when prompted.\n\n### Configure the MCP server\n\nCreate a `.vscode/mcp.json` file in your `weather` project root:\n\n```json\n{\n \"servers\": {\n \"weather\": {\n \"type\": \"stdio\",\n \"command\": \"node\",\n \"args\": [\"./build/index.js\"]\n }\n }\n}\n```\n\nVS Code may prompt you to trust the MCP server when it detects this file. If prompted, confirm to start the server.\n\nTo verify, run **MCP: List Servers** from the Command Palette (`Ctrl+Shift+P` / `Cmd+Shift+P`). The `weather` server should show a running status.\n\n### Use the tools\n\n1. Open **Copilot Chat** (`Ctrl+Alt+I` / `Ctrl+Cmd+I`).\n2. Select **Agent** mode from the mode selector at the top of the chat panel.\n3. Click the **Tools** button to confirm `get-alerts` and `get-forecast` appear.\n4. Try these prompts:\n - \"What's the weather in Sacramento?\"\n - \"What are the active weather alerts in Texas?\"\n\n> [!NOTE]\n> Since this is the US National Weather Service, the queries will only work for US locations.\n\n## What's happening under the hood\n\nWhen you ask a question:\n\n1. The client sends your question to the LLM\n2. The LLM analyzes the available tools and decides which one(s) to use\n3. The client executes the chosen tool(s) through the MCP server\n4. The results are sent back to the LLM\n5. The LLM formulates a natural language response\n6. The response is displayed to you\n\n## Troubleshooting\n\n
\nVS Code integration issues\n\n**Server not appearing or fails to start**\n\n1. Verify you have VS Code 1.99 or later (`Help > About`) and that GitHub Copilot is installed.\n2. Verify the server builds without errors: run `npm run build` in the `weather` directory.\n3. Test it manually: run `node build/index.js` — the process should start and wait for input. Press `Ctrl+C` to exit.\n4. Check the server logs: in **MCP: List Servers**, select the server and choose **Show Output**.\n5. If the `node` command is not found, use the full path to the Node binary.\n\n**Tools don't appear in Copilot Chat**\n\n1. Confirm you're in **Agent** mode (not Ask or Edit mode).\n2. Run **MCP: Reset Cached Tools** from the Command Palette, then recheck the **Tools** list.\n\n
\n\n
\nWeather API issues\n\n**Error: Failed to retrieve grid point data**\n\nThis usually means either:\n\n1. The coordinates are outside the US\n2. The NWS API is having issues\n3. You're being rate limited\n\nFix:\n\n- Verify you're using US coordinates\n- Add a small delay between requests\n- Check the NWS API status page\n\n**Error: No active alerts for [STATE]**\n\nThis isn't an error - it just means there are no current weather alerts for that state. Try a different state or check during severe weather.\n\n
\n\n## Next steps\n\nNow that your server is running locally, here are some ways to go further:\n\n- [**Server guide**](./server.md) — Add resources, prompts, logging, error handling, and remote transports to your server.\n- [**Example servers**](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/examples/server) — Browse runnable examples covering OAuth, streaming, sessions, and more.\n- [**FAQ**](./faq.md) — Troubleshoot common errors (Zod version conflicts, transport issues, etc.).\n" }, { "path": "docs/server.md", "content": "---\ntitle: Server Guide\n---\n\n# Server overview\n\nThis guide covers SDK usage for building MCP servers in TypeScript. For protocol-level details and message formats, see the [MCP specification](https://modelcontextprotocol.io/specification/latest/).\n\nBuilding a server takes three steps:\n\n1. Create an {@linkcode @modelcontextprotocol/server!server/mcp.McpServer | McpServer} and register your [tools, resources, and prompts](#tools-resources-and-prompts).\n2. Create a transport — [Streamable HTTP](#streamable-http) for remote servers or [stdio](#stdio) for local, process‑spawned integrations.\n3. Wire the transport into your HTTP framework (or use stdio directly) and call `server.connect(transport)`.\n\nThe sections below cover each of these. For a feature‑rich starting point, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) — remove what you don't need and register your own tools, resources, and prompts. For stateless or JSON‑response‑mode alternatives, see the examples linked in [Transports](#transports) below.\n\n## Transports\n\n### Streamable HTTP\n\nStreamable HTTP is the HTTP‑based transport. It supports:\n\n- Request/response over HTTP POST\n- Server‑to‑client notifications over SSE (when enabled)\n- Optional JSON‑only response mode with no SSE\n- Session management and resumability\n\nA minimal stateless server using `createMcpExpressApp()`, which includes [DNS rebinding protection](#dns-rebinding-protection) by default:\n\n```ts\nconst app = createMcpExpressApp();\n\napp.post('/mcp', async (req, res) => {\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: undefined // stateless\n });\n await server.connect(transport);\n await transport.handleRequest(req, res, req.body);\n});\n\napp.listen(3000, '127.0.0.1');\n```\n\nFor stateful servers with session management, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts).\n\n> [!NOTE]\n> For full runnable examples, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) (sessions, logging, tasks, elicitation, auth hooks), [`jsonResponseStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/jsonResponseStreamableHttp.ts) (`enableJsonResponse: true`, no SSE), and [`standaloneSseWithGetStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/standaloneSseWithGetStreamableHttp.ts) (notifications with Streamable HTTP GET + SSE).\n>\n> For protocol details, see [Transports](https://modelcontextprotocol.io/specification/latest/basic/transports) in the MCP specification.\n\n> [!WARNING]\n> If your server listens on localhost, use [`createMcpExpressApp()`](#dns-rebinding-protection) or [`createMcpHonoApp()`](#dns-rebinding-protection) instead of using `NodeStreamableHTTPServerTransport` directly — they include [DNS rebinding protection](#dns-rebinding-protection) by default.\n\n#### Stateless vs stateful sessions\n\nStreamable HTTP can run:\n\n- **Stateless** – no session tracking, ideal for simple API‑style servers.\n- **Stateful** – sessions have IDs, and you can enable resumability and advanced features.\n\nThe key difference is the `sessionIdGenerator` option. Pass `undefined` for stateless mode:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#streamableHttp_stateless\"\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\nconst transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n});\n\nawait server.connect(transport);\n```\n\n> [!NOTE]\n> For full runnable examples, see [`simpleStatelessStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStatelessStreamableHttp.ts) (stateless) and [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) (stateful with resumability).\n\n#### JSON response mode\n\nIf you do not need SSE streaming, set `enableJsonResponse: true`. The server will return plain JSON responses to every POST and reject GET requests with `405`:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#streamableHttp_jsonResponse\"\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\nconst transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n enableJsonResponse: true\n});\n\nawait server.connect(transport);\n```\n\n> [!NOTE]\n> For a full runnable example, see [`jsonResponseStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/jsonResponseStreamableHttp.ts).\n\n### stdio\n\nFor local, process‑spawned integrations (Claude Desktop, CLI tools), use {@linkcode @modelcontextprotocol/server!server/stdio.StdioServerTransport | StdioServerTransport}:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#stdio_basic\"\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\nconst transport = new StdioServerTransport();\nawait server.connect(transport);\n```\n\n## Tools, resources, and prompts\n\n### Tools\n\nTools let MCP clients ask your server to take actions. They are usually the main way that LLMs call into your application.\n\nA typical registration with {@linkcode @modelcontextprotocol/server!server/mcp.McpServer#registerTool | registerTool}:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerTool_basic\"\nserver.registerTool(\n 'calculate-bmi',\n {\n title: 'BMI Calculator',\n description: 'Calculate Body Mass Index',\n inputSchema: z.object({\n weightKg: z.number(),\n heightM: z.number()\n }),\n outputSchema: z.object({ bmi: z.number() })\n },\n async ({ weightKg, heightM }) => {\n const output = { bmi: weightKg / (heightM * heightM) };\n return {\n content: [{ type: 'text', text: JSON.stringify(output) }],\n structuredContent: output\n };\n }\n);\n```\n\n> [!NOTE]\n> For full runnable examples, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) and [`toolWithSampleServer.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/toolWithSampleServer.ts).\n>\n> For protocol details, see [Tools](https://modelcontextprotocol.io/specification/latest/server/tools) in the MCP specification.\n\n#### `ResourceLink` outputs\n\nTools can return `resource_link` content items to reference large resources without embedding them directly, allowing clients to fetch only what they need:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerTool_resourceLink\"\nserver.registerTool(\n 'list-files',\n {\n title: 'List Files',\n description: 'Returns files as resource links without embedding content'\n },\n async (): Promise => {\n const links: ResourceLink[] = [\n {\n type: 'resource_link',\n uri: 'file:///projects/readme.md',\n name: 'README',\n mimeType: 'text/markdown'\n },\n {\n type: 'resource_link',\n uri: 'file:///projects/config.json',\n name: 'Config',\n mimeType: 'application/json'\n }\n ];\n return { content: links };\n }\n);\n```\n\n> [!NOTE]\n> For a full runnable example with `ResourceLink` outputs, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts).\n\n#### Tool annotations\n\nTools can include annotations that hint at their behavior — for example, whether a tool is read‑only, destructive, or idempotent. Annotations help clients present tools appropriately without changing their execution semantics.\n\n> [!NOTE]\n> For tool annotations in a full server, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts).\n\n### Resources\n\nResources expose data to clients, but should not perform heavy computation or side‑effects. They are ideal for configuration, documents, or other reference data.\n\nA static resource at a fixed URI:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerResource_static\"\nserver.registerResource(\n 'config',\n 'config://app',\n {\n title: 'Application Config',\n description: 'Application configuration data',\n mimeType: 'text/plain'\n },\n async uri => ({\n contents: [{ uri: uri.href, text: 'App configuration here' }]\n })\n);\n```\n\nDynamic resources use {@linkcode @modelcontextprotocol/server!server/mcp.ResourceTemplate | ResourceTemplate} and can support completions on path parameters:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerResource_template\"\nserver.registerResource(\n 'user-profile',\n new ResourceTemplate('user://{userId}/profile', {\n list: async () => ({\n resources: [\n { uri: 'user://123/profile', name: 'Alice' },\n { uri: 'user://456/profile', name: 'Bob' }\n ]\n })\n }),\n {\n title: 'User Profile',\n description: 'User profile data',\n mimeType: 'application/json'\n },\n async (uri, { userId }) => ({\n contents: [\n {\n uri: uri.href,\n text: JSON.stringify({ userId, name: 'Example User' })\n }\n ]\n })\n);\n```\n\n> [!NOTE]\n> For full runnable examples of resources, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts).\n>\n> For protocol details, see [Resources](https://modelcontextprotocol.io/specification/latest/server/resources) in the MCP specification.\n\n### Prompts\n\nPrompts are reusable templates that help humans (or client UIs) talk to models in a consistent way. They are declared on the server and listed through MCP.\n\nA minimal prompt:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerPrompt_basic\"\nserver.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n description: 'Review code for best practices and potential issues',\n argsSchema: z.object({\n code: z.string()\n })\n },\n ({ code }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Please review this code:\\n\\n${code}`\n }\n }\n ]\n })\n);\n```\n\n> [!NOTE]\n> For prompts integrated into a full server, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts).\n>\n> For protocol details, see [Prompts](https://modelcontextprotocol.io/specification/latest/server/prompts) in the MCP specification.\n\n### Completions\n\nBoth prompts and resources can support argument completions. Wrap a field in the `argsSchema` with {@linkcode @modelcontextprotocol/server!server/completable.completable | completable()} to provide autocompletion suggestions:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerPrompt_completion\"\nserver.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n description: 'Review code for best practices',\n argsSchema: z.object({\n language: completable(z.string().describe('Programming language'), value =>\n ['typescript', 'javascript', 'python', 'rust', 'go'].filter(lang => lang.startsWith(value))\n )\n })\n },\n ({ language }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Review this ${language} code for best practices.`\n }\n }\n ]\n })\n);\n```\n\n### Logging\n\nUnlike tools, resources, and prompts, logging is not a registered primitive — it is a handler-level API available inside any callback. Use `ctx.mcpReq.log(level, data)` (from {@linkcode @modelcontextprotocol/server!index.ServerContext | ServerContext}) to send structured log messages to the client. The server must declare the `logging` capability:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#logging_capability\"\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n```\n\nThen log from any handler callback:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerTool_logging\"\nserver.registerTool(\n 'fetch-data',\n {\n description: 'Fetch data from an API',\n inputSchema: z.object({ url: z.string() })\n },\n async ({ url }, ctx): Promise => {\n await ctx.mcpReq.log('info', `Fetching ${url}`);\n const res = await fetch(url);\n await ctx.mcpReq.log('debug', `Response status: ${res.status}`);\n const text = await res.text();\n return { content: [{ type: 'text', text }] };\n }\n);\n```\n\n> [!NOTE]\n> For logging in a full server, see [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) and [`jsonResponseStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/jsonResponseStreamableHttp.ts).\n>\n> For protocol details, see [Logging](https://modelcontextprotocol.io/specification/latest/server/utilities/logging) in the MCP specification.\n\n## Server‑initiated requests\n\nMCP is bidirectional — servers can also send requests *to* the client during tool execution, as long as the client declares matching capabilities.\n\n### Sampling\n\nUse `ctx.mcpReq.requestSampling(params)` (from {@linkcode @modelcontextprotocol/server!index.ServerContext | ServerContext}) inside a tool handler to request an LLM completion from the connected client:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerTool_sampling\"\nserver.registerTool(\n 'summarize',\n {\n description: 'Summarize text using the client LLM',\n inputSchema: z.object({ text: z.string() })\n },\n async ({ text }, ctx): Promise => {\n const response = await ctx.mcpReq.requestSampling({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please summarize:\\n\\n${text}`\n }\n }\n ],\n maxTokens: 500\n });\n return {\n content: [\n {\n type: 'text',\n text: `Model (${response.model}): ${JSON.stringify(response.content)}`\n }\n ]\n };\n }\n);\n```\n\n> [!NOTE]\n> For a full runnable example, see [`toolWithSampleServer.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/toolWithSampleServer.ts).\n>\n> For protocol details, see [Sampling](https://modelcontextprotocol.io/specification/latest/client/sampling) in the MCP specification.\n\n### Elicitation\n\nUse `ctx.mcpReq.elicitInput(params)` (from {@linkcode @modelcontextprotocol/server!index.ServerContext | ServerContext}) inside a tool handler to request user input. Elicitation supports two modes:\n\n- **Form** (`mode: 'form'`) — collects **non‑sensitive** data via a schema‑driven form.\n- **URL** (`mode: 'url'`) — for sensitive data or secure web‑based flows (API keys, payments, OAuth). The client opens a URL in the browser.\n\n> [!IMPORTANT]\n> Sensitive information **must not** be collected via form elicitation; always use URL elicitation or out‑of‑band flows for secrets.\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#registerTool_elicitation\"\nserver.registerTool(\n 'collect-feedback',\n {\n description: 'Collect user feedback via a form',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n const result = await ctx.mcpReq.elicitInput({\n mode: 'form',\n message: 'Please share your feedback:',\n requestedSchema: {\n type: 'object',\n properties: {\n rating: {\n type: 'number',\n title: 'Rating (1\\u20135)',\n minimum: 1,\n maximum: 5\n },\n comment: { type: 'string', title: 'Comment' }\n },\n required: ['rating']\n }\n });\n if (result.action === 'accept') {\n return {\n content: [\n {\n type: 'text',\n text: `Thanks! ${JSON.stringify(result.content)}`\n }\n ]\n };\n }\n return { content: [{ type: 'text', text: 'Feedback declined.' }] };\n }\n);\n```\n\n> [!NOTE]\n> For runnable examples, see [`elicitationFormExample.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/elicitationFormExample.ts) (form mode) and [`elicitationUrlExample.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/elicitationUrlExample.ts) (URL mode).\n>\n> For protocol details, see [Elicitation](https://modelcontextprotocol.io/specification/latest/client/elicitation) in the MCP specification.\n\n## Tasks (experimental)\n\nTask-based execution enables \"call-now, fetch-later\" patterns for long-running operations. Instead of returning a result immediately, a tool creates a task that can be polled or resumed later. To use tasks:\n\n- Provide a {@linkcode @modelcontextprotocol/server!index.TaskStore | TaskStore} implementation that persists task metadata and results (see {@linkcode @modelcontextprotocol/server!index.InMemoryTaskStore | InMemoryTaskStore} for reference).\n- Enable the `tasks` capability when constructing the server.\n- Register tools with {@linkcode @modelcontextprotocol/server!experimental/tasks/mcpServer.ExperimentalMcpServerTasks#registerToolTask | server.experimental.tasks.registerToolTask(...)}.\n\n> [!NOTE]\n> For a full runnable example, see [`simpleTaskInteractive.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleTaskInteractive.ts).\n\n> [!WARNING]\n> The tasks API is experimental and may change without notice.\n\n## Deployment\n\n### DNS rebinding protection\n\nUnder normal circumstances, cross-origin browser restrictions limit what a malicious website can do to your localhost server. [DNS rebinding attacks](https://en.wikipedia.org/wiki/DNS_rebinding) get around those restrictions entirely by making the requests appear as same-origin, since the attacking domain resolves to localhost. Validating the host header on the server side protects against this scenario. **All localhost MCP servers should use DNS rebinding protection.**\n\nThe recommended approach is to use `createMcpExpressApp()` (from `@modelcontextprotocol/express`) or `createMcpHonoApp()` (from `@modelcontextprotocol/hono`), which enable Host header validation by default:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#dnsRebinding_basic\"\n// Default: DNS rebinding protection auto-enabled (host is 127.0.0.1)\nconst app = createMcpExpressApp();\n\n// DNS rebinding protection also auto-enabled for localhost\nconst appLocal = createMcpExpressApp({ host: 'localhost' });\n\n// No automatic protection when binding to all interfaces\nconst appOpen = createMcpExpressApp({ host: '0.0.0.0' });\n```\n\nWhen binding to `0.0.0.0` / `::`, provide an allow-list of hosts:\n\n```ts source=\"../examples/server/src/serverGuide.examples.ts#dnsRebinding_allowedHosts\"\nconst app = createMcpExpressApp({\n host: '0.0.0.0',\n allowedHosts: ['localhost', '127.0.0.1', 'myhost.local']\n});\n```\n\n`createMcpHonoApp()` from `@modelcontextprotocol/hono` provides the same protection for Hono-based servers and Web Standard runtimes (Cloudflare Workers, Deno, Bun).\n\nIf you use `NodeStreamableHTTPServerTransport` directly with your own HTTP framework, you must implement Host header validation yourself. See the [`hostHeaderValidation`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/packages/middleware/express/src/express.ts) middleware source for reference.\n\n## More server features\n\nThe sections above cover the essentials. The table below links to additional capabilities demonstrated in the runnable examples.\n\n| Feature | Description | Reference |\n|---------|-------------|-----------|\n| Web Standard transport | Deploy on Cloudflare Workers, Deno, or Bun | [`honoWebStandardStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/honoWebStandardStreamableHttp.ts) |\n| Session management | Per-session transport routing, initialization, and cleanup | [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) |\n| Resumability | Replay missed SSE events via an event store | [`inMemoryEventStore.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/inMemoryEventStore.ts) |\n| CORS | Expose MCP headers (`mcp-session-id`, etc.) for browser clients | [`simpleStreamableHttp.ts`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/src/simpleStreamableHttp.ts) |\n| Multi‑node deployment | Stateless, persistent‑storage, and distributed routing patterns | [`examples/server/README.md`](https://github.com/modelcontextprotocol/typescript-sdk/blob/main/examples/server/README.md#multi-node-deployment-patterns) |\n" }, { "path": "docs/v2-banner.js", "content": "document.addEventListener(\"DOMContentLoaded\", function () {\n var banner = document.createElement(\"div\");\n banner.innerHTML =\n \"This documents a pre-release version of the SDK. Expect breaking changes. For the stable SDK, see the V1 docs.\";\n banner.style.cssText =\n \"background:#fff3cd;color:#856404;border-bottom:1px solid #ffc107;padding:8px 16px;text-align:center;font-size:14px;\";\n banner.querySelector(\"a\").style.cssText = \"color:#856404;text-decoration:underline;\";\n document.body.insertBefore(banner, document.body.firstChild);\n});\n" }, { "path": "examples/client/README.md", "content": "# MCP TypeScript SDK Examples (Client)\n\nThis directory contains runnable MCP **client** examples built with `@modelcontextprotocol/client`.\n\nFor server examples, see [`../server/README.md`](../server/README.md). For guided docs, see [`../../docs/client.md`](../../docs/client.md).\n\n## Running examples\n\nFrom the repo root:\n\n```bash\npnpm install\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/simpleStreamableHttp.ts\n```\n\nOr, from within this package:\n\n```bash\ncd examples/client\npnpm tsx src/simpleStreamableHttp.ts\n```\n\nMost clients expect a server to be running. Start one from [`../server/README.md`](../server/README.md) (for example `src/simpleStreamableHttp.ts` in `examples/server`).\n\n## Example index\n\n| Scenario | Description | File |\n| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |\n| Interactive Streamable HTTP client | CLI client that exercises tools/resources/prompts, notifications, elicitation, and tasks. | [`src/simpleStreamableHttp.ts`](src/simpleStreamableHttp.ts) |\n| Backwards-compatible client (Streamable HTTP → SSE) | Tries Streamable HTTP first, falls back to legacy SSE on 4xx responses. | [`src/streamableHttpWithSseFallbackClient.ts`](src/streamableHttpWithSseFallbackClient.ts) |\n| SSE polling client (legacy) | Polls a legacy HTTP+SSE server and demonstrates notification handling. | [`src/ssePollingClient.ts`](src/ssePollingClient.ts) |\n| Parallel tool calls | Runs multiple tool calls in parallel. | [`src/parallelToolCallsClient.ts`](src/parallelToolCallsClient.ts) |\n| Multiple clients in parallel | Connects multiple clients concurrently to the same server. | [`src/multipleClientsParallel.ts`](src/multipleClientsParallel.ts) |\n| OAuth client (interactive) | OAuth-enabled client (dynamic registration, auth flow). | [`src/simpleOAuthClient.ts`](src/simpleOAuthClient.ts) |\n| OAuth provider helper | Demonstrates reusable OAuth providers. | [`src/simpleOAuthClientProvider.ts`](src/simpleOAuthClientProvider.ts) |\n| Client credentials (M2M) | Machine-to-machine OAuth client credentials example. | [`src/simpleClientCredentials.ts`](src/simpleClientCredentials.ts) |\n| URL elicitation client | Drives URL-mode elicitation flows (sensitive input in a browser). | [`src/elicitationUrlExample.ts`](src/elicitationUrlExample.ts) |\n| Task interactive client | Demonstrates task-based execution + interactive server→client requests. | [`src/simpleTaskInteractiveClient.ts`](src/simpleTaskInteractiveClient.ts) |\n\n## URL elicitation example (server + client)\n\nRun the server first:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/elicitationUrlExample.ts\n```\n\nThen run the client:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/elicitationUrlExample.ts\n```\n" }, { "path": "examples/client/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n files: ['src/**/*.{ts,tsx,js,jsx,mts,cts}'],\n rules: {\n // Allow console statements in examples only\n 'no-console': 'off'\n }\n }\n];\n" }, { "path": "examples/client/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/examples-client\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build:esm && pnpm run build:cjs\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"start\": \"pnpm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"@modelcontextprotocol/client\": \"workspace:^\",\n \"ajv\": \"catalog:runtimeShared\",\n \"open\": \"^11.0.0\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/examples-shared\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"tsdown\": \"catalog:devTools\"\n }\n}\n" }, { "path": "examples/client/src/clientGuide.examples.ts", "content": "/**\n * Type-checked examples for docs/client.md.\n *\n * Regions are synced into markdown code fences via `pnpm sync:snippets`.\n * Each function wraps a single region. The function name matches the region name.\n *\n * @module\n */\n\n//#region imports\nimport type { Prompt, Resource, Tool } from '@modelcontextprotocol/client';\nimport {\n applyMiddlewares,\n Client,\n ClientCredentialsProvider,\n createMiddleware,\n CrossAppAccessProvider,\n discoverAndRequestJwtAuthGrant,\n PrivateKeyJwtProvider,\n ProtocolError,\n SdkError,\n SdkErrorCode,\n SSEClientTransport,\n StdioClientTransport,\n StreamableHTTPClientTransport\n} from '@modelcontextprotocol/client';\n//#endregion imports\n\n// ---------------------------------------------------------------------------\n// Connecting to a server\n// ---------------------------------------------------------------------------\n\n/** Example: Streamable HTTP transport. */\nasync function connect_streamableHttp() {\n //#region connect_streamableHttp\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n\n const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'));\n\n await client.connect(transport);\n //#endregion connect_streamableHttp\n}\n\n/** Example: stdio transport for local process-spawned servers. */\nasync function connect_stdio() {\n //#region connect_stdio\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n\n const transport = new StdioClientTransport({\n command: 'node',\n args: ['server.js']\n });\n\n await client.connect(transport);\n //#endregion connect_stdio\n}\n\n/** Example: Try Streamable HTTP, fall back to legacy SSE. */\nasync function connect_sseFallback(url: string) {\n //#region connect_sseFallback\n const baseUrl = new URL(url);\n\n try {\n // Try modern Streamable HTTP transport first\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n } catch {\n // Fall back to legacy SSE transport\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new SSEClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n }\n //#endregion connect_sseFallback\n}\n\n// ---------------------------------------------------------------------------\n// Disconnecting\n// ---------------------------------------------------------------------------\n\n/** Example: Graceful disconnect for Streamable HTTP. */\nasync function disconnect_streamableHttp(client: Client, transport: StreamableHTTPClientTransport) {\n //#region disconnect_streamableHttp\n await transport.terminateSession(); // notify the server (recommended)\n await client.close();\n //#endregion disconnect_streamableHttp\n}\n\n// ---------------------------------------------------------------------------\n// Server instructions\n// ---------------------------------------------------------------------------\n\n/** Example: Access server instructions after connecting. */\nasync function serverInstructions_basic(client: Client) {\n //#region serverInstructions_basic\n const instructions = client.getInstructions();\n\n const systemPrompt = ['You are a helpful assistant.', instructions].filter(Boolean).join('\\n\\n');\n\n console.log(systemPrompt);\n //#endregion serverInstructions_basic\n}\n\n// ---------------------------------------------------------------------------\n// Authentication\n// ---------------------------------------------------------------------------\n\n/** Example: Client credentials auth for service-to-service communication. */\nasync function auth_clientCredentials() {\n //#region auth_clientCredentials\n const authProvider = new ClientCredentialsProvider({\n clientId: 'my-service',\n clientSecret: 'my-secret'\n });\n\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n\n const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n\n await client.connect(transport);\n //#endregion auth_clientCredentials\n}\n\n/** Example: Private key JWT auth. */\nasync function auth_privateKeyJwt(pemEncodedKey: string) {\n //#region auth_privateKeyJwt\n const authProvider = new PrivateKeyJwtProvider({\n clientId: 'my-service',\n privateKey: pemEncodedKey,\n algorithm: 'RS256'\n });\n\n const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n //#endregion auth_privateKeyJwt\n return transport;\n}\n\n/** Example: Cross-App Access (SEP-990 Enterprise Managed Authorization). */\nasync function auth_crossAppAccess(getIdToken: () => Promise) {\n //#region auth_crossAppAccess\n const authProvider = new CrossAppAccessProvider({\n assertion: async ctx => {\n // ctx provides: authorizationServerUrl, resourceUrl, scope, fetchFn\n const result = await discoverAndRequestJwtAuthGrant({\n idpUrl: 'https://idp.example.com',\n audience: ctx.authorizationServerUrl,\n resource: ctx.resourceUrl,\n idToken: await getIdToken(),\n clientId: 'my-idp-client',\n clientSecret: 'my-idp-secret',\n scope: ctx.scope,\n fetchFn: ctx.fetchFn\n });\n return result.jwtAuthGrant;\n },\n clientId: 'my-mcp-client',\n clientSecret: 'my-mcp-secret'\n });\n\n const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), { authProvider });\n //#endregion auth_crossAppAccess\n return transport;\n}\n\n// ---------------------------------------------------------------------------\n// Using server features\n// ---------------------------------------------------------------------------\n\n/** Example: List and call tools. */\nasync function callTool_basic(client: Client) {\n //#region callTool_basic\n const allTools: Tool[] = [];\n let toolCursor: string | undefined;\n do {\n const { tools, nextCursor } = await client.listTools({ cursor: toolCursor });\n allTools.push(...tools);\n toolCursor = nextCursor;\n } while (toolCursor);\n console.log(\n 'Available tools:',\n allTools.map(t => t.name)\n );\n\n const result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n });\n console.log(result.content);\n //#endregion callTool_basic\n}\n\n/** Example: Structured tool output. */\nasync function callTool_structuredOutput(client: Client) {\n //#region callTool_structuredOutput\n const result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n });\n\n // Machine-readable output for the client application\n if (result.structuredContent) {\n console.log(result.structuredContent); // e.g. { bmi: 22.86 }\n }\n //#endregion callTool_structuredOutput\n}\n\n/** Example: Track progress of a long-running tool call. */\nasync function callTool_progress(client: Client) {\n //#region callTool_progress\n const result = await client.callTool(\n { name: 'long-operation', arguments: {} },\n {\n onprogress: ({ progress, total }: { progress: number; total?: number }) => {\n console.log(`Progress: ${progress}/${total ?? '?'}`);\n },\n resetTimeoutOnProgress: true,\n maxTotalTimeout: 600_000\n }\n );\n console.log(result.content);\n //#endregion callTool_progress\n}\n\n/** Example: List and read resources. */\nasync function readResource_basic(client: Client) {\n //#region readResource_basic\n const allResources: Resource[] = [];\n let resourceCursor: string | undefined;\n do {\n const { resources, nextCursor } = await client.listResources({ cursor: resourceCursor });\n allResources.push(...resources);\n resourceCursor = nextCursor;\n } while (resourceCursor);\n console.log(\n 'Available resources:',\n allResources.map(r => r.name)\n );\n\n const { contents } = await client.readResource({ uri: 'config://app' });\n for (const item of contents) {\n console.log(item);\n }\n //#endregion readResource_basic\n}\n\n/** Example: Subscribe to resource changes. */\nasync function subscribeResource_basic(client: Client) {\n //#region subscribeResource_basic\n await client.subscribeResource({ uri: 'config://app' });\n\n client.setNotificationHandler('notifications/resources/updated', async notification => {\n if (notification.params.uri === 'config://app') {\n const { contents } = await client.readResource({ uri: 'config://app' });\n console.log('Config updated:', contents);\n }\n });\n\n // Later: stop receiving updates\n await client.unsubscribeResource({ uri: 'config://app' });\n //#endregion subscribeResource_basic\n}\n\n/** Example: List and get prompts. */\nasync function getPrompt_basic(client: Client) {\n //#region getPrompt_basic\n const allPrompts: Prompt[] = [];\n let promptCursor: string | undefined;\n do {\n const { prompts, nextCursor } = await client.listPrompts({ cursor: promptCursor });\n allPrompts.push(...prompts);\n promptCursor = nextCursor;\n } while (promptCursor);\n console.log(\n 'Available prompts:',\n allPrompts.map(p => p.name)\n );\n\n const { messages } = await client.getPrompt({\n name: 'review-code',\n arguments: { code: 'console.log(\"hello\")' }\n });\n console.log(messages);\n //#endregion getPrompt_basic\n}\n\n/** Example: Request argument completions. */\nasync function complete_basic(client: Client) {\n //#region complete_basic\n const { completion } = await client.complete({\n ref: {\n type: 'ref/prompt',\n name: 'review-code'\n },\n argument: {\n name: 'language',\n value: 'type'\n }\n });\n console.log(completion.values); // e.g. ['typescript']\n //#endregion complete_basic\n}\n\n// ---------------------------------------------------------------------------\n// Notifications\n// ---------------------------------------------------------------------------\n\n/** Example: Handle log messages and list-change notifications. */\nfunction notificationHandler_basic(client: Client) {\n //#region notificationHandler_basic\n // Server log messages (sent by the server during request processing)\n client.setNotificationHandler('notifications/message', notification => {\n const { level, data } = notification.params;\n console.log(`[${level}]`, data);\n });\n\n // Server's resource list changed — re-fetch the list\n client.setNotificationHandler('notifications/resources/list_changed', async () => {\n const { resources } = await client.listResources();\n console.log('Resources changed:', resources.length);\n });\n //#endregion notificationHandler_basic\n}\n\n/** Example: Control server log level. */\nasync function setLoggingLevel_basic(client: Client) {\n //#region setLoggingLevel_basic\n await client.setLoggingLevel('warning');\n //#endregion setLoggingLevel_basic\n}\n\n/** Example: Automatic list-change tracking via the listChanged option. */\nasync function listChanged_basic() {\n //#region listChanged_basic\n const client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n onChanged: (error, tools) => {\n if (error) {\n console.error('Failed to refresh tools:', error);\n return;\n }\n console.log('Tools updated:', tools);\n }\n },\n prompts: {\n onChanged: (error, prompts) => console.log('Prompts updated:', prompts)\n }\n }\n }\n );\n //#endregion listChanged_basic\n return client;\n}\n\n// ---------------------------------------------------------------------------\n// Handling server-initiated requests\n// ---------------------------------------------------------------------------\n\n/** Example: Declare client capabilities for sampling and elicitation. */\nfunction capabilities_declaration() {\n //#region capabilities_declaration\n const client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n capabilities: {\n sampling: {},\n elicitation: { form: {} }\n }\n }\n );\n //#endregion capabilities_declaration\n return client;\n}\n\n/** Example: Handle a sampling request from the server. */\nfunction sampling_handler(client: Client) {\n //#region sampling_handler\n client.setRequestHandler('sampling/createMessage', async request => {\n const lastMessage = request.params.messages.at(-1);\n console.log('Sampling request:', lastMessage);\n\n // In production, send messages to your LLM here\n return {\n model: 'my-model',\n role: 'assistant' as const,\n content: {\n type: 'text' as const,\n text: 'Response from the model'\n }\n };\n });\n //#endregion sampling_handler\n}\n\n/** Example: Handle an elicitation request from the server. */\nfunction elicitation_handler(client: Client) {\n //#region elicitation_handler\n client.setRequestHandler('elicitation/create', async request => {\n console.log('Server asks:', request.params.message);\n\n if (request.params.mode === 'form') {\n // Present the schema-driven form to the user\n console.log('Schema:', request.params.requestedSchema);\n return { action: 'accept', content: { confirm: true } };\n }\n\n return { action: 'decline' };\n });\n //#endregion elicitation_handler\n}\n\n/** Example: Expose filesystem roots to the server. */\nfunction roots_handler(client: Client) {\n //#region roots_handler\n client.setRequestHandler('roots/list', async () => {\n return {\n roots: [\n { uri: 'file:///home/user/projects/my-app', name: 'My App' },\n { uri: 'file:///home/user/data', name: 'Data' }\n ]\n };\n });\n //#endregion roots_handler\n}\n\n// ---------------------------------------------------------------------------\n// Error handling\n// ---------------------------------------------------------------------------\n\n/** Example: Tool errors vs protocol errors. */\nasync function errorHandling_toolErrors(client: Client) {\n //#region errorHandling_toolErrors\n try {\n const result = await client.callTool({\n name: 'fetch-data',\n arguments: { url: 'https://example.com' }\n });\n\n // Tool-level error: the tool ran but reported a problem\n if (result.isError) {\n console.error('Tool error:', result.content);\n return;\n }\n\n console.log('Success:', result.content);\n } catch (error) {\n // Protocol-level error: the request itself failed\n if (error instanceof ProtocolError) {\n console.error(`Protocol error ${error.code}: ${error.message}`);\n } else if (error instanceof SdkError) {\n console.error(`SDK error [${error.code}]: ${error.message}`);\n } else {\n throw error;\n }\n }\n //#endregion errorHandling_toolErrors\n}\n\n/** Example: Connection lifecycle callbacks. */\nfunction errorHandling_lifecycle(client: Client) {\n //#region errorHandling_lifecycle\n // Out-of-band errors (SSE disconnects, parse errors)\n client.onerror = error => {\n console.error('Transport error:', error.message);\n };\n\n // Connection closed (pending requests are rejected with CONNECTION_CLOSED)\n client.onclose = () => {\n console.log('Connection closed');\n };\n //#endregion errorHandling_lifecycle\n}\n\n/** Example: Custom timeouts. */\nasync function errorHandling_timeout(client: Client) {\n //#region errorHandling_timeout\n try {\n const result = await client.callTool(\n { name: 'slow-task', arguments: {} },\n { timeout: 120_000 } // 2 minutes instead of the default 60 seconds\n );\n console.log(result.content);\n } catch (error) {\n if (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) {\n console.error('Request timed out');\n }\n }\n //#endregion errorHandling_timeout\n}\n\n// ---------------------------------------------------------------------------\n// Advanced patterns\n// ---------------------------------------------------------------------------\n\n/** Example: Client middleware that adds a custom header. */\nasync function middleware_basic() {\n //#region middleware_basic\n const authMiddleware = createMiddleware(async (next, input, init) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Custom-Header', 'my-value');\n return next(input, { ...init, headers });\n });\n\n const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), {\n fetch: applyMiddlewares(authMiddleware)(fetch)\n });\n //#endregion middleware_basic\n return transport;\n}\n\n/** Example: Track resumption tokens for SSE reconnection. */\nasync function resumptionToken_basic(client: Client) {\n //#region resumptionToken_basic\n let lastToken: string | undefined;\n\n const result = await client.request(\n {\n method: 'tools/call',\n params: { name: 'long-running-task', arguments: {} }\n },\n {\n resumptionToken: lastToken,\n onresumptiontoken: (token: string) => {\n lastToken = token;\n // Persist token to survive restarts\n }\n }\n );\n console.log(result);\n //#endregion resumptionToken_basic\n}\n\n// Suppress unused-function warnings (functions exist solely for type-checking)\nvoid connect_streamableHttp;\nvoid connect_stdio;\nvoid connect_sseFallback;\nvoid disconnect_streamableHttp;\nvoid serverInstructions_basic;\nvoid auth_clientCredentials;\nvoid auth_privateKeyJwt;\nvoid auth_crossAppAccess;\nvoid callTool_basic;\nvoid callTool_structuredOutput;\nvoid callTool_progress;\nvoid readResource_basic;\nvoid subscribeResource_basic;\nvoid getPrompt_basic;\nvoid complete_basic;\nvoid notificationHandler_basic;\nvoid setLoggingLevel_basic;\nvoid listChanged_basic;\nvoid capabilities_declaration;\nvoid sampling_handler;\nvoid elicitation_handler;\nvoid roots_handler;\nvoid errorHandling_toolErrors;\nvoid errorHandling_lifecycle;\nvoid errorHandling_timeout;\nvoid middleware_basic;\nvoid resumptionToken_basic;\n" }, { "path": "examples/client/src/elicitationUrlExample.ts", "content": "// Run with: pnpm tsx src/elicitationUrlExample.ts\n//\n// This example demonstrates how to use URL elicitation to securely\n// collect user input in a remote (HTTP) server.\n// URL elicitation allows servers to prompt the end-user to open a URL in their browser\n// to collect sensitive information.\n\nimport { createServer } from 'node:http';\nimport { createInterface } from 'node:readline';\n\nimport type {\n ElicitRequest,\n ElicitRequestURLParams,\n ElicitResult,\n ListToolsRequest,\n OAuthClientMetadata,\n ResourceLink\n} from '@modelcontextprotocol/client';\nimport {\n Client,\n getDisplayName,\n ProtocolError,\n ProtocolErrorCode,\n StreamableHTTPClientTransport,\n UnauthorizedError,\n UrlElicitationRequiredError\n} from '@modelcontextprotocol/client';\nimport open from 'open';\n\nimport { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';\n\n// Set up OAuth (required for this example)\nconst OAUTH_CALLBACK_PORT = 8090; // Use different port than auth server (3001)\nconst OAUTH_CALLBACK_URL = `http://localhost:${OAUTH_CALLBACK_PORT}/callback`;\n\nconsole.log('Getting OAuth token...');\nconst clientMetadata: OAuthClientMetadata = {\n client_name: 'Elicitation MCP Client',\n redirect_uris: [OAUTH_CALLBACK_URL],\n grant_types: ['authorization_code', 'refresh_token'],\n response_types: ['code'],\n token_endpoint_auth_method: 'client_secret_post',\n scope: 'mcp:tools'\n};\nconst oauthProvider = new InMemoryOAuthClientProvider(OAUTH_CALLBACK_URL, clientMetadata, (redirectUrl: URL) => {\n console.log(`🌐 Opening browser for OAuth redirect: ${redirectUrl.toString()}`);\n openBrowser(redirectUrl.toString());\n});\n\n// Create readline interface for user input\nconst readline = createInterface({\n input: process.stdin,\n output: process.stdout\n});\nlet abortCommand = new AbortController();\n\n// Global client and transport for interactive commands\nlet client: Client | null = null;\nlet transport: StreamableHTTPClientTransport | null = null;\nlet serverUrl = 'http://localhost:3000/mcp';\nlet sessionId: string | undefined;\n\n// Elicitation queue management\ninterface QueuedElicitation {\n request: ElicitRequest;\n resolve: (result: ElicitResult) => void;\n reject: (error: Error) => void;\n}\n\nlet isProcessingCommand = false;\nlet isProcessingElicitations = false;\nconst elicitationQueue: QueuedElicitation[] = [];\nlet elicitationQueueSignal: (() => void) | null = null;\nlet elicitationsCompleteSignal: (() => void) | null = null;\n\n// Map to track pending URL elicitations waiting for completion notifications\nconst pendingURLElicitations = new Map<\n string,\n {\n resolve: () => void;\n reject: (error: Error) => void;\n timeout: NodeJS.Timeout;\n }\n>();\n\nasync function main(): Promise {\n console.log('MCP Interactive Client');\n console.log('=====================');\n\n // Connect to server immediately with default settings\n await connect();\n\n // Start the elicitation loop in the background\n elicitationLoop().catch(error => {\n console.error('Unexpected error in elicitation loop:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n });\n\n // Short delay allowing the server to send any SSE elicitations on connection\n await new Promise(resolve => setTimeout(resolve, 200));\n\n // Wait until we are done processing any initial elicitations\n await waitForElicitationsToComplete();\n\n // Print help and start the command loop\n printHelp();\n await commandLoop();\n}\n\nasync function waitForElicitationsToComplete(): Promise {\n // Wait until the queue is empty and nothing is being processed\n while (elicitationQueue.length > 0 || isProcessingElicitations) {\n await new Promise(resolve => setTimeout(resolve, 100));\n }\n}\n\nfunction printHelp(): void {\n console.log('\\nAvailable commands:');\n console.log(' connect [url] - Connect to MCP server (default: http://localhost:3000/mcp)');\n console.log(' disconnect - Disconnect from server');\n console.log(' terminate-session - Terminate the current session');\n console.log(' reconnect - Reconnect to the server');\n console.log(' list-tools - List available tools');\n console.log(' call-tool [args] - Call a tool with optional JSON arguments');\n console.log(' payment-confirm - Test URL elicitation via error response with payment-confirm tool');\n console.log(' third-party-auth - Test tool that requires third-party OAuth credentials');\n console.log(' help - Show this help');\n console.log(' quit - Exit the program');\n}\n\nasync function commandLoop(): Promise {\n await new Promise(resolve => {\n if (isProcessingElicitations) {\n elicitationsCompleteSignal = resolve;\n } else {\n resolve();\n }\n });\n\n readline.question('\\n> ', { signal: abortCommand.signal }, async input => {\n isProcessingCommand = true;\n\n const args = input.trim().split(/\\s+/);\n const command = args[0]?.toLowerCase();\n\n try {\n switch (command) {\n case 'connect': {\n await connect(args[1]);\n break;\n }\n\n case 'disconnect': {\n await disconnect();\n break;\n }\n\n case 'terminate-session': {\n await terminateSession();\n break;\n }\n\n case 'reconnect': {\n await reconnect();\n break;\n }\n\n case 'list-tools': {\n await listTools();\n break;\n }\n\n case 'call-tool': {\n if (args.length < 2) {\n console.log('Usage: call-tool [args]');\n } else {\n const toolName = args[1]!;\n let toolArgs = {};\n if (args.length > 2) {\n try {\n toolArgs = JSON.parse(args.slice(2).join(' '));\n } catch {\n console.log('Invalid JSON arguments. Using empty args.');\n }\n }\n await callTool(toolName, toolArgs);\n }\n break;\n }\n\n case 'payment-confirm': {\n await callPaymentConfirmTool();\n break;\n }\n\n case 'third-party-auth': {\n await callThirdPartyAuthTool();\n break;\n }\n\n case 'help': {\n printHelp();\n break;\n }\n\n case 'quit':\n case 'exit': {\n await cleanup();\n return;\n }\n\n default: {\n if (command) {\n console.log(`Unknown command: ${command}`);\n }\n break;\n }\n }\n } catch (error) {\n console.error(`Error executing command: ${error}`);\n } finally {\n isProcessingCommand = false;\n }\n\n // Process another command after we've processed the this one\n await commandLoop();\n });\n}\n\nasync function elicitationLoop(): Promise {\n while (true) {\n // Wait until we have elicitations to process\n await new Promise(resolve => {\n if (elicitationQueue.length > 0) {\n resolve();\n } else {\n elicitationQueueSignal = resolve;\n }\n });\n\n isProcessingElicitations = true;\n abortCommand.abort(); // Abort the command loop if it's running\n\n // Process all queued elicitations\n while (elicitationQueue.length > 0) {\n const queued = elicitationQueue.shift()!;\n console.log(`📤 Processing queued elicitation (${elicitationQueue.length} remaining)`);\n\n try {\n const result = await handleElicitationRequest(queued.request);\n queued.resolve(result);\n } catch (error) {\n queued.reject(error instanceof Error ? error : new Error(String(error)));\n }\n }\n\n console.log('✅ All queued elicitations processed. Resuming command loop...\\n');\n isProcessingElicitations = false;\n\n // Reset the abort controller for the next command loop\n abortCommand = new AbortController();\n\n // Resume the command loop\n if (elicitationsCompleteSignal) {\n elicitationsCompleteSignal();\n elicitationsCompleteSignal = null;\n }\n }\n}\n\nconst ALLOWED_SCHEMES = new Set(['http:', 'https:']);\n\nasync function openBrowser(url: string): Promise {\n try {\n const parsed = new URL(url);\n if (!ALLOWED_SCHEMES.has(parsed.protocol)) {\n console.error(`Refusing to open URL with unsupported scheme '${parsed.protocol}': ${url}`);\n return;\n }\n } catch {\n console.error(`Invalid URL: ${url}`);\n return;\n }\n\n try {\n await open(url);\n } catch {\n console.log(`Please manually open: ${url}`);\n }\n}\n\n/**\n * Enqueues an elicitation request and returns the result.\n *\n * This function is used so that our CLI (which can only handle one input request at a time)\n * can handle elicitation requests and the command loop.\n *\n * @param request - The elicitation request to be handled\n * @returns The elicitation result\n */\nasync function elicitationRequestHandler(request: ElicitRequest): Promise {\n // If we are processing a command, handle this elicitation immediately\n if (isProcessingCommand) {\n console.log('📋 Processing elicitation immediately (during command execution)');\n return await handleElicitationRequest(request);\n }\n\n // Otherwise, queue the request to be handled by the elicitation loop\n console.log(`📥 Queueing elicitation request (queue size will be: ${elicitationQueue.length + 1})`);\n\n return new Promise((resolve, reject) => {\n elicitationQueue.push({\n request,\n resolve,\n reject\n });\n\n // Signal the elicitation loop that there's work to do\n if (elicitationQueueSignal) {\n elicitationQueueSignal();\n elicitationQueueSignal = null;\n }\n });\n}\n\n/**\n * Handles an elicitation request.\n *\n * This function is used to handle the elicitation request and return the result.\n *\n * @param request - The elicitation request to be handled\n * @returns The elicitation result\n */\nasync function handleElicitationRequest(request: ElicitRequest): Promise {\n const mode = request.params.mode;\n console.log('\\n🔔 Elicitation Request Received:');\n console.log(`Mode: ${mode}`);\n\n if (mode === 'url') {\n return {\n action: await handleURLElicitation(request.params as ElicitRequestURLParams)\n };\n } else {\n // Should not happen because the client declares its capabilities to the server,\n // but being defensive is a good practice:\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Unsupported elicitation mode: ${mode}`);\n }\n}\n\n/**\n * Handles a URL elicitation by opening the URL in the browser.\n *\n * Note: This is a shared code for both request handlers and error handlers.\n * As a result of sharing schema, there is no big forking of logic for the client.\n *\n * @param params - The URL elicitation request parameters\n * @returns The action to take (accept, cancel, or decline)\n */\nasync function handleURLElicitation(params: ElicitRequestURLParams): Promise {\n const url = params.url;\n const elicitationId = params.elicitationId;\n const message = params.message;\n console.log(`🆔 Elicitation ID: ${elicitationId}`); // Print for illustration\n\n // Parse URL to show domain for security\n let domain = 'unknown domain';\n try {\n const parsedUrl = new URL(url);\n domain = parsedUrl.hostname;\n } catch {\n console.error('Invalid URL provided by server');\n return 'decline';\n }\n\n // Example security warning to help prevent phishing attacks\n console.log('\\n⚠️ \\u001B[33mSECURITY WARNING\\u001B[0m ⚠️');\n console.log('\\u001B[33mThe server is requesting you to open an external URL.\\u001B[0m');\n console.log('\\u001B[33mOnly proceed if you trust this server and understand why it needs this.\\u001B[0m\\n');\n console.log(`🌐 Target domain: \\u001B[36m${domain}\\u001B[0m`);\n console.log(`🔗 Full URL: \\u001B[36m${url}\\u001B[0m`);\n console.log(`\\nℹ️ Server's reason:\\n\\n\\u001B[36m${message}\\u001B[0m\\n`);\n\n // 1. Ask for user consent to open the URL\n const consent = await new Promise(resolve => {\n readline.question('\\nDo you want to open this URL in your browser? (y/n): ', input => {\n resolve(input.trim().toLowerCase());\n });\n });\n\n // 2. If user did not consent, return appropriate result\n if (consent === 'no' || consent === 'n') {\n console.log('❌ URL navigation declined.');\n return 'decline';\n } else if (consent !== 'yes' && consent !== 'y') {\n console.log('🚫 Invalid response. Cancelling elicitation.');\n return 'cancel';\n }\n\n // 3. Wait for completion notification in the background\n const completionPromise = new Promise((resolve, reject) => {\n const timeout = setTimeout(\n () => {\n pendingURLElicitations.delete(elicitationId);\n console.log(`\\u001B[31m❌ Elicitation ${elicitationId} timed out waiting for completion.\\u001B[0m`);\n reject(new Error('Elicitation completion timeout'));\n },\n 5 * 60 * 1000\n ); // 5 minute timeout\n\n pendingURLElicitations.set(elicitationId, {\n resolve: () => {\n clearTimeout(timeout);\n resolve();\n },\n reject,\n timeout\n });\n });\n\n completionPromise.catch(error => {\n console.error('Background completion wait failed:', error);\n });\n\n // 4. Open the URL in the browser\n console.log(`\\n🚀 Opening browser to: ${url}`);\n await openBrowser(url);\n\n console.log('\\n⏳ Waiting for you to complete the interaction in your browser...');\n console.log(' The server will send a notification once you complete the action.');\n\n // 5. Acknowledge the user accepted the elicitation\n return 'accept';\n}\n\n/**\n * Example OAuth callback handler - in production, use a more robust approach\n * for handling callbacks and storing tokens\n */\n/**\n * Starts a temporary HTTP server to receive the OAuth callback\n */\nasync function waitForOAuthCallback(): Promise {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n // Ignore favicon requests\n if (req.url === '/favicon.ico') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n console.log(`📥 Received callback: ${req.url}`);\n const parsedUrl = new URL(req.url || '', 'http://localhost');\n const code = parsedUrl.searchParams.get('code');\n const error = parsedUrl.searchParams.get('error');\n\n if (code) {\n console.log(`✅ Authorization code received: ${code?.slice(0, 10)}...`);\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(`\n \n \n

Authorization Successful!

\n

This simulates successful authorization of the MCP client, which now has an access token for the MCP server.

\n

This window will close automatically in 10 seconds.

\n \n \n \n `);\n\n resolve(code);\n setTimeout(() => server.close(), 15_000);\n } else if (error) {\n console.log(`❌ Authorization error: ${error}`);\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(`\n \n \n

Authorization Failed

\n

Error: ${error}

\n \n \n `);\n reject(new Error(`OAuth authorization failed: ${error}`));\n } else {\n console.log(`❌ No authorization code or error in callback`);\n res.writeHead(400);\n res.end('Bad request');\n reject(new Error('No authorization code provided'));\n }\n });\n\n server.listen(OAUTH_CALLBACK_PORT, () => {\n console.log(`OAuth callback server started on http://localhost:${OAUTH_CALLBACK_PORT}`);\n });\n });\n}\n\n/**\n * Attempts to connect to the MCP server with OAuth authentication.\n * Handles OAuth flow recursively if authorization is required.\n */\nasync function attemptConnection(oauthProvider: InMemoryOAuthClientProvider): Promise {\n console.log('🚢 Creating transport with OAuth provider...');\n const baseUrl = new URL(serverUrl);\n transport = new StreamableHTTPClientTransport(baseUrl, {\n sessionId: sessionId,\n authProvider: oauthProvider\n });\n console.log('🚢 Transport created');\n\n try {\n console.log('🔌 Attempting connection (this will trigger OAuth redirect if needed)...');\n await client!.connect(transport);\n sessionId = transport.sessionId;\n console.log('Transport created with session ID:', sessionId);\n console.log('✅ Connected successfully');\n } catch (error) {\n if (error instanceof UnauthorizedError) {\n console.log('🔐 OAuth required - waiting for authorization...');\n const callbackPromise = waitForOAuthCallback();\n const authCode = await callbackPromise;\n await transport.finishAuth(authCode);\n console.log('🔐 Authorization code received:', authCode);\n console.log('🔌 Reconnecting with authenticated transport...');\n // Recursively retry connection after OAuth completion\n await attemptConnection(oauthProvider);\n } else {\n console.error('❌ Connection failed with non-auth error:', error);\n throw error;\n }\n }\n}\n\nasync function connect(url?: string): Promise {\n if (client) {\n console.log('Already connected. Disconnect first.');\n return;\n }\n\n if (url) {\n serverUrl = url;\n }\n\n console.log(`🔗 Attempting to connect to ${serverUrl}...`);\n\n // Create a new client with elicitation capability\n console.log('👤 Creating MCP client...');\n client = new Client(\n {\n name: 'example-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {\n // Only URL elicitation is supported in this demo\n // (see server/elicitationExample.ts for a demo of form mode elicitation)\n url: {}\n }\n }\n }\n );\n console.log('👤 Client created');\n\n // Set up elicitation request handler with proper validation\n client.setRequestHandler('elicitation/create', elicitationRequestHandler);\n\n // Set up notification handler for elicitation completion\n client.setNotificationHandler('notifications/elicitation/complete', notification => {\n const { elicitationId } = notification.params;\n const pending = pendingURLElicitations.get(elicitationId);\n if (pending) {\n clearTimeout(pending.timeout);\n pendingURLElicitations.delete(elicitationId);\n console.log(`\\u001B[32m✅ Elicitation ${elicitationId} completed!\\u001B[0m`);\n pending.resolve();\n } else {\n // Shouldn't happen - discard it!\n console.warn(`Received completion notification for unknown elicitation: ${elicitationId}`);\n }\n });\n\n try {\n console.log('🔐 Starting OAuth flow...');\n await attemptConnection(oauthProvider!);\n console.log('Connected to MCP server');\n\n // Set up error handler after connection is established so we don't double log errors\n client.onerror = error => {\n console.error('\\u001B[31mClient error:', error, '\\u001B[0m');\n };\n } catch (error) {\n console.error('Failed to connect:', error);\n client = null;\n transport = null;\n return;\n }\n}\n\nasync function disconnect(): Promise {\n if (!client || !transport) {\n console.log('Not connected.');\n return;\n }\n\n try {\n await transport.close();\n console.log('Disconnected from MCP server');\n client = null;\n transport = null;\n } catch (error) {\n console.error('Error disconnecting:', error);\n }\n}\n\nasync function terminateSession(): Promise {\n if (!client || !transport) {\n console.log('Not connected.');\n return;\n }\n\n try {\n console.log('Terminating session with ID:', transport.sessionId);\n await transport.terminateSession();\n console.log('Session terminated successfully');\n\n // Check if sessionId was cleared after termination\n if (transport.sessionId) {\n console.log('Server responded with 405 Method Not Allowed (session termination not supported)');\n console.log('Session ID is still active:', transport.sessionId);\n } else {\n console.log('Session ID has been cleared');\n sessionId = undefined;\n\n // Also close the transport and clear client objects\n await transport.close();\n console.log('Transport closed after session termination');\n client = null;\n transport = null;\n }\n } catch (error) {\n console.error('Error terminating session:', error);\n }\n}\n\nasync function reconnect(): Promise {\n if (client) {\n await disconnect();\n }\n await connect();\n}\n\nasync function listTools(): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const toolsRequest: ListToolsRequest = {\n method: 'tools/list',\n params: {}\n };\n const toolsResult = await client.request(toolsRequest);\n\n console.log('Available tools:');\n if (toolsResult.tools.length === 0) {\n console.log(' No tools available');\n } else {\n for (const tool of toolsResult.tools) {\n console.log(` - id: ${tool.name}, name: ${getDisplayName(tool)}, description: ${tool.description}`);\n }\n }\n } catch (error) {\n console.log(`Tools not supported by this server (${error})`);\n }\n}\n\nasync function callTool(name: string, args: Record): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n console.log(`Calling tool '${name}' with args:`, args);\n const result = await client.callTool({ name, arguments: args });\n\n console.log('Tool result:');\n const resourceLinks: ResourceLink[] = [];\n\n for (const item of result.content) {\n switch (item.type) {\n case 'text': {\n console.log(` ${item.text}`);\n\n break;\n }\n case 'resource_link': {\n const resourceLink = item as ResourceLink;\n resourceLinks.push(resourceLink);\n console.log(` 📁 Resource Link: ${resourceLink.name}`);\n console.log(` URI: ${resourceLink.uri}`);\n if (resourceLink.mimeType) {\n console.log(` Type: ${resourceLink.mimeType}`);\n }\n if (resourceLink.description) {\n console.log(` Description: ${resourceLink.description}`);\n }\n\n break;\n }\n case 'resource': {\n console.log(` [Embedded Resource: ${item.resource.uri}]`);\n\n break;\n }\n case 'image': {\n console.log(` [Image: ${item.mimeType}]`);\n\n break;\n }\n case 'audio': {\n console.log(` [Audio: ${item.mimeType}]`);\n\n break;\n }\n default: {\n console.log(` [Unknown content type]:`, item);\n }\n }\n }\n\n // Offer to read resource links\n if (resourceLinks.length > 0) {\n console.log(`\\nFound ${resourceLinks.length} resource link(s). Use 'read-resource ' to read their content.`);\n }\n } catch (error) {\n if (error instanceof UrlElicitationRequiredError) {\n console.log('\\n🔔 Elicitation Required Error Received:');\n console.log(`Message: ${error.message}`);\n for (const e of error.elicitations) {\n await handleURLElicitation(e); // For the error handler, we discard the action result because we don't respond to an error response\n }\n return;\n }\n console.log(`Error calling tool ${name}: ${error}`);\n }\n}\n\nasync function cleanup(): Promise {\n if (client && transport) {\n try {\n // First try to terminate the session gracefully\n if (transport.sessionId) {\n try {\n console.log('Terminating session before exit...');\n await transport.terminateSession();\n console.log('Session terminated successfully');\n } catch (error) {\n console.error('Error terminating session:', error);\n }\n }\n\n // Then close the transport\n await transport.close();\n } catch (error) {\n console.error('Error closing transport:', error);\n }\n }\n\n process.stdin.setRawMode(false);\n readline.close();\n console.log('\\nGoodbye!');\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(0);\n}\n\nasync function callPaymentConfirmTool(): Promise {\n console.log('Calling payment-confirm tool...');\n await callTool('payment-confirm', { cartId: 'cart_123' });\n}\n\nasync function callThirdPartyAuthTool(): Promise {\n console.log('Calling third-party-auth tool...');\n await callTool('third-party-auth', { param1: 'test' });\n}\n\n// Set up raw mode for keyboard input to capture Escape key\nprocess.stdin.setRawMode(true);\nprocess.stdin.on('data', async data => {\n // Check for Escape key (27)\n if (data.length === 1 && data[0] === 27) {\n console.log('\\nESC key pressed. Disconnecting from server...');\n\n // Abort current operation and disconnect from server\n if (client && transport) {\n await disconnect();\n console.log('Disconnected. Press Enter to continue.');\n } else {\n console.log('Not connected to server.');\n }\n\n // Re-display the prompt\n process.stdout.write('> ');\n }\n});\n\n// Handle Ctrl+C\nprocess.on('SIGINT', async () => {\n console.log('\\nReceived SIGINT. Cleaning up...');\n await cleanup();\n});\n\n// Start the interactive client\ntry {\n await main();\n} catch (error) {\n console.error('Error running MCP client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/multipleClientsParallel.ts", "content": "import type { CallToolResult } from '@modelcontextprotocol/client';\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\n/**\n * Multiple Clients MCP Example\n *\n * This client demonstrates how to:\n * 1. Create multiple MCP clients in parallel\n * 2. Each client calls a single tool\n * 3. Track notifications from each client independently\n */\n\n// Command line args processing\nconst args = process.argv.slice(2);\nconst serverUrl = args[0] || 'http://localhost:3000/mcp';\n\ninterface ClientConfig {\n id: string;\n name: string;\n toolName: string;\n toolArguments: Record;\n}\n\nasync function createAndRunClient(config: ClientConfig): Promise<{ id: string; result: CallToolResult }> {\n console.log(`[${config.id}] Creating client: ${config.name}`);\n\n const client = new Client({\n name: config.name,\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n\n // Set up client-specific error handler\n client.onerror = error => {\n console.error(`[${config.id}] Client error:`, error);\n };\n\n // Set up client-specific notification handler\n client.setNotificationHandler('notifications/message', notification => {\n console.log(`[${config.id}] Notification: ${notification.params.data}`);\n });\n\n try {\n // Connect to the server\n await client.connect(transport);\n console.log(`[${config.id}] Connected to MCP server`);\n\n // Call the specified tool\n console.log(`[${config.id}] Calling tool: ${config.toolName}`);\n const result = await client.callTool({\n name: config.toolName,\n arguments: {\n ...config.toolArguments,\n // Add client ID to arguments for identification in notifications\n caller: config.id\n }\n });\n console.log(`[${config.id}] Tool call completed`);\n\n // Keep the connection open for a bit to receive notifications\n await new Promise(resolve => setTimeout(resolve, 5000));\n\n // Disconnect\n await transport.close();\n console.log(`[${config.id}] Disconnected from MCP server`);\n\n return { id: config.id, result };\n } catch (error) {\n console.error(`[${config.id}] Error:`, error);\n throw error;\n }\n}\n\nasync function main(): Promise {\n console.log('MCP Multiple Clients Example');\n console.log('============================');\n console.log(`Server URL: ${serverUrl}`);\n console.log('');\n\n try {\n // Define client configurations\n const clientConfigs: ClientConfig[] = [\n {\n id: 'client1',\n name: 'basic-client-1',\n toolName: 'start-notification-stream',\n toolArguments: {\n interval: 3, // 1 second between notifications\n count: 5 // Send 5 notifications\n }\n },\n {\n id: 'client2',\n name: 'basic-client-2',\n toolName: 'start-notification-stream',\n toolArguments: {\n interval: 2, // 2 seconds between notifications\n count: 3 // Send 3 notifications\n }\n },\n {\n id: 'client3',\n name: 'basic-client-3',\n toolName: 'start-notification-stream',\n toolArguments: {\n interval: 1, // 0.5 second between notifications\n count: 8 // Send 8 notifications\n }\n }\n ];\n\n // Start all clients in parallel\n console.log(`Starting ${clientConfigs.length} clients in parallel...`);\n console.log('');\n\n const clientPromises = clientConfigs.map(config => createAndRunClient(config));\n const results = await Promise.all(clientPromises);\n\n // Display results from all clients\n console.log('\\n=== Final Results ===');\n for (const { id, result } of results) {\n console.log(`\\n[${id}] Tool result:`);\n if (Array.isArray(result.content)) {\n for (const item of result.content) {\n if (item.type === 'text' && item.text) {\n console.log(` ${item.text}`);\n } else {\n console.log(` ${item.type} content:`, item);\n }\n }\n } else {\n console.log(` Unexpected result format:`, result);\n }\n }\n\n console.log('\\n=== All clients completed successfully ===');\n } catch (error) {\n console.error('Error running multiple clients:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n}\n\n// Start the example\ntry {\n await main();\n} catch (error) {\n console.error('Error running multiple clients:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/parallelToolCallsClient.ts", "content": "import type { CallToolResult, ListToolsRequest } from '@modelcontextprotocol/client';\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\n/**\n * Parallel Tool Calls MCP Client\n *\n * This client demonstrates how to:\n * 1. Start multiple tool calls in parallel\n * 2. Track notifications from each tool call using a caller parameter\n */\n\n// Command line args processing\nconst args = process.argv.slice(2);\nconst serverUrl = args[0] || 'http://localhost:3000/mcp';\n\nasync function main(): Promise {\n console.log('MCP Parallel Tool Calls Client');\n console.log('==============================');\n console.log(`Connecting to server at: ${serverUrl}`);\n\n let client: Client;\n let transport: StreamableHTTPClientTransport;\n\n try {\n // Create client with streamable HTTP transport\n client = new Client({\n name: 'parallel-tool-calls-client',\n version: '1.0.0'\n });\n\n client.onerror = error => {\n console.error('Client error:', error);\n };\n\n // Connect to the server\n transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n await client.connect(transport);\n console.log('Successfully connected to MCP server');\n\n // Set up notification handler with caller identification\n client.setNotificationHandler('notifications/message', notification => {\n console.log(`Notification: ${notification.params.data}`);\n });\n\n console.log('List tools');\n const toolsRequest = await listTools(client);\n console.log('Tools:', toolsRequest);\n\n // 2. Start multiple notification tools in parallel\n console.log('\\n=== Starting Multiple Notification Streams in Parallel ===');\n const toolResults = await startParallelNotificationTools(client);\n\n // Log the results from each tool call\n for (const [caller, result] of Object.entries(toolResults)) {\n console.log(`\\n=== Tool result for ${caller} ===`);\n for (const item of result.content) {\n if (item.type === 'text') {\n console.log(` ${item.text}`);\n } else {\n console.log(` ${item.type} content:`, item);\n }\n }\n }\n\n // 3. Wait for all notifications (10 seconds)\n console.log('\\n=== Waiting for all notifications ===');\n await new Promise(resolve => setTimeout(resolve, 10_000));\n\n // 4. Disconnect\n console.log('\\n=== Disconnecting ===');\n await transport.close();\n console.log('Disconnected from MCP server');\n } catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n}\n\n/**\n * List available tools on the server\n */\nasync function listTools(client: Client): Promise {\n try {\n const toolsRequest: ListToolsRequest = {\n method: 'tools/list',\n params: {}\n };\n const toolsResult = await client.request(toolsRequest);\n\n console.log('Available tools:');\n if (toolsResult.tools.length === 0) {\n console.log(' No tools available');\n } else {\n for (const tool of toolsResult.tools) {\n console.log(` - ${tool.name}: ${tool.description}`);\n }\n }\n } catch (error) {\n console.log(`Tools not supported by this server: ${error}`);\n }\n}\n\n/**\n * Start multiple notification tools in parallel with different configurations\n * Each tool call includes a caller parameter to identify its notifications\n */\nasync function startParallelNotificationTools(client: Client): Promise> {\n try {\n // Define multiple tool calls with different configurations\n const toolCalls = [\n {\n caller: 'fast-notifier',\n args: {\n interval: 2, // 0.5 second between notifications\n count: 10, // Send 10 notifications\n caller: 'fast-notifier' // Identify this tool call\n }\n },\n {\n caller: 'slow-notifier',\n args: {\n interval: 5, // 2 seconds between notifications\n count: 5, // Send 5 notifications\n caller: 'slow-notifier' // Identify this tool call\n }\n },\n {\n caller: 'burst-notifier',\n args: {\n interval: 1, // 0.1 second between notifications\n count: 3, // Send just 3 notifications\n caller: 'burst-notifier' // Identify this tool call\n }\n }\n ];\n\n console.log(`Starting ${toolCalls.length} notification tools in parallel...`);\n\n // Start all tool calls in parallel\n const toolPromises = toolCalls.map(({ caller, args }) => {\n console.log(`Starting tool call for ${caller}...`);\n return client\n .callTool({ name: 'start-notification-stream', arguments: args })\n .then(result => ({ caller, result }))\n .catch(error => {\n console.error(`Error in tool call for ${caller}:`, error);\n throw error;\n });\n });\n\n // Wait for all tool calls to complete\n const results = await Promise.all(toolPromises);\n\n // Organize results by caller\n const resultsByTool: Record = {};\n for (const { caller, result } of results) {\n resultsByTool[caller] = result;\n }\n\n return resultsByTool;\n } catch (error) {\n console.error(`Error starting parallel notification tools:`, error);\n throw error;\n }\n}\n\ntry {\n // Run the client\n await main();\n} catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/simpleClientCredentials.ts", "content": "#!/usr/bin/env node\n\n/**\n * Example demonstrating client_credentials grant for machine-to-machine authentication.\n *\n * Supports two authentication methods based on environment variables:\n *\n * 1. client_secret_basic (default):\n * MCP_CLIENT_ID - OAuth client ID (required)\n * MCP_CLIENT_SECRET - OAuth client secret (required)\n *\n * 2. private_key_jwt (when MCP_CLIENT_PRIVATE_KEY_PEM is set):\n * MCP_CLIENT_ID - OAuth client ID (required)\n * MCP_CLIENT_PRIVATE_KEY_PEM - PEM-encoded private key for JWT signing (required)\n * MCP_CLIENT_ALGORITHM - Signing algorithm (default: RS256)\n *\n * Common:\n * MCP_SERVER_URL - Server URL (default: http://localhost:3000/mcp)\n */\n\nimport type { OAuthClientProvider } from '@modelcontextprotocol/client';\nimport { Client, ClientCredentialsProvider, PrivateKeyJwtProvider, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\nconst DEFAULT_SERVER_URL = process.env.MCP_SERVER_URL || 'http://localhost:3000/mcp';\n\nfunction createProvider(): OAuthClientProvider {\n const clientId = process.env.MCP_CLIENT_ID;\n if (!clientId) {\n console.error('MCP_CLIENT_ID environment variable is required');\n process.exit(1);\n }\n\n // If private key is provided, use private_key_jwt authentication\n const privateKeyPem = process.env.MCP_CLIENT_PRIVATE_KEY_PEM;\n if (privateKeyPem) {\n const algorithm = process.env.MCP_CLIENT_ALGORITHM || 'RS256';\n console.log('Using private_key_jwt authentication');\n return new PrivateKeyJwtProvider({\n clientId,\n privateKey: privateKeyPem,\n algorithm\n });\n }\n\n // Otherwise, use client_secret_basic authentication\n const clientSecret = process.env.MCP_CLIENT_SECRET;\n if (!clientSecret) {\n console.error('MCP_CLIENT_SECRET or MCP_CLIENT_PRIVATE_KEY_PEM environment variable is required');\n process.exit(1);\n }\n\n console.log('Using client_secret_basic authentication');\n return new ClientCredentialsProvider({\n clientId,\n clientSecret\n });\n}\n\nasync function main() {\n const provider = createProvider();\n\n const client = new Client({ name: 'client-credentials-example', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(DEFAULT_SERVER_URL), {\n authProvider: provider\n });\n\n await client.connect(transport);\n console.log('Connected successfully.');\n\n const tools = await client.listTools();\n console.log('Available tools:', tools.tools.map(t => t.name).join(', ') || '(none)');\n\n await transport.close();\n}\n\ntry {\n await main();\n} catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/simpleOAuthClient.ts", "content": "#!/usr/bin/env node\n\nimport { createServer } from 'node:http';\nimport { createInterface } from 'node:readline';\nimport { URL } from 'node:url';\n\nimport type { CallToolResult, ListToolsRequest, OAuthClientMetadata } from '@modelcontextprotocol/client';\nimport { Client, StreamableHTTPClientTransport, UnauthorizedError } from '@modelcontextprotocol/client';\nimport open from 'open';\n\nimport { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';\n\n// Configuration\nconst DEFAULT_SERVER_URL = 'http://localhost:3000/mcp';\nconst CALLBACK_PORT = 8090; // Use different port than auth server (3001)\nconst CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;\n\n/**\n * Interactive MCP client with OAuth authentication\n * Demonstrates the complete OAuth flow with browser-based authorization\n */\nclass InteractiveOAuthClient {\n private client: Client | null = null;\n private readonly rl = createInterface({\n input: process.stdin,\n output: process.stdout\n });\n\n constructor(\n private serverUrl: string,\n private clientMetadataUrl?: string\n ) {}\n\n /**\n * Prompts user for input via readline\n */\n private async question(query: string): Promise {\n return new Promise(resolve => {\n this.rl.question(query, resolve);\n });\n }\n\n /**\n * Opens the authorization URL in the user's default browser\n */\n private static readonly ALLOWED_SCHEMES = new Set(['http:', 'https:']);\n\n private async openBrowser(url: string): Promise {\n console.log(`🌐 Opening browser for authorization: ${url}`);\n\n try {\n const parsed = new URL(url);\n if (!InteractiveOAuthClient.ALLOWED_SCHEMES.has(parsed.protocol)) {\n console.error(`Refusing to open URL with unsupported scheme '${parsed.protocol}': ${url}`);\n return;\n }\n } catch {\n console.error(`Invalid URL: ${url}`);\n return;\n }\n\n try {\n await open(url);\n } catch {\n console.log(`Please manually open: ${url}`);\n }\n }\n /**\n * Example OAuth callback handler - in production, use a more robust approach\n * for handling callbacks and storing tokens\n */\n /**\n * Starts a temporary HTTP server to receive the OAuth callback\n */\n private async waitForOAuthCallback(): Promise {\n return new Promise((resolve, reject) => {\n const server = createServer((req, res) => {\n // Ignore favicon requests\n if (req.url === '/favicon.ico') {\n res.writeHead(404);\n res.end();\n return;\n }\n\n console.log(`📥 Received callback: ${req.url}`);\n const parsedUrl = new URL(req.url || '', 'http://localhost');\n const code = parsedUrl.searchParams.get('code');\n const error = parsedUrl.searchParams.get('error');\n\n if (code) {\n console.log(`✅ Authorization code received: ${code?.slice(0, 10)}...`);\n res.writeHead(200, { 'Content-Type': 'text/html' });\n res.end(`\n \n \n

Authorization Successful!

\n

You can close this window and return to the terminal.

\n \n \n \n `);\n\n resolve(code);\n setTimeout(() => server.close(), 3000);\n } else if (error) {\n console.log(`❌ Authorization error: ${error}`);\n res.writeHead(400, { 'Content-Type': 'text/html' });\n res.end(`\n \n \n

Authorization Failed

\n

Error: ${error}

\n \n \n `);\n reject(new Error(`OAuth authorization failed: ${error}`));\n } else {\n console.log(`❌ No authorization code or error in callback`);\n res.writeHead(400);\n res.end('Bad request');\n reject(new Error('No authorization code provided'));\n }\n });\n\n server.listen(CALLBACK_PORT, () => {\n console.log(`OAuth callback server started on http://localhost:${CALLBACK_PORT}`);\n });\n });\n }\n\n private async attemptConnection(oauthProvider: InMemoryOAuthClientProvider): Promise {\n console.log('🚢 Creating transport with OAuth provider...');\n const baseUrl = new URL(this.serverUrl);\n const transport = new StreamableHTTPClientTransport(baseUrl, {\n authProvider: oauthProvider\n });\n console.log('🚢 Transport created');\n\n try {\n console.log('🔌 Attempting connection (this will trigger OAuth redirect)...');\n await this.client!.connect(transport);\n console.log('✅ Connected successfully');\n } catch (error) {\n if (error instanceof UnauthorizedError) {\n console.log('🔐 OAuth required - waiting for authorization...');\n const callbackPromise = this.waitForOAuthCallback();\n const authCode = await callbackPromise;\n await transport.finishAuth(authCode);\n console.log('🔐 Authorization code received:', authCode);\n console.log('🔌 Reconnecting with authenticated transport...');\n await this.attemptConnection(oauthProvider);\n } else {\n console.error('❌ Connection failed with non-auth error:', error);\n throw error;\n }\n }\n }\n\n /**\n * Establishes connection to the MCP server with OAuth authentication\n */\n async connect(): Promise {\n console.log(`🔗 Attempting to connect to ${this.serverUrl}...`);\n\n const clientMetadata: OAuthClientMetadata = {\n client_name: 'Simple OAuth MCP Client',\n redirect_uris: [CALLBACK_URL],\n grant_types: ['authorization_code', 'refresh_token'],\n response_types: ['code'],\n token_endpoint_auth_method: 'client_secret_post'\n };\n\n console.log('🔐 Creating OAuth provider...');\n const oauthProvider = new InMemoryOAuthClientProvider(\n CALLBACK_URL,\n clientMetadata,\n (redirectUrl: URL) => {\n console.log(`📌 OAuth redirect handler called - opening browser`);\n console.log(`Opening browser to: ${redirectUrl.toString()}`);\n this.openBrowser(redirectUrl.toString());\n },\n this.clientMetadataUrl\n );\n console.log('🔐 OAuth provider created');\n\n console.log('👤 Creating MCP client...');\n this.client = new Client(\n {\n name: 'simple-oauth-client',\n version: '1.0.0'\n },\n { capabilities: {} }\n );\n console.log('👤 Client created');\n\n console.log('🔐 Starting OAuth flow...');\n\n await this.attemptConnection(oauthProvider);\n\n // Start interactive loop\n await this.interactiveLoop();\n }\n\n /**\n * Main interactive loop for user commands\n */\n async interactiveLoop(): Promise {\n console.log('\\n🎯 Interactive MCP Client with OAuth');\n console.log('Commands:');\n console.log(' list - List available tools');\n console.log(' call [args] - Call a tool');\n console.log(' stream [args] - Call a tool with streaming (shows task status)');\n console.log(' quit - Exit the client');\n console.log();\n\n while (true) {\n try {\n const command = await this.question('mcp> ');\n\n if (!command.trim()) {\n continue;\n }\n\n if (command === 'quit') {\n console.log('\\n👋 Goodbye!');\n this.close();\n process.exit(0);\n } else if (command === 'list') {\n await this.listTools();\n } else if (command.startsWith('call ')) {\n await this.handleCallTool(command);\n } else if (command.startsWith('stream ')) {\n await this.handleStreamTool(command);\n } else {\n console.log(\"❌ Unknown command. Try 'list', 'call ', 'stream ', or 'quit'\");\n }\n } catch (error) {\n if (error instanceof Error && error.message === 'SIGINT') {\n console.log('\\n\\n👋 Goodbye!');\n break;\n }\n console.error('❌ Error:', error);\n }\n }\n }\n\n private async listTools(): Promise {\n if (!this.client) {\n console.log('❌ Not connected to server');\n return;\n }\n\n try {\n const request: ListToolsRequest = {\n method: 'tools/list',\n params: {}\n };\n\n const result = await this.client.request(request);\n\n if (result.tools && result.tools.length > 0) {\n console.log('\\n📋 Available tools:');\n for (const [index, tool] of result.tools.entries()) {\n console.log(`${index + 1}. ${tool.name}`);\n if (tool.description) {\n console.log(` Description: ${tool.description}`);\n }\n console.log();\n }\n } else {\n console.log('No tools available');\n }\n } catch (error) {\n console.error('❌ Failed to list tools:', error);\n }\n }\n\n private async handleCallTool(command: string): Promise {\n const parts = command.split(/\\s+/);\n const toolName = parts[1];\n\n if (!toolName) {\n console.log('❌ Please specify a tool name');\n return;\n }\n\n // Parse arguments (simple JSON-like format)\n let toolArgs: Record = {};\n if (parts.length > 2) {\n const argsString = parts.slice(2).join(' ');\n try {\n toolArgs = JSON.parse(argsString);\n } catch {\n console.log('❌ Invalid arguments format (expected JSON)');\n return;\n }\n }\n\n await this.callTool(toolName, toolArgs);\n }\n\n private async callTool(toolName: string, toolArgs: Record): Promise {\n if (!this.client) {\n console.log('❌ Not connected to server');\n return;\n }\n\n try {\n const result = await this.client.callTool({\n name: toolName,\n arguments: toolArgs\n });\n\n console.log(`\\n🔧 Tool '${toolName}' result:`);\n if (result.content) {\n for (const content of result.content) {\n if (content.type === 'text') {\n console.log(content.text);\n } else {\n console.log(content);\n }\n }\n } else {\n console.log(result);\n }\n } catch (error) {\n console.error(`❌ Failed to call tool '${toolName}':`, error);\n }\n }\n\n private async handleStreamTool(command: string): Promise {\n const parts = command.split(/\\s+/);\n const toolName = parts[1];\n\n if (!toolName) {\n console.log('❌ Please specify a tool name');\n return;\n }\n\n // Parse arguments (simple JSON-like format)\n let toolArgs: Record = {};\n if (parts.length > 2) {\n const argsString = parts.slice(2).join(' ');\n try {\n toolArgs = JSON.parse(argsString);\n } catch {\n console.log('❌ Invalid arguments format (expected JSON)');\n return;\n }\n }\n\n await this.streamTool(toolName, toolArgs);\n }\n\n private async streamTool(toolName: string, toolArgs: Record): Promise {\n if (!this.client) {\n console.log('❌ Not connected to server');\n return;\n }\n\n try {\n // Using the experimental tasks API - WARNING: may change without notice\n console.log(`\\n🔧 Streaming tool '${toolName}'...`);\n\n const stream = this.client.experimental.tasks.callToolStream(\n {\n name: toolName,\n arguments: toolArgs\n },\n {\n task: {\n taskId: `task-${Date.now()}`,\n ttl: 60_000\n }\n }\n );\n\n // Iterate through all messages yielded by the generator\n for await (const message of stream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log(`✓ Task created: ${message.task.taskId}`);\n break;\n }\n\n case 'taskStatus': {\n console.log(`⟳ Status: ${message.task.status}`);\n if (message.task.statusMessage) {\n console.log(` ${message.task.statusMessage}`);\n }\n break;\n }\n\n case 'result': {\n console.log('✓ Completed!');\n const toolResult = message.result as CallToolResult;\n for (const content of toolResult.content) {\n if (content.type === 'text') {\n console.log(content.text);\n } else {\n console.log(content);\n }\n }\n break;\n }\n\n case 'error': {\n console.log('✗ Error:');\n console.log(` ${message.error.message}`);\n break;\n }\n }\n }\n } catch (error) {\n console.error(`❌ Failed to stream tool '${toolName}':`, error);\n }\n }\n\n close(): void {\n this.rl.close();\n if (this.client) {\n // Note: Client doesn't have a close method in the current implementation\n // This would typically close the transport connection\n }\n }\n}\n\n/**\n * Main entry point\n */\nasync function main(): Promise {\n const args = process.argv.slice(2);\n const serverUrl = args[0] || DEFAULT_SERVER_URL;\n const clientMetadataUrl = args[1];\n\n console.log('🚀 Simple MCP OAuth Client');\n console.log(`Connecting to: ${serverUrl}`);\n if (clientMetadataUrl) {\n console.log(`Client Metadata URL: ${clientMetadataUrl}`);\n }\n console.log();\n\n const client = new InteractiveOAuthClient(serverUrl, clientMetadataUrl);\n\n // Handle graceful shutdown\n process.on('SIGINT', () => {\n console.log('\\n\\n👋 Goodbye!');\n client.close();\n process.exit(0);\n });\n\n try {\n await client.connect();\n } catch (error) {\n console.error('Failed to start client:', error);\n process.exit(1);\n } finally {\n client.close();\n }\n}\n\ntry {\n // Run if this file is executed directly\n await main();\n} catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/simpleOAuthClientProvider.ts", "content": "import type { OAuthClientInformationMixed, OAuthClientMetadata, OAuthClientProvider, OAuthTokens } from '@modelcontextprotocol/client';\n\n/**\n * In-memory OAuth client provider for demonstration purposes\n * In production, you should persist tokens securely\n */\nexport class InMemoryOAuthClientProvider implements OAuthClientProvider {\n private _clientInformation?: OAuthClientInformationMixed;\n private _tokens?: OAuthTokens;\n private _codeVerifier?: string;\n\n constructor(\n private readonly _redirectUrl: string | URL,\n private readonly _clientMetadata: OAuthClientMetadata,\n onRedirect?: (url: URL) => void,\n public readonly clientMetadataUrl?: string\n ) {\n this._onRedirect =\n onRedirect ||\n (url => {\n console.log(`Redirect to: ${url.toString()}`);\n });\n }\n\n private _onRedirect: (url: URL) => void;\n\n get redirectUrl(): string | URL {\n return this._redirectUrl;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n clientInformation(): OAuthClientInformationMixed | undefined {\n return this._clientInformation;\n }\n\n saveClientInformation(clientInformation: OAuthClientInformationMixed): void {\n this._clientInformation = clientInformation;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n redirectToAuthorization(authorizationUrl: URL): void {\n this._onRedirect(authorizationUrl);\n }\n\n saveCodeVerifier(codeVerifier: string): void {\n this._codeVerifier = codeVerifier;\n }\n\n codeVerifier(): string {\n if (!this._codeVerifier) {\n throw new Error('No code verifier saved');\n }\n return this._codeVerifier;\n }\n}\n" }, { "path": "examples/client/src/simpleStreamableHttp.ts", "content": "import { createInterface } from 'node:readline';\n\nimport type {\n CallToolResult,\n GetPromptRequest,\n ListPromptsRequest,\n ListResourcesRequest,\n ListToolsRequest,\n ReadResourceRequest,\n ResourceLink\n} from '@modelcontextprotocol/client';\nimport {\n Client,\n getDisplayName,\n InMemoryTaskStore,\n ProtocolError,\n ProtocolErrorCode,\n RELATED_TASK_META_KEY,\n StreamableHTTPClientTransport\n} from '@modelcontextprotocol/client';\nimport { Ajv } from 'ajv';\n\n// Create readline interface for user input\nconst readline = createInterface({\n input: process.stdin,\n output: process.stdout\n});\n\n// Track received notifications for debugging resumability\nlet notificationCount = 0;\n\n// Global client and transport for interactive commands\nlet client: Client | null = null;\nlet transport: StreamableHTTPClientTransport | null = null;\nlet serverUrl = 'http://localhost:3000/mcp';\nlet notificationsToolLastEventId: string | undefined;\nlet sessionId: string | undefined;\n\nasync function main(): Promise {\n console.log('MCP Interactive Client');\n console.log('=====================');\n\n // Connect to server immediately with default settings\n await connect();\n\n // Print help and start the command loop\n printHelp();\n commandLoop();\n}\n\nfunction printHelp(): void {\n console.log('\\nAvailable commands:');\n console.log(' connect [url] - Connect to MCP server (default: http://localhost:3000/mcp)');\n console.log(' disconnect - Disconnect from server');\n console.log(' terminate-session - Terminate the current session');\n console.log(' reconnect - Reconnect to the server');\n console.log(' list-tools - List available tools');\n console.log(' call-tool [args] - Call a tool with optional JSON arguments');\n console.log(' call-tool-task [args] - Call a tool with task-based execution (example: call-tool-task delay {\"duration\":3000})');\n console.log(' greet [name] - Call the greet tool');\n console.log(' multi-greet [name] - Call the multi-greet tool with notifications');\n console.log(' collect-info [type] - Test form elicitation with collect-user-info tool (contact/preferences/feedback)');\n console.log(' collect-info-task [type] - Test bidirectional task support (server+client tasks) with elicitation');\n console.log(' start-notifications [interval] [count] - Start periodic notifications');\n console.log(' run-notifications-tool-with-resumability [interval] [count] - Run notification tool with resumability');\n console.log(' list-prompts - List available prompts');\n console.log(' get-prompt [name] [args] - Get a prompt with optional JSON arguments');\n console.log(' list-resources - List available resources');\n console.log(' read-resource - Read a specific resource by URI');\n console.log(' help - Show this help');\n console.log(' quit - Exit the program');\n}\n\nfunction commandLoop(): void {\n readline.question('\\n> ', async input => {\n const args = input.trim().split(/\\s+/);\n const command = args[0]?.toLowerCase();\n\n try {\n switch (command) {\n case 'connect': {\n await connect(args[1]);\n break;\n }\n\n case 'disconnect': {\n await disconnect();\n break;\n }\n\n case 'terminate-session': {\n await terminateSession();\n break;\n }\n\n case 'reconnect': {\n await reconnect();\n break;\n }\n\n case 'list-tools': {\n await listTools();\n break;\n }\n\n case 'call-tool': {\n if (args.length < 2) {\n console.log('Usage: call-tool [args]');\n } else {\n const toolName = args[1]!;\n let toolArgs = {};\n if (args.length > 2) {\n try {\n toolArgs = JSON.parse(args.slice(2).join(' '));\n } catch {\n console.log('Invalid JSON arguments. Using empty args.');\n }\n }\n await callTool(toolName, toolArgs);\n }\n break;\n }\n\n case 'greet': {\n await callGreetTool(args[1] || 'MCP User');\n break;\n }\n\n case 'multi-greet': {\n await callMultiGreetTool(args[1] || 'MCP User');\n break;\n }\n\n case 'collect-info': {\n await callCollectInfoTool(args[1] || 'contact');\n break;\n }\n\n case 'collect-info-task': {\n await callCollectInfoWithTask(args[1] || 'contact');\n break;\n }\n\n case 'start-notifications': {\n const interval = args[1] ? Number.parseInt(args[1], 10) : 2000;\n const count = args[2] ? Number.parseInt(args[2], 10) : 10;\n await startNotifications(interval, count);\n break;\n }\n\n case 'run-notifications-tool-with-resumability': {\n const interval = args[1] ? Number.parseInt(args[1], 10) : 2000;\n const count = args[2] ? Number.parseInt(args[2], 10) : 10;\n await runNotificationsToolWithResumability(interval, count);\n break;\n }\n\n case 'call-tool-task': {\n if (args.length < 2) {\n console.log('Usage: call-tool-task [args]');\n } else {\n const toolName = args[1]!;\n let toolArgs = {};\n if (args.length > 2) {\n try {\n toolArgs = JSON.parse(args.slice(2).join(' '));\n } catch {\n console.log('Invalid JSON arguments. Using empty args.');\n }\n }\n await callToolTask(toolName, toolArgs);\n }\n break;\n }\n\n case 'list-prompts': {\n await listPrompts();\n break;\n }\n\n case 'get-prompt': {\n if (args.length < 2) {\n console.log('Usage: get-prompt [args]');\n } else {\n const promptName = args[1]!;\n let promptArgs = {};\n if (args.length > 2) {\n try {\n promptArgs = JSON.parse(args.slice(2).join(' '));\n } catch {\n console.log('Invalid JSON arguments. Using empty args.');\n }\n }\n await getPrompt(promptName, promptArgs);\n }\n break;\n }\n\n case 'list-resources': {\n await listResources();\n break;\n }\n\n case 'read-resource': {\n if (args.length < 2) {\n console.log('Usage: read-resource ');\n } else {\n await readResource(args[1]!);\n }\n break;\n }\n\n case 'help': {\n printHelp();\n break;\n }\n\n case 'quit':\n case 'exit': {\n await cleanup();\n return;\n }\n\n default: {\n if (command) {\n console.log(`Unknown command: ${command}`);\n }\n break;\n }\n }\n } catch (error) {\n console.error(`Error executing command: ${error}`);\n }\n\n // Continue the command loop\n commandLoop();\n });\n}\n\nasync function connect(url?: string): Promise {\n if (client) {\n console.log('Already connected. Disconnect first.');\n return;\n }\n\n if (url) {\n serverUrl = url;\n }\n\n console.log(`Connecting to ${serverUrl}...`);\n\n try {\n // Create task store for client-side task support\n const clientTaskStore = new InMemoryTaskStore();\n\n // Create a new client with form elicitation capability and task support\n client = new Client(\n {\n name: 'example-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n },\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n client.onerror = error => {\n console.error('\\u001B[31mClient error:', error, '\\u001B[0m');\n };\n\n // Set up elicitation request handler with proper validation and task support\n client.setRequestHandler('elicitation/create', async (request, extra) => {\n if (request.params.mode !== 'form') {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Unsupported elicitation mode: ${request.params.mode}`);\n }\n console.log('\\n🔔 Elicitation (form) Request Received:');\n console.log(`Message: ${request.params.message}`);\n console.log(`Related Task: ${request.params._meta?.[RELATED_TASK_META_KEY]?.taskId}`);\n console.log(`Task Creation Requested: ${request.params.task ? 'yes' : 'no'}`);\n console.log('Requested Schema:');\n console.log(JSON.stringify(request.params.requestedSchema, null, 2));\n\n // Helper to return result, optionally creating a task if requested\n const returnResult = async (result: {\n action: 'accept' | 'decline' | 'cancel';\n content?: Record;\n }) => {\n if (request.params.task && extra.task?.store) {\n // Create a task and store the result\n const task = await extra.task.store.createTask({ ttl: extra.task.requestedTtl });\n await extra.task.store.storeTaskResult(task.taskId, 'completed', result);\n console.log(`📋 Created client-side task: ${task.taskId}`);\n return { task };\n }\n return result;\n };\n\n const schema = request.params.requestedSchema;\n const properties = schema.properties;\n const required = schema.required || [];\n\n // Set up AJV validator for the requested schema\n const ajv = new Ajv();\n const validate = ajv.compile(schema);\n\n let attempts = 0;\n const maxAttempts = 3;\n\n while (attempts < maxAttempts) {\n attempts++;\n console.log(`\\nPlease provide the following information (attempt ${attempts}/${maxAttempts}):`);\n\n const content: Record = {};\n let inputCancelled = false;\n\n // Collect input for each field\n for (const [fieldName, fieldSchema] of Object.entries(properties)) {\n const field = fieldSchema as {\n type?: string;\n title?: string;\n description?: string;\n default?: unknown;\n enum?: string[];\n minimum?: number;\n maximum?: number;\n minLength?: number;\n maxLength?: number;\n format?: string;\n };\n\n const isRequired = required.includes(fieldName);\n let prompt = `${field.title || fieldName}`;\n\n // Add helpful information to the prompt\n if (field.description) {\n prompt += ` (${field.description})`;\n }\n if (field.enum) {\n prompt += ` [options: ${field.enum.join(', ')}]`;\n }\n if (field.type === 'number' || field.type === 'integer') {\n if (field.minimum !== undefined && field.maximum !== undefined) {\n prompt += ` [${field.minimum}-${field.maximum}]`;\n } else if (field.minimum !== undefined) {\n prompt += ` [min: ${field.minimum}]`;\n } else if (field.maximum !== undefined) {\n prompt += ` [max: ${field.maximum}]`;\n }\n }\n if (field.type === 'string' && field.format) {\n prompt += ` [format: ${field.format}]`;\n }\n if (isRequired) {\n prompt += ' *required*';\n }\n if (field.default !== undefined) {\n prompt += ` [default: ${field.default}]`;\n }\n\n prompt += ': ';\n\n const answer = await new Promise(resolve => {\n readline.question(prompt, input => {\n resolve(input.trim());\n });\n });\n\n // Check for cancellation\n if (answer.toLowerCase() === 'cancel' || answer.toLowerCase() === 'c') {\n inputCancelled = true;\n break;\n }\n\n // Parse and validate the input\n try {\n if (answer === '' && field.default !== undefined) {\n content[fieldName] = field.default as string | number | boolean | string[];\n } else if (answer === '' && !isRequired) {\n // Skip optional empty fields\n continue;\n } else if (answer === '') {\n throw new Error(`${fieldName} is required`);\n } else {\n // Parse the value based on type\n let parsedValue: unknown;\n\n switch (field.type) {\n case 'boolean': {\n parsedValue = answer.toLowerCase() === 'true' || answer.toLowerCase() === 'yes' || answer === '1';\n\n break;\n }\n case 'number': {\n parsedValue = Number.parseFloat(answer);\n if (Number.isNaN(parsedValue as number)) {\n throw new TypeError(`${fieldName} must be a valid number`);\n }\n\n break;\n }\n case 'integer': {\n parsedValue = Number.parseInt(answer, 10);\n if (Number.isNaN(parsedValue as number)) {\n throw new TypeError(`${fieldName} must be a valid integer`);\n }\n\n break;\n }\n default: {\n if (field.enum) {\n if (!field.enum.includes(answer)) {\n throw new Error(`${fieldName} must be one of: ${field.enum.join(', ')}`);\n }\n parsedValue = answer;\n } else {\n parsedValue = answer;\n }\n }\n }\n\n content[fieldName] = parsedValue as string | number | boolean | string[];\n }\n } catch (error) {\n console.log(`❌ Error: ${error}`);\n // Continue to next attempt\n break;\n }\n }\n\n if (inputCancelled) {\n return returnResult({ action: 'cancel' });\n }\n\n // If we didn't complete all fields due to an error, try again\n if (\n Object.keys(content).length !==\n Object.keys(properties).filter(name => required.includes(name) || content[name] !== undefined).length\n ) {\n if (attempts < maxAttempts) {\n console.log('Please try again...');\n continue;\n } else {\n console.log('Maximum attempts reached. Declining request.');\n return returnResult({ action: 'decline' });\n }\n }\n\n // Validate the complete object against the schema\n const isValid = validate(content);\n\n if (!isValid) {\n console.log('❌ Validation errors:');\n if (validate.errors)\n for (const error of validate.errors) {\n console.log(` - ${error.instancePath || 'root'}: ${error.message}`);\n }\n\n if (attempts < maxAttempts) {\n console.log('Please correct the errors and try again...');\n continue;\n } else {\n console.log('Maximum attempts reached. Declining request.');\n return returnResult({ action: 'decline' });\n }\n }\n\n // Show the collected data and ask for confirmation\n console.log('\\n✅ Collected data:');\n console.log(JSON.stringify(content, null, 2));\n\n const confirmAnswer = await new Promise(resolve => {\n readline.question('\\nSubmit this information? (yes/no/cancel): ', input => {\n resolve(input.trim().toLowerCase());\n });\n });\n\n switch (confirmAnswer) {\n case 'yes':\n case 'y': {\n return returnResult({\n action: 'accept',\n content\n });\n }\n case 'cancel':\n case 'c': {\n return returnResult({ action: 'cancel' });\n }\n case 'no':\n case 'n': {\n if (attempts < maxAttempts) {\n console.log('Please re-enter the information...');\n continue;\n } else {\n return returnResult({ action: 'decline' });\n }\n\n break;\n }\n // No default\n }\n }\n\n console.log('Maximum attempts reached. Declining request.');\n return returnResult({ action: 'decline' });\n });\n\n transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n sessionId: sessionId\n });\n\n // Set up notification handlers\n client.setNotificationHandler('notifications/message', notification => {\n notificationCount++;\n console.log(`\\nNotification #${notificationCount}: ${notification.params.level} - ${notification.params.data}`);\n // Re-display the prompt\n process.stdout.write('> ');\n });\n\n client.setNotificationHandler('notifications/resources/list_changed', async _ => {\n console.log(`\\nResource list changed notification received!`);\n try {\n if (!client) {\n console.log('Client disconnected, cannot fetch resources');\n return;\n }\n const resourcesResult = await client.request({\n method: 'resources/list',\n params: {}\n });\n console.log('Available resources count:', resourcesResult.resources.length);\n } catch {\n console.log('Failed to list resources after change notification');\n }\n // Re-display the prompt\n process.stdout.write('> ');\n });\n\n // Connect the client\n await client.connect(transport);\n sessionId = transport.sessionId;\n console.log('Transport created with session ID:', sessionId);\n console.log('Connected to MCP server');\n } catch (error) {\n console.error('Failed to connect:', error);\n client = null;\n transport = null;\n }\n}\n\nasync function disconnect(): Promise {\n if (!client || !transport) {\n console.log('Not connected.');\n return;\n }\n\n try {\n await transport.close();\n console.log('Disconnected from MCP server');\n client = null;\n transport = null;\n } catch (error) {\n console.error('Error disconnecting:', error);\n }\n}\n\nasync function terminateSession(): Promise {\n if (!client || !transport) {\n console.log('Not connected.');\n return;\n }\n\n try {\n console.log('Terminating session with ID:', transport.sessionId);\n await transport.terminateSession();\n console.log('Session terminated successfully');\n\n // Check if sessionId was cleared after termination\n if (transport.sessionId) {\n console.log('Server responded with 405 Method Not Allowed (session termination not supported)');\n console.log('Session ID is still active:', transport.sessionId);\n } else {\n console.log('Session ID has been cleared');\n sessionId = undefined;\n\n // Also close the transport and clear client objects\n await transport.close();\n console.log('Transport closed after session termination');\n client = null;\n transport = null;\n }\n } catch (error) {\n console.error('Error terminating session:', error);\n }\n}\n\nasync function reconnect(): Promise {\n if (client) {\n await disconnect();\n }\n await connect();\n}\n\nasync function listTools(): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const toolsRequest: ListToolsRequest = {\n method: 'tools/list',\n params: {}\n };\n const toolsResult = await client.request(toolsRequest);\n\n console.log('Available tools:');\n if (toolsResult.tools.length === 0) {\n console.log(' No tools available');\n } else {\n for (const tool of toolsResult.tools) {\n console.log(` - id: ${tool.name}, name: ${getDisplayName(tool)}, description: ${tool.description}`);\n }\n }\n } catch (error) {\n console.log(`Tools not supported by this server (${error})`);\n }\n}\n\nasync function callTool(name: string, args: Record): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n console.log(`Calling tool '${name}' with args:`, args);\n const result = await client.callTool({ name, arguments: args });\n\n console.log('Tool result:');\n const resourceLinks: ResourceLink[] = [];\n\n for (const item of result.content) {\n switch (item.type) {\n case 'text': {\n console.log(` ${item.text}`);\n\n break;\n }\n case 'resource_link': {\n const resourceLink = item as ResourceLink;\n resourceLinks.push(resourceLink);\n console.log(` 📁 Resource Link: ${resourceLink.name}`);\n console.log(` URI: ${resourceLink.uri}`);\n if (resourceLink.mimeType) {\n console.log(` Type: ${resourceLink.mimeType}`);\n }\n if (resourceLink.description) {\n console.log(` Description: ${resourceLink.description}`);\n }\n\n break;\n }\n case 'resource': {\n console.log(` [Embedded Resource: ${item.resource.uri}]`);\n\n break;\n }\n case 'image': {\n console.log(` [Image: ${item.mimeType}]`);\n\n break;\n }\n case 'audio': {\n console.log(` [Audio: ${item.mimeType}]`);\n\n break;\n }\n default: {\n console.log(` [Unknown content type]:`, item);\n }\n }\n }\n\n // Offer to read resource links\n if (resourceLinks.length > 0) {\n console.log(`\\nFound ${resourceLinks.length} resource link(s). Use 'read-resource ' to read their content.`);\n }\n } catch (error) {\n console.log(`Error calling tool ${name}: ${error}`);\n }\n}\n\nasync function callGreetTool(name: string): Promise {\n await callTool('greet', { name });\n}\n\nasync function callMultiGreetTool(name: string): Promise {\n console.log('Calling multi-greet tool with notifications...');\n await callTool('multi-greet', { name });\n}\n\nasync function callCollectInfoTool(infoType: string): Promise {\n console.log(`Testing form elicitation with collect-user-info tool (${infoType})...`);\n await callTool('collect-user-info', { infoType });\n}\n\nasync function callCollectInfoWithTask(infoType: string): Promise {\n console.log(`\\n🔄 Testing bidirectional task support with collect-user-info-task tool (${infoType})...`);\n console.log('This will create a task on the server, which will elicit input and create a task on the client.\\n');\n await callToolTask('collect-user-info-task', { infoType });\n}\n\nasync function startNotifications(interval: number, count: number): Promise {\n console.log(`Starting notification stream: interval=${interval}ms, count=${count || 'unlimited'}`);\n await callTool('start-notification-stream', { interval, count });\n}\n\nasync function runNotificationsToolWithResumability(interval: number, count: number): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n console.log(`Starting notification stream with resumability: interval=${interval}ms, count=${count || 'unlimited'}`);\n console.log(`Using resumption token: ${notificationsToolLastEventId || 'none'}`);\n\n const onLastEventIdUpdate = (event: string) => {\n notificationsToolLastEventId = event;\n console.log(`Updated resumption token: ${event}`);\n };\n\n const result = await client.callTool(\n { name: 'start-notification-stream', arguments: { interval, count } },\n {\n resumptionToken: notificationsToolLastEventId,\n onresumptiontoken: onLastEventIdUpdate\n }\n );\n\n console.log('Tool result:');\n for (const item of result.content) {\n if (item.type === 'text') {\n console.log(` ${item.text}`);\n } else {\n console.log(` ${item.type} content:`, item);\n }\n }\n } catch (error) {\n console.log(`Error starting notification stream: ${error}`);\n }\n}\n\nasync function listPrompts(): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const promptsRequest: ListPromptsRequest = {\n method: 'prompts/list',\n params: {}\n };\n const promptsResult = await client.request(promptsRequest);\n console.log('Available prompts:');\n if (promptsResult.prompts.length === 0) {\n console.log(' No prompts available');\n } else {\n for (const prompt of promptsResult.prompts) {\n console.log(` - id: ${prompt.name}, name: ${getDisplayName(prompt)}, description: ${prompt.description}`);\n }\n }\n } catch (error) {\n console.log(`Prompts not supported by this server (${error})`);\n }\n}\n\nasync function getPrompt(name: string, args: Record): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const promptRequest: GetPromptRequest = {\n method: 'prompts/get',\n params: {\n name,\n arguments: args as Record\n }\n };\n\n const promptResult = await client.request(promptRequest);\n console.log('Prompt template:');\n for (const [index, msg] of promptResult.messages.entries()) {\n console.log(` [${index + 1}] ${msg.role}: ${msg.content.type === 'text' ? msg.content.text : JSON.stringify(msg.content)}`);\n }\n } catch (error) {\n console.log(`Error getting prompt ${name}: ${error}`);\n }\n}\n\nasync function listResources(): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const resourcesRequest: ListResourcesRequest = {\n method: 'resources/list',\n params: {}\n };\n const resourcesResult = await client.request(resourcesRequest);\n\n console.log('Available resources:');\n if (resourcesResult.resources.length === 0) {\n console.log(' No resources available');\n } else {\n for (const resource of resourcesResult.resources) {\n console.log(` - id: ${resource.name}, name: ${getDisplayName(resource)}, description: ${resource.uri}`);\n }\n }\n } catch (error) {\n console.log(`Resources not supported by this server (${error})`);\n }\n}\n\nasync function readResource(uri: string): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n try {\n const request: ReadResourceRequest = {\n method: 'resources/read',\n params: { uri }\n };\n\n console.log(`Reading resource: ${uri}`);\n const result = await client.request(request);\n\n console.log('Resource contents:');\n for (const content of result.contents) {\n console.log(` URI: ${content.uri}`);\n if (content.mimeType) {\n console.log(` Type: ${content.mimeType}`);\n }\n\n if ('text' in content && typeof content.text === 'string') {\n console.log(' Content:');\n console.log(' ---');\n console.log(\n content.text\n .split('\\n')\n .map((line: string) => ' ' + line)\n .join('\\n')\n );\n console.log(' ---');\n } else if ('blob' in content && typeof content.blob === 'string') {\n console.log(` [Binary data: ${content.blob.length} bytes]`);\n }\n }\n } catch (error) {\n console.log(`Error reading resource ${uri}: ${error}`);\n }\n}\n\nasync function callToolTask(name: string, args: Record): Promise {\n if (!client) {\n console.log('Not connected to server.');\n return;\n }\n\n console.log(`Calling tool '${name}' with task-based execution...`);\n console.log('Arguments:', args);\n\n // Use task-based execution - call now, fetch later\n // Using the experimental tasks API - WARNING: may change without notice\n console.log('This will return immediately while processing continues in the background...');\n\n try {\n // Call the tool with task metadata using streaming API\n const stream = client.experimental.tasks.callToolStream(\n {\n name,\n arguments: args\n },\n {\n task: {\n ttl: 60_000 // Keep results for 60 seconds\n }\n }\n );\n\n console.log('Waiting for task completion...');\n\n let lastStatus = '';\n for await (const message of stream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log('Task created successfully with ID:', message.task.taskId);\n break;\n }\n case 'taskStatus': {\n if (lastStatus !== message.task.status) {\n console.log(` ${message.task.status}${message.task.statusMessage ? ` - ${message.task.statusMessage}` : ''}`);\n }\n lastStatus = message.task.status;\n break;\n }\n case 'result': {\n console.log('Task completed!');\n console.log('Tool result:');\n const toolResult = message.result as CallToolResult;\n for (const item of toolResult.content) {\n if (item.type === 'text') {\n console.log(` ${item.text}`);\n }\n }\n break;\n }\n case 'error': {\n throw message.error;\n }\n }\n }\n } catch (error) {\n console.log(`Error with task-based execution: ${error}`);\n }\n}\n\nasync function cleanup(): Promise {\n if (client && transport) {\n try {\n // First try to terminate the session gracefully\n if (transport.sessionId) {\n try {\n console.log('Terminating session before exit...');\n await transport.terminateSession();\n console.log('Session terminated successfully');\n } catch (error) {\n console.error('Error terminating session:', error);\n }\n }\n\n // Then close the transport\n await transport.close();\n } catch (error) {\n console.error('Error closing transport:', error);\n }\n }\n\n process.stdin.setRawMode(false);\n readline.close();\n console.log('\\nGoodbye!');\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(0);\n}\n\n// Set up raw mode for keyboard input to capture Escape key\nprocess.stdin.setRawMode(true);\nprocess.stdin.on('data', async data => {\n // Check for Escape key (27)\n if (data.length === 1 && data[0] === 27) {\n console.log('\\nESC key pressed. Disconnecting from server...');\n\n // Abort current operation and disconnect from server\n if (client && transport) {\n await disconnect();\n console.log('Disconnected. Press Enter to continue.');\n } else {\n console.log('Not connected to server.');\n }\n\n // Re-display the prompt\n process.stdout.write('> ');\n }\n});\n\n// Handle Ctrl+C\nprocess.on('SIGINT', async () => {\n console.log('\\nReceived SIGINT. Cleaning up...');\n await cleanup();\n});\n\n// Start the interactive client\ntry {\n await main();\n} catch (error) {\n console.error('Error running MCP client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/simpleTaskInteractiveClient.ts", "content": "/**\n * Simple interactive task client demonstrating elicitation and sampling responses.\n *\n * This client connects to simpleTaskInteractive.ts server and demonstrates:\n * - Handling elicitation requests (y/n confirmation)\n * - Handling sampling requests (returns a hardcoded haiku)\n * - Using task-based tool execution with streaming\n */\n\nimport { createInterface } from 'node:readline';\n\nimport type { CallToolResult, CreateMessageRequest, CreateMessageResult, TextContent } from '@modelcontextprotocol/client';\nimport { Client, ProtocolError, ProtocolErrorCode, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\n// Create readline interface for user input\nconst readline = createInterface({\n input: process.stdin,\n output: process.stdout\n});\n\nfunction question(prompt: string): Promise {\n return new Promise(resolve => {\n readline.question(prompt, answer => {\n resolve(answer.trim());\n });\n });\n}\n\nfunction getTextContent(result: { content: Array<{ type: string; text?: string }> }): string {\n const textContent = result.content.find((c): c is TextContent => c.type === 'text');\n return textContent?.text ?? '(no text)';\n}\n\nasync function elicitationCallback(params: {\n mode?: string;\n message: string;\n requestedSchema?: object;\n}): Promise<{ action: 'accept' | 'cancel' | 'decline'; content?: Record }> {\n console.log(`\\n[Elicitation] Server asks: ${params.message}`);\n\n // Simple terminal prompt for y/n\n const response = await question('Your response (y/n): ');\n const confirmed = ['y', 'yes', 'true', '1'].includes(response.toLowerCase());\n\n console.log(`[Elicitation] Responding with: confirm=${confirmed}`);\n return { action: 'accept', content: { confirm: confirmed } };\n}\n\nasync function samplingCallback(params: CreateMessageRequest['params']): Promise {\n // Get the prompt from the first message\n let prompt = 'unknown';\n if (params.messages && params.messages.length > 0) {\n const firstMessage = params.messages[0]!;\n const content = firstMessage.content;\n if (typeof content === 'object' && !Array.isArray(content) && content.type === 'text' && 'text' in content) {\n prompt = content.text;\n } else if (Array.isArray(content)) {\n const textPart = content.find(c => c.type === 'text' && 'text' in c);\n if (textPart && 'text' in textPart) {\n prompt = textPart.text;\n }\n }\n }\n\n console.log(`\\n[Sampling] Server requests LLM completion for: ${prompt}`);\n\n // Return a hardcoded haiku (in real use, call your LLM here)\n const haiku = `Cherry blossoms fall\nSoftly on the quiet pond\nSpring whispers goodbye`;\n\n console.log('[Sampling] Responding with haiku');\n return {\n model: 'mock-haiku-model',\n role: 'assistant',\n content: { type: 'text', text: haiku }\n };\n}\n\nasync function run(url: string): Promise {\n console.log('Simple Task Interactive Client');\n console.log('==============================');\n console.log(`Connecting to ${url}...`);\n\n // Create client with elicitation and sampling capabilities\n const client = new Client(\n { name: 'simple-task-interactive-client', version: '1.0.0' },\n {\n capabilities: {\n elicitation: { form: {} },\n sampling: {}\n }\n }\n );\n\n // Set up elicitation request handler\n client.setRequestHandler('elicitation/create', async request => {\n if (request.params.mode && request.params.mode !== 'form') {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Unsupported elicitation mode: ${request.params.mode}`);\n }\n return elicitationCallback(request.params);\n });\n\n // Set up sampling request handler\n client.setRequestHandler('sampling/createMessage', async request => {\n return samplingCallback(request.params) as unknown as ReturnType;\n });\n\n // Connect to server\n const transport = new StreamableHTTPClientTransport(new URL(url));\n await client.connect(transport);\n console.log('Connected!\\n');\n\n // List tools\n const toolsResult = await client.listTools();\n console.log(`Available tools: ${toolsResult.tools.map(t => t.name).join(', ')}`);\n\n // Demo 1: Elicitation (confirm_delete)\n console.log('\\n--- Demo 1: Elicitation ---');\n console.log('Calling confirm_delete tool...');\n\n const confirmStream = client.experimental.tasks.callToolStream(\n { name: 'confirm_delete', arguments: { filename: 'important.txt' } },\n { task: { ttl: 60_000 } }\n );\n\n for await (const message of confirmStream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log(`Task created: ${message.task.taskId}`);\n break;\n }\n case 'taskStatus': {\n console.log(`Task status: ${message.task.status}`);\n break;\n }\n case 'result': {\n const toolResult = message.result as CallToolResult;\n console.log(`Result: ${getTextContent(toolResult)}`);\n break;\n }\n case 'error': {\n console.error(`Error: ${message.error}`);\n break;\n }\n }\n }\n\n // Demo 2: Sampling (write_haiku)\n console.log('\\n--- Demo 2: Sampling ---');\n console.log('Calling write_haiku tool...');\n\n const haikuStream = client.experimental.tasks.callToolStream(\n { name: 'write_haiku', arguments: { topic: 'autumn leaves' } },\n { task: { ttl: 60_000 } }\n );\n\n for await (const message of haikuStream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log(`Task created: ${message.task.taskId}`);\n break;\n }\n case 'taskStatus': {\n console.log(`Task status: ${message.task.status}`);\n break;\n }\n case 'result': {\n const toolResult = message.result as CallToolResult;\n console.log(`Result:\\n${getTextContent(toolResult)}`);\n break;\n }\n case 'error': {\n console.error(`Error: ${message.error}`);\n break;\n }\n }\n }\n\n // Cleanup\n console.log('\\nDemo complete. Closing connection...');\n await transport.close();\n readline.close();\n}\n\n// Parse command line arguments\nconst args = process.argv.slice(2);\nlet url = 'http://localhost:8000/mcp';\n\nfor (let i = 0; i < args.length; i++) {\n if (args[i] === '--url' && args[i + 1]) {\n url = args[i + 1]!;\n i++;\n }\n}\n\n// Run the client\ntry {\n await run(url);\n} catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/ssePollingClient.ts", "content": "/**\n * SSE Polling Example Client (SEP-1699)\n *\n * This example demonstrates client-side behavior during server-initiated\n * SSE stream disconnection and automatic reconnection.\n *\n * Key features demonstrated:\n * - Automatic reconnection when server closes SSE stream\n * - Event replay via Last-Event-ID header\n * - Resumption token tracking via onresumptiontoken callback\n *\n * Run with: pnpm tsx src/ssePollingClient.ts\n * Requires: ssePollingExample.ts server running on port 3001\n */\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\nconst SERVER_URL = 'http://localhost:3001/mcp';\n\nasync function main(): Promise {\n console.log('SSE Polling Example Client');\n console.log('==========================');\n console.log(`Connecting to ${SERVER_URL}...`);\n console.log('');\n\n // Create transport with reconnection options\n const transport = new StreamableHTTPClientTransport(new URL(SERVER_URL), {\n // Use default reconnection options - SDK handles automatic reconnection\n });\n\n // Track the last event ID for debugging\n let lastEventId: string | undefined;\n\n // Set up transport error handler to observe disconnections\n // Filter out expected errors from SSE reconnection\n transport.onerror = error => {\n // Skip abort errors during intentional close\n if (error.message.includes('AbortError')) return;\n // Show SSE disconnect (expected when server closes stream)\n if (error.message.includes('Unexpected end of JSON')) {\n console.log('[Transport] SSE stream disconnected - client will auto-reconnect');\n return;\n }\n console.log(`[Transport] Error: ${error.message}`);\n };\n\n // Set up transport close handler\n transport.onclose = () => {\n console.log('[Transport] Connection closed');\n };\n\n // Create and connect client\n const client = new Client({\n name: 'sse-polling-client',\n version: '1.0.0'\n });\n\n // Set up notification handler to receive progress updates\n client.setNotificationHandler('notifications/message', notification => {\n const data = notification.params.data;\n console.log(`[Notification] ${data}`);\n });\n\n try {\n await client.connect(transport);\n console.log('[Client] Connected successfully');\n console.log('');\n\n // Call the long-task tool\n console.log('[Client] Calling long-task tool...');\n console.log('[Client] Server will disconnect mid-task to demonstrate polling');\n console.log('');\n\n const result = await client.request(\n {\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {}\n }\n },\n {\n // Track resumption tokens for debugging\n onresumptiontoken: token => {\n lastEventId = token;\n console.log(`[Event ID] ${token}`);\n }\n }\n );\n\n console.log('');\n console.log('[Client] Tool completed!');\n console.log(`[Result] ${JSON.stringify(result.content, null, 2)}`);\n console.log('');\n console.log(`[Debug] Final event ID: ${lastEventId}`);\n } catch (error) {\n console.error('[Error]', error);\n } finally {\n await transport.close();\n console.log('[Client] Disconnected');\n }\n}\n\ntry {\n await main();\n} catch (error) {\n console.error('Error running MCP client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/src/streamableHttpWithSseFallbackClient.ts", "content": "import type { ListToolsRequest } from '@modelcontextprotocol/client';\nimport { Client, SSEClientTransport, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\n\n/**\n * Simplified Backwards Compatible MCP Client\n *\n * This client demonstrates backward compatibility with both:\n * 1. Modern servers using Streamable HTTP transport (protocol version 2025-03-26)\n * 2. Older servers using HTTP+SSE transport (protocol version 2024-11-05)\n *\n * Following the MCP specification for backwards compatibility:\n * - Attempts to POST an initialize request to the server URL first (modern transport)\n * - If that fails with 4xx status, falls back to GET request for SSE stream (older transport)\n */\n\n// Command line args processing\nconst args = process.argv.slice(2);\nconst serverUrl = args[0] || 'http://localhost:3000/mcp';\n\nasync function main(): Promise {\n console.log('MCP Backwards Compatible Client');\n console.log('===============================');\n console.log(`Connecting to server at: ${serverUrl}`);\n\n let client: Client;\n let transport: StreamableHTTPClientTransport | SSEClientTransport;\n\n try {\n // Try connecting with automatic transport detection\n const connection = await connectWithBackwardsCompatibility(serverUrl);\n client = connection.client;\n transport = connection.transport;\n\n // Set up notification handler\n client.setNotificationHandler('notifications/message', notification => {\n console.log(`Notification: ${notification.params.level} - ${notification.params.data}`);\n });\n\n // DEMO WORKFLOW:\n // 1. List available tools\n console.log('\\n=== Listing Available Tools ===');\n await listTools(client);\n\n // 2. Call the notification tool\n console.log('\\n=== Starting Notification Stream ===');\n await startNotificationTool(client);\n\n // 3. Wait for all notifications (5 seconds)\n console.log('\\n=== Waiting for all notifications ===');\n await new Promise(resolve => setTimeout(resolve, 5000));\n\n // 4. Disconnect\n console.log('\\n=== Disconnecting ===');\n await transport.close();\n console.log('Disconnected from MCP server');\n } catch (error) {\n console.error('Error running client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n}\n\n/**\n * Connect to an MCP server with backwards compatibility\n * Following the spec for client backward compatibility\n */\nasync function connectWithBackwardsCompatibility(url: string): Promise<{\n client: Client;\n transport: StreamableHTTPClientTransport | SSEClientTransport;\n transportType: 'streamable-http' | 'sse';\n}> {\n console.log('1. Trying Streamable HTTP transport first...');\n\n // Step 1: Try Streamable HTTP transport first\n const client = new Client({\n name: 'backwards-compatible-client',\n version: '1.0.0'\n });\n\n client.onerror = error => {\n console.error('Client error:', error);\n };\n const baseUrl = new URL(url);\n\n try {\n // Create modern transport\n const streamableTransport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(streamableTransport);\n\n console.log('Successfully connected using modern Streamable HTTP transport.');\n return {\n client,\n transport: streamableTransport,\n transportType: 'streamable-http'\n };\n } catch (error) {\n // Step 2: If transport fails, try the older SSE transport\n console.log(`StreamableHttp transport connection failed: ${error}`);\n console.log('2. Falling back to deprecated HTTP+SSE transport...');\n\n try {\n // Create SSE transport pointing to /sse endpoint\n const sseTransport = new SSEClientTransport(baseUrl);\n const sseClient = new Client({\n name: 'backwards-compatible-client',\n version: '1.0.0'\n });\n await sseClient.connect(sseTransport);\n\n console.log('Successfully connected using deprecated HTTP+SSE transport.');\n return {\n client: sseClient,\n transport: sseTransport,\n transportType: 'sse'\n };\n } catch (sseError) {\n console.error(`Failed to connect with either transport method:\\n1. Streamable HTTP error: ${error}\\n2. SSE error: ${sseError}`);\n throw new Error('Could not connect to server with any available transport');\n }\n }\n}\n\n/**\n * List available tools on the server\n */\nasync function listTools(client: Client): Promise {\n try {\n const toolsRequest: ListToolsRequest = {\n method: 'tools/list',\n params: {}\n };\n const toolsResult = await client.request(toolsRequest);\n\n console.log('Available tools:');\n if (toolsResult.tools.length === 0) {\n console.log(' No tools available');\n } else {\n for (const tool of toolsResult.tools) {\n console.log(` - ${tool.name}: ${tool.description}`);\n }\n }\n } catch (error) {\n console.log(`Tools not supported by this server: ${error}`);\n }\n}\n\n/**\n * Start a notification stream by calling the notification tool\n */\nasync function startNotificationTool(client: Client): Promise {\n try {\n console.log('Calling notification tool...');\n const result = await client.callTool({\n name: 'start-notification-stream',\n arguments: {\n interval: 1000, // 1 second between notifications\n count: 5 // Send 5 notifications\n }\n });\n\n console.log('Tool result:');\n for (const item of result.content) {\n if (item.type === 'text') {\n console.log(` ${item.text}`);\n } else {\n console.log(` ${item.type} content:`, item);\n }\n }\n } catch (error) {\n console.log(`Error calling notification tool: ${error}`);\n }\n}\n\n// Start the client\ntry {\n await main();\n} catch (error) {\n console.error('Error running MCP client:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/client/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/client\": [\"./node_modules/@modelcontextprotocol/client/src/index.ts\"],\n \"@modelcontextprotocol/client/_shims\": [\"./node_modules/@modelcontextprotocol/client/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/client/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ],\n \"@modelcontextprotocol/eslint-config\": [\"./node_modules/@modelcontextprotocol/eslint-config/tsconfig.json\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"],\n \"@modelcontextprotocol/examples-shared\": [\"./node_modules/@modelcontextprotocol/examples-shared/src/index.ts\"]\n }\n }\n}\n" }, { "path": "examples/client/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n // 1. Entry Points\n // Directly matches package.json include/exclude globs\n entry: ['src/**/*.ts'],\n\n // 2. Output Configuration\n format: ['esm'],\n outDir: 'dist',\n clean: true, // Recommended: Cleans 'dist' before building\n sourcemap: true,\n\n // 3. Platform & Target\n target: 'esnext',\n platform: 'node',\n shims: true, // Polyfills common Node.js shims (__dirname, etc.)\n\n // 4. Type Definitions\n // Bundles d.ts files into a single output\n dts: false,\n // 5. Vendoring Strategy - Bundle the code for this specific package into the output,\n // but treat all other dependencies as external (require/import).\n noExternal: ['@modelcontextprotocol/examples-shared']\n});\n" }, { "path": "examples/client/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "examples/client-quickstart/.gitignore", "content": "build/\n" }, { "path": "examples/client-quickstart/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/examples-client-quickstart\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"type\": \"module\",\n \"bin\": {\n \"mcp-client-cli\": \"./build/index.js\"\n },\n \"scripts\": {\n \"build\": \"tsc\",\n \"typecheck\": \"tsc --noEmit\"\n },\n \"dependencies\": {\n \"@anthropic-ai/sdk\": \"^0.74.0\",\n \"@modelcontextprotocol/client\": \"workspace:^\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^24.10.1\",\n \"typescript\": \"catalog:devTools\"\n }\n}\n" }, { "path": "examples/client-quickstart/src/index.ts", "content": "//#region prelude\nimport Anthropic from '@anthropic-ai/sdk';\nimport { Client, StdioClientTransport } from '@modelcontextprotocol/client';\nimport readline from 'readline/promises';\n\nconst ANTHROPIC_MODEL = 'claude-sonnet-4-5';\n\nclass MCPClient {\n private mcp: Client;\n private _anthropic: Anthropic | null = null;\n private transport: StdioClientTransport | null = null;\n private tools: Anthropic.Tool[] = [];\n\n constructor() {\n // Initialize MCP client\n this.mcp = new Client({ name: 'mcp-client-cli', version: '1.0.0' });\n }\n\n private get anthropic(): Anthropic {\n // Lazy-initialize Anthropic client when needed\n return this._anthropic ??= new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });\n }\n//#endregion prelude\n\n//#region connectToServer\n async connectToServer(serverScriptPath: string) {\n try {\n // Determine script type and appropriate command\n const isJs = serverScriptPath.endsWith('.js');\n const isPy = serverScriptPath.endsWith('.py');\n if (!isJs && !isPy) {\n throw new Error('Server script must be a .js or .py file');\n }\n const command = isPy\n ? (process.platform === 'win32' ? 'python' : 'python3')\n : process.execPath;\n\n // Initialize transport and connect to server\n this.transport = new StdioClientTransport({ command, args: [serverScriptPath] });\n await this.mcp.connect(this.transport);\n\n // List available tools\n const toolsResult = await this.mcp.listTools();\n this.tools = toolsResult.tools.map((tool) => ({\n name: tool.name,\n description: tool.description ?? '',\n input_schema: tool.inputSchema as Anthropic.Tool.InputSchema,\n }));\n console.log('Connected to server with tools:', this.tools.map(({ name }) => name));\n } catch (e) {\n console.log('Failed to connect to MCP server: ', e);\n throw e;\n }\n }\n//#endregion connectToServer\n\n//#region processQuery\n async processQuery(query: string) {\n const messages: Anthropic.MessageParam[] = [\n {\n role: 'user',\n content: query,\n },\n ];\n\n // Initial Claude API call\n const response = await this.anthropic.messages.create({\n model: ANTHROPIC_MODEL,\n max_tokens: 1000,\n messages,\n tools: this.tools,\n });\n\n // Process response and handle tool calls\n const finalText = [];\n\n for (const content of response.content) {\n if (content.type === 'text') {\n finalText.push(content.text);\n } else if (content.type === 'tool_use') {\n // Execute tool call\n const toolName = content.name;\n const toolArgs = content.input as Record | undefined;\n const result = await this.mcp.callTool({\n name: toolName,\n arguments: toolArgs,\n });\n\n finalText.push(`[Calling tool ${toolName} with args ${JSON.stringify(toolArgs)}]`);\n\n // Extract text from tool result content blocks\n const toolResultText = result.content\n .filter((block) => block.type === 'text')\n .map((block) => block.text)\n .join('\\n');\n\n // Continue conversation with tool results\n messages.push({\n role: 'assistant',\n content: response.content,\n });\n messages.push({\n role: 'user',\n content: [{\n type: 'tool_result',\n tool_use_id: content.id,\n content: toolResultText,\n }],\n });\n\n // Get next response from Claude\n const followUp = await this.anthropic.messages.create({\n model: ANTHROPIC_MODEL,\n max_tokens: 1000,\n messages,\n });\n\n finalText.push(followUp.content[0].type === 'text' ? followUp.content[0].text : '');\n }\n }\n\n return finalText.join('\\n');\n }\n//#endregion processQuery\n\n//#region chatLoop\n async chatLoop() {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stdout,\n });\n\n try {\n console.log('\\nMCP Client Started!');\n console.log('Type your queries or \"quit\" to exit.');\n\n while (true) {\n const message = await rl.question('\\nQuery: ');\n if (message.toLowerCase() === 'quit') {\n break;\n }\n const response = await this.processQuery(message);\n console.log('\\n' + response);\n }\n } finally {\n rl.close();\n }\n }\n\n async cleanup() {\n await this.mcp.close();\n }\n}\n//#endregion chatLoop\n\n//#region main\nasync function main() {\n if (process.argv.length < 3) {\n console.log('Usage: node build/index.js ');\n return;\n }\n const mcpClient = new MCPClient();\n try {\n await mcpClient.connectToServer(process.argv[2]);\n\n // Check if we have a valid API key to continue\n const apiKey = process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n console.log(\n '\\nNo ANTHROPIC_API_KEY found. To query these tools with Claude, set your API key:'\n + '\\n export ANTHROPIC_API_KEY=your-api-key-here'\n );\n return;\n }\n\n await mcpClient.chatLoop();\n } catch (e) {\n console.error('Error:', e);\n process.exit(1);\n } finally {\n await mcpClient.cleanup();\n process.exit(0);\n }\n}\n\nmain();\n//#endregion main\n" }, { "path": "examples/client-quickstart/tsconfig.json", "content": "{\n \"compilerOptions\": {\n \"target\": \"ES2023\",\n \"lib\": [\"ES2023\"],\n \"module\": \"Node16\",\n \"moduleResolution\": \"Node16\",\n \"outDir\": \"./build\",\n \"rootDir\": \"./src\",\n \"strict\": true,\n \"esModuleInterop\": true,\n \"skipLibCheck\": true,\n \"forceConsistentCasingInFileNames\": true,\n \"paths\": {\n \"@modelcontextprotocol/client\": [\"./node_modules/@modelcontextprotocol/client/src/index.ts\"],\n \"@modelcontextprotocol/client/_shims\": [\"./node_modules/@modelcontextprotocol/client/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/client/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ]\n }\n },\n \"include\": [\"src/**/*\"],\n \"exclude\": [\"node_modules\"]\n}\n" }, { "path": "examples/server/README.md", "content": "# MCP TypeScript SDK Examples (Server)\n\nThis directory contains runnable MCP **server** examples built with `@modelcontextprotocol/server` plus framework adapters:\n\n- `@modelcontextprotocol/express`\n- `@modelcontextprotocol/hono`\n\nFor client examples, see [`../client/README.md`](../client/README.md). For guided docs, see [`../../docs/server.md`](../../docs/server.md).\n\n## Running examples\n\nFrom anywhere in the SDK:\n\n```bash\npnpm install\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts\n```\n\nOr, from within this package:\n\n```bash\ncd examples/server\npnpm tsx src/simpleStreamableHttp.ts\n```\n\n## Example index\n\n| Scenario | Description | File |\n| ----------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |\n| Streamable HTTP server (stateful) | Feature-rich server with tools/resources/prompts, logging, tasks, sampling, and optional OAuth. | [`src/simpleStreamableHttp.ts`](src/simpleStreamableHttp.ts) |\n| Streamable HTTP server (stateless) | No session tracking; good for simple API-style servers. | [`src/simpleStatelessStreamableHttp.ts`](src/simpleStatelessStreamableHttp.ts) |\n| JSON response mode (no SSE) | Streamable HTTP with JSON-only responses and limited notifications. | [`src/jsonResponseStreamableHttp.ts`](src/jsonResponseStreamableHttp.ts) |\n| Server notifications over Streamable HTTP | Demonstrates server-initiated notifications via GET+SSE. | [`src/standaloneSseWithGetStreamableHttp.ts`](src/standaloneSseWithGetStreamableHttp.ts) |\n| Output schema server | Demonstrates tool output validation with structured output schemas. | [`src/mcpServerOutputSchema.ts`](src/mcpServerOutputSchema.ts) |\n| Form elicitation server | Collects **non-sensitive** user input via schema-driven forms. | [`src/elicitationFormExample.ts`](src/elicitationFormExample.ts) |\n| URL elicitation server | Secure browser-based flows for **sensitive** input (API keys, OAuth, payments). | [`src/elicitationUrlExample.ts`](src/elicitationUrlExample.ts) |\n| Sampling + tasks server | Demonstrates sampling and experimental task-based execution. | [`src/toolWithSampleServer.ts`](src/toolWithSampleServer.ts) |\n| Task interactive server | Task-based execution with interactive server→client requests. | [`src/simpleTaskInteractive.ts`](src/simpleTaskInteractive.ts) |\n| Hono Streamable HTTP server | Streamable HTTP server built with Hono instead of Express. | [`src/honoWebStandardStreamableHttp.ts`](src/honoWebStandardStreamableHttp.ts) |\n| SSE polling demo server | Legacy SSE server intended for polling demos. | [`src/ssePollingExample.ts`](src/ssePollingExample.ts) |\n\n## OAuth demo flags (Streamable HTTP server)\n\n```bash\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts --oauth\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts --oauth --oauth-strict\n```\n\n## URL elicitation example (server + client)\n\nRun the server:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/elicitationUrlExample.ts\n```\n\nRun the client in another terminal:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/elicitationUrlExample.ts\n```\n\n## Multi-node deployment patterns\n\nWhen deploying MCP servers in a horizontally scaled environment (multiple server instances), there are a few different options that can be useful for different use cases:\n\n- **Stateless mode** - no need to maintain state between calls.\n- **Persistent storage mode** - state stored in a database; any node can handle a session.\n- **Local state with message routing** - stateful nodes + pub/sub routing for a session.\n\n### Stateless mode\n\nTo enable stateless mode, configure the `NodeStreamableHTTPServerTransport` with:\n\n```typescript\nsessionIdGenerator: undefined;\n```\n\n```\n┌─────────────────────────────────────────────┐\n│ Client │\n└─────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────┐\n│ Load Balancer │\n└─────────────────────────────────────────────┘\n │ │\n ▼ ▼\n┌─────────────────┐ ┌─────────────────────┐\n│ MCP Server #1 │ │ MCP Server #2 │\n│ (Node.js) │ │ (Node.js) │\n└─────────────────┘ └─────────────────────┘\n```\n\n### Persistent storage mode\n\nConfigure the transport with session management, but use an external event store:\n\n```typescript\nsessionIdGenerator: () => randomUUID(),\neventStore: databaseEventStore\n```\n\n```\n┌─────────────────────────────────────────────┐\n│ Client │\n└─────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────┐\n│ Load Balancer │\n└─────────────────────────────────────────────┘\n │ │\n ▼ ▼\n┌─────────────────┐ ┌─────────────────────┐\n│ MCP Server #1 │ │ MCP Server #2 │\n│ (Node.js) │ │ (Node.js) │\n└─────────────────┘ └─────────────────────┘\n │ │\n │ │\n ▼ ▼\n┌─────────────────────────────────────────────┐\n│ Database (PostgreSQL) │\n│ │\n│ • Session state │\n│ • Event storage for resumability │\n└─────────────────────────────────────────────┘\n```\n\n### Streamable HTTP with distributed message routing\n\nFor scenarios where local in-memory state must be maintained on specific nodes, combine Streamable HTTP with pub/sub routing so one node can terminate the client connection while another node owns the session state.\n\n```\n┌─────────────────────────────────────────────┐\n│ Client │\n└─────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────┐\n│ Load Balancer │\n└─────────────────────────────────────────────┘\n │ │\n ▼ ▼\n┌─────────────────┐ ┌─────────────────────┐\n│ MCP Server #1 │◄───►│ MCP Server #2 │\n│ (Has Session A) │ │ (Has Session B) │\n└─────────────────┘ └─────────────────────┘\n ▲│ ▲│\n │▼ │▼\n┌─────────────────────────────────────────────┐\n│ Message Queue / Pub-Sub │\n│ │\n│ • Session ownership registry │\n│ • Bidirectional message routing │\n│ • Request/response forwarding │\n└─────────────────────────────────────────────┘\n```\n\n## Backwards compatibility (Streamable HTTP ↔ legacy SSE)\n\nStart the server:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleStreamableHttp.ts\n```\n\nThen run the backwards-compatible client:\n\n```bash\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/streamableHttpWithSseFallbackClient.ts\n```\n" }, { "path": "examples/server/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n files: ['src/**/*.{ts,tsx,js,jsx,mts,cts}'],\n rules: {\n // Allow console statements in examples only\n 'no-console': 'off'\n }\n }\n];\n" }, { "path": "examples/server/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/examples-server\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build:esm && pnpm run build:cjs\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"start\": \"pnpm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"@hono/node-server\": \"catalog:runtimeServerOnly\",\n \"@modelcontextprotocol/examples-shared\": \"workspace:^\",\n \"@modelcontextprotocol/node\": \"workspace:^\",\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/express\": \"workspace:^\",\n \"@modelcontextprotocol/hono\": \"workspace:^\",\n \"better-auth\": \"^1.4.17\",\n \"cors\": \"catalog:runtimeServerOnly\",\n \"express\": \"catalog:runtimeServerOnly\",\n \"hono\": \"catalog:runtimeServerOnly\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@types/cors\": \"catalog:devTools\",\n \"@types/express\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\"\n }\n}\n" }, { "path": "examples/server/src/README-simpleTaskInteractive.md", "content": "# Simple Task Interactive Example\n\nThis example demonstrates the MCP Tasks message queue pattern with interactive server-to-client requests (elicitation and sampling).\n\n## Overview\n\nThe example consists of two components:\n\n1. **Server** (`simpleTaskInteractive.ts`) - Exposes two task-based tools that require client interaction:\n - `confirm_delete` - Uses elicitation to ask the user for confirmation before \"deleting\" a file\n - `write_haiku` - Uses sampling to request an LLM to generate a haiku on a topic\n\n2. **Client** (`simpleTaskInteractiveClient.ts`) - Connects to the server and handles:\n - Elicitation requests with simple y/n terminal prompts\n - Sampling requests with a mock haiku generator\n\n## Key Concepts\n\n### Task-Based Execution\n\nBoth tools use `execution.taskSupport: 'required'`, meaning they follow the \"call-now, fetch-later\" pattern:\n\n1. Client calls tool with `task: { ttl: 60000 }` parameter\n2. Server creates a task and returns `CreateTaskResult` immediately\n3. Client polls via `tasks/result` to get the final result\n4. Server sends elicitation/sampling requests through the task message queue\n5. Client handles requests and returns responses\n6. Server completes the task with the final result\n\n### Message Queue Pattern\n\nWhen a tool needs to interact with the client (elicitation or sampling), it:\n\n1. Updates task status to `input_required`\n2. Enqueues the request in the task message queue\n3. Waits for the response via a Resolver\n4. Updates task status back to `working`\n5. Continues processing\n\nThe `TaskResultHandler` dequeues messages when the client calls `tasks/result` and routes responses back to waiting Resolvers.\n\n## Running the Example\n\n### Start the Server\n\n```bash\n# From anywhere in the SDK\npnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleTaskInteractive.ts\n\n# Or with a custom port\nPORT=9000 pnpm --filter @modelcontextprotocol/examples-server exec tsx src/simpleTaskInteractive.ts\n```\n\nOr, from within the `examples/server` package:\n\n```bash\ncd examples/server\npnpm tsx src/simpleTaskInteractive.ts\n\n# Or with a custom port\nPORT=9000 pnpm tsx src/simpleTaskInteractive.ts\n```\n\nThe server will start on http://localhost:8000/mcp (or your custom port).\n\n### Run the Client\n\n```bash\n# From anywhere in the SDK\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/simpleTaskInteractiveClient.ts\n\n# Or connect to a different server\npnpm --filter @modelcontextprotocol/examples-client exec tsx src/simpleTaskInteractiveClient.ts --url http://localhost:9000/mcp\n```\n\nOr, from within the `examples/client` package:\n\n```bash\ncd examples/client\npnpm tsx src/simpleTaskInteractiveClient.ts\n\n# Or connect to a different server\npnpm tsx src/simpleTaskInteractiveClient.ts --url http://localhost:9000/mcp\n```\n\n## Expected Output\n\n### Server Output\n\n```\nStarting server on http://localhost:8000/mcp\n\nAvailable tools:\n - confirm_delete: Demonstrates elicitation (asks user y/n)\n - write_haiku: Demonstrates sampling (requests LLM completion)\n\n[Server] confirm_delete called, task created: task-abc123\n[Server] confirm_delete: asking about 'important.txt'\n[Server] Sending elicitation request to client...\n[Server] tasks/result called for task task-abc123\n[Server] Delivering queued request message for task task-abc123\n[Server] Received elicitation response: action=accept, content={\"confirm\":true}\n[Server] Completing task with result: Deleted 'important.txt'\n\n[Server] write_haiku called, task created: task-def456\n[Server] write_haiku: topic 'autumn leaves'\n[Server] Sending sampling request to client...\n[Server] tasks/result called for task task-def456\n[Server] Delivering queued request message for task task-def456\n[Server] Received sampling response: Cherry blossoms fall...\n[Server] Completing task with haiku\n```\n\n### Client Output\n\n```\nSimple Task Interactive Client\n==============================\nConnecting to http://localhost:8000/mcp...\nConnected!\n\nAvailable tools: confirm_delete, write_haiku\n\n--- Demo 1: Elicitation ---\nCalling confirm_delete tool...\nTask created: task-abc123\nTask status: working\n\n[Elicitation] Server asks: Are you sure you want to delete 'important.txt'?\nYour response (y/n): y\n[Elicitation] Responding with: confirm=true\nTask status: input_required\nTask status: completed\nResult: Deleted 'important.txt'\n\n--- Demo 2: Sampling ---\nCalling write_haiku tool...\nTask created: task-def456\nTask status: working\n\n[Sampling] Server requests LLM completion for: Write a haiku about autumn leaves\n[Sampling] Responding with haiku\nTask status: input_required\nTask status: completed\nResult:\nHaiku:\nCherry blossoms fall\nSoftly on the quiet pond\nSpring whispers goodbye\n\nDemo complete. Closing connection...\n```\n\n## Implementation Details\n\n### Server Components\n\n- **Resolver**: Promise-like class for passing results between async operations\n- **TaskMessageQueueWithResolvers**: Extended message queue that tracks pending requests with their Resolvers\n- **TaskStoreWithNotifications**: Extended task store with notification support for status changes\n- **TaskResultHandler**: Handles `tasks/result` requests by dequeuing messages and routing responses\n- **TaskSession**: Wraps the server to enqueue requests during task execution\n\n### Client Capabilities\n\nThe client declares these capabilities during initialization:\n\n```typescript\ncapabilities: {\n elicitation: { form: {} },\n sampling: {}\n}\n```\n\nThis tells the server that the client can handle both form-based elicitation and sampling requests.\n\n## Related Files\n\n- `packages/core/src/experimental/tasks/interfaces.ts` - Core task interfaces (TaskStore, TaskMessageQueue)\n- `packages/core/src/experimental/tasks/stores/in-memory.ts` - In-memory task store implementation\n- `packages/core/src/types/types.ts` - Task-related types (Task, CreateTaskResult, GetTaskRequestSchema, etc.)\n" }, { "path": "examples/server/src/customProtocolVersion.ts", "content": "/**\n * Example: Custom Protocol Version Support\n *\n * This demonstrates how to support protocol versions not yet in the SDK.\n * First version in the list is used as fallback when client requests\n * an unsupported version.\n *\n * Run with: pnpm tsx src/customProtocolVersion.ts\n */\n\nimport { randomUUID } from 'node:crypto';\nimport { createServer } from 'node:http';\n\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult } from '@modelcontextprotocol/server';\nimport { McpServer, SUPPORTED_PROTOCOL_VERSIONS } from '@modelcontextprotocol/server';\n\n// Add support for a newer protocol version (first in list is fallback)\nconst CUSTOM_VERSIONS = ['2026-01-01', ...SUPPORTED_PROTOCOL_VERSIONS];\n\nconst server = new McpServer(\n { name: 'custom-protocol-server', version: '1.0.0' },\n {\n supportedProtocolVersions: CUSTOM_VERSIONS,\n capabilities: { tools: {} }\n }\n);\n\n// Register a tool that shows the protocol configuration\nserver.registerTool(\n 'get-protocol-info',\n {\n title: 'Protocol Info',\n description: 'Returns protocol version configuration'\n },\n async (): Promise => ({\n content: [\n {\n type: 'text',\n text: JSON.stringify({ supportedVersions: CUSTOM_VERSIONS }, null, 2)\n }\n ]\n })\n);\n\n// Create transport - server passes versions automatically during connect()\nconst transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n});\n\nawait server.connect(transport);\n\n// Simple HTTP server\nconst PORT = process.env.MCP_PORT ? Number.parseInt(process.env.MCP_PORT, 10) : 3000;\n\ncreateServer(async (req, res) => {\n if (req.url === '/mcp') {\n await transport.handleRequest(req, res);\n } else {\n res.writeHead(404).end('Not Found');\n }\n}).listen(PORT, () => {\n console.log(`MCP server with custom protocol versions on port ${PORT}`);\n console.log(`Supported versions: ${CUSTOM_VERSIONS.join(', ')}`);\n});\n" }, { "path": "examples/server/src/elicitationFormExample.ts", "content": "// Run with: pnpm tsx src/elicitationFormExample.ts\n//\n// This example demonstrates how to use form elicitation to collect structured user input\n// with JSON Schema validation via a local HTTP server with SSE streaming.\n// Form elicitation allows servers to request *non-sensitive* user input through the client\n// with schema-based validation.\n// Note: See also elicitationUrlExample.ts for an example of using URL elicitation\n// to collect *sensitive* user input via a browser.\n\nimport { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport { isInitializeRequest, McpServer } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\n\n// Create a fresh MCP server per client connection to avoid shared state between clients.\n// The validator supports format validation (email, date, etc.) if ajv-formats is installed.\nconst getServer = () => {\n const mcpServer = new McpServer(\n {\n name: 'form-elicitation-example-server',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n /**\n * Example 1: Simple user registration tool\n * Collects username, email, and password from the user\n */\n mcpServer.registerTool(\n 'register_user',\n {\n description: 'Register a new user account by collecting their information'\n },\n async () => {\n try {\n // Request user information through form elicitation\n const result = await mcpServer.server.elicitInput({\n mode: 'form',\n message: 'Please provide your registration information:',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string',\n title: 'Username',\n description: 'Your desired username (3-20 characters)',\n minLength: 3,\n maxLength: 20\n },\n email: {\n type: 'string',\n title: 'Email',\n description: 'Your email address',\n format: 'email'\n },\n password: {\n type: 'string',\n title: 'Password',\n description: 'Your password (min 8 characters)',\n minLength: 8\n },\n newsletter: {\n type: 'boolean',\n title: 'Newsletter',\n description: 'Subscribe to newsletter?',\n default: false\n }\n },\n required: ['username', 'email', 'password']\n }\n });\n\n // Handle the different possible actions\n if (result.action === 'accept' && result.content) {\n const { username, email, newsletter } = result.content as {\n username: string;\n email: string;\n password: string;\n newsletter?: boolean;\n };\n\n return {\n content: [\n {\n type: 'text',\n text: `Registration successful!\\n\\nUsername: ${username}\\nEmail: ${email}\\nNewsletter: ${newsletter ? 'Yes' : 'No'}`\n }\n ]\n };\n } else if (result.action === 'decline') {\n return {\n content: [\n {\n type: 'text',\n text: 'Registration cancelled by user.'\n }\n ]\n };\n } else {\n return {\n content: [\n {\n type: 'text',\n text: 'Registration was cancelled.'\n }\n ]\n };\n }\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Registration failed: ${error instanceof Error ? error.message : String(error)}`\n }\n ],\n isError: true\n };\n }\n }\n );\n\n /**\n * Example 2: Multi-step workflow with multiple form elicitation requests\n * Demonstrates how to collect information in multiple steps\n */\n mcpServer.registerTool(\n 'create_event',\n {\n description: 'Create a calendar event by collecting event details'\n },\n async () => {\n try {\n // Step 1: Collect basic event information\n const basicInfo = await mcpServer.server.elicitInput({\n mode: 'form',\n message: 'Step 1: Enter basic event information',\n requestedSchema: {\n type: 'object',\n properties: {\n title: {\n type: 'string',\n title: 'Event Title',\n description: 'Name of the event',\n minLength: 1\n },\n description: {\n type: 'string',\n title: 'Description',\n description: 'Event description (optional)'\n }\n },\n required: ['title']\n }\n });\n\n if (basicInfo.action !== 'accept' || !basicInfo.content) {\n return {\n content: [{ type: 'text', text: 'Event creation cancelled.' }]\n };\n }\n\n // Step 2: Collect date and time\n const dateTime = await mcpServer.server.elicitInput({\n mode: 'form',\n message: 'Step 2: Enter date and time',\n requestedSchema: {\n type: 'object',\n properties: {\n date: {\n type: 'string',\n title: 'Date',\n description: 'Event date',\n format: 'date'\n },\n startTime: {\n type: 'string',\n title: 'Start Time',\n description: 'Event start time (HH:MM)'\n },\n duration: {\n type: 'integer',\n title: 'Duration',\n description: 'Duration in minutes',\n minimum: 15,\n maximum: 480\n }\n },\n required: ['date', 'startTime', 'duration']\n }\n });\n\n if (dateTime.action !== 'accept' || !dateTime.content) {\n return {\n content: [{ type: 'text', text: 'Event creation cancelled.' }]\n };\n }\n\n // Combine all collected information\n const event = {\n ...basicInfo.content,\n ...dateTime.content\n };\n\n return {\n content: [\n {\n type: 'text',\n text: `Event created successfully!\\n\\n${JSON.stringify(event, null, 2)}`\n }\n ]\n };\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Event creation failed: ${error instanceof Error ? error.message : String(error)}`\n }\n ],\n isError: true\n };\n }\n }\n );\n\n /**\n * Example 3: Collecting address information\n * Demonstrates validation with patterns and optional fields\n */\n mcpServer.registerTool(\n 'update_shipping_address',\n {\n description: 'Update shipping address with validation'\n },\n async () => {\n try {\n const result = await mcpServer.server.elicitInput({\n mode: 'form',\n message: 'Please provide your shipping address:',\n requestedSchema: {\n type: 'object',\n properties: {\n name: {\n type: 'string',\n title: 'Full Name',\n description: 'Recipient name',\n minLength: 1\n },\n street: {\n type: 'string',\n title: 'Street Address',\n minLength: 1\n },\n city: {\n type: 'string',\n title: 'City',\n minLength: 1\n },\n state: {\n type: 'string',\n title: 'State/Province',\n minLength: 2,\n maxLength: 2\n },\n zipCode: {\n type: 'string',\n title: 'ZIP/Postal Code',\n description: '5-digit ZIP code'\n },\n phone: {\n type: 'string',\n title: 'Phone Number (optional)',\n description: 'Contact phone number'\n }\n },\n required: ['name', 'street', 'city', 'state', 'zipCode']\n }\n });\n\n if (result.action === 'accept' && result.content) {\n return {\n content: [\n {\n type: 'text',\n text: `Address updated successfully!\\n\\n${JSON.stringify(result.content, null, 2)}`\n }\n ]\n };\n } else if (result.action === 'decline') {\n return {\n content: [{ type: 'text', text: 'Address update cancelled by user.' }]\n };\n } else {\n return {\n content: [{ type: 'text', text: 'Address update was cancelled.' }]\n };\n }\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Address update failed: ${error instanceof Error ? error.message : String(error)}`\n }\n ],\n isError: true\n };\n }\n }\n );\n\n return mcpServer;\n};\n\nasync function main() {\n const PORT = process.env.PORT ? Number.parseInt(process.env.PORT, 10) : 3000;\n\n const app = createMcpExpressApp();\n\n // Map to store transports by session ID\n const transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\n\n // MCP POST endpoint\n const mcpPostHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (sessionId) {\n console.log(`Received MCP request for session: ${sessionId}`);\n }\n\n try {\n let transport: NodeStreamableHTTPServerTransport;\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport for this session\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n // New initialization request - create new transport\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: sessionId => {\n // Store the transport by session ID when session is initialized\n console.log(`Session initialized with ID: ${sessionId}`);\n transports[sessionId] = transport;\n }\n });\n\n // Set up onclose handler to clean up transport when closed\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid && transports[sid]) {\n console.log(`Transport closed for session ${sid}, removing from transports map`);\n delete transports[sid];\n }\n };\n\n // Connect a fresh MCP server to the transport BEFORE handling the request\n const mcpServer = getServer();\n await mcpServer.connect(transport);\n\n await transport.handleRequest(req, res, req.body);\n return;\n } else {\n // Invalid request - no session ID or not initialization request\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Bad Request: No valid session ID provided'\n },\n id: null\n });\n return;\n }\n\n // Handle the request with existing transport\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n };\n\n app.post('/mcp', mcpPostHandler);\n\n // Handle GET requests for SSE streams\n const mcpGetHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Establishing SSE stream for session ${sessionId}`);\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n };\n\n app.get('/mcp', mcpGetHandler);\n\n // Handle DELETE requests for session termination\n const mcpDeleteHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Received session termination request for session ${sessionId}`);\n\n try {\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n } catch (error) {\n console.error('Error handling session termination:', error);\n if (!res.headersSent) {\n res.status(500).send('Error processing session termination');\n }\n }\n };\n\n app.delete('/mcp', mcpDeleteHandler);\n\n // Start listening\n app.listen(PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`Form elicitation example server is running on http://localhost:${PORT}/mcp`);\n console.log('Available tools:');\n console.log(' - register_user: Collect user registration information');\n console.log(' - create_event: Multi-step event creation');\n console.log(' - update_shipping_address: Collect and validate address');\n console.log('\\nConnect your MCP client to this server using the HTTP transport.');\n });\n\n // Handle server shutdown\n process.on('SIGINT', async () => {\n console.log('Shutting down server...');\n\n // Close all active transports to properly clean up resources\n for (const sessionId in transports) {\n try {\n console.log(`Closing transport for session ${sessionId}`);\n await transports[sessionId]!.close();\n delete transports[sessionId];\n } catch (error) {\n console.error(`Error closing transport for session ${sessionId}:`, error);\n }\n }\n console.log('Server shutdown complete');\n process.exit(0);\n });\n}\n\ntry {\n await main();\n} catch (error) {\n console.error('Server error:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/server/src/elicitationUrlExample.ts", "content": "// Run with: pnpm tsx src/elicitationUrlExample.ts\n//\n// This example demonstrates how to use URL elicitation to securely collect\n// *sensitive* user input in a remote (HTTP) server.\n// URL elicitation allows servers to prompt the end-user to open a URL in their browser\n// to collect sensitive information.\n// Note: See also elicitationFormExample.ts for an example of using form (not URL) elicitation\n// to collect *non-sensitive* user input with a structured schema.\n\nimport { randomUUID } from 'node:crypto';\n\nimport {\n createProtectedResourceMetadataRouter,\n getOAuthProtectedResourceMetadataUrl,\n requireBearerAuth,\n setupAuthServer\n} from '@modelcontextprotocol/examples-shared';\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult, ElicitRequestURLParams, ElicitResult } from '@modelcontextprotocol/server';\nimport { isInitializeRequest, McpServer, UrlElicitationRequiredError } from '@modelcontextprotocol/server';\nimport cors from 'cors';\nimport type { Request, Response } from 'express';\nimport express from 'express';\nimport * as z from 'zod/v4';\n\nimport { InMemoryEventStore } from './inMemoryEventStore.js';\n\n// Create an MCP server with implementation details\nconst getServer = () => {\n const mcpServer = new McpServer(\n {\n name: 'url-elicitation-http-server',\n version: '1.0.0'\n },\n {\n capabilities: { logging: {} }\n }\n );\n\n mcpServer.registerTool(\n 'payment-confirm',\n {\n description: 'A tool that confirms a payment directly with a user',\n inputSchema: z.object({\n cartId: z.string().describe('The ID of the cart to confirm')\n })\n },\n async ({ cartId }, ctx): Promise => {\n /*\n In a real world scenario, there would be some logic here to check if the user has the provided cartId.\n For the purposes of this example, we'll throw an error (-> elicits the client to open a URL to confirm payment)\n */\n const sessionId = ctx.sessionId;\n if (!sessionId) {\n throw new Error('Expected a Session ID');\n }\n\n // Create and track the elicitation\n const elicitationId = generateTrackedElicitation(sessionId, elicitationId =>\n mcpServer.server.createElicitationCompletionNotifier(elicitationId)\n );\n throw new UrlElicitationRequiredError([\n {\n mode: 'url',\n message: 'This tool requires a payment confirmation. Open the link to confirm payment!',\n url: `http://localhost:${MCP_PORT}/confirm-payment?session=${sessionId}&elicitation=${elicitationId}&cartId=${encodeURIComponent(cartId)}`,\n elicitationId\n }\n ]);\n }\n );\n\n mcpServer.registerTool(\n 'third-party-auth',\n {\n description: 'A demo tool that requires third-party OAuth credentials',\n inputSchema: z.object({\n param1: z.string().describe('First parameter')\n })\n },\n async (_, ctx): Promise => {\n /*\n In a real world scenario, there would be some logic here to check if we already have a valid access token for the user.\n Auth info (with a subject or `sub` claim) can be typically be found in `ctx.http?.authInfo`.\n If we do, we can just return the result of the tool call.\n If we don't, we can throw an ElicitationRequiredError to request the user to authenticate.\n For the purposes of this example, we'll throw an error (-> elicits the client to open a URL to authenticate).\n */\n const sessionId = ctx.sessionId;\n if (!sessionId) {\n throw new Error('Expected a Session ID');\n }\n\n // Create and track the elicitation\n const elicitationId = generateTrackedElicitation(sessionId, elicitationId =>\n mcpServer.server.createElicitationCompletionNotifier(elicitationId)\n );\n\n // Simulate OAuth callback and token exchange after 5 seconds\n // In a real app, this would be called from your OAuth callback handler\n setTimeout(() => {\n console.log(`Simulating OAuth token received for elicitation ${elicitationId}`);\n completeURLElicitation(elicitationId);\n }, 5000);\n\n throw new UrlElicitationRequiredError([\n {\n mode: 'url',\n message: 'This tool requires access to your example.com account. Open the link to authenticate!',\n url: 'https://www.example.com/oauth/authorize',\n elicitationId\n }\n ]);\n }\n );\n\n return mcpServer;\n};\n\n/**\n * Elicitation Completion Tracking Utilities\n **/\n\ninterface ElicitationMetadata {\n status: 'pending' | 'complete';\n completedPromise: Promise;\n completeResolver: () => void;\n createdAt: Date;\n sessionId: string;\n completionNotifier?: () => Promise;\n}\n\nconst elicitationsMap = new Map();\n\n// Clean up old elicitations after 1 hour to prevent memory leaks\nconst ELICITATION_TTL_MS = 60 * 60 * 1000; // 1 hour\nconst CLEANUP_INTERVAL_MS = 10 * 60 * 1000; // 10 minutes\n\nfunction cleanupOldElicitations() {\n const now = new Date();\n for (const [id, metadata] of elicitationsMap.entries()) {\n if (now.getTime() - metadata.createdAt.getTime() > ELICITATION_TTL_MS) {\n elicitationsMap.delete(id);\n console.log(`Cleaned up expired elicitation: ${id}`);\n }\n }\n}\n\nsetInterval(cleanupOldElicitations, CLEANUP_INTERVAL_MS);\n\n/**\n * Elicitation IDs must be unique strings within the MCP session\n * UUIDs are used in this example for simplicity\n */\nfunction generateElicitationId(): string {\n return randomUUID();\n}\n\n/**\n * Helper function to create and track a new elicitation.\n */\nfunction generateTrackedElicitation(sessionId: string, createCompletionNotifier?: ElicitationCompletionNotifierFactory): string {\n const elicitationId = generateElicitationId();\n\n // Create a Promise and its resolver for tracking completion\n let completeResolver: () => void;\n const completedPromise = new Promise(resolve => {\n completeResolver = resolve;\n });\n\n const completionNotifier = createCompletionNotifier ? createCompletionNotifier(elicitationId) : undefined;\n\n // Store the elicitation in our map\n elicitationsMap.set(elicitationId, {\n status: 'pending',\n completedPromise,\n completeResolver: completeResolver!,\n createdAt: new Date(),\n sessionId,\n completionNotifier\n });\n\n return elicitationId;\n}\n\n/**\n * Helper function to complete an elicitation.\n */\nfunction completeURLElicitation(elicitationId: string) {\n const elicitation = elicitationsMap.get(elicitationId);\n if (!elicitation) {\n console.warn(`Attempted to complete unknown elicitation: ${elicitationId}`);\n return;\n }\n\n if (elicitation.status === 'complete') {\n console.warn(`Elicitation already complete: ${elicitationId}`);\n return;\n }\n\n // Update metadata\n elicitation.status = 'complete';\n\n // Send completion notification to the client\n if (elicitation.completionNotifier) {\n console.log(`Sending notifications/elicitation/complete notification for elicitation ${elicitationId}`);\n\n elicitation.completionNotifier().catch(error => {\n console.error(`Failed to send completion notification for elicitation ${elicitationId}:`, error);\n });\n }\n\n // Resolve the promise to unblock any waiting code\n elicitation.completeResolver();\n}\n\nconst MCP_PORT = process.env.MCP_PORT ? Number.parseInt(process.env.MCP_PORT, 10) : 3000;\nconst AUTH_PORT = process.env.MCP_AUTH_PORT ? Number.parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;\n\nconst app = createMcpExpressApp();\n\n// Allow CORS all domains, expose the Mcp-Session-Id header\napp.use(\n cors({\n origin: '*', // Allow all origins\n exposedHeaders: ['Mcp-Session-Id'],\n credentials: true // Allow cookies to be sent cross-origin\n })\n);\n\n// Set up OAuth (required for this example)\nlet authMiddleware = null;\n// Create auth middleware for MCP endpoints\nconst mcpServerUrl = new URL(`http://localhost:${MCP_PORT}/mcp`);\nconst authServerUrl = new URL(`http://localhost:${AUTH_PORT}`);\n\nsetupAuthServer({ authServerUrl, mcpServerUrl, strictResource: true, demoMode: true });\n\n// Add protected resource metadata route to the MCP server\n// This allows clients to discover the auth server\n// Pass the resource path so metadata is served at /.well-known/oauth-protected-resource/mcp\napp.use(createProtectedResourceMetadataRouter('/mcp'));\n\nauthMiddleware = requireBearerAuth({\n requiredScopes: [],\n resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(mcpServerUrl),\n strictResource: true,\n expectedResource: mcpServerUrl\n});\n\n/**\n * API Key Form Handling\n *\n * Many servers today require an API key to operate, but there's no scalable way to do this dynamically for remote servers within MCP protocol.\n * URL-mode elicitation enables the server to host a simple form and get the secret data securely from the user without involving the LLM or client.\n **/\n\nasync function sendApiKeyElicitation(\n sessionId: string,\n sender: ElicitationSender,\n createCompletionNotifier: ElicitationCompletionNotifierFactory\n) {\n if (!sessionId) {\n console.error('No session ID provided');\n throw new Error('Expected a Session ID to track elicitation');\n }\n\n console.log('🔑 URL elicitation demo: Requesting API key from client...');\n const elicitationId = generateTrackedElicitation(sessionId, createCompletionNotifier);\n try {\n const result = await sender({\n mode: 'url',\n message: 'Please provide your API key to authenticate with this server',\n // Host the form on the same server. In a real app, you might coordinate passing these state variables differently.\n url: `http://localhost:${MCP_PORT}/api-key-form?session=${sessionId}&elicitation=${elicitationId}`,\n elicitationId\n });\n\n switch (result.action) {\n case 'accept': {\n console.log('🔑 URL elicitation demo: Client accepted the API key elicitation (now pending form submission)');\n // Wait for the API key to be submitted via the form\n // The form submission will complete the elicitation\n break;\n }\n default: {\n console.log('🔑 URL elicitation demo: Client declined to provide an API key');\n // In a real app, this might close the connection, but for the demo, we'll continue\n break;\n }\n }\n } catch (error) {\n console.error('Error during API key elicitation:', error);\n }\n}\n\n// API Key Form endpoint - serves a simple HTML form\napp.get('/api-key-form', (req: Request, res: Response) => {\n const mcpSessionId = req.query.session as string | undefined;\n const elicitationId = req.query.elicitation as string | undefined;\n if (!mcpSessionId || !elicitationId) {\n res.status(400).send('

Error

Missing required parameters

');\n return;\n }\n\n // Check for user session cookie\n // In production, this is often handled by some user auth middleware to ensure the user has a valid session\n // This session is different from the MCP session.\n // This userSession is the cookie that the MCP Server's Authorization Server sets for the user when they log in.\n const userSession = getUserSessionCookie(req.headers.cookie);\n if (!userSession) {\n res.status(401).send('

Error

Unauthorized - please reconnect to login again

');\n return;\n }\n\n // Serve a simple HTML form\n res.send(`\n \n \n \n Submit Your API Key\n \n \n \n

API Key Required

\n
✓ Logged in as: ${userSession.name}
\n
\n \n \n \n \n
\n
This is a demo showing how a server can securely elicit sensitive data from a user using a URL.
\n \n \n `);\n});\n\n// Handle API key form submission\napp.post('/api-key-form', express.urlencoded(), (req: Request, res: Response) => {\n const { session: sessionId, apiKey, elicitation: elicitationId } = req.body;\n if (!sessionId || !apiKey || !elicitationId) {\n res.status(400).send('

Error

Missing required parameters

');\n return;\n }\n\n // Check for user session cookie here too\n const userSession = getUserSessionCookie(req.headers.cookie);\n if (!userSession) {\n res.status(401).send('

Error

Unauthorized - please reconnect to login again

');\n return;\n }\n\n // A real app might store this API key to be used later for the user.\n console.log(`🔑 Received API key \\u001B[32m${apiKey}\\u001B[0m for session ${sessionId}`);\n\n // If we have an elicitationId, complete the elicitation\n completeURLElicitation(elicitationId);\n\n // Send a success response\n res.send(`\n \n \n \n Success\n \n \n \n
\n

Success ✓

\n

API key received.

\n
\n

You can close this window and return to your MCP client.

\n \n \n `);\n});\n\n// Helper to get the user session from the demo_session cookie\nfunction getUserSessionCookie(cookieHeader?: string): { userId: string; name: string; timestamp: number } | null {\n if (!cookieHeader) return null;\n\n const cookies = cookieHeader.split(';');\n for (const cookie of cookies) {\n const [name, value] = cookie.trim().split('=');\n if (name === 'demo_session' && value) {\n try {\n return JSON.parse(decodeURIComponent(value));\n } catch (error) {\n console.error('Failed to parse demo_session cookie:', error);\n return null;\n }\n }\n }\n return null;\n}\n\n/**\n * Payment Confirmation Form Handling\n *\n * This demonstrates how a server can use URL-mode elicitation to get user confirmation\n * for sensitive operations like payment processing.\n **/\n\n// Payment Confirmation Form endpoint - serves a simple HTML form\napp.get('/confirm-payment', (req: Request, res: Response) => {\n const mcpSessionId = req.query.session as string | undefined;\n const elicitationId = req.query.elicitation as string | undefined;\n const cartId = req.query.cartId as string | undefined;\n if (!mcpSessionId || !elicitationId) {\n res.status(400).send('

Error

Missing required parameters

');\n return;\n }\n\n // Check for user session cookie\n // In production, this is often handled by some user auth middleware to ensure the user has a valid session\n // This session is different from the MCP session.\n // This userSession is the cookie that the MCP Server's Authorization Server sets for the user when they log in.\n const userSession = getUserSessionCookie(req.headers.cookie);\n if (!userSession) {\n res.status(401).send('

Error

Unauthorized - please reconnect to login again

');\n return;\n }\n\n // Serve a simple HTML form\n res.send(`\n \n \n \n Confirm Payment\n \n \n \n

Confirm Payment

\n
✓ Logged in as: ${userSession.name}
\n ${cartId ? `
Cart ID: ${cartId}
` : ''}\n
\n ⚠️ Please review your order before confirming.\n
\n
\n \n \n ${cartId ? `` : ''}\n \n \n
\n
This is a demo showing how a server can securely get user confirmation for sensitive operations using URL-mode elicitation.
\n \n \n `);\n});\n\n// Handle Payment Confirmation form submission\napp.post('/confirm-payment', express.urlencoded(), (req: Request, res: Response) => {\n const { session: sessionId, elicitation: elicitationId, cartId, action } = req.body;\n if (!sessionId || !elicitationId) {\n res.status(400).send('

Error

Missing required parameters

');\n return;\n }\n\n // Check for user session cookie here too\n const userSession = getUserSessionCookie(req.headers.cookie);\n if (!userSession) {\n res.status(401).send('

Error

Unauthorized - please reconnect to login again

');\n return;\n }\n\n if (action === 'confirm') {\n // A real app would process the payment here\n console.log(`💳 Payment confirmed for cart ${cartId || 'unknown'} by user ${userSession.name} (session ${sessionId})`);\n\n // Complete the elicitation\n completeURLElicitation(elicitationId);\n\n // Send a success response\n res.send(`\n \n \n \n Payment Confirmed\n \n \n \n
\n

Payment Confirmed ✓

\n

Your payment has been successfully processed.

\n ${cartId ? `

Cart ID: ${cartId}

` : ''}\n
\n

You can close this window and return to your MCP client.

\n \n \n `);\n } else if (action === 'cancel') {\n console.log(`💳 Payment cancelled for cart ${cartId || 'unknown'} by user ${userSession.name} (session ${sessionId})`);\n\n // The client will still receive a notifications/elicitation/complete notification,\n // which indicates that the out-of-band interaction is complete (but not necessarily successful)\n completeURLElicitation(elicitationId);\n\n res.send(`\n \n \n \n Payment Cancelled\n \n \n \n
\n

Payment Cancelled

\n

Your payment has been cancelled.

\n
\n

You can close this window and return to your MCP client.

\n \n \n `);\n } else {\n res.status(400).send('

Error

Invalid action

');\n }\n});\n\n// Map to store transports by session ID\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\n\n// Interface for a function that can send an elicitation request\ntype ElicitationSender = (params: ElicitRequestURLParams) => Promise;\ntype ElicitationCompletionNotifierFactory = (elicitationId: string) => () => Promise;\n\n// Track sessions that need an elicitation request to be sent\ninterface SessionElicitationInfo {\n elicitationSender: ElicitationSender;\n createCompletionNotifier: ElicitationCompletionNotifierFactory;\n}\nconst sessionsNeedingElicitation: { [sessionId: string]: SessionElicitationInfo } = {};\n\n// MCP POST endpoint\nconst mcpPostHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n console.debug(`Received MCP POST for session: ${sessionId || 'unknown'}`);\n\n try {\n let transport: NodeStreamableHTTPServerTransport;\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n const server = getServer();\n // New initialization request\n const eventStore = new InMemoryEventStore();\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore, // Enable resumability\n onsessioninitialized: sessionId => {\n // Store the transport by session ID when session is initialized\n // This avoids race conditions where requests might come in before the session is stored\n console.log(`Session initialized with ID: ${sessionId}`);\n transports[sessionId] = transport;\n sessionsNeedingElicitation[sessionId] = {\n elicitationSender: params => server.server.elicitInput(params),\n createCompletionNotifier: elicitationId => server.server.createElicitationCompletionNotifier(elicitationId)\n };\n }\n });\n\n // Set up onclose handler to clean up transport when closed\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid && transports[sid]) {\n console.log(`Transport closed for session ${sid}, removing from transports map`);\n delete transports[sid];\n delete sessionsNeedingElicitation[sid];\n }\n };\n\n // Connect the transport to the MCP server BEFORE handling the request\n // so responses can flow back through the same transport\n await server.connect(transport);\n\n await transport.handleRequest(req, res, req.body);\n return; // Already handled\n } else {\n // Invalid request - no session ID or not initialization request\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Bad Request: No valid session ID provided'\n },\n id: null\n });\n return;\n }\n\n // Handle the request with existing transport - no need to reconnect\n // The existing transport is already connected to the server\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n};\n\n// Set up routes with auth middleware\napp.post('/mcp', authMiddleware, mcpPostHandler);\n\n// Handle GET requests for SSE streams (using built-in support from StreamableHTTP)\nconst mcpGetHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n // Check for Last-Event-ID header for resumability\n const lastEventId = req.headers['last-event-id'] as string | undefined;\n if (lastEventId) {\n console.log(`Client reconnecting with Last-Event-ID: ${lastEventId}`);\n } else {\n console.log(`Establishing new SSE stream for session ${sessionId}`);\n }\n\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n\n if (sessionsNeedingElicitation[sessionId]) {\n const { elicitationSender, createCompletionNotifier } = sessionsNeedingElicitation[sessionId];\n\n // Send an elicitation request to the client in the background\n sendApiKeyElicitation(sessionId, elicitationSender, createCompletionNotifier)\n .then(() => {\n // Only delete on successful send for this demo\n delete sessionsNeedingElicitation[sessionId];\n console.log(`🔑 URL elicitation demo: Finished sending API key elicitation request for session ${sessionId}`);\n })\n .catch(error => {\n console.error('Error sending API key elicitation:', error);\n // Keep in map to potentially retry on next reconnect\n });\n }\n};\n\n// Set up GET route with conditional auth middleware\napp.get('/mcp', authMiddleware, mcpGetHandler);\n\n// Handle DELETE requests for session termination (according to MCP spec)\nconst mcpDeleteHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Received session termination request for session ${sessionId}`);\n\n try {\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n } catch (error) {\n console.error('Error handling session termination:', error);\n if (!res.headersSent) {\n res.status(500).send('Error processing session termination');\n }\n }\n};\n\n// Set up DELETE route with auth middleware\napp.delete('/mcp', authMiddleware, mcpDeleteHandler);\n\napp.listen(MCP_PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`MCP Streamable HTTP Server listening on port ${MCP_PORT}`);\n console.log(` Protected Resource Metadata: http://localhost:${MCP_PORT}/.well-known/oauth-protected-resource/mcp`);\n});\n\n// Handle server shutdown\nprocess.on('SIGINT', async () => {\n console.log('Shutting down server...');\n\n // Close all active transports to properly clean up resources\n for (const sessionId in transports) {\n try {\n console.log(`Closing transport for session ${sessionId}`);\n await transports[sessionId]!.close();\n delete transports[sessionId];\n delete sessionsNeedingElicitation[sessionId];\n } catch (error) {\n console.error(`Error closing transport for session ${sessionId}:`, error);\n }\n }\n console.log('Server shutdown complete');\n process.exit(0);\n});\n" }, { "path": "examples/server/src/honoWebStandardStreamableHttp.ts", "content": "/**\n * Example MCP server using Hono with WebStandardStreamableHTTPServerTransport\n *\n * This example demonstrates using the Web Standard transport directly with Hono,\n * which works on any runtime: Node.js, Cloudflare Workers, Deno, Bun, etc.\n *\n * Run with: pnpm tsx src/honoWebStandardStreamableHttp.ts\n */\n\nimport { serve } from '@hono/node-server';\nimport type { CallToolResult } from '@modelcontextprotocol/server';\nimport { McpServer, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\nimport { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport * as z from 'zod/v4';\n\n// Create the MCP server\nconst server = new McpServer({\n name: 'hono-webstandard-mcp-server',\n version: '1.0.0'\n});\n\n// Register a simple greeting tool\nserver.registerTool(\n 'greet',\n {\n title: 'Greeting Tool',\n description: 'A simple greeting tool',\n inputSchema: z.object({ name: z.string().describe('Name to greet') })\n },\n async ({ name }): Promise => {\n return {\n content: [{ type: 'text', text: `Hello, ${name}! (from Hono + WebStandard transport)` }]\n };\n }\n);\n\n// Create a stateless transport (no options = no session management)\nconst transport = new WebStandardStreamableHTTPServerTransport();\n\n// Create the Hono app\nconst app = new Hono();\n\n// Enable CORS for all origins\napp.use(\n '*',\n cors({\n origin: '*',\n allowMethods: ['GET', 'POST', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'mcp-session-id', 'Last-Event-ID', 'mcp-protocol-version'],\n exposeHeaders: ['mcp-session-id', 'mcp-protocol-version']\n })\n);\n\n// Health check endpoint\napp.get('/health', c => c.json({ status: 'ok' }));\n\n// MCP endpoint\napp.all('/mcp', c => transport.handleRequest(c.req.raw));\n\n// Start the server\nconst PORT = process.env.MCP_PORT ? Number.parseInt(process.env.MCP_PORT, 10) : 3000;\n\nawait server.connect(transport);\n\nconsole.log(`Starting Hono MCP server on port ${PORT}`);\nconsole.log(`Health check: http://localhost:${PORT}/health`);\nconsole.log(`MCP endpoint: http://localhost:${PORT}/mcp`);\n\nserve({\n fetch: app.fetch,\n port: PORT\n});\n" }, { "path": "examples/server/src/inMemoryEventStore.ts", "content": "import type { EventStore, JSONRPCMessage } from '@modelcontextprotocol/server';\n\n/**\n * Simple in-memory implementation of the EventStore interface for resumability\n * This is primarily intended for examples and testing, not for production use\n * where a persistent storage solution would be more appropriate.\n */\nexport class InMemoryEventStore implements EventStore {\n private events: Map = new Map();\n\n /**\n * Generates a unique event ID for a given stream ID\n */\n private generateEventId(streamId: string): string {\n return `${streamId}_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;\n }\n\n /**\n * Extracts the stream ID from an event ID\n */\n private getStreamIdFromEventId(eventId: string): string {\n const parts = eventId.split('_');\n return parts.length > 0 ? parts[0]! : '';\n }\n\n /**\n * Stores an event with a generated event ID\n * Implements EventStore.storeEvent\n */\n async storeEvent(streamId: string, message: JSONRPCMessage): Promise {\n const eventId = this.generateEventId(streamId);\n this.events.set(eventId, { streamId, message });\n return eventId;\n }\n\n /**\n * Replays events that occurred after a specific event ID\n * Implements EventStore.replayEventsAfter\n */\n async replayEventsAfter(\n lastEventId: string,\n { send }: { send: (eventId: string, message: JSONRPCMessage) => Promise }\n ): Promise {\n if (!lastEventId || !this.events.has(lastEventId)) {\n return '';\n }\n\n // Extract the stream ID from the event ID\n const streamId = this.getStreamIdFromEventId(lastEventId);\n if (!streamId) {\n return '';\n }\n\n let foundLastEvent = false;\n\n // Sort events by eventId for chronological ordering\n const sortedEvents = [...this.events.entries()].toSorted((a, b) => a[0].localeCompare(b[0]));\n\n for (const [eventId, { streamId: eventStreamId, message }] of sortedEvents) {\n // Only include events from the same stream\n if (eventStreamId !== streamId) {\n continue;\n }\n\n // Start sending events after we find the lastEventId\n if (eventId === lastEventId) {\n foundLastEvent = true;\n continue;\n }\n\n if (foundLastEvent) {\n await send(eventId, message);\n }\n }\n return streamId;\n }\n}\n" }, { "path": "examples/server/src/jsonResponseStreamableHttp.ts", "content": "import { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult } from '@modelcontextprotocol/server';\nimport { isInitializeRequest, McpServer } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\nimport * as z from 'zod/v4';\n\n// Create an MCP server with implementation details\nconst getServer = () => {\n const server = new McpServer(\n {\n name: 'json-response-streamable-http-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n logging: {}\n }\n }\n );\n\n // Register a simple tool that returns a greeting\n server.registerTool(\n 'greet',\n {\n description: 'A simple greeting tool',\n inputSchema: z.object({\n name: z.string().describe('Name to greet')\n })\n },\n async ({ name }): Promise => {\n return {\n content: [\n {\n type: 'text',\n text: `Hello, ${name}!`\n }\n ]\n };\n }\n );\n\n // Register a tool that sends multiple greetings with notifications\n server.registerTool(\n 'multi-greet',\n {\n description: 'A tool that sends different greetings with delays between them',\n inputSchema: z.object({\n name: z.string().describe('Name to greet')\n })\n },\n async ({ name }, ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n\n await ctx.mcpReq.log('debug', `Starting multi-greet for ${name}`);\n\n await sleep(1000); // Wait 1 second before first greeting\n\n await ctx.mcpReq.log('info', `Sending first greeting to ${name}`);\n\n await sleep(1000); // Wait another second before second greeting\n\n await ctx.mcpReq.log('info', `Sending second greeting to ${name}`);\n\n return {\n content: [\n {\n type: 'text',\n text: `Good morning, ${name}!`\n }\n ]\n };\n }\n );\n return server;\n};\n\nconst app = createMcpExpressApp();\n\n// Map to store transports by session ID\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\n\napp.post('/mcp', async (req: Request, res: Response) => {\n console.log('Received MCP request:', req.body);\n try {\n // Check for existing session ID\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n let transport: NodeStreamableHTTPServerTransport;\n\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n // New initialization request - use JSON response mode\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n enableJsonResponse: true, // Enable JSON response mode\n onsessioninitialized: sessionId => {\n // Store the transport by session ID when session is initialized\n // This avoids race conditions where requests might come in before the session is stored\n console.log(`Session initialized with ID: ${sessionId}`);\n transports[sessionId] = transport;\n }\n });\n\n // Connect the transport to the MCP server BEFORE handling the request\n const server = getServer();\n await server.connect(transport);\n await transport.handleRequest(req, res, req.body);\n return; // Already handled\n } else {\n // Invalid request - no session ID or not initialization request\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Bad Request: No valid session ID provided'\n },\n id: null\n });\n return;\n }\n\n // Handle the request with existing transport - no need to reconnect\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n});\n\n// Handle GET requests for SSE streams according to spec\napp.get('/mcp', async (req: Request, res: Response) => {\n // Since this is a very simple example, we don't support GET requests for this server\n // The spec requires returning 405 Method Not Allowed in this case\n res.status(405).set('Allow', 'POST').send('Method Not Allowed');\n});\n\n// Start the server\nconst PORT = 3000;\napp.listen(PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`MCP Streamable HTTP Server listening on port ${PORT}`);\n});\n\n// Handle server shutdown\nprocess.on('SIGINT', async () => {\n console.log('Shutting down server...');\n process.exit(0);\n});\n" }, { "path": "examples/server/src/mcpServerOutputSchema.ts", "content": "#!/usr/bin/env node\n/**\n * Example MCP server using the high-level McpServer API with outputSchema\n * This demonstrates how to easily create tools with structured output\n */\n\nimport { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nconst server = new McpServer({\n name: 'mcp-output-schema-high-level-example',\n version: '1.0.0'\n});\n\n// Define a tool with structured output - Weather data\nserver.registerTool(\n 'get_weather',\n {\n description: 'Get weather information for a city',\n inputSchema: z.object({\n city: z.string().describe('City name'),\n country: z.string().describe('Country code (e.g., US, UK)')\n }),\n outputSchema: z.object({\n temperature: z.object({\n celsius: z.number(),\n fahrenheit: z.number()\n }),\n conditions: z.enum(['sunny', 'cloudy', 'rainy', 'stormy', 'snowy']),\n humidity: z.number().min(0).max(100),\n wind: z.object({\n speed_kmh: z.number(),\n direction: z.string()\n })\n })\n },\n async ({ city, country }) => {\n // Parameters are available but not used in this example\n void city;\n void country;\n // Simulate weather API call\n const temp_c = Math.round((Math.random() * 35 - 5) * 10) / 10;\n const conditions = ['sunny', 'cloudy', 'rainy', 'stormy', 'snowy'][Math.floor(Math.random() * 5)];\n\n const structuredContent = {\n temperature: {\n celsius: temp_c,\n fahrenheit: Math.round(((temp_c * 9) / 5 + 32) * 10) / 10\n },\n conditions,\n humidity: Math.round(Math.random() * 100),\n wind: {\n speed_kmh: Math.round(Math.random() * 50),\n direction: ['N', 'NE', 'E', 'SE', 'S', 'SW', 'W', 'NW'][Math.floor(Math.random() * 8)]\n }\n };\n\n return {\n content: [\n {\n type: 'text',\n text: JSON.stringify(structuredContent, null, 2)\n }\n ],\n structuredContent\n };\n }\n);\n\nasync function main() {\n const transport = new StdioServerTransport();\n await server.connect(transport);\n console.error('High-level Output Schema Example Server running on stdio');\n}\n\ntry {\n await main();\n} catch (error) {\n console.error('Server error:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/server/src/serverGuide.examples.ts", "content": "/**\n * Type-checked examples for docs/server.md.\n *\n * Regions are synced into markdown code fences via `pnpm sync:snippets`.\n * Each function wraps a single region. The function name matches the region name.\n *\n * @module\n */\n\nimport { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult, ResourceLink } from '@modelcontextprotocol/server';\nimport { completable, McpServer, ResourceTemplate, StdioServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\n// ---------------------------------------------------------------------------\n// Tools, resources, and prompts\n// ---------------------------------------------------------------------------\n\n/** Example: Registering a tool with inputSchema, outputSchema, and structuredContent. */\nfunction registerTool_basic(server: McpServer) {\n //#region registerTool_basic\n server.registerTool(\n 'calculate-bmi',\n {\n title: 'BMI Calculator',\n description: 'Calculate Body Mass Index',\n inputSchema: z.object({\n weightKg: z.number(),\n heightM: z.number()\n }),\n outputSchema: z.object({ bmi: z.number() })\n },\n async ({ weightKg, heightM }) => {\n const output = { bmi: weightKg / (heightM * heightM) };\n return {\n content: [{ type: 'text', text: JSON.stringify(output) }],\n structuredContent: output\n };\n }\n );\n //#endregion registerTool_basic\n}\n\n/** Example: Tool returning resource_link content items. */\nfunction registerTool_resourceLink(server: McpServer) {\n //#region registerTool_resourceLink\n server.registerTool(\n 'list-files',\n {\n title: 'List Files',\n description: 'Returns files as resource links without embedding content'\n },\n async (): Promise => {\n const links: ResourceLink[] = [\n {\n type: 'resource_link',\n uri: 'file:///projects/readme.md',\n name: 'README',\n mimeType: 'text/markdown'\n },\n {\n type: 'resource_link',\n uri: 'file:///projects/config.json',\n name: 'Config',\n mimeType: 'application/json'\n }\n ];\n return { content: links };\n }\n );\n //#endregion registerTool_resourceLink\n}\n\n/** Example: Registering a static resource at a fixed URI. */\nfunction registerResource_static(server: McpServer) {\n //#region registerResource_static\n server.registerResource(\n 'config',\n 'config://app',\n {\n title: 'Application Config',\n description: 'Application configuration data',\n mimeType: 'text/plain'\n },\n async uri => ({\n contents: [{ uri: uri.href, text: 'App configuration here' }]\n })\n );\n //#endregion registerResource_static\n}\n\n/** Example: Dynamic resource with ResourceTemplate and listing. */\nfunction registerResource_template(server: McpServer) {\n //#region registerResource_template\n server.registerResource(\n 'user-profile',\n new ResourceTemplate('user://{userId}/profile', {\n list: async () => ({\n resources: [\n { uri: 'user://123/profile', name: 'Alice' },\n { uri: 'user://456/profile', name: 'Bob' }\n ]\n })\n }),\n {\n title: 'User Profile',\n description: 'User profile data',\n mimeType: 'application/json'\n },\n async (uri, { userId }) => ({\n contents: [\n {\n uri: uri.href,\n text: JSON.stringify({ userId, name: 'Example User' })\n }\n ]\n })\n );\n //#endregion registerResource_template\n}\n\n/** Example: Registering a prompt with argsSchema. */\nfunction registerPrompt_basic(server: McpServer) {\n //#region registerPrompt_basic\n server.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n description: 'Review code for best practices and potential issues',\n argsSchema: z.object({\n code: z.string()\n })\n },\n ({ code }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Please review this code:\\n\\n${code}`\n }\n }\n ]\n })\n );\n //#endregion registerPrompt_basic\n}\n\n/** Example: Prompt with completable argsSchema for autocompletion. */\nfunction registerPrompt_completion(server: McpServer) {\n //#region registerPrompt_completion\n server.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n description: 'Review code for best practices',\n argsSchema: z.object({\n language: completable(z.string().describe('Programming language'), value =>\n ['typescript', 'javascript', 'python', 'rust', 'go'].filter(lang => lang.startsWith(value))\n )\n })\n },\n ({ language }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Review this ${language} code for best practices.`\n }\n }\n ]\n })\n );\n //#endregion registerPrompt_completion\n}\n\n// ---------------------------------------------------------------------------\n// Logging\n// ---------------------------------------------------------------------------\n\n/** Example: Server with logging capability + tool that logs progress messages. */\nfunction registerTool_logging() {\n //#region logging_capability\n const server = new McpServer({ name: 'my-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n //#endregion logging_capability\n\n //#region registerTool_logging\n server.registerTool(\n 'fetch-data',\n {\n description: 'Fetch data from an API',\n inputSchema: z.object({ url: z.string() })\n },\n async ({ url }, ctx): Promise => {\n await ctx.mcpReq.log('info', `Fetching ${url}`);\n const res = await fetch(url);\n await ctx.mcpReq.log('debug', `Response status: ${res.status}`);\n const text = await res.text();\n return { content: [{ type: 'text', text }] };\n }\n );\n //#endregion registerTool_logging\n return server;\n}\n\n// ---------------------------------------------------------------------------\n// Server-initiated requests\n// ---------------------------------------------------------------------------\n\n/** Example: Tool that uses sampling to request an LLM completion from the client. */\nfunction registerTool_sampling(server: McpServer) {\n //#region registerTool_sampling\n server.registerTool(\n 'summarize',\n {\n description: 'Summarize text using the client LLM',\n inputSchema: z.object({ text: z.string() })\n },\n async ({ text }, ctx): Promise => {\n const response = await ctx.mcpReq.requestSampling({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please summarize:\\n\\n${text}`\n }\n }\n ],\n maxTokens: 500\n });\n return {\n content: [\n {\n type: 'text',\n text: `Model (${response.model}): ${JSON.stringify(response.content)}`\n }\n ]\n };\n }\n );\n //#endregion registerTool_sampling\n}\n\n/** Example: Tool that uses form elicitation to collect user input. */\nfunction registerTool_elicitation(server: McpServer) {\n //#region registerTool_elicitation\n server.registerTool(\n 'collect-feedback',\n {\n description: 'Collect user feedback via a form',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n const result = await ctx.mcpReq.elicitInput({\n mode: 'form',\n message: 'Please share your feedback:',\n requestedSchema: {\n type: 'object',\n properties: {\n rating: {\n type: 'number',\n title: 'Rating (1\\u20135)',\n minimum: 1,\n maximum: 5\n },\n comment: { type: 'string', title: 'Comment' }\n },\n required: ['rating']\n }\n });\n if (result.action === 'accept') {\n return {\n content: [\n {\n type: 'text',\n text: `Thanks! ${JSON.stringify(result.content)}`\n }\n ]\n };\n }\n return { content: [{ type: 'text', text: 'Feedback declined.' }] };\n }\n );\n //#endregion registerTool_elicitation\n}\n\n// ---------------------------------------------------------------------------\n// Transports\n// ---------------------------------------------------------------------------\n\n/** Example: Stateful Streamable HTTP transport with session management. */\nasync function streamableHttp_stateful() {\n //#region streamableHttp_stateful\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await server.connect(transport);\n //#endregion streamableHttp_stateful\n}\n\n/** Example: Stateless Streamable HTTP transport (no session persistence). */\nasync function streamableHttp_stateless() {\n //#region streamableHttp_stateless\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n });\n\n await server.connect(transport);\n //#endregion streamableHttp_stateless\n}\n\n/** Example: Streamable HTTP with JSON response mode (no SSE). */\nasync function streamableHttp_jsonResponse() {\n //#region streamableHttp_jsonResponse\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n enableJsonResponse: true\n });\n\n await server.connect(transport);\n //#endregion streamableHttp_jsonResponse\n}\n\n/** Example: stdio transport for local process-spawned integrations. */\nasync function stdio_basic() {\n //#region stdio_basic\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n const transport = new StdioServerTransport();\n await server.connect(transport);\n //#endregion stdio_basic\n}\n\n// ---------------------------------------------------------------------------\n// DNS rebinding protection\n// ---------------------------------------------------------------------------\n\n/** Example: createMcpExpressApp with different host bindings. */\nfunction dnsRebinding_basic() {\n //#region dnsRebinding_basic\n // Default: DNS rebinding protection auto-enabled (host is 127.0.0.1)\n const app = createMcpExpressApp();\n\n // DNS rebinding protection also auto-enabled for localhost\n const appLocal = createMcpExpressApp({ host: 'localhost' });\n\n // No automatic protection when binding to all interfaces\n const appOpen = createMcpExpressApp({ host: '0.0.0.0' });\n //#endregion dnsRebinding_basic\n return { app, appLocal, appOpen };\n}\n\n/** Example: createMcpExpressApp with allowedHosts for non-localhost binding. */\nfunction dnsRebinding_allowedHosts() {\n //#region dnsRebinding_allowedHosts\n const app = createMcpExpressApp({\n host: '0.0.0.0',\n allowedHosts: ['localhost', '127.0.0.1', 'myhost.local']\n });\n //#endregion dnsRebinding_allowedHosts\n return app;\n}\n\n// Suppress unused-function warnings (functions exist solely for type-checking)\nvoid registerTool_basic;\nvoid registerTool_resourceLink;\nvoid registerTool_logging;\nvoid registerTool_sampling;\nvoid registerTool_elicitation;\nvoid registerResource_static;\nvoid registerResource_template;\nvoid registerPrompt_basic;\nvoid registerPrompt_completion;\nvoid streamableHttp_stateful;\nvoid streamableHttp_stateless;\nvoid streamableHttp_jsonResponse;\nvoid stdio_basic;\nvoid dnsRebinding_basic;\nvoid dnsRebinding_allowedHosts;\n" }, { "path": "examples/server/src/simpleStatelessStreamableHttp.ts", "content": "import { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult, GetPromptResult, ReadResourceResult } from '@modelcontextprotocol/server';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\nimport * as z from 'zod/v4';\n\nconst getServer = () => {\n // Create an MCP server with implementation details\n const server = new McpServer(\n {\n name: 'stateless-streamable-http-server',\n version: '1.0.0'\n },\n { capabilities: { logging: {} } }\n );\n\n // Register a simple prompt\n server.registerPrompt(\n 'greeting-template',\n {\n description: 'A simple greeting prompt template',\n argsSchema: z.object({\n name: z.string().describe('Name to include in greeting')\n })\n },\n async ({ name }): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please greet ${name} in a friendly manner.`\n }\n }\n ]\n };\n }\n );\n\n // Register a tool specifically for testing resumability\n server.registerTool(\n 'start-notification-stream',\n {\n description: 'Starts sending periodic notifications for testing resumability',\n inputSchema: z.object({\n interval: z.number().describe('Interval in milliseconds between notifications').default(100),\n count: z.number().describe('Number of notifications to send (0 for 100)').default(10)\n })\n },\n async ({ interval, count }, ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n let counter = 0;\n\n while (count === 0 || counter < count) {\n counter++;\n try {\n await ctx.mcpReq.log('info', `Periodic notification #${counter} at ${new Date().toISOString()}`);\n } catch (error) {\n console.error('Error sending notification:', error);\n }\n // Wait for the specified interval\n await sleep(interval);\n }\n\n return {\n content: [\n {\n type: 'text',\n text: `Started sending periodic notifications every ${interval}ms`\n }\n ]\n };\n }\n );\n\n // Create a simple resource at a fixed URI\n server.registerResource(\n 'greeting-resource',\n 'https://example.com/greetings/default',\n { mimeType: 'text/plain' },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'https://example.com/greetings/default',\n text: 'Hello, world!'\n }\n ]\n };\n }\n );\n return server;\n};\n\nconst app = createMcpExpressApp();\n\napp.post('/mcp', async (req: Request, res: Response) => {\n const server = getServer();\n try {\n const transport: NodeStreamableHTTPServerTransport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n });\n await server.connect(transport);\n await transport.handleRequest(req, res, req.body);\n res.on('close', () => {\n console.log('Request closed');\n transport.close();\n server.close();\n });\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n});\n\napp.get('/mcp', async (req: Request, res: Response) => {\n console.log('Received GET MCP request');\n res.writeHead(405).end(\n JSON.stringify({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Method not allowed.'\n },\n id: null\n })\n );\n});\n\napp.delete('/mcp', async (req: Request, res: Response) => {\n console.log('Received DELETE MCP request');\n res.writeHead(405).end(\n JSON.stringify({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Method not allowed.'\n },\n id: null\n })\n );\n});\n\n// Start the server\nconst PORT = 3000;\napp.listen(PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`MCP Stateless Streamable HTTP Server listening on port ${PORT}`);\n});\n\n// Handle server shutdown\nprocess.on('SIGINT', async () => {\n console.log('Shutting down server...');\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(0);\n});\n" }, { "path": "examples/server/src/simpleStreamableHttp.ts", "content": "import { randomUUID } from 'node:crypto';\n\nimport {\n createProtectedResourceMetadataRouter,\n getOAuthProtectedResourceMetadataUrl,\n requireBearerAuth,\n setupAuthServer\n} from '@modelcontextprotocol/examples-shared';\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type {\n CallToolResult,\n ElicitResult,\n GetPromptResult,\n PrimitiveSchemaDefinition,\n ReadResourceResult,\n ResourceLink\n} from '@modelcontextprotocol/server';\nimport { InMemoryTaskMessageQueue, InMemoryTaskStore, isInitializeRequest, McpServer } from '@modelcontextprotocol/server';\nimport cors from 'cors';\nimport type { Request, Response } from 'express';\nimport * as z from 'zod/v4';\n\nimport { InMemoryEventStore } from './inMemoryEventStore.js';\n\n// Check for OAuth flag\nconst useOAuth = process.argv.includes('--oauth');\nconst strictOAuth = process.argv.includes('--oauth-strict');\nconst dangerousLoggingEnabled = process.argv.includes('--dangerous-logging-enabled');\n\n// Create shared task store for demonstration\nconst taskStore = new InMemoryTaskStore();\n\n// Create an MCP server with implementation details\nconst getServer = () => {\n const server = new McpServer(\n {\n name: 'simple-streamable-http-server',\n version: '1.0.0',\n icons: [{ src: './mcp.svg', sizes: ['512x512'], mimeType: 'image/svg+xml' }],\n websiteUrl: 'https://github.com/modelcontextprotocol/typescript-sdk'\n },\n {\n capabilities: { logging: {}, tasks: { requests: { tools: { call: {} } } } },\n taskStore, // Enable task support\n taskMessageQueue: new InMemoryTaskMessageQueue()\n }\n );\n\n // Register a simple tool that returns a greeting\n server.registerTool(\n 'greet',\n {\n title: 'Greeting Tool', // Display name for UI\n description: 'A simple greeting tool',\n inputSchema: z.object({\n name: z.string().describe('Name to greet')\n })\n },\n async ({ name }): Promise => {\n return {\n content: [\n {\n type: 'text',\n text: `Hello, ${name}!`\n }\n ]\n };\n }\n );\n\n // Register a tool that sends multiple greetings with notifications (with annotations)\n server.registerTool(\n 'multi-greet',\n {\n description: 'A tool that sends different greetings with delays between them',\n inputSchema: z.object({\n name: z.string().describe('Name to greet')\n }),\n annotations: {\n title: 'Multiple Greeting Tool',\n readOnlyHint: true,\n openWorldHint: false\n }\n },\n async ({ name }, ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n\n await ctx.mcpReq.log('debug', `Starting multi-greet for ${name}`);\n\n await sleep(1000); // Wait 1 second before first greeting\n\n await ctx.mcpReq.log('info', `Sending first greeting to ${name}`);\n\n await sleep(1000); // Wait another second before second greeting\n\n await ctx.mcpReq.log('info', `Sending second greeting to ${name}`);\n\n return {\n content: [\n {\n type: 'text',\n text: `Good morning, ${name}!`\n }\n ]\n };\n }\n );\n // Register a tool that demonstrates form elicitation (user input collection with a schema)\n // This creates a closure that captures the server instance\n server.registerTool(\n 'collect-user-info',\n {\n description: 'A tool that collects user information through form elicitation',\n inputSchema: z.object({\n infoType: z.enum(['contact', 'preferences', 'feedback']).describe('Type of information to collect')\n })\n },\n async ({ infoType }, ctx): Promise => {\n let message: string;\n let requestedSchema: {\n type: 'object';\n properties: Record;\n required?: string[];\n };\n\n switch (infoType) {\n case 'contact': {\n message = 'Please provide your contact information';\n requestedSchema = {\n type: 'object',\n properties: {\n name: {\n type: 'string',\n title: 'Full Name',\n description: 'Your full name'\n },\n email: {\n type: 'string',\n title: 'Email Address',\n description: 'Your email address',\n format: 'email'\n },\n phone: {\n type: 'string',\n title: 'Phone Number',\n description: 'Your phone number (optional)'\n }\n },\n required: ['name', 'email']\n };\n break;\n }\n case 'preferences': {\n message = 'Please set your preferences';\n requestedSchema = {\n type: 'object',\n properties: {\n theme: {\n type: 'string',\n title: 'Theme',\n description: 'Choose your preferred theme',\n enum: ['light', 'dark', 'auto'],\n enumNames: ['Light', 'Dark', 'Auto']\n },\n notifications: {\n type: 'boolean',\n title: 'Enable Notifications',\n description: 'Would you like to receive notifications?',\n default: true\n },\n frequency: {\n type: 'string',\n title: 'Notification Frequency',\n description: 'How often would you like notifications?',\n enum: ['daily', 'weekly', 'monthly'],\n enumNames: ['Daily', 'Weekly', 'Monthly']\n }\n },\n required: ['theme']\n };\n break;\n }\n case 'feedback': {\n message = 'Please provide your feedback';\n requestedSchema = {\n type: 'object',\n properties: {\n rating: {\n type: 'integer',\n title: 'Rating',\n description: 'Rate your experience (1-5)',\n minimum: 1,\n maximum: 5\n },\n comments: {\n type: 'string',\n title: 'Comments',\n description: 'Additional comments (optional)',\n maxLength: 500\n },\n recommend: {\n type: 'boolean',\n title: 'Would you recommend this?',\n description: 'Would you recommend this to others?'\n }\n },\n required: ['rating', 'recommend']\n };\n break;\n }\n default: {\n throw new Error(`Unknown info type: ${infoType}`);\n }\n }\n\n try {\n // Use sendRequest through the ctx parameter to elicit input\n const result = await ctx.mcpReq.send({\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message,\n requestedSchema\n }\n });\n\n if (result.action === 'accept') {\n return {\n content: [\n {\n type: 'text',\n text: `Thank you! Collected ${infoType} information: ${JSON.stringify(result.content, null, 2)}`\n }\n ]\n };\n } else if (result.action === 'decline') {\n return {\n content: [\n {\n type: 'text',\n text: `No information was collected. User declined ${infoType} information request.`\n }\n ]\n };\n } else {\n return {\n content: [\n {\n type: 'text',\n text: `Information collection was cancelled by the user.`\n }\n ]\n };\n }\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Error collecting ${infoType} information: ${error}`\n }\n ]\n };\n }\n }\n );\n\n // Register a simple prompt with title\n server.registerPrompt(\n 'greeting-template',\n {\n title: 'Greeting Template', // Display name for UI\n description: 'A simple greeting prompt template',\n argsSchema: z.object({\n name: z.string().describe('Name to include in greeting')\n })\n },\n async ({ name }): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please greet ${name} in a friendly manner.`\n }\n }\n ]\n };\n }\n );\n\n // Register a tool specifically for testing resumability\n server.registerTool(\n 'start-notification-stream',\n {\n description: 'Starts sending periodic notifications for testing resumability',\n inputSchema: z.object({\n interval: z.number().describe('Interval in milliseconds between notifications').default(100),\n count: z.number().describe('Number of notifications to send (0 for 100)').default(50)\n })\n },\n async ({ interval, count }, ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n let counter = 0;\n\n while (count === 0 || counter < count) {\n counter++;\n try {\n await ctx.mcpReq.log('info', `Periodic notification #${counter} at ${new Date().toISOString()}`);\n } catch (error) {\n console.error('Error sending notification:', error);\n }\n // Wait for the specified interval\n await sleep(interval);\n }\n\n return {\n content: [\n {\n type: 'text',\n text: `Started sending periodic notifications every ${interval}ms`\n }\n ]\n };\n }\n );\n\n // Create a simple resource at a fixed URI\n server.registerResource(\n 'greeting-resource',\n 'https://example.com/greetings/default',\n {\n title: 'Default Greeting', // Display name for UI\n description: 'A simple greeting resource',\n mimeType: 'text/plain'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'https://example.com/greetings/default',\n text: 'Hello, world!'\n }\n ]\n };\n }\n );\n\n // Create additional resources for ResourceLink demonstration\n server.registerResource(\n 'example-file-1',\n 'file:///example/file1.txt',\n {\n title: 'Example File 1',\n description: 'First example file for ResourceLink demonstration',\n mimeType: 'text/plain'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'file:///example/file1.txt',\n text: 'This is the content of file 1'\n }\n ]\n };\n }\n );\n\n server.registerResource(\n 'example-file-2',\n 'file:///example/file2.txt',\n {\n title: 'Example File 2',\n description: 'Second example file for ResourceLink demonstration',\n mimeType: 'text/plain'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'file:///example/file2.txt',\n text: 'This is the content of file 2'\n }\n ]\n };\n }\n );\n\n // Register a tool that returns ResourceLinks\n server.registerTool(\n 'list-files',\n {\n title: 'List Files with ResourceLinks',\n description: 'Returns a list of files as ResourceLinks without embedding their content',\n inputSchema: z.object({\n includeDescriptions: z.boolean().optional().describe('Whether to include descriptions in the resource links')\n })\n },\n async ({ includeDescriptions = true }): Promise => {\n const resourceLinks: ResourceLink[] = [\n {\n type: 'resource_link',\n uri: 'https://example.com/greetings/default',\n name: 'Default Greeting',\n mimeType: 'text/plain',\n ...(includeDescriptions && { description: 'A simple greeting resource' })\n },\n {\n type: 'resource_link',\n uri: 'file:///example/file1.txt',\n name: 'Example File 1',\n mimeType: 'text/plain',\n ...(includeDescriptions && { description: 'First example file for ResourceLink demonstration' })\n },\n {\n type: 'resource_link',\n uri: 'file:///example/file2.txt',\n name: 'Example File 2',\n mimeType: 'text/plain',\n ...(includeDescriptions && { description: 'Second example file for ResourceLink demonstration' })\n }\n ];\n\n return {\n content: [\n {\n type: 'text',\n text: 'Here are the available files as resource links:'\n },\n ...resourceLinks,\n {\n type: 'text',\n text: '\\nYou can read any of these resources using their URI.'\n }\n ]\n };\n }\n );\n\n // Register a long-running tool that demonstrates task execution\n // Using the experimental tasks API - WARNING: may change without notice\n server.experimental.tasks.registerToolTask(\n 'delay',\n {\n title: 'Delay',\n description: 'A simple tool that delays for a specified duration, useful for testing task execution',\n inputSchema: z.object({\n duration: z.number().describe('Duration in milliseconds').default(5000)\n })\n },\n {\n async createTask({ duration }, ctx) {\n // Create the task\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n // Simulate out-of-band work\n (async () => {\n await new Promise(resolve => setTimeout(resolve, duration));\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [\n {\n type: 'text',\n text: `Completed ${duration}ms delay`\n }\n ]\n });\n })();\n\n // Return CreateTaskResult with the created task\n return {\n task\n };\n },\n async getTask(_args, ctx) {\n return await ctx.task.store.getTask(ctx.task.id);\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n // Register a tool that demonstrates bidirectional task support:\n // Server creates a task, then elicits input from client using elicitInputStream\n // Using the experimental tasks API - WARNING: may change without notice\n server.experimental.tasks.registerToolTask(\n 'collect-user-info-task',\n {\n title: 'Collect Info with Task',\n description: 'Collects user info via elicitation with task support using elicitInputStream',\n inputSchema: z.object({\n infoType: z.enum(['contact', 'preferences']).describe('Type of information to collect').default('contact')\n })\n },\n {\n async createTask({ infoType }, ctx) {\n // Create the server-side task\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n // Perform async work that makes a nested elicitation request using elicitInputStream\n (async () => {\n try {\n const message = infoType === 'contact' ? 'Please provide your contact information' : 'Please set your preferences';\n\n // Define schemas with proper typing for PrimitiveSchemaDefinition\n const contactSchema: {\n type: 'object';\n properties: Record;\n required: string[];\n } = {\n type: 'object',\n properties: {\n name: { type: 'string', title: 'Full Name', description: 'Your full name' },\n email: { type: 'string', title: 'Email', description: 'Your email address' }\n },\n required: ['name', 'email']\n };\n\n const preferencesSchema: {\n type: 'object';\n properties: Record;\n required: string[];\n } = {\n type: 'object',\n properties: {\n theme: { type: 'string', title: 'Theme', enum: ['light', 'dark', 'auto'] },\n notifications: { type: 'boolean', title: 'Enable Notifications', default: true }\n },\n required: ['theme']\n };\n\n const requestedSchema = infoType === 'contact' ? contactSchema : preferencesSchema;\n\n // Use elicitInputStream to elicit input from client\n // This demonstrates the streaming elicitation API\n // Access via server.server to get the underlying Server instance\n const stream = server.server.experimental.tasks.elicitInputStream({\n mode: 'form',\n message,\n requestedSchema\n });\n\n let elicitResult: ElicitResult | undefined;\n for await (const msg of stream) {\n if (msg.type === 'result') {\n elicitResult = msg.result as ElicitResult;\n } else if (msg.type === 'error') {\n throw msg.error;\n }\n }\n\n if (!elicitResult) {\n throw new Error('No result received from elicitation');\n }\n\n let resultText: string;\n if (elicitResult.action === 'accept') {\n resultText = `Collected ${infoType} info: ${JSON.stringify(elicitResult.content, null, 2)}`;\n } else if (elicitResult.action === 'decline') {\n resultText = `User declined to provide ${infoType} information`;\n } else {\n resultText = 'User cancelled the request';\n }\n\n await taskStore.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: resultText }]\n });\n } catch (error) {\n console.error('Error in collect-user-info-task:', error);\n await taskStore.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text', text: `Error: ${error}` }],\n isError: true\n });\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n return await ctx.task.store.getTask(ctx.task.id);\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n return server;\n};\n\nconst MCP_PORT = process.env.MCP_PORT ? Number.parseInt(process.env.MCP_PORT, 10) : 3000;\nconst AUTH_PORT = process.env.MCP_AUTH_PORT ? Number.parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;\n\nconst app = createMcpExpressApp();\n\n// Enable CORS for browser-based clients (demo only)\n// This allows cross-origin requests and exposes WWW-Authenticate header for OAuth\n// WARNING: This configuration is for demo purposes only. In production, you should restrict this to specific origins and configure CORS yourself.\napp.use(\n cors({\n exposedHeaders: ['WWW-Authenticate', 'Mcp-Session-Id', 'Last-Event-Id', 'Mcp-Protocol-Version'],\n origin: '*' // WARNING: This allows all origins to access the MCP server. In production, you should restrict this to specific origins.\n })\n);\n\n// Set up OAuth if enabled\nlet authMiddleware = null;\nif (useOAuth) {\n // Create auth middleware for MCP endpoints\n const mcpServerUrl = new URL(`http://localhost:${MCP_PORT}/mcp`);\n const authServerUrl = new URL(`http://localhost:${AUTH_PORT}`);\n\n setupAuthServer({ authServerUrl, mcpServerUrl, strictResource: strictOAuth, demoMode: true, dangerousLoggingEnabled });\n\n // Add protected resource metadata route to the MCP server\n // This allows clients to discover the auth server\n // Pass the resource path so metadata is served at /.well-known/oauth-protected-resource/mcp\n app.use(createProtectedResourceMetadataRouter('/mcp'));\n\n authMiddleware = requireBearerAuth({\n requiredScopes: [],\n resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(mcpServerUrl),\n strictResource: strictOAuth,\n expectedResource: mcpServerUrl\n });\n}\n\n// Map to store transports by session ID\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\n\n// MCP POST endpoint with optional auth\nconst mcpPostHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (sessionId) {\n console.log(`Received MCP request for session: ${sessionId}`);\n } else {\n console.log('Request body:', req.body);\n }\n\n if (useOAuth && req.app.locals.auth) {\n console.log('Authenticated user:', req.app.locals.auth);\n }\n try {\n let transport: NodeStreamableHTTPServerTransport;\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n // New initialization request\n const eventStore = new InMemoryEventStore();\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore, // Enable resumability\n onsessioninitialized: sessionId => {\n // Store the transport by session ID when session is initialized\n // This avoids race conditions where requests might come in before the session is stored\n console.log(`Session initialized with ID: ${sessionId}`);\n transports[sessionId] = transport;\n }\n });\n\n // Set up onclose handler to clean up transport when closed\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid && transports[sid]) {\n console.log(`Transport closed for session ${sid}, removing from transports map`);\n delete transports[sid];\n }\n };\n\n // Connect the transport to the MCP server BEFORE handling the request\n // so responses can flow back through the same transport\n const server = getServer();\n await server.connect(transport);\n\n await transport.handleRequest(req, res, req.body);\n return; // Already handled\n } else {\n // Invalid request - no session ID or not initialization request\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Bad Request: No valid session ID provided'\n },\n id: null\n });\n return;\n }\n\n // Handle the request with existing transport - no need to reconnect\n // The existing transport is already connected to the server\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n};\n\n// Set up routes with conditional auth middleware\nif (useOAuth && authMiddleware) {\n app.post('/mcp', authMiddleware, mcpPostHandler);\n} else {\n app.post('/mcp', mcpPostHandler);\n}\n\n// Handle GET requests for SSE streams (using built-in support from StreamableHTTP)\nconst mcpGetHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n if (useOAuth && req.app.locals.auth) {\n console.log('Authenticated SSE connection from user:', req.app.locals.auth);\n }\n\n // Check for Last-Event-ID header for resumability\n const lastEventId = req.headers['last-event-id'] as string | undefined;\n if (lastEventId) {\n console.log(`Client reconnecting with Last-Event-ID: ${lastEventId}`);\n } else {\n console.log(`Establishing new SSE stream for session ${sessionId}`);\n }\n\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n};\n\n// Set up GET route with conditional auth middleware\nif (useOAuth && authMiddleware) {\n app.get('/mcp', authMiddleware, mcpGetHandler);\n} else {\n app.get('/mcp', mcpGetHandler);\n}\n\n// Handle DELETE requests for session termination (according to MCP spec)\nconst mcpDeleteHandler = async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Received session termination request for session ${sessionId}`);\n\n try {\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n } catch (error) {\n console.error('Error handling session termination:', error);\n if (!res.headersSent) {\n res.status(500).send('Error processing session termination');\n }\n }\n};\n\n// Set up DELETE route with conditional auth middleware\nif (useOAuth && authMiddleware) {\n app.delete('/mcp', authMiddleware, mcpDeleteHandler);\n} else {\n app.delete('/mcp', mcpDeleteHandler);\n}\n\napp.listen(MCP_PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`MCP Streamable HTTP Server listening on port ${MCP_PORT}`);\n if (useOAuth) {\n console.log(` Protected Resource Metadata: http://localhost:${MCP_PORT}/.well-known/oauth-protected-resource/mcp`);\n }\n});\n\n// Handle server shutdown\nprocess.on('SIGINT', async () => {\n console.log('Shutting down server...');\n\n // Close all active transports to properly clean up resources\n for (const sessionId in transports) {\n try {\n console.log(`Closing transport for session ${sessionId}`);\n await transports[sessionId]!.close();\n delete transports[sessionId];\n } catch (error) {\n console.error(`Error closing transport for session ${sessionId}:`, error);\n }\n }\n console.log('Server shutdown complete');\n process.exit(0);\n});\n" }, { "path": "examples/server/src/simpleTaskInteractive.ts", "content": "/**\n * Simple interactive task server demonstrating elicitation and sampling.\n *\n * This server demonstrates the task message queue pattern from the MCP Tasks spec:\n * - confirm_delete: Uses elicitation to ask the user for confirmation\n * - write_haiku: Uses sampling to request an LLM to generate content\n *\n * Both tools use the \"call-now, fetch-later\" pattern where the initial call\n * creates a task, and the result is fetched via tasks/result endpoint.\n */\n\nimport { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type {\n CallToolResult,\n CreateMessageRequest,\n CreateMessageResult,\n CreateTaskOptions,\n CreateTaskResult,\n ElicitRequestFormParams,\n ElicitResult,\n GetTaskPayloadResult,\n GetTaskResult,\n JSONRPCRequest,\n PrimitiveSchemaDefinition,\n QueuedMessage,\n QueuedRequest,\n RequestId,\n Result,\n SamplingMessage,\n Task,\n TaskMessageQueue,\n TextContent,\n Tool\n} from '@modelcontextprotocol/server';\nimport { InMemoryTaskStore, isTerminal, RELATED_TASK_META_KEY, Server } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\n\n// ============================================================================\n// Resolver - Promise-like for passing results between async operations\n// ============================================================================\n\nclass Resolver {\n private _resolve!: (value: T) => void;\n private _reject!: (error: Error) => void;\n private _promise: Promise;\n private _done = false;\n\n constructor() {\n this._promise = new Promise((resolve, reject) => {\n this._resolve = resolve;\n this._reject = reject;\n });\n }\n\n setResult(value: T): void {\n if (this._done) return;\n this._done = true;\n this._resolve(value);\n }\n\n setException(error: Error): void {\n if (this._done) return;\n this._done = true;\n this._reject(error);\n }\n\n wait(): Promise {\n return this._promise;\n }\n\n done(): boolean {\n return this._done;\n }\n}\n\n// ============================================================================\n// Extended message queue with resolver support and wait functionality\n// ============================================================================\n\ninterface QueuedRequestWithResolver extends QueuedRequest {\n resolver?: Resolver>;\n originalRequestId?: RequestId;\n}\n\ntype QueuedMessageWithResolver = QueuedRequestWithResolver | QueuedMessage;\n\nclass TaskMessageQueueWithResolvers implements TaskMessageQueue {\n private queues = new Map();\n private waitResolvers = new Map void)[]>();\n\n private getQueue(taskId: string): QueuedMessageWithResolver[] {\n let queue = this.queues.get(taskId);\n if (!queue) {\n queue = [];\n this.queues.set(taskId, queue);\n }\n return queue;\n }\n\n async enqueue(taskId: string, message: QueuedMessage, _sessionId?: string, maxSize?: number): Promise {\n const queue = this.getQueue(taskId);\n if (maxSize !== undefined && queue.length >= maxSize) {\n throw new Error(`Task message queue overflow: queue size (${queue.length}) exceeds maximum (${maxSize})`);\n }\n queue.push(message);\n // Notify any waiters\n this.notifyWaiters(taskId);\n }\n\n async enqueueWithResolver(\n taskId: string,\n message: JSONRPCRequest,\n resolver: Resolver>,\n originalRequestId: RequestId\n ): Promise {\n const queue = this.getQueue(taskId);\n const queuedMessage: QueuedRequestWithResolver = {\n type: 'request',\n message,\n timestamp: Date.now(),\n resolver,\n originalRequestId\n };\n queue.push(queuedMessage);\n this.notifyWaiters(taskId);\n }\n\n async dequeue(taskId: string, _sessionId?: string): Promise {\n const queue = this.getQueue(taskId);\n return queue.shift();\n }\n\n async dequeueAll(taskId: string, _sessionId?: string): Promise {\n const queue = this.queues.get(taskId) ?? [];\n this.queues.delete(taskId);\n return queue;\n }\n\n async waitForMessage(taskId: string): Promise {\n // Check if there are already messages\n const queue = this.getQueue(taskId);\n if (queue.length > 0) return;\n\n // Wait for a message to be added\n return new Promise(resolve => {\n let waiters = this.waitResolvers.get(taskId);\n if (!waiters) {\n waiters = [];\n this.waitResolvers.set(taskId, waiters);\n }\n waiters.push(resolve);\n });\n }\n\n private notifyWaiters(taskId: string): void {\n const waiters = this.waitResolvers.get(taskId);\n if (waiters) {\n this.waitResolvers.delete(taskId);\n for (const resolve of waiters) {\n resolve();\n }\n }\n }\n\n cleanup(): void {\n this.queues.clear();\n this.waitResolvers.clear();\n }\n}\n\n// ============================================================================\n// Extended task store with wait functionality\n// ============================================================================\n\nclass TaskStoreWithNotifications extends InMemoryTaskStore {\n private updateResolvers = new Map void)[]>();\n\n override async updateTaskStatus(taskId: string, status: Task['status'], statusMessage?: string, sessionId?: string): Promise {\n await super.updateTaskStatus(taskId, status, statusMessage, sessionId);\n this.notifyUpdate(taskId);\n }\n\n override async storeTaskResult(taskId: string, status: 'completed' | 'failed', result: Result, sessionId?: string): Promise {\n await super.storeTaskResult(taskId, status, result, sessionId);\n this.notifyUpdate(taskId);\n }\n\n async waitForUpdate(taskId: string): Promise {\n return new Promise(resolve => {\n let waiters = this.updateResolvers.get(taskId);\n if (!waiters) {\n waiters = [];\n this.updateResolvers.set(taskId, waiters);\n }\n waiters.push(resolve);\n });\n }\n\n private notifyUpdate(taskId: string): void {\n const waiters = this.updateResolvers.get(taskId);\n if (waiters) {\n this.updateResolvers.delete(taskId);\n for (const resolve of waiters) {\n resolve();\n }\n }\n }\n}\n\n// ============================================================================\n// Task Result Handler - delivers queued messages and routes responses\n// ============================================================================\n\nclass TaskResultHandler {\n private pendingRequests = new Map>>();\n\n constructor(\n private store: TaskStoreWithNotifications,\n private queue: TaskMessageQueueWithResolvers\n ) {}\n\n async handle(taskId: string, server: Server, _sessionId: string): Promise {\n while (true) {\n // Get fresh task state\n const task = await this.store.getTask(taskId);\n if (!task) {\n throw new Error(`Task not found: ${taskId}`);\n }\n\n // Dequeue and send all pending messages\n await this.deliverQueuedMessages(taskId, server, _sessionId);\n\n // If task is terminal, return result\n if (isTerminal(task.status)) {\n const result = await this.store.getTaskResult(taskId);\n // Add related-task metadata per spec\n return {\n ...result,\n _meta: {\n ...result._meta,\n [RELATED_TASK_META_KEY]: { taskId }\n }\n };\n }\n\n // Wait for task update or new message\n await this.waitForUpdate(taskId);\n }\n }\n\n private async deliverQueuedMessages(taskId: string, server: Server, _sessionId: string): Promise {\n while (true) {\n const message = await this.queue.dequeue(taskId);\n if (!message) break;\n\n console.log(`[Server] Delivering queued ${message.type} message for task ${taskId}`);\n\n if (message.type === 'request') {\n const reqMessage = message as QueuedRequestWithResolver;\n // Send the request via the server\n // Store the resolver so we can route the response back\n if (reqMessage.resolver && reqMessage.originalRequestId) {\n this.pendingRequests.set(reqMessage.originalRequestId, reqMessage.resolver);\n }\n\n // Send the message - for elicitation/sampling, we use the server's methods\n // But since we're in tasks/result context, we need to send via transport\n // This is simplified - in production you'd use proper message routing\n try {\n const request = reqMessage.message;\n let response: ElicitResult | CreateMessageResult;\n\n if (request.method === 'elicitation/create') {\n // Send elicitation request to client\n const params = request.params as ElicitRequestFormParams;\n response = await server.elicitInput(params);\n } else if (request.method === 'sampling/createMessage') {\n // Send sampling request to client\n const params = request.params as CreateMessageRequest['params'];\n response = await server.createMessage(params);\n } else {\n throw new Error(`Unknown request method: ${request.method}`);\n }\n\n // Route response back to resolver\n if (reqMessage.resolver) {\n reqMessage.resolver.setResult(response as unknown as Record);\n }\n } catch (error) {\n if (reqMessage.resolver) {\n reqMessage.resolver.setException(error instanceof Error ? error : new Error(String(error)));\n }\n }\n }\n // For notifications, we'd send them too but this example focuses on requests\n }\n }\n\n private async waitForUpdate(taskId: string): Promise {\n // Race between store update and queue message\n await Promise.race([this.store.waitForUpdate(taskId), this.queue.waitForMessage(taskId)]);\n }\n\n routeResponse(requestId: RequestId, response: Record): boolean {\n const resolver = this.pendingRequests.get(requestId);\n if (resolver && !resolver.done()) {\n this.pendingRequests.delete(requestId);\n resolver.setResult(response);\n return true;\n }\n return false;\n }\n\n routeError(requestId: RequestId, error: Error): boolean {\n const resolver = this.pendingRequests.get(requestId);\n if (resolver && !resolver.done()) {\n this.pendingRequests.delete(requestId);\n resolver.setException(error);\n return true;\n }\n return false;\n }\n}\n\n// ============================================================================\n// Task Session - wraps server to enqueue requests during task execution\n// ============================================================================\n\nclass TaskSession {\n private requestCounter = 0;\n\n constructor(\n private server: Server,\n private taskId: string,\n private store: TaskStoreWithNotifications,\n private queue: TaskMessageQueueWithResolvers\n ) {}\n\n private nextRequestId(): string {\n return `task-${this.taskId}-${++this.requestCounter}`;\n }\n\n async elicit(\n message: string,\n requestedSchema: {\n type: 'object';\n properties: Record;\n required?: string[];\n }\n ): Promise<{ action: string; content?: Record }> {\n // Update task status to input_required\n await this.store.updateTaskStatus(this.taskId, 'input_required');\n\n const requestId = this.nextRequestId();\n\n // Build the elicitation request with related-task metadata\n const params: ElicitRequestFormParams = {\n message,\n requestedSchema,\n mode: 'form',\n _meta: {\n [RELATED_TASK_META_KEY]: { taskId: this.taskId }\n }\n };\n\n const jsonrpcRequest: JSONRPCRequest = {\n jsonrpc: '2.0',\n id: requestId,\n method: 'elicitation/create',\n params\n };\n\n // Create resolver to wait for response\n const resolver = new Resolver>();\n\n // Enqueue the request\n await this.queue.enqueueWithResolver(this.taskId, jsonrpcRequest, resolver, requestId);\n\n try {\n // Wait for response\n const response = await resolver.wait();\n\n // Update status back to working\n await this.store.updateTaskStatus(this.taskId, 'working');\n\n return response as { action: string; content?: Record };\n } catch (error) {\n await this.store.updateTaskStatus(this.taskId, 'working');\n throw error;\n }\n }\n\n async createMessage(\n messages: SamplingMessage[],\n maxTokens: number\n ): Promise<{ role: string; content: TextContent | { type: string } }> {\n // Update task status to input_required\n await this.store.updateTaskStatus(this.taskId, 'input_required');\n\n const requestId = this.nextRequestId();\n\n // Build the sampling request with related-task metadata\n const params = {\n messages,\n maxTokens,\n _meta: {\n [RELATED_TASK_META_KEY]: { taskId: this.taskId }\n }\n };\n\n const jsonrpcRequest: JSONRPCRequest = {\n jsonrpc: '2.0',\n id: requestId,\n method: 'sampling/createMessage',\n params\n };\n\n // Create resolver to wait for response\n const resolver = new Resolver>();\n\n // Enqueue the request\n await this.queue.enqueueWithResolver(this.taskId, jsonrpcRequest, resolver, requestId);\n\n try {\n // Wait for response\n const response = await resolver.wait();\n\n // Update status back to working\n await this.store.updateTaskStatus(this.taskId, 'working');\n\n return response as { role: string; content: TextContent | { type: string } };\n } catch (error) {\n await this.store.updateTaskStatus(this.taskId, 'working');\n throw error;\n }\n }\n}\n\n// ============================================================================\n// Server Setup\n// ============================================================================\n\nconst PORT = process.env.PORT ? Number.parseInt(process.env.PORT, 10) : 8000;\n\n// Create shared stores\nconst taskStore = new TaskStoreWithNotifications();\nconst messageQueue = new TaskMessageQueueWithResolvers();\nconst taskResultHandler = new TaskResultHandler(taskStore, messageQueue);\n\n// Track active task executions\nconst activeTaskExecutions = new Map<\n string,\n {\n promise: Promise;\n server: Server;\n sessionId: string;\n }\n>();\n\n// Create the server\nconst createServer = (): Server => {\n const server = new Server(\n { name: 'simple-task-interactive', version: '1.0.0' },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: { call: {} }\n }\n }\n }\n }\n );\n\n // Register tools\n server.setRequestHandler('tools/list', async (): Promise<{ tools: Tool[] }> => {\n return {\n tools: [\n {\n name: 'confirm_delete',\n description: 'Asks for confirmation before deleting (demonstrates elicitation)',\n inputSchema: {\n type: 'object',\n properties: {\n filename: { type: 'string' }\n }\n },\n execution: { taskSupport: 'required' }\n },\n {\n name: 'write_haiku',\n description: 'Asks LLM to write a haiku (demonstrates sampling)',\n inputSchema: {\n type: 'object',\n properties: {\n topic: { type: 'string' }\n }\n },\n execution: { taskSupport: 'required' }\n }\n ]\n };\n });\n\n // Handle tool calls\n server.setRequestHandler('tools/call', async (request, ctx): Promise => {\n const { name, arguments: args } = request.params;\n const taskParams = (request.params._meta?.task || request.params.task) as { ttl?: number; pollInterval?: number } | undefined;\n\n // Validate task mode - these tools require tasks\n if (!taskParams) {\n throw new Error(`Tool ${name} requires task mode`);\n }\n\n // Create task\n const taskOptions: CreateTaskOptions = {\n ttl: taskParams.ttl,\n pollInterval: taskParams.pollInterval ?? 1000\n };\n\n const task = await taskStore.createTask(taskOptions, ctx.mcpReq.id, request, ctx.sessionId);\n\n console.log(`\\n[Server] ${name} called, task created: ${task.taskId}`);\n\n // Start background task execution\n const taskExecution = (async () => {\n try {\n const taskSession = new TaskSession(server, task.taskId, taskStore, messageQueue);\n\n if (name === 'confirm_delete') {\n const filename = args?.filename ?? 'unknown.txt';\n console.log(`[Server] confirm_delete: asking about '${filename}'`);\n\n console.log('[Server] Sending elicitation request to client...');\n const result = await taskSession.elicit(`Are you sure you want to delete '${filename}'?`, {\n type: 'object',\n properties: {\n confirm: { type: 'boolean' }\n },\n required: ['confirm']\n });\n\n console.log(\n `[Server] Received elicitation response: action=${result.action}, content=${JSON.stringify(result.content)}`\n );\n\n let text: string;\n if (result.action === 'accept' && result.content) {\n const confirmed = result.content.confirm;\n text = confirmed ? `Deleted '${filename}'` : 'Deletion cancelled';\n } else {\n text = 'Deletion cancelled';\n }\n\n console.log(`[Server] Completing task with result: ${text}`);\n await taskStore.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text }]\n });\n } else if (name === 'write_haiku') {\n const topic = args?.topic ?? 'nature';\n console.log(`[Server] write_haiku: topic '${topic}'`);\n\n console.log('[Server] Sending sampling request to client...');\n const result = await taskSession.createMessage(\n [\n {\n role: 'user',\n content: { type: 'text', text: `Write a haiku about ${topic}` }\n }\n ],\n 50\n );\n\n let haiku = 'No response';\n if (result.content && 'text' in result.content) {\n haiku = (result.content as TextContent).text;\n }\n\n console.log(`[Server] Received sampling response: ${haiku.slice(0, 50)}...`);\n console.log('[Server] Completing task with haiku');\n await taskStore.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Haiku:\\n${haiku}` }]\n });\n }\n } catch (error) {\n console.error(`[Server] Task ${task.taskId} failed:`, error);\n await taskStore.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text', text: `Error: ${error}` }],\n isError: true\n });\n } finally {\n activeTaskExecutions.delete(task.taskId);\n }\n })();\n\n activeTaskExecutions.set(task.taskId, {\n promise: taskExecution,\n server,\n sessionId: ctx.sessionId ?? ''\n });\n\n return { task };\n });\n\n // Handle tasks/get\n server.setRequestHandler('tasks/get', async (request): Promise => {\n const { taskId } = request.params;\n const task = await taskStore.getTask(taskId);\n if (!task) {\n throw new Error(`Task ${taskId} not found`);\n }\n return task;\n });\n\n // Handle tasks/result\n server.setRequestHandler('tasks/result', async (request, ctx): Promise => {\n const { taskId } = request.params;\n console.log(`[Server] tasks/result called for task ${taskId}`);\n return taskResultHandler.handle(taskId, server, ctx.sessionId ?? '');\n });\n\n return server;\n};\n\n// ============================================================================\n// Express App Setup\n// ============================================================================\n\nconst app = createMcpExpressApp();\n\n// Map to store transports by session ID\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\n\n// Helper to check if request is initialize\nconst isInitializeRequest = (body: unknown): boolean => {\n return typeof body === 'object' && body !== null && 'method' in body && (body as { method: string }).method === 'initialize';\n};\n\n// MCP POST endpoint\napp.post('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n\n try {\n let transport: NodeStreamableHTTPServerTransport;\n\n if (sessionId && transports[sessionId]) {\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: sid => {\n console.log(`Session initialized: ${sid}`);\n transports[sid] = transport;\n }\n });\n\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid && transports[sid]) {\n console.log(`Transport closed for session ${sid}`);\n delete transports[sid];\n }\n };\n\n const server = createServer();\n await server.connect(transport);\n await transport.handleRequest(req, res, req.body);\n return;\n } else {\n res.status(400).json({\n jsonrpc: '2.0',\n error: { code: -32_000, message: 'Bad Request: No valid session ID' },\n id: null\n });\n return;\n }\n\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: { code: -32_603, message: 'Internal server error' },\n id: null\n });\n }\n }\n});\n\n// Handle GET requests for SSE streams\napp.get('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n});\n\n// Handle DELETE requests for session termination\napp.delete('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Session termination request: ${sessionId}`);\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n});\n\n// Start server\napp.listen(PORT, () => {\n console.log(`Starting server on http://localhost:${PORT}/mcp`);\n console.log('\\nAvailable tools:');\n console.log(' - confirm_delete: Demonstrates elicitation (asks user y/n)');\n console.log(' - write_haiku: Demonstrates sampling (requests LLM completion)');\n});\n\n// Handle shutdown\nprocess.on('SIGINT', async () => {\n console.log('\\nShutting down server...');\n for (const sessionId of Object.keys(transports)) {\n try {\n await transports[sessionId]!.close();\n delete transports[sessionId];\n } catch (error) {\n console.error(`Error closing session ${sessionId}:`, error);\n }\n }\n taskStore.cleanup();\n messageQueue.cleanup();\n console.log('Server shutdown complete');\n process.exit(0);\n});\n" }, { "path": "examples/server/src/ssePollingExample.ts", "content": "/**\n * SSE Polling Example Server (SEP-1699)\n *\n * This example demonstrates server-initiated SSE stream disconnection\n * and client reconnection with Last-Event-ID for resumability.\n *\n * Key features:\n * - Configures `retryInterval` to tell clients how long to wait before reconnecting\n * - Uses `eventStore` to persist events for replay after reconnection\n * - Uses `ctx.http?.closeSSE()` callback to gracefully disconnect clients mid-operation\n *\n * Run with: pnpm tsx src/ssePollingExample.ts\n * Test with: curl or the MCP Inspector\n */\nimport { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult } from '@modelcontextprotocol/server';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport cors from 'cors';\nimport type { Request, Response } from 'express';\n\nimport { InMemoryEventStore } from './inMemoryEventStore.js';\n\n// Create a fresh MCP server per client connection to avoid shared state between clients\nconst getServer = () => {\n const server = new McpServer(\n {\n name: 'sse-polling-example',\n version: '1.0.0'\n },\n {\n capabilities: { logging: {} }\n }\n );\n\n // Register a long-running tool that demonstrates server-initiated disconnect\n server.registerTool(\n 'long-task',\n {\n description: 'A long-running task that sends progress updates. Server will disconnect mid-task to demonstrate polling.'\n },\n async (ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n\n console.log(`[${ctx.sessionId}] Starting long-task...`);\n\n // Send first progress notification\n await ctx.mcpReq.log('info', 'Progress: 25% - Starting work...');\n await sleep(1000);\n\n // Send second progress notification\n await ctx.mcpReq.log('info', 'Progress: 50% - Halfway there...');\n await sleep(1000);\n\n // Server decides to disconnect the client to free resources\n // Client will reconnect via GET with Last-Event-ID after the transport's retryInterval\n // Use ctx.http?.closeSSE callback - available when eventStore is configured\n if (ctx.http?.closeSSE) {\n console.log(`[${ctx.sessionId}] Closing SSE stream to trigger client polling...`);\n ctx.http?.closeSSE();\n }\n\n // Continue processing while client is disconnected\n // Events are stored in eventStore and will be replayed on reconnect\n await sleep(500);\n await ctx.mcpReq.log('info', 'Progress: 75% - Almost done (sent while client disconnected)...');\n\n await sleep(500);\n await ctx.mcpReq.log('info', 'Progress: 100% - Complete!');\n\n console.log(`[${ctx.sessionId}] Task complete`);\n\n return {\n content: [\n {\n type: 'text',\n text: 'Long task completed successfully!'\n }\n ]\n };\n }\n );\n\n return server;\n};\n\n// Set up Express app\nconst app = createMcpExpressApp();\napp.use(cors());\n\n// Create event store for resumability\nconst eventStore = new InMemoryEventStore();\n\n// Track transports by session ID for session reuse\nconst transports = new Map();\n\n// Handle all MCP requests\napp.all('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n\n // Reuse existing transport or create new one\n let transport = sessionId ? transports.get(sessionId) : undefined;\n\n if (!transport) {\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore,\n retryInterval: 2000, // Default retry interval for priming events\n onsessioninitialized: id => {\n console.log(`[${id}] Session initialized`);\n transports.set(id, transport!);\n }\n });\n\n // Connect a fresh MCP server to the transport\n const server = getServer();\n await server.connect(transport);\n }\n\n await transport.handleRequest(req, res, req.body);\n});\n\n// Start the server\nconst PORT = 3001;\napp.listen(PORT, () => {\n console.log(`SSE Polling Example Server running on http://localhost:${PORT}/mcp`);\n console.log('');\n console.log('This server demonstrates SEP-1699 SSE polling:');\n console.log('- retryInterval: 2000ms (client waits 2s before reconnecting)');\n console.log('- eventStore: InMemoryEventStore (events are persisted for replay)');\n console.log('');\n console.log('Try calling the \"long-task\" tool to see server-initiated disconnect in action.');\n});\n" }, { "path": "examples/server/src/standaloneSseWithGetStreamableHttp.ts", "content": "import { randomUUID } from 'node:crypto';\n\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { ReadResourceResult } from '@modelcontextprotocol/server';\nimport { isInitializeRequest, McpServer } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\n\n// Helper to register a dynamic resource on a given server instance\nconst addResource = (server: McpServer, name: string, content: string) => {\n const uri = `https://mcp-example.com/dynamic/${encodeURIComponent(name)}`;\n server.registerResource(\n name,\n uri,\n { mimeType: 'text/plain', description: `Dynamic resource: ${name}` },\n async (): Promise => {\n return {\n contents: [{ uri, text: content }]\n };\n }\n );\n};\n\n// Create a fresh MCP server per client connection to avoid shared state between clients\nconst getServer = () => {\n const server = new McpServer({\n name: 'resource-list-changed-notification-server',\n version: '1.0.0'\n });\n\n addResource(server, 'example-resource', 'Initial content for example-resource');\n\n return server;\n};\n\n// Store transports and their associated servers by session ID\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\nconst servers: { [sessionId: string]: McpServer } = {};\n\n// Periodically add a new resource to all active server instances for testing\nconst resourceChangeInterval = setInterval(() => {\n const name = randomUUID();\n for (const sessionId in servers) {\n addResource(servers[sessionId]!, name, `Content for ${name}`);\n }\n}, 5000); // Change resources every 5 seconds for testing\n\nconst app = createMcpExpressApp();\n\napp.post('/mcp', async (req: Request, res: Response) => {\n console.log('Received MCP request:', req.body);\n try {\n // Check for existing session ID\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n let transport: NodeStreamableHTTPServerTransport;\n\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n // New initialization request - create a fresh server for this client\n const server = getServer();\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: sessionId => {\n // Store the transport and server by session ID when session is initialized\n // This avoids race conditions where requests might come in before the session is stored\n console.log(`Session initialized with ID: ${sessionId}`);\n transports[sessionId] = transport;\n servers[sessionId] = server;\n }\n });\n\n // Clean up both maps when the transport closes\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid) {\n delete transports[sid];\n delete servers[sid];\n }\n };\n\n // Connect the fresh MCP server to the transport\n await server.connect(transport);\n\n // Handle the request - the onsessioninitialized callback will store the transport\n await transport.handleRequest(req, res, req.body);\n return; // Already handled\n } else {\n // Invalid request - no session ID or not initialization request\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Bad Request: No valid session ID provided'\n },\n id: null\n });\n return;\n }\n\n // Handle the request with existing transport\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n});\n\n// Handle GET requests for SSE streams (now using built-in support from StreamableHTTP)\napp.get('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Establishing SSE stream for session ${sessionId}`);\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n});\n\n// Start the server\nconst PORT = 3000;\napp.listen(PORT, error => {\n if (error) {\n console.error('Failed to start server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`Server listening on port ${PORT}`);\n});\n\n// Handle server shutdown\nprocess.on('SIGINT', async () => {\n console.log('Shutting down server...');\n clearInterval(resourceChangeInterval);\n\n // Close all active transports to properly clean up resources\n for (const sessionId in transports) {\n try {\n console.log(`Closing transport for session ${sessionId}`);\n await transports[sessionId]!.close();\n delete transports[sessionId];\n delete servers[sessionId];\n } catch (error) {\n console.error(`Error closing transport for session ${sessionId}:`, error);\n }\n }\n console.log('Server shutdown complete');\n process.exit(0);\n});\n" }, { "path": "examples/server/src/toolWithSampleServer.ts", "content": "// Run with: pnpm tsx src/toolWithSampleServer.ts\n\nimport { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nconst mcpServer = new McpServer({\n name: 'tools-with-sample-server',\n version: '1.0.0'\n});\n\n// Tool that uses LLM sampling to summarize any text\nmcpServer.registerTool(\n 'summarize',\n {\n description: 'Summarize any text using an LLM',\n inputSchema: z.object({\n text: z.string().describe('Text to summarize')\n })\n },\n async ({ text }) => {\n // Call the LLM through MCP sampling\n const response = await mcpServer.server.createMessage({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please summarize the following text concisely:\\n\\n${text}`\n }\n }\n ],\n maxTokens: 500\n });\n\n // Since we're not passing tools param to createMessage, response.content is single content\n return {\n content: [\n {\n type: 'text',\n text: response.content.type === 'text' ? response.content.text : 'Unable to generate summary'\n }\n ]\n };\n }\n);\n\nasync function main() {\n const transport = new StdioServerTransport();\n await mcpServer.connect(transport);\n console.log('MCP server is running...');\n}\n\ntry {\n await main();\n} catch (error) {\n console.error('Server error:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n}\n" }, { "path": "examples/server/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/express\": [\"./node_modules/@modelcontextprotocol/express/src/index.ts\"],\n \"@modelcontextprotocol/node\": [\"./node_modules/@modelcontextprotocol/node/src/index.ts\"],\n \"@modelcontextprotocol/hono\": [\"./node_modules/@modelcontextprotocol/hono/src/index.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/server/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ],\n \"@modelcontextprotocol/examples-shared\": [\"./node_modules/@modelcontextprotocol/examples-shared/src/index.ts\"],\n \"@modelcontextprotocol/eslint-config\": [\"./node_modules/@modelcontextprotocol/eslint-config/tsconfig.json\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"]\n }\n }\n}\n" }, { "path": "examples/server/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n // 1. Entry Points\n // Directly matches package.json include/exclude globs\n entry: ['src/**/*.ts'],\n\n // 2. Output Configuration\n format: ['esm'],\n outDir: 'dist',\n clean: true, // Recommended: Cleans 'dist' before building\n sourcemap: true,\n\n // 3. Platform & Target\n target: 'esnext',\n platform: 'node',\n shims: true, // Polyfills common Node.js shims (__dirname, etc.)\n\n // 4. Type Definitions\n // Bundles d.ts files into a single output\n dts: false,\n // 5. Vendoring Strategy - Bundle the code for this specific package into the output,\n // but treat all other dependencies as external (require/import).\n noExternal: ['@modelcontextprotocol/examples-shared']\n});\n" }, { "path": "examples/server/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "examples/server-quickstart/.gitignore", "content": "build/\n" }, { "path": "examples/server-quickstart/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/examples-server-quickstart\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"type\": \"module\",\n \"bin\": {\n \"weather\": \"./build/index.js\"\n },\n \"scripts\": {\n \"build\": \"tsc\",\n \"typecheck\": \"tsc --noEmit\"\n },\n \"dependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^24.10.1\",\n \"typescript\": \"catalog:devTools\"\n }\n}\n" }, { "path": "examples/server-quickstart/src/index.ts", "content": "//#region prelude\nimport { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nconst NWS_API_BASE = 'https://api.weather.gov';\nconst USER_AGENT = 'weather-app/1.0';\n\n// Create server instance\nconst server = new McpServer({\n name: 'weather',\n version: '1.0.0',\n});\n//#endregion prelude\n\n//#region helpers\n// Helper function for making NWS API requests\nasync function makeNWSRequest(url: string): Promise {\n const headers = {\n 'User-Agent': USER_AGENT,\n Accept: 'application/geo+json',\n };\n\n try {\n const response = await fetch(url, { headers });\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n return (await response.json()) as T;\n } catch (error) {\n console.error('Error making NWS request:', error);\n return null;\n }\n}\n\ninterface AlertFeature {\n properties: {\n event?: string;\n areaDesc?: string;\n severity?: string;\n status?: string;\n headline?: string;\n };\n}\n\n// Format alert data\nfunction formatAlert(feature: AlertFeature): string {\n const props = feature.properties;\n return [\n `Event: ${props.event || 'Unknown'}`,\n `Area: ${props.areaDesc || 'Unknown'}`,\n `Severity: ${props.severity || 'Unknown'}`,\n `Status: ${props.status || 'Unknown'}`,\n `Headline: ${props.headline || 'No headline'}`,\n '---',\n ].join('\\n');\n}\n\ninterface ForecastPeriod {\n name?: string;\n temperature?: number;\n temperatureUnit?: string;\n windSpeed?: string;\n windDirection?: string;\n shortForecast?: string;\n}\n\ninterface AlertsResponse {\n features: AlertFeature[];\n}\n\ninterface PointsResponse {\n properties: {\n forecast?: string;\n };\n}\n\ninterface ForecastResponse {\n properties: {\n periods: ForecastPeriod[];\n };\n}\n//#endregion helpers\n\n//#region registerTools\n// Register weather tools\nserver.registerTool(\n 'get-alerts',\n {\n title: 'Get Weather Alerts',\n description: 'Get weather alerts for a state',\n inputSchema: z.object({\n state: z.string().length(2)\n .describe('Two-letter state code (e.g. CA, NY)'),\n }),\n },\n async ({ state }) => {\n const stateCode = state.toUpperCase();\n const alertsUrl = `${NWS_API_BASE}/alerts?area=${stateCode}`;\n const alertsData = await makeNWSRequest(alertsUrl);\n\n if (!alertsData) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to retrieve alerts data',\n }],\n };\n }\n\n const features = alertsData.features || [];\n\n if (features.length === 0) {\n return {\n content: [{\n type: 'text' as const,\n text: `No active alerts for ${stateCode}`,\n }],\n };\n }\n\n const formattedAlerts = features.map(formatAlert);\n\n return {\n content: [{\n type: 'text' as const,\n text: `Active alerts for ${stateCode}:\\n\\n${formattedAlerts.join('\\n')}`,\n }],\n };\n },\n);\n\nserver.registerTool(\n 'get-forecast',\n {\n title: 'Get Weather Forecast',\n description: 'Get weather forecast for a location',\n inputSchema: z.object({\n latitude: z.number().min(-90).max(90)\n .describe('Latitude of the location'),\n longitude: z.number().min(-180).max(180)\n .describe('Longitude of the location'),\n }),\n },\n async ({ latitude, longitude }) => {\n // Get grid point data\n const pointsUrl = `${NWS_API_BASE}/points/${latitude.toFixed(4)},${longitude.toFixed(4)}`;\n const pointsData = await makeNWSRequest(pointsUrl);\n\n if (!pointsData) {\n return {\n content: [{\n type: 'text' as const,\n text: `Failed to retrieve grid point data for coordinates: ${latitude}, ${longitude}. This location may not be supported by the NWS API (only US locations are supported).`,\n }],\n };\n }\n\n const forecastUrl = pointsData.properties?.forecast;\n if (!forecastUrl) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to get forecast URL from grid point data',\n }],\n };\n }\n\n // Get forecast data\n const forecastData = await makeNWSRequest(forecastUrl);\n if (!forecastData) {\n return {\n content: [{\n type: 'text' as const,\n text: 'Failed to retrieve forecast data',\n }],\n };\n }\n\n const periods = forecastData.properties?.periods || [];\n if (periods.length === 0) {\n return {\n content: [{\n type: 'text' as const,\n text: 'No forecast periods available',\n }],\n };\n }\n\n // Format forecast periods\n const formattedForecast = periods.map((period: ForecastPeriod) =>\n [\n `${period.name || 'Unknown'}:`,\n `Temperature: ${period.temperature || 'Unknown'}°${period.temperatureUnit || 'F'}`,\n `Wind: ${period.windSpeed || 'Unknown'} ${period.windDirection || ''}`,\n `${period.shortForecast || 'No forecast available'}`,\n '---',\n ].join('\\n'),\n );\n\n return {\n content: [{\n type: 'text' as const,\n text: `Forecast for ${latitude}, ${longitude}:\\n\\n${formattedForecast.join('\\n')}`,\n }],\n };\n },\n);\n//#endregion registerTools\n\n//#region main\nasync function main() {\n const transport = new StdioServerTransport();\n await server.connect(transport);\n console.error('Weather MCP Server running on stdio');\n}\n\nmain().catch((error) => {\n console.error('Fatal error in main():', error);\n process.exit(1);\n});\n//#endregion main\n" }, { "path": "examples/server-quickstart/tsconfig.json", "content": "{\n \"compilerOptions\": {\n \"target\": \"ES2022\",\n \"module\": \"Node16\",\n \"moduleResolution\": \"Node16\",\n \"outDir\": \"./build\",\n \"rootDir\": \"./src\",\n \"strict\": true,\n \"esModuleInterop\": true,\n \"skipLibCheck\": true,\n \"forceConsistentCasingInFileNames\": true,\n \"paths\": {\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/server/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ]\n }\n },\n \"include\": [\"src/**/*\"],\n \"exclude\": [\"node_modules\"]\n}\n" }, { "path": "examples/shared/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n files: ['src/**/*.{ts,tsx,js,jsx,mts,cts}'],\n rules: {\n // Allow console statements in examples only\n 'no-console': 'off'\n }\n }\n];\n" }, { "path": "examples/shared/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/examples-shared\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"prepack\": \"pnpm run build:esm && pnpm run build:cjs\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"start\": \"pnpm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/express\": \"workspace:^\",\n \"better-auth\": \"^1.4.17\",\n \"better-sqlite3\": \"^12.6.2\",\n \"cors\": \"catalog:runtimeServerOnly\",\n \"express\": \"catalog:runtimeServerOnly\"\n },\n \"devDependencies\": {\n \"@eslint/js\": \"catalog:devTools\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@types/better-sqlite3\": \"^7.6.13\",\n \"@types/cors\": \"catalog:devTools\",\n \"@types/express\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsx\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "examples/shared/src/auth.ts", "content": "/**\n * Better Auth configuration for MCP demo servers\n *\n * DEMO ONLY - NOT FOR PRODUCTION\n *\n * This configuration uses in-memory SQLite and auto-approves all logins.\n * For production use, configure a proper database and authentication flow.\n */\n\nimport { randomBytes } from 'node:crypto';\n\nimport type { BetterAuthOptions } from 'better-auth';\nimport { betterAuth } from 'better-auth';\nimport { mcp } from 'better-auth/plugins';\nimport Database from 'better-sqlite3';\n\n// Generate a random password for the demo user (new each time the server starts)\nconst DEMO_PASSWORD = randomBytes(16).toString('base64url');\n\n// Create the in-memory database once (module-level singleton)\n// This avoids the type export issue and ensures the same DB is used\nlet _db: InstanceType | null = null;\n\nfunction getDatabase(): InstanceType {\n if (!_db) {\n _db = new Database(':memory:');\n initializeSchema(_db);\n }\n return _db;\n}\n\n/**\n * Initialize the database schema for better-auth + MCP plugin.\n * This creates all required tables for the demo.\n *\n * Schema based on:\n * - https://www.better-auth.com/docs/concepts/database#core-schema\n * - https://www.better-auth.com/docs/plugins/oidc-provider#schema\n */\nfunction initializeSchema(db: InstanceType): void {\n // Core better-auth tables\n db.exec(`\n CREATE TABLE IF NOT EXISTS user (\n id TEXT PRIMARY KEY,\n name TEXT NOT NULL,\n email TEXT NOT NULL UNIQUE,\n emailVerified INTEGER NOT NULL DEFAULT 0,\n image TEXT,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS session (\n id TEXT PRIMARY KEY,\n token TEXT NOT NULL UNIQUE,\n expiresAt TEXT NOT NULL,\n ipAddress TEXT,\n userAgent TEXT,\n userId TEXT NOT NULL REFERENCES user(id),\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS account (\n id TEXT PRIMARY KEY,\n accountId TEXT NOT NULL,\n providerId TEXT NOT NULL,\n userId TEXT NOT NULL REFERENCES user(id),\n accessToken TEXT,\n refreshToken TEXT,\n idToken TEXT,\n accessTokenExpiresAt TEXT,\n refreshTokenExpiresAt TEXT,\n scope TEXT,\n password TEXT,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS verification (\n id TEXT PRIMARY KEY,\n identifier TEXT NOT NULL,\n value TEXT NOT NULL,\n expiresAt TEXT NOT NULL,\n createdAt TEXT,\n updatedAt TEXT\n );\n `);\n\n // OIDC/MCP plugin tables\n db.exec(`\n CREATE TABLE IF NOT EXISTS oauthApplication (\n id TEXT PRIMARY KEY,\n name TEXT,\n icon TEXT,\n metadata TEXT,\n clientId TEXT NOT NULL UNIQUE,\n clientSecret TEXT,\n redirectUrls TEXT NOT NULL,\n type TEXT NOT NULL,\n disabled INTEGER NOT NULL DEFAULT 0,\n userId TEXT,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS oauthAccessToken (\n id TEXT PRIMARY KEY,\n accessToken TEXT NOT NULL UNIQUE,\n refreshToken TEXT UNIQUE,\n accessTokenExpiresAt TEXT NOT NULL,\n refreshTokenExpiresAt TEXT,\n clientId TEXT NOT NULL,\n userId TEXT,\n scopes TEXT NOT NULL,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS oauthRefreshToken (\n id TEXT PRIMARY KEY,\n refreshToken TEXT NOT NULL UNIQUE,\n accessTokenId TEXT NOT NULL,\n expiresAt TEXT NOT NULL,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS oauthAuthorizationCode (\n id TEXT PRIMARY KEY,\n code TEXT NOT NULL UNIQUE,\n clientId TEXT NOT NULL,\n userId TEXT,\n scopes TEXT NOT NULL,\n redirectURI TEXT NOT NULL,\n codeChallenge TEXT,\n codeChallengeMethod TEXT,\n expiresAt TEXT NOT NULL,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL\n );\n\n CREATE TABLE IF NOT EXISTS oauthConsent (\n id TEXT PRIMARY KEY,\n clientId TEXT NOT NULL,\n userId TEXT NOT NULL,\n scopes TEXT NOT NULL,\n createdAt TEXT NOT NULL,\n updatedAt TEXT NOT NULL,\n consentGiven INTEGER NOT NULL DEFAULT 0\n );\n `);\n\n console.log('[Auth] In-memory database schema initialized');\n console.log('[Auth] ========================================');\n console.log('[Auth] Demo user credentials (auto-login):');\n console.log(`[Auth] Email: ${DEMO_USER_CREDENTIALS.email}`);\n console.log(`[Auth] Password: ${DEMO_USER_CREDENTIALS.password}`);\n console.log('[Auth] ========================================');\n}\n\n/**\n * Demo user credentials for auto-login.\n * Password is randomly generated each time the server starts.\n * Used by authServer.ts to create and sign in the demo user.\n */\nexport const DEMO_USER_CREDENTIALS = {\n email: 'demo@example.com',\n password: DEMO_PASSWORD,\n name: 'Demo User'\n};\n\nexport interface CreateDemoAuthOptions {\n baseURL: string;\n resource?: string;\n loginPage?: string;\n demoMode: boolean;\n}\n\n/**\n * Creates a better-auth instance configured for MCP OAuth demo.\n *\n * @param options - Configuration options\n * @param options.baseURL - The base URL for the auth server (e.g., http://localhost:3001)\n * @param options.resource - The MCP resource server URL (for protected resource metadata)\n * @param options.loginPage - Path to login page (defaults to /sign-in)\n *\n * @see https://www.better-auth.com/docs/plugins/mcp\n */\nexport function createDemoAuth(options: CreateDemoAuthOptions) {\n const { baseURL, resource, loginPage = '/sign-in', demoMode } = options;\n\n // Use in-memory SQLite database for demo purposes\n // Note: All data is lost on restart - demo only!\n const db = getDatabase();\n\n // MCP plugin configuration\n const mcpPlugin = mcp({\n loginPage,\n resource,\n oidcConfig: {\n loginPage,\n codeExpiresIn: 600, // 10 minutes\n accessTokenExpiresIn: 3600, // 1 hour\n refreshTokenExpiresIn: 604_800, // 7 days\n defaultScope: 'openid',\n scopes: ['openid', 'profile', 'email', 'offline_access'],\n allowDynamicClientRegistration: true,\n metadata: {\n scopes_supported: ['openid', 'profile', 'email', 'offline_access']\n }\n }\n });\n\n return betterAuth({\n baseURL,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n database: db as any, // Type cast to avoid exposing better-sqlite3 in exported types\n trustedOrigins: [baseURL.toString()],\n // Basic email+password for demo\n emailAndPassword: {\n enabled: true,\n requireEmailVerification: false\n },\n plugins: [mcpPlugin],\n // Enable verbose logging for demo/debugging\n logger: demoMode\n ? {\n disabled: false,\n level: 'debug',\n log: (level, message, ...args) => {\n const timestamp = new Date().toISOString();\n const prefix = `[Auth ${level.toUpperCase()}]`;\n if (args.length > 0) {\n console.log(`${timestamp} ${prefix} ${message}`, ...args);\n } else {\n console.log(`${timestamp} ${prefix} ${message}`);\n }\n }\n }\n : undefined\n } satisfies BetterAuthOptions);\n}\n\n/**\n * Type for the auth instance returned by createDemoAuth.\n * Note: Due to plugin type inference complexity, we use a generic type.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type DemoAuth = ReturnType;\n" }, { "path": "examples/shared/src/authMiddleware.ts", "content": "/**\n * Auth Middleware for MCP Demo Servers\n *\n * 🚨 DEMO ONLY - NOT FOR PRODUCTION\n *\n * This provides bearer auth middleware for MCP servers.\n */\n\nimport type { NextFunction, Request, Response } from 'express';\n\nimport { verifyAccessToken } from './authServer.js';\n\nexport interface RequireBearerAuthOptions {\n requiredScopes?: string[];\n resourceMetadataUrl?: URL;\n strictResource?: boolean;\n expectedResource?: URL;\n}\n\n/**\n * Express middleware that requires a valid Bearer token.\n * Sets `req.app.locals.auth` on success.\n */\nexport function requireBearerAuth(\n options: RequireBearerAuthOptions = {}\n): (req: Request, res: Response, next: NextFunction) => Promise {\n const { requiredScopes = [], resourceMetadataUrl, strictResource = false, expectedResource } = options;\n\n // Build WWW-Authenticate header matching v1.x format\n const buildWwwAuthHeader = (errorCode: string, message: string): string => {\n let header = `Bearer error=\"${errorCode}\", error_description=\"${message}\"`;\n if (requiredScopes.length > 0) {\n header += `, scope=\"${requiredScopes.join(' ')}\"`;\n }\n if (resourceMetadataUrl) {\n header += `, resource_metadata=\"${resourceMetadataUrl.toString()}\"`;\n }\n return header;\n };\n\n return async (req: Request, res: Response, next: NextFunction): Promise => {\n const authHeader = req.headers.authorization;\n\n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n res.set('WWW-Authenticate', buildWwwAuthHeader('invalid_token', 'Missing Authorization header'));\n res.status(401).json({\n error: 'invalid_token',\n error_description: 'Missing Authorization header'\n });\n return;\n }\n\n const token = authHeader.slice(7); // Remove 'Bearer ' prefix\n\n try {\n const authInfo = await verifyAccessToken(token, {\n strictResource,\n expectedResource\n });\n\n // Check required scopes\n if (requiredScopes.length > 0) {\n const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope));\n if (!hasAllScopes) {\n res.set('WWW-Authenticate', buildWwwAuthHeader('insufficient_scope', `Required scopes: ${requiredScopes.join(', ')}`));\n res.status(403).json({\n error: 'insufficient_scope',\n error_description: `Required scopes: ${requiredScopes.join(', ')}`\n });\n return;\n }\n }\n\n req.app.locals.auth = authInfo;\n next();\n } catch (error) {\n const message = error instanceof Error ? error.message : 'Invalid token';\n res.set('WWW-Authenticate', buildWwwAuthHeader('invalid_token', message));\n res.status(401).json({\n error: 'invalid_token',\n error_description: message\n });\n }\n };\n}\n\n/**\n * Helper to get the protected resource metadata URL from a server URL.\n */\nexport function getOAuthProtectedResourceMetadataUrl(serverUrl: URL): URL {\n const metadataUrl = new URL(serverUrl);\n // Insert well-known between host and path per RFC 9728 Section 3\n metadataUrl.pathname = `/.well-known/oauth-protected-resource${serverUrl.pathname}`;\n return metadataUrl;\n}\n" }, { "path": "examples/shared/src/authServer.ts", "content": "/**\n * Better Auth Server Setup for MCP Demo\n *\n * DEMO ONLY - NOT FOR PRODUCTION\n *\n * This creates a standalone OAuth Authorization Server using better-auth\n * that MCP clients can use to obtain access tokens.\n *\n * See: https://www.better-auth.com/docs/plugins/mcp\n */\n\nimport { toNodeHandler } from 'better-auth/node';\nimport { oAuthDiscoveryMetadata, oAuthProtectedResourceMetadata } from 'better-auth/plugins';\nimport cors from 'cors';\nimport type { Request, Response as ExpressResponse, Router } from 'express';\nimport express from 'express';\n\nimport type { DemoAuth } from './auth.js';\nimport { createDemoAuth, DEMO_USER_CREDENTIALS } from './auth.js';\n\nexport interface SetupAuthServerOptions {\n authServerUrl: URL;\n mcpServerUrl: URL;\n strictResource?: boolean;\n /**\n * Examples should be used for **demo** only and not for production purposes, however this mode disables some logging and other features.\n */\n demoMode: boolean;\n /**\n * Enable verbose logging of better-auth requests/responses.\n * WARNING: This may log sensitive information like tokens and cookies.\n * Only use for debugging purposes.\n */\n dangerousLoggingEnabled?: boolean;\n}\n\n// Store auth instance globally so it can be used for token verification\nlet globalAuth: DemoAuth | null = null;\nlet demoUserCreated = false;\n\n/**\n * Gets the global auth instance (must call setupAuthServer first)\n */\nexport function getAuth(): DemoAuth {\n if (!globalAuth) {\n throw new Error('Auth not initialized. Call setupAuthServer first.');\n }\n return globalAuth;\n}\n\n/**\n * Ensures the demo user exists by calling signUpEmail (creates user with proper password hash)\n * Returns true if successful, false if user already exists (which is fine)\n */\nasync function ensureDemoUserExists(auth: DemoAuth): Promise {\n if (demoUserCreated) return;\n\n try {\n // Try to sign up the demo user\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n await (auth.api as any).signUpEmail({\n body: {\n email: DEMO_USER_CREDENTIALS.email,\n password: DEMO_USER_CREDENTIALS.password,\n name: DEMO_USER_CREDENTIALS.name\n }\n });\n console.log('[Auth] Demo user created via signUpEmail');\n demoUserCreated = true;\n } catch (error) {\n // User might already exist, which is fine\n const message = error instanceof Error ? error.message : String(error);\n if (message.includes('already') || message.includes('exists') || message.includes('unique')) {\n console.log('[Auth] Demo user already exists');\n demoUserCreated = true;\n } else {\n console.error('[Auth] Failed to create demo user:', error);\n throw error;\n }\n }\n}\n\n/**\n * Sets up and starts the OAuth Authorization Server on a separate port.\n *\n * @param options - Server configuration\n */\nexport function setupAuthServer(options: SetupAuthServerOptions): void {\n const { authServerUrl, mcpServerUrl, demoMode, dangerousLoggingEnabled = false } = options;\n\n // Create better-auth instance with MCP plugin\n const auth = createDemoAuth({\n baseURL: authServerUrl.toString().replace(/\\/$/, ''),\n resource: mcpServerUrl.toString(),\n loginPage: '/sign-in',\n demoMode: demoMode\n });\n\n // Store globally for token verification\n globalAuth = auth;\n\n // Create Express app for auth server\n const authApp = express();\n\n // Enable CORS for all origins (demo only) - must be before other middleware\n // WARNING: This configuration is for demo purposes only. In production, you should restrict this to specific origins and configure CORS yourself.\n authApp.use(\n cors({\n origin: '*' // WARNING: This allows all origins to access the auth server. In production, you should restrict this to specific origins.\n })\n );\n\n // Create better-auth handler\n // toNodeHandler bypasses Express methods\n const betterAuthHandler = toNodeHandler(auth);\n\n // Mount better-auth handler BEFORE body parsers\n // toNodeHandler reads the raw request body, so Express must not consume it first\n if (dangerousLoggingEnabled) {\n // Verbose logging mode - intercept at Node.js level to see all requests/responses\n // WARNING: This may log sensitive information like tokens and cookies\n authApp.all('/api/auth/{*splat}', (req, res) => {\n const ts = new Date().toISOString();\n console.log(`\\n${'='.repeat(60)}`);\n console.log(`${ts} [AUTH] ${req.method} ${req.originalUrl}`);\n console.log(`${ts} [AUTH] Query:`, JSON.stringify(req.query));\n console.log(`${ts} [AUTH] Headers.Cookie:`, req.headers.cookie?.slice(0, 100));\n\n // Intercept writeHead to capture status and headers (including redirects)\n const originalWriteHead = res.writeHead.bind(res);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n res.writeHead = function (statusCode: number, ...args: any[]) {\n console.log(`${ts} [AUTH] >>> Response Status: ${statusCode}`);\n // Headers can be in different positions depending on the overload\n const headers = args.find(a => typeof a === 'object' && a !== null);\n if (headers) {\n if (headers.location || headers.Location) {\n console.log(`${ts} [AUTH] >>> Location (redirect): ${headers.location || headers.Location}`);\n }\n console.log(`${ts} [AUTH] >>> Headers:`, JSON.stringify(headers));\n }\n return originalWriteHead(statusCode, ...args);\n };\n\n // Intercept write to capture response body\n const originalWrite = res.write.bind(res);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n res.write = function (chunk: any, ...args: any[]) {\n if (chunk) {\n const bodyPreview = typeof chunk === 'string' ? chunk.slice(0, 500) : chunk.toString().slice(0, 500);\n console.log(`${ts} [AUTH] >>> Body: ${bodyPreview}`);\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return originalWrite(chunk, ...(args as [any]));\n };\n\n return betterAuthHandler(req, res);\n });\n } else {\n // Normal mode - no verbose logging\n authApp.all('/api/auth/{*splat}', toNodeHandler(auth));\n }\n\n // OAuth metadata endpoints using better-auth's built-in handlers\n // Add explicit OPTIONS handler for CORS preflight\n authApp.options('/.well-known/oauth-authorization-server', cors());\n authApp.get('/.well-known/oauth-authorization-server', cors(), toNodeHandler(oAuthDiscoveryMetadata(auth)));\n\n // Body parsers for non-better-auth routes (like /sign-in)\n authApp.use(express.json());\n authApp.use(express.urlencoded({ extended: true }));\n\n // Auto-login page that creates a real better-auth session\n // This simulates a user logging in and approving the OAuth request\n authApp.get('/sign-in', async (req: Request, res: ExpressResponse) => {\n // Get the OAuth authorization parameters from the query string\n const queryParams = new URLSearchParams(req.query as Record);\n const redirectUri = queryParams.get('redirect_uri');\n const clientId = queryParams.get('client_id');\n\n if (!redirectUri || !clientId) {\n res.status(400).send(`\n \n \n Demo Login\n \n

Demo OAuth Server

\n

Missing required OAuth parameters. This page should be accessed via OAuth flow.

\n \n \n `);\n return;\n }\n\n try {\n // Ensure demo user exists (creates with proper password hash)\n await ensureDemoUserExists(auth);\n\n // Create a session using better-auth's signIn API with asResponse to get Set-Cookie headers\n const signInResponse = await auth.api.signInEmail({\n body: {\n email: DEMO_USER_CREDENTIALS.email,\n password: DEMO_USER_CREDENTIALS.password\n },\n asResponse: true\n });\n\n console.log('[Auth] Sign-in response status:', signInResponse.status);\n\n // Forward all Set-Cookie headers from better-auth's response\n const setCookieHeaders = signInResponse.headers.getSetCookie();\n console.log('[Auth] Set-Cookie headers:', setCookieHeaders);\n\n for (const cookie of setCookieHeaders) {\n res.append('Set-Cookie', cookie);\n }\n\n console.log(`[Auth Server] Session created, redirecting to authorize`);\n\n // Redirect to the authorization endpoint\n const authorizeUrl = new URL('/api/auth/mcp/authorize', authServerUrl);\n authorizeUrl.search = queryParams.toString();\n\n res.redirect(authorizeUrl.toString());\n } catch (error) {\n console.error('[Auth Server] Failed to create session:', error);\n res.status(500).send(`\n \n \n Demo Login Error\n \n

Demo OAuth Server - Error

\n

Failed to create demo session: ${error instanceof Error ? error.message : 'Unknown error'}

\n 
${error instanceof Error ? error.stack : ''}
\n \n \n `);\n }\n });\n\n // Start the auth server\n const authPort = Number.parseInt(authServerUrl.port, 10);\n authApp.listen(authPort, (error?: Error) => {\n if (error) {\n console.error('Failed to start auth server:', error);\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(1);\n }\n console.log(`OAuth Authorization Server listening on port ${authPort}`);\n console.log(` Authorization: ${authServerUrl}api/auth/mcp/authorize`);\n console.log(` Token: ${authServerUrl}api/auth/mcp/token`);\n console.log(` Metadata: ${authServerUrl}.well-known/oauth-authorization-server`);\n });\n}\n\n/**\n * Creates an Express router that serves OAuth Protected Resource Metadata\n * on the MCP server using better-auth's built-in handler.\n *\n * This is needed because MCP clients discover the auth server by first\n * fetching protected resource metadata from the MCP server.\n *\n * Per RFC 9728 Section 3, the metadata URL includes the resource path.\n * E.g., for resource http://localhost:3000/mcp, metadata is at\n * http://localhost:3000/.well-known/oauth-protected-resource/mcp\n *\n * See: https://www.better-auth.com/docs/plugins/mcp#oauth-protected-resource-metadata\n *\n * @param resourcePath - The path of the MCP resource (e.g., '/mcp'). Defaults to '/mcp'.\n */\nexport function createProtectedResourceMetadataRouter(resourcePath = '/mcp'): Router {\n const auth = getAuth();\n const router = express.Router();\n\n // Construct the metadata path per RFC 9728 Section 3\n const metadataPath = `/.well-known/oauth-protected-resource${resourcePath}`;\n\n // Enable CORS for browser-based clients to discover the auth server\n // Add explicit OPTIONS handler for CORS preflight\n router.options(metadataPath, cors());\n router.get(metadataPath, cors(), toNodeHandler(oAuthProtectedResourceMetadata(auth)));\n\n return router;\n}\n\n/**\n * Verifies an access token using better-auth's getMcpSession.\n * This can be used by MCP servers to validate tokens.\n */\nexport async function verifyAccessToken(\n token: string,\n options?: { strictResource?: boolean; expectedResource?: URL }\n): Promise<{\n token: string;\n clientId: string;\n scopes: string[];\n expiresAt: number;\n}> {\n const auth = getAuth();\n\n try {\n // Create a mock request with the Authorization header\n const headers = new Headers();\n headers.set('Authorization', `Bearer ${token}`);\n\n // Use better-auth's getMcpSession API\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const session = await (auth.api as any).getMcpSession({\n headers\n });\n\n if (!session) {\n throw new Error('Invalid token');\n }\n\n // OAuthAccessToken has:\n // - accessToken, refreshToken: string\n // - accessTokenExpiresAt, refreshTokenExpiresAt: Date\n // - clientId, userId: string\n // - scopes: string (space-separated)\n const scopes = typeof session.scopes === 'string' ? session.scopes.split(' ') : ['openid'];\n const expiresAt = session.accessTokenExpiresAt\n ? Math.floor(new Date(session.accessTokenExpiresAt).getTime() / 1000)\n : Math.floor(Date.now() / 1000) + 3600;\n\n // Note: better-auth's OAuthAccessToken doesn't have a resource field\n // Resource validation would need to be done at a different layer\n if (options?.strictResource && options.expectedResource) {\n // For now, we skip resource validation as it's not in the session\n // In production, you'd store and validate this separately\n console.warn('[Auth] Resource validation requested but not available in better-auth session');\n }\n\n return {\n token,\n clientId: session.clientId,\n scopes,\n expiresAt\n };\n } catch (error) {\n throw new Error(`Token verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`);\n }\n}\n" }, { "path": "examples/shared/src/index.ts", "content": "// Auth configuration\nexport type { CreateDemoAuthOptions, DemoAuth } from './auth.js';\nexport { createDemoAuth } from './auth.js';\n\n// Auth middleware\nexport type { RequireBearerAuthOptions } from './authMiddleware.js';\nexport { getOAuthProtectedResourceMetadataUrl, requireBearerAuth } from './authMiddleware.js';\n\n// Auth server setup\nexport type { SetupAuthServerOptions } from './authServer.js';\nexport { createProtectedResourceMetadataRouter, getAuth, setupAuthServer, verifyAccessToken } from './authServer.js';\n" }, { "path": "examples/shared/test/demoInMemoryOAuthProvider.test.ts", "content": "/**\n * Tests for the demo OAuth provider using better-auth\n *\n * DEMO ONLY - NOT FOR PRODUCTION\n *\n * The demo OAuth provider now uses better-auth with the MCP plugin.\n * These tests verify the basic setup works correctly.\n */\n\nimport { describe, expect, it } from 'vitest';\n\nimport type { CreateDemoAuthOptions } from '../src/auth.js';\nimport { createDemoAuth } from '../src/auth.js';\n\ndescribe('createDemoAuth', () => {\n const validOptions: CreateDemoAuthOptions = {\n baseURL: 'http://localhost:3001',\n resource: 'http://localhost:3000/mcp',\n loginPage: '/sign-in',\n demoMode: true\n };\n\n it('creates a better-auth instance with MCP plugin', () => {\n const auth = createDemoAuth(validOptions);\n expect(auth).toBeDefined();\n expect(auth.api).toBeDefined();\n });\n\n it('uses default loginPage when not specified', () => {\n const options: CreateDemoAuthOptions = {\n baseURL: 'http://localhost:3001',\n demoMode: true\n };\n const auth = createDemoAuth(options);\n expect(auth).toBeDefined();\n });\n});\n" }, { "path": "examples/shared/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"declaration\": false,\n \"declarationMap\": false,\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/express\": [\"./node_modules/@modelcontextprotocol/express/src/index.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/server/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ],\n \"@modelcontextprotocol/eslint-config\": [\"./node_modules/@modelcontextprotocol/eslint-config/tsconfig.json\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"],\n \"@modelcontextprotocol/client\": [\n \"./node_modules/@modelcontextprotocol/test-helpers/node_modules/@modelcontextprotocol/client/src/index.ts\"\n ]\n }\n }\n}\n" }, { "path": "examples/shared/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "package.json", "content": "{\n \"name\": \"@modelcontextprotocol/sdk\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"SEE LICENSE IN LICENSE\",\n \"author\": \"Model Context Protocol a Series of LF Projects, LLC.\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"packageManager\": \"pnpm@10.26.1\",\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"fetch:spec-types\": \"tsx scripts/fetch-spec-types.ts\",\n \"sync:snippets\": \"tsx scripts/sync-snippets.ts\",\n \"examples:simple-server:w\": \"pnpm --filter @modelcontextprotocol/examples-server exec tsx --watch src/simpleStreamableHttp.ts --oauth\",\n \"docs\": \"typedoc\",\n \"docs:multi\": \"bash scripts/generate-multidoc.sh\",\n \"docs:check\": \"typedoc\",\n \"typecheck:all\": \"pnpm -r typecheck\",\n \"build:all\": \"pnpm -r build\",\n \"prepack:all\": \"pnpm -r prepack\",\n \"lint:all\": \"pnpm sync:snippets --check && pnpm -r lint\",\n \"lint:fix:all\": \"pnpm sync:snippets && pnpm -r lint:fix\",\n \"check:all\": \"pnpm -r typecheck && pnpm -r lint && pnpm run docs:check\",\n \"test:all\": \"pnpm -r test\",\n \"test:conformance:client\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:client\",\n \"test:conformance:client:all\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:client:all\",\n \"test:conformance:client:run\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:client:run\",\n \"test:conformance:server\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:server\",\n \"test:conformance:server:all\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:server:all\",\n \"test:conformance:server:run\": \"pnpm --filter @modelcontextprotocol/test-conformance run test:conformance:server:run\",\n \"test:conformance:all\": \"pnpm run test:conformance:client:all && pnpm run test:conformance:server:all\"\n },\n \"devDependencies\": {\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"@changesets/changelog-github\": \"^0.5.2\",\n \"@changesets/cli\": \"^2.29.8\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@modelcontextprotocol/client\": \"workspace:^\",\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/node\": \"workspace:^\",\n \"@types/content-type\": \"catalog:devTools\",\n \"@types/cors\": \"catalog:devTools\",\n \"@types/cross-spawn\": \"catalog:devTools\",\n \"@types/eventsource\": \"catalog:devTools\",\n \"@types/express\": \"catalog:devTools\",\n \"@types/express-serve-static-core\": \"catalog:devTools\",\n \"@types/node\": \"^24.10.1\",\n \"@types/supertest\": \"catalog:devTools\",\n \"@types/ws\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"fast-glob\": \"^3.3.3\",\n \"prettier\": \"catalog:devTools\",\n \"supertest\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\",\n \"tslib\": \"^2.8.1\",\n \"tsx\": \"catalog:devTools\",\n \"typedoc\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\",\n \"ws\": \"catalog:devTools\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"resolutions\": {\n \"strip-ansi\": \"6.0.1\"\n }\n}\n" }, { "path": "packages/client/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n settings: {\n 'import/internal-regex': '^@modelcontextprotocol/core'\n }\n }\n];\n" }, { "path": "packages/client/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/client\",\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript - Client package\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"client\"\n ],\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.mts\",\n \"import\": \"./dist/index.mjs\"\n },\n \"./_shims\": {\n \"workerd\": {\n \"types\": \"./dist/shimsWorkerd.d.mts\",\n \"import\": \"./dist/shimsWorkerd.mjs\"\n },\n \"browser\": {\n \"types\": \"./dist/shimsWorkerd.d.mts\",\n \"import\": \"./dist/shimsWorkerd.mjs\"\n },\n \"node\": {\n \"types\": \"./dist/shimsNode.d.mts\",\n \"import\": \"./dist/shimsNode.mjs\"\n },\n \"default\": {\n \"types\": \"./dist/shimsNode.d.mts\",\n \"import\": \"./dist/shimsNode.mjs\"\n }\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"cross-spawn\": \"catalog:runtimeClientOnly\",\n \"eventsource\": \"catalog:runtimeClientOnly\",\n \"eventsource-parser\": \"catalog:runtimeClientOnly\",\n \"jose\": \"catalog:runtimeClientOnly\",\n \"pkce-challenge\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependencies\": {\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependenciesMeta\": {\n \"@cfworker/json-schema\": {\n \"optional\": true\n },\n \"zod\": {\n \"optional\": false\n }\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\",\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"@types/content-type\": \"catalog:devTools\",\n \"@types/cross-spawn\": \"catalog:devTools\",\n \"@types/eventsource\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"@eslint/js\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsx\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/client/src/client/auth.examples.ts", "content": "/**\n * Type-checked examples for `auth.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { AuthorizationServerMetadata } from '@modelcontextprotocol/core';\n\nimport type { OAuthClientProvider } from './auth.js';\nimport { fetchToken } from './auth.js';\n\n/**\n * Base class providing no-op implementations of required OAuthClientProvider methods.\n * Used as a base for concise examples that focus on specific methods.\n */\nabstract class MyProviderBase implements OAuthClientProvider {\n get redirectUrl(): URL | undefined {\n return;\n }\n get clientMetadata() {\n return { redirect_uris: [] as string[] };\n }\n clientInformation(): undefined {\n return;\n }\n tokens(): undefined {\n return;\n }\n saveTokens() {\n return Promise.resolve();\n }\n redirectToAuthorization() {\n return Promise.resolve();\n }\n saveCodeVerifier() {\n return Promise.resolve();\n }\n codeVerifier() {\n return Promise.resolve('');\n }\n}\n\n/**\n * Example: Using fetchToken with a client_credentials provider.\n */\nasync function fetchToken_clientCredentials(authServerUrl: URL, metadata: AuthorizationServerMetadata) {\n //#region fetchToken_clientCredentials\n // Provider for client_credentials:\n class MyProvider extends MyProviderBase implements OAuthClientProvider {\n prepareTokenRequest(scope?: string) {\n const params = new URLSearchParams({ grant_type: 'client_credentials' });\n if (scope) params.set('scope', scope);\n return params;\n }\n }\n\n const tokens = await fetchToken(new MyProvider(), authServerUrl, { metadata });\n //#endregion fetchToken_clientCredentials\n return tokens;\n}\n" }, { "path": "packages/client/src/client/auth.ts", "content": "import type {\n AuthorizationServerMetadata,\n FetchLike,\n OAuthClientInformation,\n OAuthClientInformationFull,\n OAuthClientInformationMixed,\n OAuthClientMetadata,\n OAuthMetadata,\n OAuthProtectedResourceMetadata,\n OAuthTokens\n} from '@modelcontextprotocol/core';\nimport {\n checkResourceAllowed,\n LATEST_PROTOCOL_VERSION,\n OAuthClientInformationFullSchema,\n OAuthError,\n OAuthErrorCode,\n OAuthErrorResponseSchema,\n OAuthMetadataSchema,\n OAuthProtectedResourceMetadataSchema,\n OAuthTokensSchema,\n OpenIdProviderDiscoveryMetadataSchema,\n resourceUrlFromServerUrl\n} from '@modelcontextprotocol/core';\nimport pkceChallenge from 'pkce-challenge';\n\n/**\n * Function type for adding client authentication to token requests.\n */\nexport type AddClientAuthentication = (\n headers: Headers,\n params: URLSearchParams,\n url: string | URL,\n metadata?: AuthorizationServerMetadata\n) => void | Promise;\n\n/**\n * Implements an end-to-end OAuth client to be used with one MCP server.\n *\n * This client relies upon a concept of an authorized \"session,\" the exact\n * meaning of which is application-defined. Tokens, authorization codes, and\n * code verifiers should not cross different sessions.\n */\nexport interface OAuthClientProvider {\n /**\n * The URL to redirect the user agent to after authorization.\n * Return `undefined` for non-interactive flows that don't require user interaction\n * (e.g., `client_credentials`, `jwt-bearer`).\n */\n get redirectUrl(): string | URL | undefined;\n\n /**\n * External URL the server should use to fetch client metadata document\n */\n clientMetadataUrl?: string;\n\n /**\n * Metadata about this OAuth client.\n */\n get clientMetadata(): OAuthClientMetadata;\n\n /**\n * Returns an OAuth2 state parameter.\n */\n state?(): string | Promise;\n\n /**\n * Loads information about this OAuth client, as registered already with the\n * server, or returns `undefined` if the client is not registered with the\n * server.\n */\n clientInformation(): OAuthClientInformationMixed | undefined | Promise;\n\n /**\n * If implemented, this permits the OAuth client to dynamically register with\n * the server. Client information saved this way should later be read via\n * {@linkcode OAuthClientProvider.clientInformation | clientInformation()}.\n *\n * This method is not required to be implemented if client information is\n * statically known (e.g., pre-registered).\n */\n saveClientInformation?(clientInformation: OAuthClientInformationMixed): void | Promise;\n\n /**\n * Loads any existing OAuth tokens for the current session, or returns\n * `undefined` if there are no saved tokens.\n */\n tokens(): OAuthTokens | undefined | Promise;\n\n /**\n * Stores new OAuth tokens for the current session, after a successful\n * authorization.\n */\n saveTokens(tokens: OAuthTokens): void | Promise;\n\n /**\n * Invoked to redirect the user agent to the given URL to begin the authorization flow.\n */\n redirectToAuthorization(authorizationUrl: URL): void | Promise;\n\n /**\n * Saves a PKCE code verifier for the current session, before redirecting to\n * the authorization flow.\n */\n saveCodeVerifier(codeVerifier: string): void | Promise;\n\n /**\n * Loads the PKCE code verifier for the current session, necessary to validate\n * the authorization result.\n */\n codeVerifier(): string | Promise;\n\n /**\n * Adds custom client authentication to OAuth token requests.\n *\n * This optional method allows implementations to customize how client credentials\n * are included in token exchange and refresh requests. When provided, this method\n * is called instead of the default authentication logic, giving full control over\n * the authentication mechanism.\n *\n * Common use cases include:\n * - Supporting authentication methods beyond the standard OAuth 2.0 methods\n * - Adding custom headers for proprietary authentication schemes\n * - Implementing client assertion-based authentication (e.g., JWT bearer tokens)\n *\n * @param headers - The request headers (can be modified to add authentication)\n * @param params - The request body parameters (can be modified to add credentials)\n * @param url - The token endpoint URL being called\n * @param metadata - Optional OAuth metadata for the server, which may include supported authentication methods\n */\n addClientAuthentication?: AddClientAuthentication;\n\n /**\n * If defined, overrides the selection and validation of the\n * RFC 8707 Resource Indicator. If left undefined, default\n * validation behavior will be used.\n *\n * Implementations must verify the returned resource matches the MCP server.\n */\n validateResourceURL?(serverUrl: string | URL, resource?: string): Promise;\n\n /**\n * If implemented, provides a way for the client to invalidate (e.g. delete) the specified\n * credentials, in the case where the server has indicated that they are no longer valid.\n * This avoids requiring the user to intervene manually.\n */\n invalidateCredentials?(scope: 'all' | 'client' | 'tokens' | 'verifier' | 'discovery'): void | Promise;\n\n /**\n * Prepares grant-specific parameters for a token request.\n *\n * This optional method allows providers to customize the token request based on\n * the grant type they support. When implemented, it returns the grant type and\n * any grant-specific parameters needed for the token exchange.\n *\n * If not implemented, the default behavior depends on the flow:\n * - For authorization code flow: uses `code`, `code_verifier`, and `redirect_uri`\n * - For `client_credentials`: detected via `grant_types` in {@linkcode OAuthClientProvider.clientMetadata | clientMetadata}\n *\n * @param scope - Optional scope to request\n * @returns Grant type and parameters, or `undefined` to use default behavior\n *\n * @example\n * // For client_credentials grant:\n * prepareTokenRequest(scope) {\n * return {\n * grantType: 'client_credentials',\n * params: scope ? { scope } : {}\n * };\n * }\n *\n * @example\n * // For authorization_code grant (default behavior):\n * async prepareTokenRequest() {\n * return {\n * grantType: 'authorization_code',\n * params: {\n * code: this.authorizationCode,\n * code_verifier: await this.codeVerifier(),\n * redirect_uri: String(this.redirectUrl)\n * }\n * };\n * }\n */\n prepareTokenRequest?(scope?: string): URLSearchParams | Promise | undefined;\n\n /**\n * Saves the authorization server URL after RFC 9728 discovery.\n * This method is called by {@linkcode auth} after successful discovery of the\n * authorization server via protected resource metadata.\n *\n * Providers implementing Cross-App Access or other flows that need access to\n * the discovered authorization server URL should implement this method.\n *\n * @param authorizationServerUrl - The authorization server URL discovered via RFC 9728\n */\n saveAuthorizationServerUrl?(authorizationServerUrl: string): void | Promise;\n\n /**\n * Returns the previously saved authorization server URL, if available.\n *\n * Providers implementing Cross-App Access can use this to access the\n * authorization server URL discovered during the OAuth flow.\n *\n * @returns The authorization server URL, or `undefined` if not available\n */\n authorizationServerUrl?(): string | undefined | Promise;\n\n /**\n * Saves the resource URL after RFC 9728 discovery.\n * This method is called by {@linkcode auth} after successful discovery of the\n * resource metadata.\n *\n * Providers implementing Cross-App Access or other flows that need access to\n * the discovered resource URL should implement this method.\n *\n * @param resourceUrl - The resource URL discovered via RFC 9728\n */\n saveResourceUrl?(resourceUrl: string): void | Promise;\n\n /**\n * Returns the previously saved resource URL, if available.\n *\n * Providers implementing Cross-App Access can use this to access the\n * resource URL discovered during the OAuth flow.\n *\n * @returns The resource URL, or `undefined` if not available\n */\n resourceUrl?(): string | undefined | Promise;\n\n /**\n * Saves the OAuth discovery state after RFC 9728 and authorization server metadata\n * discovery. Providers can persist this state to avoid redundant discovery requests\n * on subsequent {@linkcode auth} calls.\n *\n * This state can also be provided out-of-band (e.g., from a previous session or\n * external configuration) to bootstrap the OAuth flow without discovery.\n *\n * Called by {@linkcode auth} after successful discovery.\n */\n saveDiscoveryState?(state: OAuthDiscoveryState): void | Promise;\n\n /**\n * Returns previously saved discovery state, or `undefined` if none is cached.\n *\n * When available, {@linkcode auth} restores the discovery state (authorization server\n * URL, resource metadata, etc.) instead of performing RFC 9728 discovery, reducing\n * latency on subsequent calls.\n *\n * Providers should clear cached discovery state on repeated authentication failures\n * (via {@linkcode invalidateCredentials} with scope `'discovery'` or `'all'`) to allow\n * re-discovery in case the authorization server has changed.\n */\n discoveryState?(): OAuthDiscoveryState | undefined | Promise;\n}\n\n/**\n * Discovery state that can be persisted across sessions by an {@linkcode OAuthClientProvider}.\n *\n * Contains the results of RFC 9728 protected resource metadata discovery and\n * authorization server metadata discovery. Persisting this state avoids\n * redundant discovery HTTP requests on subsequent {@linkcode auth} calls.\n */\n// TODO: Consider adding `authorizationServerMetadataUrl` to capture the exact well-known URL\n// at which authorization server metadata was discovered. This would require\n// `discoverAuthorizationServerMetadata()` to return the successful discovery URL.\nexport interface OAuthDiscoveryState extends OAuthServerInfo {\n /** The URL at which the protected resource metadata was found, if available. */\n resourceMetadataUrl?: string;\n}\n\nexport type AuthResult = 'AUTHORIZED' | 'REDIRECT';\n\nexport class UnauthorizedError extends Error {\n constructor(message?: string) {\n super(message ?? 'Unauthorized');\n }\n}\n\nexport type ClientAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'none';\n\nfunction isClientAuthMethod(method: string): method is ClientAuthMethod {\n return ['client_secret_basic', 'client_secret_post', 'none'].includes(method);\n}\n\nconst AUTHORIZATION_CODE_RESPONSE_TYPE = 'code';\nconst AUTHORIZATION_CODE_CHALLENGE_METHOD = 'S256';\n\n/**\n * Determines the best client authentication method to use based on server support and client configuration.\n *\n * Priority order (highest to lowest):\n * 1. `client_secret_basic` (if client secret is available)\n * 2. `client_secret_post` (if client secret is available)\n * 3. `none` (for public clients)\n *\n * @param clientInformation - OAuth client information containing credentials\n * @param supportedMethods - Authentication methods supported by the authorization server\n * @returns The selected authentication method\n */\nexport function selectClientAuthMethod(clientInformation: OAuthClientInformationMixed, supportedMethods: string[]): ClientAuthMethod {\n const hasClientSecret = clientInformation.client_secret !== undefined;\n\n // Prefer the method returned by the server during client registration, if valid.\n // When server metadata is present we also require the method to be listed as supported;\n // when supportedMethods is empty (metadata omitted the field) the DCR hint stands alone.\n if (\n 'token_endpoint_auth_method' in clientInformation &&\n clientInformation.token_endpoint_auth_method &&\n isClientAuthMethod(clientInformation.token_endpoint_auth_method) &&\n (supportedMethods.length === 0 || supportedMethods.includes(clientInformation.token_endpoint_auth_method))\n ) {\n return clientInformation.token_endpoint_auth_method;\n }\n\n // If server metadata omits token_endpoint_auth_methods_supported, RFC 8414 §2 says the\n // default is client_secret_basic. RFC 6749 §2.3.1 also requires servers to support HTTP\n // Basic authentication for clients with a secret, making it the safest default.\n if (supportedMethods.length === 0) {\n return hasClientSecret ? 'client_secret_basic' : 'none';\n }\n\n // Try methods in priority order (most secure first)\n if (hasClientSecret && supportedMethods.includes('client_secret_basic')) {\n return 'client_secret_basic';\n }\n\n if (hasClientSecret && supportedMethods.includes('client_secret_post')) {\n return 'client_secret_post';\n }\n\n if (supportedMethods.includes('none')) {\n return 'none';\n }\n\n // Fallback: use what we have\n return hasClientSecret ? 'client_secret_post' : 'none';\n}\n\n/**\n * Applies client authentication to the request based on the specified method.\n *\n * Implements OAuth 2.1 client authentication methods:\n * - `client_secret_basic`: HTTP Basic authentication (RFC 6749 Section 2.3.1)\n * - `client_secret_post`: Credentials in request body (RFC 6749 Section 2.3.1)\n * - `none`: Public client authentication (RFC 6749 Section 2.1)\n *\n * @param method - The authentication method to use\n * @param clientInformation - OAuth client information containing credentials\n * @param headers - HTTP headers object to modify\n * @param params - URL search parameters to modify\n * @throws {Error} When required credentials are missing\n */\nexport function applyClientAuthentication(\n method: ClientAuthMethod,\n clientInformation: OAuthClientInformation,\n headers: Headers,\n params: URLSearchParams\n): void {\n const { client_id, client_secret } = clientInformation;\n\n switch (method) {\n case 'client_secret_basic': {\n applyBasicAuth(client_id, client_secret, headers);\n return;\n }\n case 'client_secret_post': {\n applyPostAuth(client_id, client_secret, params);\n return;\n }\n case 'none': {\n applyPublicAuth(client_id, params);\n return;\n }\n default: {\n throw new Error(`Unsupported client authentication method: ${method}`);\n }\n }\n}\n\n/**\n * Applies HTTP Basic authentication (RFC 6749 Section 2.3.1)\n */\nfunction applyBasicAuth(clientId: string, clientSecret: string | undefined, headers: Headers): void {\n if (!clientSecret) {\n throw new Error('client_secret_basic authentication requires a client_secret');\n }\n\n const credentials = btoa(`${clientId}:${clientSecret}`);\n headers.set('Authorization', `Basic ${credentials}`);\n}\n\n/**\n * Applies POST body authentication (RFC 6749 Section 2.3.1)\n */\nfunction applyPostAuth(clientId: string, clientSecret: string | undefined, params: URLSearchParams): void {\n params.set('client_id', clientId);\n if (clientSecret) {\n params.set('client_secret', clientSecret);\n }\n}\n\n/**\n * Applies public client authentication (RFC 6749 Section 2.1)\n */\nfunction applyPublicAuth(clientId: string, params: URLSearchParams): void {\n params.set('client_id', clientId);\n}\n\n/**\n * Parses an OAuth error response from a string or Response object.\n *\n * If the input is a standard OAuth2.0 error response, it will be parsed according to the spec\n * and an {@linkcode OAuthError} will be returned with the appropriate error code.\n * If parsing fails, it falls back to a generic {@linkcode OAuthErrorCode.ServerError | ServerError} that includes\n * the response status (if available) and original content.\n *\n * @param input - A Response object or string containing the error response\n * @returns A Promise that resolves to an {@linkcode OAuthError} instance\n */\nexport async function parseErrorResponse(input: Response | string): Promise {\n const statusCode = input instanceof Response ? input.status : undefined;\n const body = input instanceof Response ? await input.text() : input;\n\n try {\n const result = OAuthErrorResponseSchema.parse(JSON.parse(body));\n return OAuthError.fromResponse(result);\n } catch (error) {\n // Not a valid OAuth error response, but try to inform the user of the raw data anyway\n const errorMessage = `${statusCode ? `HTTP ${statusCode}: ` : ''}Invalid OAuth error response: ${error}. Raw body: ${body}`;\n return new OAuthError(OAuthErrorCode.ServerError, errorMessage);\n }\n}\n\n/**\n * Orchestrates the full auth flow with a server.\n *\n * This can be used as a single entry point for all authorization functionality,\n * instead of linking together the other lower-level functions in this module.\n */\nexport async function auth(\n provider: OAuthClientProvider,\n options: {\n serverUrl: string | URL;\n authorizationCode?: string;\n scope?: string;\n resourceMetadataUrl?: URL;\n fetchFn?: FetchLike;\n }\n): Promise {\n try {\n return await authInternal(provider, options);\n } catch (error) {\n // Handle recoverable error types by invalidating credentials and retrying\n if (error instanceof OAuthError) {\n if (error.code === OAuthErrorCode.InvalidClient || error.code === OAuthErrorCode.UnauthorizedClient) {\n await provider.invalidateCredentials?.('all');\n return await authInternal(provider, options);\n } else if (error.code === OAuthErrorCode.InvalidGrant) {\n await provider.invalidateCredentials?.('tokens');\n return await authInternal(provider, options);\n }\n }\n\n // Throw otherwise\n throw error;\n }\n}\n\nasync function authInternal(\n provider: OAuthClientProvider,\n {\n serverUrl,\n authorizationCode,\n scope,\n resourceMetadataUrl,\n fetchFn\n }: {\n serverUrl: string | URL;\n authorizationCode?: string;\n scope?: string;\n resourceMetadataUrl?: URL;\n fetchFn?: FetchLike;\n }\n): Promise {\n // Check if the provider has cached discovery state to skip discovery\n const cachedState = await provider.discoveryState?.();\n\n let resourceMetadata: OAuthProtectedResourceMetadata | undefined;\n let authorizationServerUrl: string | URL;\n let metadata: AuthorizationServerMetadata | undefined;\n\n // If resourceMetadataUrl is not provided, try to load it from cached state\n // This handles browser redirects where the URL was saved before navigation\n let effectiveResourceMetadataUrl = resourceMetadataUrl;\n if (!effectiveResourceMetadataUrl && cachedState?.resourceMetadataUrl) {\n effectiveResourceMetadataUrl = new URL(cachedState.resourceMetadataUrl);\n }\n\n if (cachedState?.authorizationServerUrl) {\n // Restore discovery state from cache\n authorizationServerUrl = cachedState.authorizationServerUrl;\n resourceMetadata = cachedState.resourceMetadata;\n metadata =\n cachedState.authorizationServerMetadata ?? (await discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn }));\n\n // If resource metadata wasn't cached, try to fetch it for selectResourceURL\n if (!resourceMetadata) {\n try {\n resourceMetadata = await discoverOAuthProtectedResourceMetadata(\n serverUrl,\n { resourceMetadataUrl: effectiveResourceMetadataUrl },\n fetchFn\n );\n } catch {\n // RFC 9728 not available — selectResourceURL will handle undefined\n }\n }\n\n // Re-save if we enriched the cached state with missing metadata\n if (metadata !== cachedState.authorizationServerMetadata || resourceMetadata !== cachedState.resourceMetadata) {\n await provider.saveDiscoveryState?.({\n authorizationServerUrl: String(authorizationServerUrl),\n resourceMetadataUrl: effectiveResourceMetadataUrl?.toString(),\n resourceMetadata,\n authorizationServerMetadata: metadata\n });\n }\n } else {\n // Full discovery via RFC 9728\n const serverInfo = await discoverOAuthServerInfo(serverUrl, { resourceMetadataUrl: effectiveResourceMetadataUrl, fetchFn });\n authorizationServerUrl = serverInfo.authorizationServerUrl;\n metadata = serverInfo.authorizationServerMetadata;\n resourceMetadata = serverInfo.resourceMetadata;\n\n // Persist discovery state for future use\n // TODO: resourceMetadataUrl is only populated when explicitly provided via options\n // or loaded from cached state. The URL derived internally by\n // discoverOAuthProtectedResourceMetadata() is not captured back here.\n await provider.saveDiscoveryState?.({\n authorizationServerUrl: String(authorizationServerUrl),\n resourceMetadataUrl: effectiveResourceMetadataUrl?.toString(),\n resourceMetadata,\n authorizationServerMetadata: metadata\n });\n }\n\n // Save authorization server URL for providers that need it (e.g., CrossAppAccessProvider)\n await provider.saveAuthorizationServerUrl?.(String(authorizationServerUrl));\n\n const resource: URL | undefined = await selectResourceURL(serverUrl, provider, resourceMetadata);\n\n // Save resource URL for providers that need it (e.g., CrossAppAccessProvider)\n if (resource) {\n await provider.saveResourceUrl?.(String(resource));\n }\n\n // Apply scope selection strategy (SEP-835):\n // 1. WWW-Authenticate scope (passed via `scope` param)\n // 2. PRM scopes_supported\n // 3. Client metadata scope (user-configured fallback)\n // The resolved scope is used consistently for both DCR and the authorization request.\n const resolvedScope = scope || resourceMetadata?.scopes_supported?.join(' ') || provider.clientMetadata.scope;\n\n // Handle client registration if needed\n let clientInformation = await Promise.resolve(provider.clientInformation());\n if (!clientInformation) {\n if (authorizationCode !== undefined) {\n throw new Error('Existing OAuth client information is required when exchanging an authorization code');\n }\n\n const supportsUrlBasedClientId = metadata?.client_id_metadata_document_supported === true;\n const clientMetadataUrl = provider.clientMetadataUrl;\n\n if (clientMetadataUrl && !isHttpsUrl(clientMetadataUrl)) {\n throw new OAuthError(\n OAuthErrorCode.InvalidClientMetadata,\n `clientMetadataUrl must be a valid HTTPS URL with a non-root pathname, got: ${clientMetadataUrl}`\n );\n }\n\n const shouldUseUrlBasedClientId = supportsUrlBasedClientId && clientMetadataUrl;\n\n if (shouldUseUrlBasedClientId) {\n // SEP-991: URL-based Client IDs\n clientInformation = {\n client_id: clientMetadataUrl\n };\n await provider.saveClientInformation?.(clientInformation);\n } else {\n // Fallback to dynamic registration\n if (!provider.saveClientInformation) {\n throw new Error('OAuth client information must be saveable for dynamic registration');\n }\n\n const fullInformation = await registerClient(authorizationServerUrl, {\n metadata,\n clientMetadata: provider.clientMetadata,\n scope: resolvedScope,\n fetchFn\n });\n\n await provider.saveClientInformation(fullInformation);\n clientInformation = fullInformation;\n }\n }\n\n // Non-interactive flows (e.g., client_credentials, jwt-bearer) don't need a redirect URL\n const nonInteractiveFlow = !provider.redirectUrl;\n\n // Exchange authorization code for tokens, or fetch tokens directly for non-interactive flows\n if (authorizationCode !== undefined || nonInteractiveFlow) {\n const tokens = await fetchToken(provider, authorizationServerUrl, {\n metadata,\n resource,\n authorizationCode,\n scope,\n fetchFn\n });\n\n await provider.saveTokens(tokens);\n return 'AUTHORIZED';\n }\n\n const tokens = await provider.tokens();\n\n // Handle token refresh or new authorization\n if (tokens?.refresh_token) {\n try {\n // Attempt to refresh the token\n const newTokens = await refreshAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n refreshToken: tokens.refresh_token,\n resource,\n addClientAuthentication: provider.addClientAuthentication,\n fetchFn\n });\n\n await provider.saveTokens(newTokens);\n return 'AUTHORIZED';\n } catch (error) {\n // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.\n if (!(error instanceof OAuthError) || error.code === OAuthErrorCode.ServerError) {\n // Could not refresh OAuth tokens\n } else {\n // Refresh failed for another reason, re-throw\n throw error;\n }\n }\n }\n\n const state = provider.state ? await provider.state() : undefined;\n\n // Start new authorization flow\n const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, {\n metadata,\n clientInformation,\n state,\n redirectUrl: provider.redirectUrl,\n scope: resolvedScope,\n resource\n });\n\n await provider.saveCodeVerifier(codeVerifier);\n await provider.redirectToAuthorization(authorizationUrl);\n return 'REDIRECT';\n}\n\n/**\n * SEP-991: URL-based Client IDs\n * Validate that the `client_id` is a valid URL with `https` scheme\n */\nexport function isHttpsUrl(value?: string): boolean {\n if (!value) return false;\n try {\n const url = new URL(value);\n return url.protocol === 'https:' && url.pathname !== '/';\n } catch {\n return false;\n }\n}\n\nexport async function selectResourceURL(\n serverUrl: string | URL,\n provider: OAuthClientProvider,\n resourceMetadata?: OAuthProtectedResourceMetadata\n): Promise {\n const defaultResource = resourceUrlFromServerUrl(serverUrl);\n\n // If provider has custom validation, delegate to it\n if (provider.validateResourceURL) {\n return await provider.validateResourceURL(defaultResource, resourceMetadata?.resource);\n }\n\n // Only include resource parameter when Protected Resource Metadata is present\n if (!resourceMetadata) {\n return undefined;\n }\n\n // Validate that the metadata's resource is compatible with our request\n if (!checkResourceAllowed({ requestedResource: defaultResource, configuredResource: resourceMetadata.resource })) {\n throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${defaultResource} (or origin)`);\n }\n // Prefer the resource from metadata since it's what the server is telling us to request\n return new URL(resourceMetadata.resource);\n}\n\n/**\n * Extract `resource_metadata`, `scope`, and `error` from `WWW-Authenticate` header.\n */\nexport function extractWWWAuthenticateParams(res: Response): { resourceMetadataUrl?: URL; scope?: string; error?: string } {\n const authenticateHeader = res.headers.get('WWW-Authenticate');\n if (!authenticateHeader) {\n return {};\n }\n\n const [type, scheme] = authenticateHeader.split(' ');\n if (type?.toLowerCase() !== 'bearer' || !scheme) {\n return {};\n }\n\n const resourceMetadataMatch = extractFieldFromWwwAuth(res, 'resource_metadata') || undefined;\n\n let resourceMetadataUrl: URL | undefined;\n if (resourceMetadataMatch) {\n try {\n resourceMetadataUrl = new URL(resourceMetadataMatch);\n } catch {\n // Ignore invalid URL\n }\n }\n\n const scope = extractFieldFromWwwAuth(res, 'scope') || undefined;\n const error = extractFieldFromWwwAuth(res, 'error') || undefined;\n\n return {\n resourceMetadataUrl,\n scope,\n error\n };\n}\n\n/**\n * Extracts a specific field's value from the `WWW-Authenticate` header string.\n *\n * @param response The HTTP response object containing the headers.\n * @param fieldName The name of the field to extract (e.g., `\"realm\"`, `\"nonce\"`).\n * @returns The field value\n */\nfunction extractFieldFromWwwAuth(response: Response, fieldName: string): string | null {\n const wwwAuthHeader = response.headers.get('WWW-Authenticate');\n if (!wwwAuthHeader) {\n return null;\n }\n\n const pattern = new RegExp(String.raw`${fieldName}=(?:\"([^\"]+)\"|([^\\s,]+))`);\n const match = wwwAuthHeader.match(pattern);\n\n if (match) {\n // Pattern matches: field_name=\"value\" or field_name=value (unquoted)\n const result = match[1] || match[2];\n if (result) {\n return result;\n }\n }\n\n return null;\n}\n\n/**\n * Extract `resource_metadata` from response header.\n * @deprecated Use {@linkcode extractWWWAuthenticateParams} instead.\n */\nexport function extractResourceMetadataUrl(res: Response): URL | undefined {\n const authenticateHeader = res.headers.get('WWW-Authenticate');\n if (!authenticateHeader) {\n return undefined;\n }\n\n const [type, scheme] = authenticateHeader.split(' ');\n if (type?.toLowerCase() !== 'bearer' || !scheme) {\n return undefined;\n }\n const regex = /resource_metadata=\"([^\"]*)\"/;\n const match = regex.exec(authenticateHeader);\n\n if (!match || !match[1]) {\n return undefined;\n }\n\n try {\n return new URL(match[1]);\n } catch {\n return undefined;\n }\n}\n\n/**\n * Looks up {@link https://datatracker.ietf.org/doc/html/rfc9728 | RFC 9728}\n * OAuth 2.0 Protected Resource Metadata.\n *\n * If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n */\nexport async function discoverOAuthProtectedResourceMetadata(\n serverUrl: string | URL,\n opts?: { protocolVersion?: string; resourceMetadataUrl?: string | URL },\n fetchFn: FetchLike = fetch\n): Promise {\n const response = await discoverMetadataWithFallback(serverUrl, 'oauth-protected-resource', fetchFn, {\n protocolVersion: opts?.protocolVersion,\n metadataUrl: opts?.resourceMetadataUrl\n });\n\n if (!response || response.status === 404) {\n await response?.text?.().catch(() => {});\n throw new Error(`Resource server does not implement OAuth 2.0 Protected Resource Metadata.`);\n }\n\n if (!response.ok) {\n await response.text?.().catch(() => {});\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth protected resource metadata.`);\n }\n return OAuthProtectedResourceMetadataSchema.parse(await response.json());\n}\n\n/**\n * Helper function to handle fetch with CORS retry logic\n */\nasync function fetchWithCorsRetry(url: URL, headers?: Record, fetchFn: FetchLike = fetch): Promise {\n try {\n return await fetchFn(url, { headers });\n } catch (error) {\n if (error instanceof TypeError) {\n // CORS errors come back as TypeError, retry without headers\n // We're getting CORS errors on retry too, return undefined\n return headers ? fetchWithCorsRetry(url, undefined, fetchFn) : undefined;\n }\n throw error;\n }\n}\n\n/**\n * Constructs the well-known path for auth-related metadata discovery\n */\nfunction buildWellKnownPath(\n wellKnownPrefix: 'oauth-authorization-server' | 'oauth-protected-resource' | 'openid-configuration',\n pathname: string = '',\n options: { prependPathname?: boolean } = {}\n): string {\n // Strip trailing slash from pathname to avoid double slashes\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n return options.prependPathname ? `${pathname}/.well-known/${wellKnownPrefix}` : `/.well-known/${wellKnownPrefix}${pathname}`;\n}\n\n/**\n * Tries to discover OAuth metadata at a specific URL\n */\nasync function tryMetadataDiscovery(url: URL, protocolVersion: string, fetchFn: FetchLike = fetch): Promise {\n const headers = {\n 'MCP-Protocol-Version': protocolVersion\n };\n return await fetchWithCorsRetry(url, headers, fetchFn);\n}\n\n/**\n * Determines if fallback to root discovery should be attempted\n */\nfunction shouldAttemptFallback(response: Response | undefined, pathname: string): boolean {\n return !response || (response.status >= 400 && response.status < 500 && pathname !== '/');\n}\n\n/**\n * Generic function for discovering OAuth metadata with fallback support\n */\nasync function discoverMetadataWithFallback(\n serverUrl: string | URL,\n wellKnownType: 'oauth-authorization-server' | 'oauth-protected-resource',\n fetchFn: FetchLike,\n opts?: { protocolVersion?: string; metadataUrl?: string | URL; metadataServerUrl?: string | URL }\n): Promise {\n const issuer = new URL(serverUrl);\n const protocolVersion = opts?.protocolVersion ?? LATEST_PROTOCOL_VERSION;\n\n let url: URL;\n if (opts?.metadataUrl) {\n url = new URL(opts.metadataUrl);\n } else {\n // Try path-aware discovery first\n const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname);\n url = new URL(wellKnownPath, opts?.metadataServerUrl ?? issuer);\n url.search = issuer.search;\n }\n\n let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn);\n\n // If path-aware discovery fails with 404 and we're not already at root, try fallback to root discovery\n if (!opts?.metadataUrl && shouldAttemptFallback(response, issuer.pathname)) {\n const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer);\n response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn);\n }\n\n return response;\n}\n\n/**\n * Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata.\n *\n * If the server returns a 404 for the well-known endpoint, this function will\n * return `undefined`. Any other errors will be thrown as exceptions.\n *\n * @deprecated This function is deprecated in favor of {@linkcode discoverAuthorizationServerMetadata}.\n */\nexport async function discoverOAuthMetadata(\n issuer: string | URL,\n {\n authorizationServerUrl,\n protocolVersion\n }: {\n authorizationServerUrl?: string | URL;\n protocolVersion?: string;\n } = {},\n fetchFn: FetchLike = fetch\n): Promise {\n if (typeof issuer === 'string') {\n issuer = new URL(issuer);\n }\n if (!authorizationServerUrl) {\n authorizationServerUrl = issuer;\n }\n if (typeof authorizationServerUrl === 'string') {\n authorizationServerUrl = new URL(authorizationServerUrl);\n }\n protocolVersion ??= LATEST_PROTOCOL_VERSION;\n\n const response = await discoverMetadataWithFallback(authorizationServerUrl, 'oauth-authorization-server', fetchFn, {\n protocolVersion,\n metadataServerUrl: authorizationServerUrl\n });\n\n if (!response || response.status === 404) {\n await response?.text?.().catch(() => {});\n return undefined;\n }\n\n if (!response.ok) {\n await response.text?.().catch(() => {});\n throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`);\n }\n\n return OAuthMetadataSchema.parse(await response.json());\n}\n\n/**\n * Builds a list of discovery URLs to try for authorization server metadata.\n * URLs are returned in priority order:\n * 1. OAuth metadata at the given URL\n * 2. OIDC metadata endpoints at the given URL\n */\nexport function buildDiscoveryUrls(authorizationServerUrl: string | URL): { url: URL; type: 'oauth' | 'oidc' }[] {\n const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl;\n const hasPath = url.pathname !== '/';\n const urlsToTry: { url: URL; type: 'oauth' | 'oidc' }[] = [];\n\n if (!hasPath) {\n urlsToTry.push(\n // Root path: https://example.com/.well-known/oauth-authorization-server\n\n {\n url: new URL('/.well-known/oauth-authorization-server', url.origin),\n type: 'oauth'\n },\n // OIDC: https://example.com/.well-known/openid-configuration\n\n {\n url: new URL(`/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n }\n );\n\n return urlsToTry;\n }\n\n // Strip trailing slash from pathname to avoid double slashes\n let pathname = url.pathname;\n if (pathname.endsWith('/')) {\n pathname = pathname.slice(0, -1);\n }\n\n urlsToTry.push(\n // 1. OAuth metadata at the given URL\n // Insert well-known before the path: https://example.com/.well-known/oauth-authorization-server/tenant1\n {\n url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin),\n type: 'oauth'\n },\n // 2. OIDC metadata endpoints\n // RFC 8414 style: Insert /.well-known/openid-configuration before the path\n {\n url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin),\n type: 'oidc'\n },\n // OIDC Discovery 1.0 style: Append /.well-known/openid-configuration after the path\n\n {\n url: new URL(`${pathname}/.well-known/openid-configuration`, url.origin),\n type: 'oidc'\n }\n );\n\n return urlsToTry;\n}\n\n/**\n * Discovers authorization server metadata with support for\n * {@link https://datatracker.ietf.org/doc/html/rfc8414 | RFC 8414} OAuth 2.0\n * Authorization Server Metadata and\n * {@link https://openid.net/specs/openid-connect-discovery-1_0.html | OpenID Connect Discovery 1.0}\n * specifications.\n *\n * This function implements a fallback strategy for authorization server discovery:\n * 1. Attempts RFC 8414 OAuth metadata discovery first\n * 2. If OAuth discovery fails, falls back to OpenID Connect Discovery\n *\n * @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's\n * protected resource metadata, or the MCP server's URL if the\n * metadata was not found.\n * @param options - Configuration options\n * @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch\n * @param options.protocolVersion - MCP protocol version to use, defaults to {@linkcode LATEST_PROTOCOL_VERSION}\n * @returns Promise resolving to authorization server metadata, or undefined if discovery fails\n */\nexport async function discoverAuthorizationServerMetadata(\n authorizationServerUrl: string | URL,\n {\n fetchFn = fetch,\n protocolVersion = LATEST_PROTOCOL_VERSION\n }: {\n fetchFn?: FetchLike;\n protocolVersion?: string;\n } = {}\n): Promise {\n const headers = {\n 'MCP-Protocol-Version': protocolVersion,\n Accept: 'application/json'\n };\n\n // Get the list of URLs to try\n const urlsToTry = buildDiscoveryUrls(authorizationServerUrl);\n\n // Try each URL in order\n for (const { url: endpointUrl, type } of urlsToTry) {\n const response = await fetchWithCorsRetry(endpointUrl, headers, fetchFn);\n\n if (!response) {\n /**\n * CORS error occurred - don't throw as the endpoint may not allow CORS,\n * continue trying other possible endpoints\n */\n continue;\n }\n\n if (!response.ok) {\n await response.text?.().catch(() => {});\n // Continue looking for any 4xx response code.\n if (response.status >= 400 && response.status < 500) {\n continue; // Try next URL\n }\n throw new Error(\n `HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`\n );\n }\n\n // Parse and validate based on type\n return type === 'oauth'\n ? OAuthMetadataSchema.parse(await response.json())\n : OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());\n }\n\n return undefined;\n}\n\n/**\n * Result of {@linkcode discoverOAuthServerInfo}.\n */\nexport interface OAuthServerInfo {\n /**\n * The authorization server URL, either discovered via RFC 9728\n * or derived from the MCP server URL as a fallback.\n */\n authorizationServerUrl: string;\n\n /**\n * The authorization server metadata (endpoints, capabilities),\n * or `undefined` if metadata discovery failed.\n */\n authorizationServerMetadata?: AuthorizationServerMetadata;\n\n /**\n * The OAuth 2.0 Protected Resource Metadata from RFC 9728,\n * or `undefined` if the server does not support it.\n */\n resourceMetadata?: OAuthProtectedResourceMetadata;\n}\n\n/**\n * Discovers the authorization server for an MCP server following\n * {@link https://datatracker.ietf.org/doc/html/rfc9728 | RFC 9728} (OAuth 2.0 Protected\n * Resource Metadata), with fallback to treating the server URL as the\n * authorization server.\n *\n * This function combines two discovery steps into one call:\n * 1. Probes `/.well-known/oauth-protected-resource` on the MCP server to find the\n * authorization server URL (RFC 9728).\n * 2. Fetches authorization server metadata from that URL (RFC 8414 / OpenID Connect Discovery).\n *\n * Use this when you need the authorization server metadata for operations outside the\n * {@linkcode auth} orchestrator, such as token refresh or token revocation.\n *\n * @param serverUrl - The MCP resource server URL\n * @param opts - Optional configuration\n * @param opts.resourceMetadataUrl - Override URL for the protected resource metadata endpoint\n * @param opts.fetchFn - Custom fetch function for HTTP requests\n * @returns Authorization server URL, metadata, and resource metadata (if available)\n */\nexport async function discoverOAuthServerInfo(\n serverUrl: string | URL,\n opts?: {\n resourceMetadataUrl?: URL;\n fetchFn?: FetchLike;\n }\n): Promise {\n let resourceMetadata: OAuthProtectedResourceMetadata | undefined;\n let authorizationServerUrl: string | undefined;\n\n try {\n resourceMetadata = await discoverOAuthProtectedResourceMetadata(\n serverUrl,\n { resourceMetadataUrl: opts?.resourceMetadataUrl },\n opts?.fetchFn\n );\n if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {\n authorizationServerUrl = resourceMetadata.authorization_servers[0];\n }\n } catch {\n // RFC 9728 not supported -- fall back to treating the server URL as the authorization server\n }\n\n // If we don't get a valid authorization server from protected resource metadata,\n // fall back to the legacy MCP spec behavior: MCP server base URL acts as the authorization server\n if (!authorizationServerUrl) {\n authorizationServerUrl = String(new URL('/', serverUrl));\n }\n\n const authorizationServerMetadata = await discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn: opts?.fetchFn });\n\n return {\n authorizationServerUrl,\n authorizationServerMetadata,\n resourceMetadata\n };\n}\n\n/**\n * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.\n */\nexport async function startAuthorization(\n authorizationServerUrl: string | URL,\n {\n metadata,\n clientInformation,\n redirectUrl,\n scope,\n state,\n resource\n }: {\n metadata?: AuthorizationServerMetadata;\n clientInformation: OAuthClientInformationMixed;\n redirectUrl: string | URL;\n scope?: string;\n state?: string;\n resource?: URL;\n }\n): Promise<{ authorizationUrl: URL; codeVerifier: string }> {\n let authorizationUrl: URL;\n if (metadata) {\n authorizationUrl = new URL(metadata.authorization_endpoint);\n\n if (!metadata.response_types_supported.includes(AUTHORIZATION_CODE_RESPONSE_TYPE)) {\n throw new Error(`Incompatible auth server: does not support response type ${AUTHORIZATION_CODE_RESPONSE_TYPE}`);\n }\n\n if (\n metadata.code_challenge_methods_supported &&\n !metadata.code_challenge_methods_supported.includes(AUTHORIZATION_CODE_CHALLENGE_METHOD)\n ) {\n throw new Error(`Incompatible auth server: does not support code challenge method ${AUTHORIZATION_CODE_CHALLENGE_METHOD}`);\n }\n } else {\n authorizationUrl = new URL('/authorize', authorizationServerUrl);\n }\n\n // Generate PKCE challenge\n const challenge = await pkceChallenge();\n const codeVerifier = challenge.code_verifier;\n const codeChallenge = challenge.code_challenge;\n\n authorizationUrl.searchParams.set('response_type', AUTHORIZATION_CODE_RESPONSE_TYPE);\n authorizationUrl.searchParams.set('client_id', clientInformation.client_id);\n authorizationUrl.searchParams.set('code_challenge', codeChallenge);\n authorizationUrl.searchParams.set('code_challenge_method', AUTHORIZATION_CODE_CHALLENGE_METHOD);\n authorizationUrl.searchParams.set('redirect_uri', String(redirectUrl));\n\n if (state) {\n authorizationUrl.searchParams.set('state', state);\n }\n\n if (scope) {\n authorizationUrl.searchParams.set('scope', scope);\n }\n\n if (scope?.includes('offline_access')) {\n // if the request includes the OIDC-only \"offline_access\" scope,\n // we need to set the prompt to \"consent\" to ensure the user is prompted to grant offline access\n // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess\n authorizationUrl.searchParams.append('prompt', 'consent');\n }\n\n if (resource) {\n authorizationUrl.searchParams.set('resource', resource.href);\n }\n\n return { authorizationUrl, codeVerifier };\n}\n\n/**\n * Prepares token request parameters for an authorization code exchange.\n *\n * This is the default implementation used by {@linkcode fetchToken} when the provider\n * doesn't implement {@linkcode OAuthClientProvider.prepareTokenRequest | prepareTokenRequest}.\n *\n * @param authorizationCode - The authorization code received from the authorization endpoint\n * @param codeVerifier - The PKCE code verifier\n * @param redirectUri - The redirect URI used in the authorization request\n * @returns URLSearchParams for the `authorization_code` grant\n */\nexport function prepareAuthorizationCodeRequest(\n authorizationCode: string,\n codeVerifier: string,\n redirectUri: string | URL\n): URLSearchParams {\n return new URLSearchParams({\n grant_type: 'authorization_code',\n code: authorizationCode,\n code_verifier: codeVerifier,\n redirect_uri: String(redirectUri)\n });\n}\n\n/**\n * Internal helper to execute a token request with the given parameters.\n * Used by {@linkcode exchangeAuthorization}, {@linkcode refreshAuthorization}, and {@linkcode fetchToken}.\n */\nasync function executeTokenRequest(\n authorizationServerUrl: string | URL,\n {\n metadata,\n tokenRequestParams,\n clientInformation,\n addClientAuthentication,\n resource,\n fetchFn\n }: {\n metadata?: AuthorizationServerMetadata;\n tokenRequestParams: URLSearchParams;\n clientInformation?: OAuthClientInformationMixed;\n addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];\n resource?: URL;\n fetchFn?: FetchLike;\n }\n): Promise {\n const tokenUrl = metadata?.token_endpoint ? new URL(metadata.token_endpoint) : new URL('/token', authorizationServerUrl);\n\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded',\n Accept: 'application/json'\n });\n\n if (resource) {\n tokenRequestParams.set('resource', resource.href);\n }\n\n if (addClientAuthentication) {\n await addClientAuthentication(headers, tokenRequestParams, tokenUrl, metadata);\n } else if (clientInformation) {\n const supportedMethods = metadata?.token_endpoint_auth_methods_supported ?? [];\n const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);\n applyClientAuthentication(authMethod, clientInformation as OAuthClientInformation, headers, tokenRequestParams);\n }\n\n const response = await (fetchFn ?? fetch)(tokenUrl, {\n method: 'POST',\n headers,\n body: tokenRequestParams\n });\n\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n\n const json: unknown = await response.json();\n\n try {\n return OAuthTokensSchema.parse(json);\n } catch (parseError) {\n // Some OAuth servers (e.g., GitHub) return error responses with HTTP 200 status.\n // Check for error field only if token parsing failed.\n if (typeof json === 'object' && json !== null && 'error' in json) {\n throw await parseErrorResponse(JSON.stringify(json));\n }\n throw parseError;\n }\n}\n\n/**\n * Exchanges an authorization code for an access token with the given server.\n *\n * Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Falls back to appropriate defaults when server metadata is unavailable\n *\n * @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, auth code, etc.\n * @returns Promise resolving to OAuth tokens\n * @throws {Error} When token exchange fails or authentication is invalid\n */\nexport async function exchangeAuthorization(\n authorizationServerUrl: string | URL,\n {\n metadata,\n clientInformation,\n authorizationCode,\n codeVerifier,\n redirectUri,\n resource,\n addClientAuthentication,\n fetchFn\n }: {\n metadata?: AuthorizationServerMetadata;\n clientInformation: OAuthClientInformationMixed;\n authorizationCode: string;\n codeVerifier: string;\n redirectUri: string | URL;\n resource?: URL;\n addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];\n fetchFn?: FetchLike;\n }\n): Promise {\n const tokenRequestParams = prepareAuthorizationCodeRequest(authorizationCode, codeVerifier, redirectUri);\n\n return executeTokenRequest(authorizationServerUrl, {\n metadata,\n tokenRequestParams,\n clientInformation,\n addClientAuthentication,\n resource,\n fetchFn\n });\n}\n\n/**\n * Exchange a refresh token for an updated access token.\n *\n * Supports multiple client authentication methods as specified in OAuth 2.1:\n * - Automatically selects the best authentication method based on server support\n * - Preserves the original refresh token if a new one is not returned\n *\n * @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration object containing client info, refresh token, etc.\n * @returns Promise resolving to OAuth tokens (preserves original `refresh_token` if not replaced)\n * @throws {Error} When token refresh fails or authentication is invalid\n */\nexport async function refreshAuthorization(\n authorizationServerUrl: string | URL,\n {\n metadata,\n clientInformation,\n refreshToken,\n resource,\n addClientAuthentication,\n fetchFn\n }: {\n metadata?: AuthorizationServerMetadata;\n clientInformation: OAuthClientInformationMixed;\n refreshToken: string;\n resource?: URL;\n addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];\n fetchFn?: FetchLike;\n }\n): Promise {\n const tokenRequestParams = new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken\n });\n\n const tokens = await executeTokenRequest(authorizationServerUrl, {\n metadata,\n tokenRequestParams,\n clientInformation,\n addClientAuthentication,\n resource,\n fetchFn\n });\n\n // Preserve original refresh token if server didn't return a new one\n return { refresh_token: refreshToken, ...tokens };\n}\n\n/**\n * Unified token fetching that works with any grant type via {@linkcode OAuthClientProvider.prepareTokenRequest | prepareTokenRequest()}.\n *\n * This function provides a single entry point for obtaining tokens regardless of the\n * OAuth grant type. The provider's `prepareTokenRequest()` method determines which grant\n * to use and supplies the grant-specific parameters.\n *\n * @param provider - OAuth client provider that implements `prepareTokenRequest()`\n * @param authorizationServerUrl - The authorization server's base URL\n * @param options - Configuration for the token request\n * @returns Promise resolving to OAuth tokens\n * @throws {Error} When provider doesn't implement `prepareTokenRequest` or token fetch fails\n *\n * @example\n * ```ts source=\"./auth.examples.ts#fetchToken_clientCredentials\"\n * // Provider for client_credentials:\n * class MyProvider extends MyProviderBase implements OAuthClientProvider {\n * prepareTokenRequest(scope?: string) {\n * const params = new URLSearchParams({ grant_type: 'client_credentials' });\n * if (scope) params.set('scope', scope);\n * return params;\n * }\n * }\n *\n * const tokens = await fetchToken(new MyProvider(), authServerUrl, { metadata });\n * ```\n */\nexport async function fetchToken(\n provider: OAuthClientProvider,\n authorizationServerUrl: string | URL,\n {\n metadata,\n resource,\n authorizationCode,\n scope,\n fetchFn\n }: {\n metadata?: AuthorizationServerMetadata;\n resource?: URL;\n /** Authorization code for the default `authorization_code` grant flow */\n authorizationCode?: string;\n /** Optional scope parameter from auth() options */\n scope?: string;\n fetchFn?: FetchLike;\n } = {}\n): Promise {\n // Prefer scope from options, fallback to provider.clientMetadata.scope\n const effectiveScope = scope ?? provider.clientMetadata.scope;\n\n // Use provider's prepareTokenRequest if available, otherwise fall back to authorization_code\n let tokenRequestParams: URLSearchParams | undefined;\n if (provider.prepareTokenRequest) {\n tokenRequestParams = await provider.prepareTokenRequest(effectiveScope);\n }\n\n // Default to authorization_code grant if no custom prepareTokenRequest\n if (!tokenRequestParams) {\n if (!authorizationCode) {\n throw new Error('Either provider.prepareTokenRequest() or authorizationCode is required');\n }\n if (!provider.redirectUrl) {\n throw new Error('redirectUrl is required for authorization_code flow');\n }\n const codeVerifier = await provider.codeVerifier();\n tokenRequestParams = prepareAuthorizationCodeRequest(authorizationCode, codeVerifier, provider.redirectUrl);\n }\n\n const clientInformation = await provider.clientInformation();\n\n return executeTokenRequest(authorizationServerUrl, {\n metadata,\n tokenRequestParams,\n clientInformation: clientInformation ?? undefined,\n addClientAuthentication: provider.addClientAuthentication,\n resource,\n fetchFn\n });\n}\n\n/**\n * Performs OAuth 2.0 Dynamic Client Registration according to\n * {@link https://datatracker.ietf.org/doc/html/rfc7591 | RFC 7591}.\n *\n * If `scope` is provided, it overrides `clientMetadata.scope` in the registration\n * request body. This allows callers to apply the Scope Selection Strategy (SEP-835)\n * consistently across both DCR and the subsequent authorization request.\n */\nexport async function registerClient(\n authorizationServerUrl: string | URL,\n {\n metadata,\n clientMetadata,\n scope,\n fetchFn\n }: {\n metadata?: AuthorizationServerMetadata;\n clientMetadata: OAuthClientMetadata;\n scope?: string;\n fetchFn?: FetchLike;\n }\n): Promise {\n let registrationUrl: URL;\n\n if (metadata) {\n if (!metadata.registration_endpoint) {\n throw new Error('Incompatible auth server: does not support dynamic client registration');\n }\n\n registrationUrl = new URL(metadata.registration_endpoint);\n } else {\n registrationUrl = new URL('/register', authorizationServerUrl);\n }\n\n const response = await (fetchFn ?? fetch)(registrationUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({\n ...clientMetadata,\n ...(scope === undefined ? {} : { scope })\n })\n });\n\n if (!response.ok) {\n throw await parseErrorResponse(response);\n }\n\n return OAuthClientInformationFullSchema.parse(await response.json());\n}\n" }, { "path": "packages/client/src/client/authExtensions.examples.ts", "content": "/**\n * Type-checked examples for `authExtensions.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { ClientCredentialsProvider, createPrivateKeyJwtAuth, PrivateKeyJwtProvider } from './authExtensions.js';\nimport { StreamableHTTPClientTransport } from './streamableHttp.js';\n\n/**\n * Example: Creating a private key JWT authentication function.\n */\nfunction createPrivateKeyJwtAuth_basicUsage(pemEncodedPrivateKey: string) {\n //#region createPrivateKeyJwtAuth_basicUsage\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'my-client',\n subject: 'my-client',\n privateKey: pemEncodedPrivateKey,\n alg: 'RS256'\n });\n // pass addClientAuth as provider.addClientAuthentication implementation\n //#endregion createPrivateKeyJwtAuth_basicUsage\n return addClientAuth;\n}\n\n/**\n * Example: Using ClientCredentialsProvider for OAuth client credentials flow.\n */\nfunction ClientCredentialsProvider_basicUsage(serverUrl: URL) {\n //#region ClientCredentialsProvider_basicUsage\n const provider = new ClientCredentialsProvider({\n clientId: 'my-client',\n clientSecret: 'my-secret'\n });\n\n const transport = new StreamableHTTPClientTransport(serverUrl, {\n authProvider: provider\n });\n //#endregion ClientCredentialsProvider_basicUsage\n return transport;\n}\n\n/**\n * Example: Using PrivateKeyJwtProvider for OAuth with private key JWT.\n */\nfunction PrivateKeyJwtProvider_basicUsage(pemEncodedPrivateKey: string, serverUrl: URL) {\n //#region PrivateKeyJwtProvider_basicUsage\n const provider = new PrivateKeyJwtProvider({\n clientId: 'my-client',\n privateKey: pemEncodedPrivateKey,\n algorithm: 'RS256'\n });\n\n const transport = new StreamableHTTPClientTransport(serverUrl, {\n authProvider: provider\n });\n //#endregion PrivateKeyJwtProvider_basicUsage\n return transport;\n}\n" }, { "path": "packages/client/src/client/authExtensions.ts", "content": "/**\n * OAuth provider extensions for specialized authentication flows.\n *\n * This module provides ready-to-use {@linkcode OAuthClientProvider} implementations\n * for common machine-to-machine authentication scenarios.\n */\n\nimport type { FetchLike, OAuthClientInformation, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/core';\nimport type { CryptoKey, JWK } from 'jose';\n\nimport type { AddClientAuthentication, OAuthClientProvider } from './auth.js';\n\n/**\n * Helper to produce a `private_key_jwt` client authentication function.\n *\n * @example\n * ```ts source=\"./authExtensions.examples.ts#createPrivateKeyJwtAuth_basicUsage\"\n * const addClientAuth = createPrivateKeyJwtAuth({\n * issuer: 'my-client',\n * subject: 'my-client',\n * privateKey: pemEncodedPrivateKey,\n * alg: 'RS256'\n * });\n * // pass addClientAuth as provider.addClientAuthentication implementation\n * ```\n */\nexport function createPrivateKeyJwtAuth(options: {\n issuer: string;\n subject: string;\n privateKey: string | Uint8Array | Record;\n alg: string;\n audience?: string | URL;\n lifetimeSeconds?: number;\n claims?: Record;\n}): AddClientAuthentication {\n return async (_headers, params, url, metadata) => {\n // Lazy import to avoid heavy dependency unless used\n if (globalThis.crypto === undefined) {\n throw new TypeError(\n 'crypto is not available, please ensure you have Web Crypto API support for older Node.js versions (see https://github.com/modelcontextprotocol/typescript-sdk#nodejs-web-crypto-globalthiscrypto-compatibility)'\n );\n }\n\n const jose = await import('jose');\n\n const audience = String(options.audience ?? metadata?.issuer ?? url);\n const lifetimeSeconds = options.lifetimeSeconds ?? 300;\n\n const now = Math.floor(Date.now() / 1000);\n const jti = `${Date.now()}-${Math.random().toString(36).slice(2)}`;\n\n const baseClaims = {\n iss: options.issuer,\n sub: options.subject,\n aud: audience,\n exp: now + lifetimeSeconds,\n iat: now,\n jti\n };\n const claims = options.claims ? { ...baseClaims, ...options.claims } : baseClaims;\n\n // Import key for the requested algorithm\n const alg = options.alg;\n let key: unknown;\n if (typeof options.privateKey === 'string') {\n if (alg.startsWith('RS') || alg.startsWith('ES') || alg.startsWith('PS')) {\n key = await jose.importPKCS8(options.privateKey, alg);\n } else if (alg.startsWith('HS')) {\n key = new TextEncoder().encode(options.privateKey);\n } else {\n throw new Error(`Unsupported algorithm ${alg}`);\n }\n } else if (options.privateKey instanceof Uint8Array) {\n // Assume PKCS#8 DER in Uint8Array for asymmetric algorithms\n key = alg.startsWith('HS') ? options.privateKey : await jose.importPKCS8(new TextDecoder().decode(options.privateKey), alg);\n } else {\n // Treat as JWK\n key = await jose.importJWK(options.privateKey as JWK, alg);\n }\n\n // Sign JWT\n const assertion = await new jose.SignJWT(claims)\n .setProtectedHeader({ alg, typ: 'JWT' })\n .setIssuer(options.issuer)\n .setSubject(options.subject)\n .setAudience(audience)\n .setIssuedAt(now)\n .setExpirationTime(now + lifetimeSeconds)\n .setJti(jti)\n .sign(key as unknown as Uint8Array | CryptoKey);\n\n params.set('client_assertion', assertion);\n params.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n };\n}\n\n/**\n * Options for creating a {@linkcode ClientCredentialsProvider}.\n */\nexport interface ClientCredentialsProviderOptions {\n /**\n * The `client_id` for this OAuth client.\n */\n clientId: string;\n\n /**\n * The `client_secret` for `client_secret_basic` authentication.\n */\n clientSecret: string;\n\n /**\n * Optional client name for metadata.\n */\n clientName?: string;\n}\n\n/**\n * OAuth provider for `client_credentials` grant with `client_secret_basic` authentication.\n *\n * This provider is designed for machine-to-machine authentication where\n * the client authenticates using a `client_id` and `client_secret`.\n *\n * @example\n * ```ts source=\"./authExtensions.examples.ts#ClientCredentialsProvider_basicUsage\"\n * const provider = new ClientCredentialsProvider({\n * clientId: 'my-client',\n * clientSecret: 'my-secret'\n * });\n *\n * const transport = new StreamableHTTPClientTransport(serverUrl, {\n * authProvider: provider\n * });\n * ```\n */\nexport class ClientCredentialsProvider implements OAuthClientProvider {\n private _tokens?: OAuthTokens;\n private _clientInfo: OAuthClientInformation;\n private _clientMetadata: OAuthClientMetadata;\n\n constructor(options: ClientCredentialsProviderOptions) {\n this._clientInfo = {\n client_id: options.clientId,\n client_secret: options.clientSecret\n };\n this._clientMetadata = {\n client_name: options.clientName ?? 'client-credentials-client',\n redirect_uris: [],\n grant_types: ['client_credentials'],\n token_endpoint_auth_method: 'client_secret_basic'\n };\n }\n\n get redirectUrl(): undefined {\n return undefined;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n clientInformation(): OAuthClientInformation {\n return this._clientInfo;\n }\n\n saveClientInformation(info: OAuthClientInformation): void {\n this._clientInfo = info;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n redirectToAuthorization(): void {\n throw new Error('redirectToAuthorization is not used for client_credentials flow');\n }\n\n saveCodeVerifier(): void {\n // Not used for client_credentials\n }\n\n codeVerifier(): string {\n throw new Error('codeVerifier is not used for client_credentials flow');\n }\n\n prepareTokenRequest(scope?: string): URLSearchParams {\n const params = new URLSearchParams({ grant_type: 'client_credentials' });\n if (scope) params.set('scope', scope);\n return params;\n }\n}\n\n/**\n * Options for creating a {@linkcode PrivateKeyJwtProvider}.\n */\nexport interface PrivateKeyJwtProviderOptions {\n /**\n * The `client_id` for this OAuth client.\n */\n clientId: string;\n\n /**\n * The private key for signing JWT assertions.\n * Can be a PEM string, Uint8Array, or JWK object.\n */\n privateKey: string | Uint8Array | Record;\n\n /**\n * The algorithm to use for signing (e.g., 'RS256', 'ES256').\n */\n algorithm: string;\n\n /**\n * Optional client name for metadata.\n */\n clientName?: string;\n\n /**\n * Optional JWT lifetime in seconds (default: 300).\n */\n jwtLifetimeSeconds?: number;\n}\n\n/**\n * OAuth provider for `client_credentials` grant with `private_key_jwt` authentication.\n *\n * This provider is designed for machine-to-machine authentication where\n * the client authenticates using a signed JWT assertion\n * ({@link https://datatracker.ietf.org/doc/html/rfc7523#section-2.2 | RFC 7523 Section 2.2}).\n *\n * @example\n * ```ts source=\"./authExtensions.examples.ts#PrivateKeyJwtProvider_basicUsage\"\n * const provider = new PrivateKeyJwtProvider({\n * clientId: 'my-client',\n * privateKey: pemEncodedPrivateKey,\n * algorithm: 'RS256'\n * });\n *\n * const transport = new StreamableHTTPClientTransport(serverUrl, {\n * authProvider: provider\n * });\n * ```\n */\nexport class PrivateKeyJwtProvider implements OAuthClientProvider {\n private _tokens?: OAuthTokens;\n private _clientInfo: OAuthClientInformation;\n private _clientMetadata: OAuthClientMetadata;\n addClientAuthentication: AddClientAuthentication;\n\n constructor(options: PrivateKeyJwtProviderOptions) {\n this._clientInfo = {\n client_id: options.clientId\n };\n this._clientMetadata = {\n client_name: options.clientName ?? 'private-key-jwt-client',\n redirect_uris: [],\n grant_types: ['client_credentials'],\n token_endpoint_auth_method: 'private_key_jwt'\n };\n this.addClientAuthentication = createPrivateKeyJwtAuth({\n issuer: options.clientId,\n subject: options.clientId,\n privateKey: options.privateKey,\n alg: options.algorithm,\n lifetimeSeconds: options.jwtLifetimeSeconds\n });\n }\n\n get redirectUrl(): undefined {\n return undefined;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n clientInformation(): OAuthClientInformation {\n return this._clientInfo;\n }\n\n saveClientInformation(info: OAuthClientInformation): void {\n this._clientInfo = info;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n redirectToAuthorization(): void {\n throw new Error('redirectToAuthorization is not used for client_credentials flow');\n }\n\n saveCodeVerifier(): void {\n // Not used for client_credentials\n }\n\n codeVerifier(): string {\n throw new Error('codeVerifier is not used for client_credentials flow');\n }\n\n prepareTokenRequest(scope?: string): URLSearchParams {\n const params = new URLSearchParams({ grant_type: 'client_credentials' });\n if (scope) params.set('scope', scope);\n return params;\n }\n}\n\n/**\n * Options for creating a {@linkcode StaticPrivateKeyJwtProvider}.\n */\nexport interface StaticPrivateKeyJwtProviderOptions {\n /**\n * The `client_id` for this OAuth client.\n */\n clientId: string;\n\n /**\n * A pre-built JWT client assertion to use for authentication.\n *\n * This token should already contain the appropriate claims\n * (`iss`, `sub`, `aud`, `exp`, etc.) and be signed by the client's key.\n */\n jwtBearerAssertion: string;\n\n /**\n * Optional client name for metadata.\n */\n clientName?: string;\n}\n\n/**\n * OAuth provider for `client_credentials` grant with a static `private_key_jwt` assertion.\n *\n * This provider mirrors {@linkcode PrivateKeyJwtProvider} but instead of constructing and\n * signing a JWT on each request, it accepts a pre-built JWT assertion string and\n * uses it directly for authentication.\n */\nexport class StaticPrivateKeyJwtProvider implements OAuthClientProvider {\n private _tokens?: OAuthTokens;\n private _clientInfo: OAuthClientInformation;\n private _clientMetadata: OAuthClientMetadata;\n addClientAuthentication: AddClientAuthentication;\n\n constructor(options: StaticPrivateKeyJwtProviderOptions) {\n this._clientInfo = {\n client_id: options.clientId\n };\n this._clientMetadata = {\n client_name: options.clientName ?? 'static-private-key-jwt-client',\n redirect_uris: [],\n grant_types: ['client_credentials'],\n token_endpoint_auth_method: 'private_key_jwt'\n };\n\n const assertion = options.jwtBearerAssertion;\n this.addClientAuthentication = async (_headers, params) => {\n params.set('client_assertion', assertion);\n params.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n };\n }\n\n get redirectUrl(): undefined {\n return undefined;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n clientInformation(): OAuthClientInformation {\n return this._clientInfo;\n }\n\n saveClientInformation(info: OAuthClientInformation): void {\n this._clientInfo = info;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n redirectToAuthorization(): void {\n throw new Error('redirectToAuthorization is not used for client_credentials flow');\n }\n\n saveCodeVerifier(): void {\n // Not used for client_credentials\n }\n\n codeVerifier(): string {\n throw new Error('codeVerifier is not used for client_credentials flow');\n }\n\n prepareTokenRequest(scope?: string): URLSearchParams {\n const params = new URLSearchParams({ grant_type: 'client_credentials' });\n if (scope) params.set('scope', scope);\n return params;\n }\n}\n\n/**\n * Context provided to the assertion callback in {@linkcode CrossAppAccessProvider}.\n * Contains orchestrator-discovered information needed for JWT Authorization Grant requests.\n */\nexport interface CrossAppAccessContext {\n /**\n * The authorization server URL of the target MCP server.\n * Discovered via RFC 9728 protected resource metadata.\n */\n authorizationServerUrl: string;\n\n /**\n * The resource URL of the target MCP server.\n * Discovered via RFC 9728 protected resource metadata.\n */\n resourceUrl: string;\n\n /**\n * Optional scope being requested for the MCP server.\n */\n scope?: string;\n\n /**\n * Fetch function to use for HTTP requests (e.g., for IdP token exchange).\n */\n fetchFn: FetchLike;\n}\n\n/**\n * Callback function type that provides a JWT Authorization Grant (ID-JAG).\n *\n * The callback receives context about the target MCP server (authorization server URL,\n * resource URL, scope) and should return a JWT Authorization Grant that will be used\n * to obtain an access token from the MCP server.\n */\nexport type AssertionCallback = (context: CrossAppAccessContext) => string | Promise;\n\n/**\n * Options for creating a {@linkcode CrossAppAccessProvider}.\n */\nexport interface CrossAppAccessProviderOptions {\n /**\n * Callback function that provides a JWT Authorization Grant (ID-JAG).\n *\n * The callback receives the MCP server's authorization server URL, resource URL,\n * and requested scope, and should return a JWT Authorization Grant obtained from\n * the enterprise IdP via RFC 8693 token exchange.\n *\n * You can use the utility functions from the `crossAppAccess` module\n * for standard flows, or implement custom logic.\n *\n * @example\n * ```ts\n * assertion: async (ctx) => {\n * const result = await discoverAndRequestJwtAuthGrant({\n * idpUrl: 'https://idp.example.com',\n * audience: ctx.authorizationServerUrl,\n * resource: ctx.resourceUrl,\n * idToken: await getIdToken(),\n * clientId: 'my-idp-client',\n * clientSecret: 'my-idp-secret',\n * scope: ctx.scope,\n * fetchFn: ctx.fetchFn\n * });\n * return result.jwtAuthGrant;\n * }\n * ```\n */\n assertion: AssertionCallback;\n\n /**\n * The `client_id` registered with the MCP server's authorization server.\n */\n clientId: string;\n\n /**\n * The `client_secret` for authenticating with the MCP server's authorization server.\n */\n clientSecret: string;\n\n /**\n * Optional client name for metadata.\n */\n clientName?: string;\n\n /**\n * Custom fetch implementation. Defaults to global fetch.\n */\n fetchFn?: FetchLike;\n}\n\n/**\n * OAuth provider for Cross-App Access (Enterprise Managed Authorization) using JWT Authorization Grant.\n *\n * This provider implements the Enterprise Managed Authorization flow (SEP-990) where:\n * 1. User authenticates with an enterprise IdP and the client obtains an ID Token\n * 2. Client exchanges the ID Token for a JWT Authorization Grant (ID-JAG) via RFC 8693 token exchange\n * 3. Client uses the JAG to obtain an access token from the MCP server via RFC 7523 JWT bearer grant\n *\n * The provider handles steps 2-3 automatically, with the JAG acquisition delegated to\n * a callback function that you provide. This allows flexibility in how you obtain and\n * cache ID Tokens from the IdP.\n *\n * @see https://github.com/modelcontextprotocol/ext-auth/blob/main/specification/draft/enterprise-managed-authorization.mdx\n *\n * @example\n * ```ts\n * const provider = new CrossAppAccessProvider({\n * assertion: async (ctx) => {\n * const result = await discoverAndRequestJwtAuthGrant({\n * idpUrl: 'https://idp.example.com',\n * audience: ctx.authorizationServerUrl,\n * resource: ctx.resourceUrl,\n * idToken: await getIdToken(), // Your function to get ID token\n * clientId: 'my-idp-client',\n * clientSecret: 'my-idp-secret',\n * scope: ctx.scope,\n * fetchFn: ctx.fetchFn\n * });\n * return result.jwtAuthGrant;\n * },\n * clientId: 'my-mcp-client',\n * clientSecret: 'my-mcp-secret'\n * });\n *\n * const transport = new StreamableHTTPClientTransport(serverUrl, {\n * authProvider: provider\n * });\n * ```\n */\nexport class CrossAppAccessProvider implements OAuthClientProvider {\n private _tokens?: OAuthTokens;\n private _clientInfo: OAuthClientInformation;\n private _clientMetadata: OAuthClientMetadata;\n private _assertionCallback: AssertionCallback;\n private _fetchFn: FetchLike;\n private _authorizationServerUrl?: string;\n private _resourceUrl?: string;\n private _scope?: string;\n\n constructor(options: CrossAppAccessProviderOptions) {\n this._clientInfo = {\n client_id: options.clientId,\n client_secret: options.clientSecret\n };\n this._clientMetadata = {\n client_name: options.clientName ?? 'cross-app-access-client',\n redirect_uris: [],\n grant_types: ['urn:ietf:params:oauth:grant-type:jwt-bearer'],\n token_endpoint_auth_method: 'client_secret_basic'\n };\n this._assertionCallback = options.assertion;\n this._fetchFn = options.fetchFn ?? fetch;\n }\n\n get redirectUrl(): undefined {\n return undefined;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n clientInformation(): OAuthClientInformation {\n return this._clientInfo;\n }\n\n saveClientInformation(info: OAuthClientInformation): void {\n this._clientInfo = info;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n redirectToAuthorization(): void {\n throw new Error('redirectToAuthorization is not used for jwt-bearer flow');\n }\n\n saveCodeVerifier(): void {\n // Not used for jwt-bearer\n }\n\n codeVerifier(): string {\n throw new Error('codeVerifier is not used for jwt-bearer flow');\n }\n\n /**\n * Saves the authorization server URL discovered during OAuth flow.\n * This is called by the auth() function after RFC 9728 discovery.\n */\n saveAuthorizationServerUrl?(authorizationServerUrl: string): void {\n this._authorizationServerUrl = authorizationServerUrl;\n }\n\n /**\n * Returns the cached authorization server URL if available.\n */\n authorizationServerUrl?(): string | undefined {\n return this._authorizationServerUrl;\n }\n\n /**\n * Saves the resource URL discovered during OAuth flow.\n * This is called by the auth() function after RFC 9728 discovery.\n */\n saveResourceUrl?(resourceUrl: string): void {\n this._resourceUrl = resourceUrl;\n }\n\n /**\n * Returns the cached resource URL if available.\n */\n resourceUrl?(): string | undefined {\n return this._resourceUrl;\n }\n\n async prepareTokenRequest(scope?: string): Promise {\n // Get the authorization server URL and resource URL from cached state\n const authServerUrl = this._authorizationServerUrl;\n const resourceUrl = this._resourceUrl;\n\n if (!authServerUrl) {\n throw new Error('Authorization server URL not available. Ensure auth() has been called first.');\n }\n\n if (!resourceUrl) {\n throw new Error(\n 'Resource URL not available — server may not implement RFC 9728 ' +\n 'Protected Resource Metadata (required for Cross-App Access), or ' +\n 'auth() has not been called'\n );\n }\n\n // Store scope for assertion callback\n this._scope = scope;\n\n // Call the assertion callback to get the JWT Authorization Grant\n const jwtAuthGrant = await this._assertionCallback({\n authorizationServerUrl: authServerUrl,\n resourceUrl: resourceUrl,\n scope: this._scope,\n fetchFn: this._fetchFn\n });\n\n // Return params for JWT bearer grant per RFC 7523\n const params = new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',\n assertion: jwtAuthGrant\n });\n\n if (scope) {\n params.set('scope', scope);\n }\n\n return params;\n }\n}\n" }, { "path": "packages/client/src/client/client.examples.ts", "content": "/**\n * Type-checked examples for `client.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { Prompt, Resource, Tool } from '@modelcontextprotocol/core';\n\nimport { Client } from './client.js';\nimport { SSEClientTransport } from './sse.js';\nimport { StdioClientTransport } from './stdio.js';\nimport { StreamableHTTPClientTransport } from './streamableHttp.js';\n\n/**\n * Example: Using listChanged to automatically track tool and prompt updates.\n */\nfunction ClientOptions_listChanged() {\n //#region ClientOptions_listChanged\n const client = new Client(\n { name: 'my-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n onChanged: (error, tools) => {\n if (error) {\n console.error('Failed to refresh tools:', error);\n return;\n }\n console.log('Tools updated:', tools);\n }\n },\n prompts: {\n onChanged: (error, prompts) => console.log('Prompts updated:', prompts)\n }\n }\n }\n );\n //#endregion ClientOptions_listChanged\n return client;\n}\n\n/**\n * Example: Connect to a local server process over stdio.\n */\nasync function Client_connect_stdio() {\n //#region Client_connect_stdio\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new StdioClientTransport({ command: 'my-mcp-server' });\n await client.connect(transport);\n //#endregion Client_connect_stdio\n return client;\n}\n\n/**\n * Example: Connect with Streamable HTTP, falling back to legacy SSE.\n */\nasync function Client_connect_sseFallback(url: string) {\n //#region Client_connect_sseFallback\n const baseUrl = new URL(url);\n\n try {\n // Try modern Streamable HTTP transport first\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n } catch {\n // Fall back to legacy SSE transport\n const client = new Client({ name: 'my-client', version: '1.0.0' });\n const transport = new SSEClientTransport(baseUrl);\n await client.connect(transport);\n return { client, transport };\n }\n //#endregion Client_connect_sseFallback\n}\n\n/**\n * Example: Call a tool on the connected server.\n */\nasync function Client_callTool_basic(client: Client) {\n //#region Client_callTool_basic\n const result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n });\n\n // Tool-level errors are returned in the result, not thrown\n if (result.isError) {\n console.error('Tool error:', result.content);\n return;\n }\n\n console.log(result.content);\n //#endregion Client_callTool_basic\n}\n\n/**\n * Example: Access machine-readable structured output from a tool call.\n */\nasync function Client_callTool_structuredOutput(client: Client) {\n //#region Client_callTool_structuredOutput\n const result = await client.callTool({\n name: 'calculate-bmi',\n arguments: { weightKg: 70, heightM: 1.75 }\n });\n\n // Machine-readable output for the client application\n if (result.structuredContent) {\n console.log(result.structuredContent); // e.g. { bmi: 22.86 }\n }\n //#endregion Client_callTool_structuredOutput\n}\n\n/**\n * Example: Handle a sampling request from the server.\n */\nfunction Client_setRequestHandler_sampling(client: Client) {\n //#region Client_setRequestHandler_sampling\n client.setRequestHandler('sampling/createMessage', async request => {\n const lastMessage = request.params.messages.at(-1);\n console.log('Sampling request:', lastMessage);\n\n // In production, send messages to your LLM here\n return {\n model: 'my-model',\n role: 'assistant' as const,\n content: {\n type: 'text' as const,\n text: 'Response from the model'\n }\n };\n });\n //#endregion Client_setRequestHandler_sampling\n}\n\n/**\n * Example: List tools with cursor-based pagination.\n */\nasync function Client_listTools_pagination(client: Client) {\n //#region Client_listTools_pagination\n const allTools: Tool[] = [];\n let cursor: string | undefined;\n do {\n const { tools, nextCursor } = await client.listTools({ cursor });\n allTools.push(...tools);\n cursor = nextCursor;\n } while (cursor);\n console.log(\n 'Available tools:',\n allTools.map(t => t.name)\n );\n //#endregion Client_listTools_pagination\n}\n\n/**\n * Example: List prompts with cursor-based pagination.\n */\nasync function Client_listPrompts_pagination(client: Client) {\n //#region Client_listPrompts_pagination\n const allPrompts: Prompt[] = [];\n let cursor: string | undefined;\n do {\n const { prompts, nextCursor } = await client.listPrompts({ cursor });\n allPrompts.push(...prompts);\n cursor = nextCursor;\n } while (cursor);\n console.log(\n 'Available prompts:',\n allPrompts.map(p => p.name)\n );\n //#endregion Client_listPrompts_pagination\n}\n\n/**\n * Example: List resources with cursor-based pagination.\n */\nasync function Client_listResources_pagination(client: Client) {\n //#region Client_listResources_pagination\n const allResources: Resource[] = [];\n let cursor: string | undefined;\n do {\n const { resources, nextCursor } = await client.listResources({ cursor });\n allResources.push(...resources);\n cursor = nextCursor;\n } while (cursor);\n console.log(\n 'Available resources:',\n allResources.map(r => r.name)\n );\n //#endregion Client_listResources_pagination\n}\n" }, { "path": "packages/client/src/client/client.ts", "content": "import { DefaultJsonSchemaValidator } from '@modelcontextprotocol/client/_shims';\nimport type {\n BaseContext,\n CallToolRequest,\n ClientCapabilities,\n ClientContext,\n ClientNotification,\n ClientRequest,\n ClientResult,\n CompleteRequest,\n GetPromptRequest,\n Implementation,\n JsonSchemaType,\n JsonSchemaValidator,\n jsonSchemaValidator,\n ListChangedHandlers,\n ListChangedOptions,\n ListPromptsRequest,\n ListResourcesRequest,\n ListResourceTemplatesRequest,\n ListToolsRequest,\n LoggingLevel,\n MessageExtraInfo,\n NotificationMethod,\n ProtocolOptions,\n ReadResourceRequest,\n RequestMethod,\n RequestOptions,\n RequestTypeMap,\n ResultTypeMap,\n ServerCapabilities,\n SubscribeRequest,\n Tool,\n Transport,\n UnsubscribeRequest\n} from '@modelcontextprotocol/core';\nimport {\n assertClientRequestTaskCapability,\n assertToolsCallTaskCapability,\n CallToolResultSchema,\n CompleteResultSchema,\n CreateMessageRequestSchema,\n CreateMessageResultSchema,\n CreateMessageResultWithToolsSchema,\n CreateTaskResultSchema,\n ElicitRequestSchema,\n ElicitResultSchema,\n EmptyResultSchema,\n GetPromptResultSchema,\n InitializeResultSchema,\n LATEST_PROTOCOL_VERSION,\n ListChangedOptionsBaseSchema,\n ListPromptsResultSchema,\n ListResourcesResultSchema,\n ListResourceTemplatesResultSchema,\n ListToolsResultSchema,\n mergeCapabilities,\n parseSchema,\n Protocol,\n ProtocolError,\n ProtocolErrorCode,\n ReadResourceResultSchema,\n SdkError,\n SdkErrorCode\n} from '@modelcontextprotocol/core';\n\nimport { ExperimentalClientTasks } from '../experimental/tasks/client.js';\n\n/**\n * Elicitation default application helper. Applies defaults to the `data` based on the `schema`.\n *\n * @param schema - The schema to apply defaults to.\n * @param data - The data to apply defaults to.\n */\nfunction applyElicitationDefaults(schema: JsonSchemaType | undefined, data: unknown): void {\n if (!schema || data === null || typeof data !== 'object') return;\n\n // Handle object properties\n if (schema.type === 'object' && schema.properties && typeof schema.properties === 'object') {\n const obj = data as Record;\n const props = schema.properties as Record;\n for (const key of Object.keys(props)) {\n const propSchema = props[key]!;\n // If missing or explicitly undefined, apply default if present\n if (obj[key] === undefined && Object.prototype.hasOwnProperty.call(propSchema, 'default')) {\n obj[key] = propSchema.default;\n }\n // Recurse into existing nested objects/arrays\n if (obj[key] !== undefined) {\n applyElicitationDefaults(propSchema, obj[key]);\n }\n }\n }\n\n if (Array.isArray(schema.anyOf)) {\n for (const sub of schema.anyOf) {\n // Skip boolean schemas (true/false are valid JSON Schemas but have no defaults)\n if (typeof sub !== 'boolean') {\n applyElicitationDefaults(sub, data);\n }\n }\n }\n\n // Combine schemas\n if (Array.isArray(schema.oneOf)) {\n for (const sub of schema.oneOf) {\n // Skip boolean schemas (true/false are valid JSON Schemas but have no defaults)\n if (typeof sub !== 'boolean') {\n applyElicitationDefaults(sub, data);\n }\n }\n }\n}\n\n/**\n * Determines which elicitation modes are supported based on declared client capabilities.\n *\n * According to the spec:\n * - An empty elicitation capability object defaults to form mode support (backwards compatibility)\n * - URL mode is only supported if explicitly declared\n *\n * @param capabilities - The client's elicitation capabilities\n * @returns An object indicating which modes are supported\n */\nexport function getSupportedElicitationModes(capabilities: ClientCapabilities['elicitation']): {\n supportsFormMode: boolean;\n supportsUrlMode: boolean;\n} {\n if (!capabilities) {\n return { supportsFormMode: false, supportsUrlMode: false };\n }\n\n const hasFormCapability = capabilities.form !== undefined;\n const hasUrlCapability = capabilities.url !== undefined;\n\n // If neither form nor url are explicitly declared, form mode is supported (backwards compatibility)\n const supportsFormMode = hasFormCapability || (!hasFormCapability && !hasUrlCapability);\n const supportsUrlMode = hasUrlCapability;\n\n return { supportsFormMode, supportsUrlMode };\n}\n\nexport type ClientOptions = ProtocolOptions & {\n /**\n * Capabilities to advertise as being supported by this client.\n */\n capabilities?: ClientCapabilities;\n\n /**\n * JSON Schema validator for tool output validation.\n *\n * The validator is used to validate structured content returned by tools\n * against their declared output schemas.\n *\n * @default {@linkcode DefaultJsonSchemaValidator} ({@linkcode index.AjvJsonSchemaValidator | AjvJsonSchemaValidator} on Node.js, {@linkcode index.CfWorkerJsonSchemaValidator | CfWorkerJsonSchemaValidator} on Cloudflare Workers)\n */\n jsonSchemaValidator?: jsonSchemaValidator;\n\n /**\n * Configure handlers for list changed notifications (tools, prompts, resources).\n *\n * @example\n * ```ts source=\"./client.examples.ts#ClientOptions_listChanged\"\n * const client = new Client(\n * { name: 'my-client', version: '1.0.0' },\n * {\n * listChanged: {\n * tools: {\n * onChanged: (error, tools) => {\n * if (error) {\n * console.error('Failed to refresh tools:', error);\n * return;\n * }\n * console.log('Tools updated:', tools);\n * }\n * },\n * prompts: {\n * onChanged: (error, prompts) => console.log('Prompts updated:', prompts)\n * }\n * }\n * }\n * );\n * ```\n */\n listChanged?: ListChangedHandlers;\n};\n\n/**\n * An MCP client on top of a pluggable transport.\n *\n * The client will automatically begin the initialization flow with the server when {@linkcode connect} is called.\n *\n */\nexport class Client extends Protocol {\n private _serverCapabilities?: ServerCapabilities;\n private _serverVersion?: Implementation;\n private _capabilities: ClientCapabilities;\n private _instructions?: string;\n private _jsonSchemaValidator: jsonSchemaValidator;\n private _cachedToolOutputValidators: Map> = new Map();\n private _cachedKnownTaskTools: Set = new Set();\n private _cachedRequiredTaskTools: Set = new Set();\n private _experimental?: { tasks: ExperimentalClientTasks };\n private _listChangedDebounceTimers: Map> = new Map();\n private _pendingListChangedConfig?: ListChangedHandlers;\n private _enforceStrictCapabilities: boolean;\n\n /**\n * Initializes this client with the given name and version information.\n */\n constructor(\n private _clientInfo: Implementation,\n options?: ClientOptions\n ) {\n super(options);\n this._capabilities = options?.capabilities ?? {};\n this._jsonSchemaValidator = options?.jsonSchemaValidator ?? new DefaultJsonSchemaValidator();\n this._enforceStrictCapabilities = options?.enforceStrictCapabilities ?? false;\n\n // Store list changed config for setup after connection (when we know server capabilities)\n if (options?.listChanged) {\n this._pendingListChangedConfig = options.listChanged;\n }\n }\n\n protected override buildContext(ctx: BaseContext, _transportInfo?: MessageExtraInfo): ClientContext {\n return ctx;\n }\n\n /**\n * Set up handlers for list changed notifications based on config and server capabilities.\n * This should only be called after initialization when server capabilities are known.\n * Handlers are silently skipped if the server doesn't advertise the corresponding listChanged capability.\n * @internal\n */\n private _setupListChangedHandlers(config: ListChangedHandlers): void {\n if (config.tools && this._serverCapabilities?.tools?.listChanged) {\n this._setupListChangedHandler('tools', 'notifications/tools/list_changed', config.tools, async () => {\n const result = await this.listTools();\n return result.tools;\n });\n }\n\n if (config.prompts && this._serverCapabilities?.prompts?.listChanged) {\n this._setupListChangedHandler('prompts', 'notifications/prompts/list_changed', config.prompts, async () => {\n const result = await this.listPrompts();\n return result.prompts;\n });\n }\n\n if (config.resources && this._serverCapabilities?.resources?.listChanged) {\n this._setupListChangedHandler('resources', 'notifications/resources/list_changed', config.resources, async () => {\n const result = await this.listResources();\n return result.resources;\n });\n }\n }\n\n /**\n * Access experimental features.\n *\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n get experimental(): { tasks: ExperimentalClientTasks } {\n if (!this._experimental) {\n this._experimental = {\n tasks: new ExperimentalClientTasks(this)\n };\n }\n return this._experimental;\n }\n\n /**\n * Registers new capabilities. This can only be called before connecting to a transport.\n *\n * The new capabilities will be merged with any existing capabilities previously given (e.g., at initialization).\n */\n public registerCapabilities(capabilities: ClientCapabilities): void {\n if (this.transport) {\n throw new Error('Cannot register capabilities after connecting to transport');\n }\n\n this._capabilities = mergeCapabilities(this._capabilities, capabilities);\n }\n\n /**\n * Registers a handler for server-initiated requests (sampling, elicitation, roots).\n * The client must declare the corresponding capability for the handler to be accepted.\n * Replaces any previously registered handler for the same method.\n *\n * For `sampling/createMessage` and `elicitation/create`, the handler is automatically\n * wrapped with schema validation for both the incoming request and the returned result.\n *\n * @example Handling a sampling request\n * ```ts source=\"./client.examples.ts#Client_setRequestHandler_sampling\"\n * client.setRequestHandler('sampling/createMessage', async request => {\n * const lastMessage = request.params.messages.at(-1);\n * console.log('Sampling request:', lastMessage);\n *\n * // In production, send messages to your LLM here\n * return {\n * model: 'my-model',\n * role: 'assistant' as const,\n * content: {\n * type: 'text' as const,\n * text: 'Response from the model'\n * }\n * };\n * });\n * ```\n */\n public override setRequestHandler(\n method: M,\n handler: (request: RequestTypeMap[M], ctx: ClientContext) => ResultTypeMap[M] | Promise\n ): void {\n if (method === 'elicitation/create') {\n const wrappedHandler = async (request: RequestTypeMap[M], ctx: ClientContext): Promise => {\n const validatedRequest = parseSchema(ElicitRequestSchema, request);\n if (!validatedRequest.success) {\n // Type guard: if success is false, error is guaranteed to exist\n const errorMessage =\n validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid elicitation request: ${errorMessage}`);\n }\n\n const { params } = validatedRequest.data;\n params.mode = params.mode ?? 'form';\n const { supportsFormMode, supportsUrlMode } = getSupportedElicitationModes(this._capabilities.elicitation);\n\n if (params.mode === 'form' && !supportsFormMode) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, 'Client does not support form-mode elicitation requests');\n }\n\n if (params.mode === 'url' && !supportsUrlMode) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, 'Client does not support URL-mode elicitation requests');\n }\n\n const result = await Promise.resolve(handler(request, ctx));\n\n // When task creation is requested, validate and return CreateTaskResult\n if (params.task) {\n const taskValidationResult = parseSchema(CreateTaskResultSchema, result);\n if (!taskValidationResult.success) {\n const errorMessage =\n taskValidationResult.error instanceof Error\n ? taskValidationResult.error.message\n : String(taskValidationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid task creation result: ${errorMessage}`);\n }\n return taskValidationResult.data;\n }\n\n // For non-task requests, validate against ElicitResultSchema\n const validationResult = parseSchema(ElicitResultSchema, result);\n if (!validationResult.success) {\n // Type guard: if success is false, error is guaranteed to exist\n const errorMessage =\n validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid elicitation result: ${errorMessage}`);\n }\n\n const validatedResult = validationResult.data;\n const requestedSchema = params.mode === 'form' ? (params.requestedSchema as JsonSchemaType) : undefined;\n\n if (\n params.mode === 'form' &&\n validatedResult.action === 'accept' &&\n validatedResult.content &&\n requestedSchema &&\n this._capabilities.elicitation?.form?.applyDefaults\n ) {\n try {\n applyElicitationDefaults(requestedSchema, validatedResult.content);\n } catch {\n // gracefully ignore errors in default application\n }\n }\n\n return validatedResult;\n };\n\n // Install the wrapped handler\n return super.setRequestHandler(method, wrappedHandler);\n }\n\n if (method === 'sampling/createMessage') {\n const wrappedHandler = async (request: RequestTypeMap[M], ctx: ClientContext): Promise => {\n const validatedRequest = parseSchema(CreateMessageRequestSchema, request);\n if (!validatedRequest.success) {\n const errorMessage =\n validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid sampling request: ${errorMessage}`);\n }\n\n const { params } = validatedRequest.data;\n\n const result = await Promise.resolve(handler(request, ctx));\n\n // When task creation is requested, validate and return CreateTaskResult\n if (params.task) {\n const taskValidationResult = parseSchema(CreateTaskResultSchema, result);\n if (!taskValidationResult.success) {\n const errorMessage =\n taskValidationResult.error instanceof Error\n ? taskValidationResult.error.message\n : String(taskValidationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid task creation result: ${errorMessage}`);\n }\n return taskValidationResult.data;\n }\n\n // For non-task requests, validate against appropriate schema based on tools presence\n const hasTools = params.tools || params.toolChoice;\n const resultSchema = hasTools ? CreateMessageResultWithToolsSchema : CreateMessageResultSchema;\n const validationResult = parseSchema(resultSchema, result);\n if (!validationResult.success) {\n const errorMessage =\n validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid sampling result: ${errorMessage}`);\n }\n\n return validationResult.data;\n };\n\n // Install the wrapped handler\n return super.setRequestHandler(method, wrappedHandler);\n }\n\n // Other handlers use default behavior\n return super.setRequestHandler(method, handler);\n }\n\n protected assertCapability(capability: keyof ServerCapabilities, method: string): void {\n if (!this._serverCapabilities?.[capability]) {\n throw new Error(`Server does not support ${capability} (required for ${method})`);\n }\n }\n\n /**\n * Connects to a server via the given transport and performs the MCP initialization handshake.\n *\n * @example Basic usage (stdio)\n * ```ts source=\"./client.examples.ts#Client_connect_stdio\"\n * const client = new Client({ name: 'my-client', version: '1.0.0' });\n * const transport = new StdioClientTransport({ command: 'my-mcp-server' });\n * await client.connect(transport);\n * ```\n *\n * @example Streamable HTTP with SSE fallback\n * ```ts source=\"./client.examples.ts#Client_connect_sseFallback\"\n * const baseUrl = new URL(url);\n *\n * try {\n * // Try modern Streamable HTTP transport first\n * const client = new Client({ name: 'my-client', version: '1.0.0' });\n * const transport = new StreamableHTTPClientTransport(baseUrl);\n * await client.connect(transport);\n * return { client, transport };\n * } catch {\n * // Fall back to legacy SSE transport\n * const client = new Client({ name: 'my-client', version: '1.0.0' });\n * const transport = new SSEClientTransport(baseUrl);\n * await client.connect(transport);\n * return { client, transport };\n * }\n * ```\n */\n override async connect(transport: Transport, options?: RequestOptions): Promise {\n await super.connect(transport);\n // When transport sessionId is already set this means we are trying to reconnect.\n // In this case we don't need to initialize again.\n if (transport.sessionId !== undefined) {\n return;\n }\n try {\n const result = await this._requestWithSchema(\n {\n method: 'initialize',\n params: {\n protocolVersion: this._supportedProtocolVersions[0] ?? LATEST_PROTOCOL_VERSION,\n capabilities: this._capabilities,\n clientInfo: this._clientInfo\n }\n },\n InitializeResultSchema,\n options\n );\n\n if (result === undefined) {\n throw new Error(`Server sent invalid initialize result: ${result}`);\n }\n\n if (!this._supportedProtocolVersions.includes(result.protocolVersion)) {\n throw new Error(`Server's protocol version is not supported: ${result.protocolVersion}`);\n }\n\n this._serverCapabilities = result.capabilities;\n this._serverVersion = result.serverInfo;\n // HTTP transports must set the protocol version in each header after initialization.\n if (transport.setProtocolVersion) {\n transport.setProtocolVersion(result.protocolVersion);\n }\n\n this._instructions = result.instructions;\n\n await this.notification({\n method: 'notifications/initialized'\n });\n\n // Set up list changed handlers now that we know server capabilities\n if (this._pendingListChangedConfig) {\n this._setupListChangedHandlers(this._pendingListChangedConfig);\n this._pendingListChangedConfig = undefined;\n }\n } catch (error) {\n // Disconnect if initialization fails.\n void this.close();\n throw error;\n }\n }\n\n /**\n * After initialization has completed, this will be populated with the server's reported capabilities.\n */\n getServerCapabilities(): ServerCapabilities | undefined {\n return this._serverCapabilities;\n }\n\n /**\n * After initialization has completed, this will be populated with information about the server's name and version.\n */\n getServerVersion(): Implementation | undefined {\n return this._serverVersion;\n }\n\n /**\n * After initialization has completed, this may be populated with information about the server's instructions.\n */\n getInstructions(): string | undefined {\n return this._instructions;\n }\n\n protected assertCapabilityForMethod(method: RequestMethod): void {\n switch (method as ClientRequest['method']) {\n case 'logging/setLevel': {\n if (!this._serverCapabilities?.logging) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support logging (required for ${method})`);\n }\n break;\n }\n\n case 'prompts/get':\n case 'prompts/list': {\n if (!this._serverCapabilities?.prompts) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support prompts (required for ${method})`);\n }\n break;\n }\n\n case 'resources/list':\n case 'resources/templates/list':\n case 'resources/read':\n case 'resources/subscribe':\n case 'resources/unsubscribe': {\n if (!this._serverCapabilities?.resources) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support resources (required for ${method})`);\n }\n\n if (method === 'resources/subscribe' && !this._serverCapabilities.resources.subscribe) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Server does not support resource subscriptions (required for ${method})`\n );\n }\n\n break;\n }\n\n case 'tools/call':\n case 'tools/list': {\n if (!this._serverCapabilities?.tools) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support tools (required for ${method})`);\n }\n break;\n }\n\n case 'completion/complete': {\n if (!this._serverCapabilities?.completions) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support completions (required for ${method})`);\n }\n break;\n }\n\n case 'initialize': {\n // No specific capability required for initialize\n break;\n }\n\n case 'ping': {\n // No specific capability required for ping\n break;\n }\n }\n }\n\n protected assertNotificationCapability(method: NotificationMethod): void {\n switch (method as ClientNotification['method']) {\n case 'notifications/roots/list_changed': {\n if (!this._capabilities.roots?.listChanged) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support roots list changed notifications (required for ${method})`\n );\n }\n break;\n }\n\n case 'notifications/initialized': {\n // No specific capability required for initialized\n break;\n }\n\n case 'notifications/cancelled': {\n // Cancellation notifications are always allowed\n break;\n }\n\n case 'notifications/progress': {\n // Progress notifications are always allowed\n break;\n }\n }\n }\n\n protected assertRequestHandlerCapability(method: string): void {\n // Task handlers are registered in Protocol constructor before _capabilities is initialized\n // Skip capability check for task methods during initialization\n if (!this._capabilities) {\n return;\n }\n\n switch (method) {\n case 'sampling/createMessage': {\n if (!this._capabilities.sampling) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support sampling capability (required for ${method})`\n );\n }\n break;\n }\n\n case 'elicitation/create': {\n if (!this._capabilities.elicitation) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support elicitation capability (required for ${method})`\n );\n }\n break;\n }\n\n case 'roots/list': {\n if (!this._capabilities.roots) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support roots capability (required for ${method})`\n );\n }\n break;\n }\n\n case 'tasks/get':\n case 'tasks/list':\n case 'tasks/result':\n case 'tasks/cancel': {\n if (!this._capabilities.tasks) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support tasks capability (required for ${method})`\n );\n }\n break;\n }\n\n case 'ping': {\n // No specific capability required for ping\n break;\n }\n }\n }\n\n protected assertTaskCapability(method: string): void {\n assertToolsCallTaskCapability(this._serverCapabilities?.tasks?.requests, method, 'Server');\n }\n\n protected assertTaskHandlerCapability(method: string): void {\n // Task handlers are registered in Protocol constructor before _capabilities is initialized\n // Skip capability check for task methods during initialization\n if (!this._capabilities) {\n return;\n }\n\n assertClientRequestTaskCapability(this._capabilities.tasks?.requests, method, 'Client');\n }\n\n /** Sends a ping to the server to check connectivity. */\n async ping(options?: RequestOptions) {\n return this._requestWithSchema({ method: 'ping' }, EmptyResultSchema, options);\n }\n\n /** Requests argument autocompletion suggestions from the server for a prompt or resource. */\n async complete(params: CompleteRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'completion/complete', params }, CompleteResultSchema, options);\n }\n\n /** Sets the minimum severity level for log messages sent by the server. */\n async setLoggingLevel(level: LoggingLevel, options?: RequestOptions) {\n return this._requestWithSchema({ method: 'logging/setLevel', params: { level } }, EmptyResultSchema, options);\n }\n\n /** Retrieves a prompt by name from the server, passing the given arguments for template substitution. */\n async getPrompt(params: GetPromptRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'prompts/get', params }, GetPromptResultSchema, options);\n }\n\n /**\n * Lists available prompts. Results may be paginated — loop on `nextCursor` to collect all pages.\n *\n * Returns an empty list if the server does not advertise prompts capability\n * (or throws if {@linkcode ClientOptions.enforceStrictCapabilities} is enabled).\n *\n * @example\n * ```ts source=\"./client.examples.ts#Client_listPrompts_pagination\"\n * const allPrompts: Prompt[] = [];\n * let cursor: string | undefined;\n * do {\n * const { prompts, nextCursor } = await client.listPrompts({ cursor });\n * allPrompts.push(...prompts);\n * cursor = nextCursor;\n * } while (cursor);\n * console.log(\n * 'Available prompts:',\n * allPrompts.map(p => p.name)\n * );\n * ```\n */\n async listPrompts(params?: ListPromptsRequest['params'], options?: RequestOptions) {\n if (!this._serverCapabilities?.prompts && !this._enforceStrictCapabilities) {\n // Respect capability negotiation: server does not support prompts\n console.debug('Client.listPrompts() called but server does not advertise prompts capability - returning empty list');\n return { prompts: [] };\n }\n return this._requestWithSchema({ method: 'prompts/list', params }, ListPromptsResultSchema, options);\n }\n\n /**\n * Lists available resources. Results may be paginated — loop on `nextCursor` to collect all pages.\n *\n * Returns an empty list if the server does not advertise resources capability\n * (or throws if {@linkcode ClientOptions.enforceStrictCapabilities} is enabled).\n *\n * @example\n * ```ts source=\"./client.examples.ts#Client_listResources_pagination\"\n * const allResources: Resource[] = [];\n * let cursor: string | undefined;\n * do {\n * const { resources, nextCursor } = await client.listResources({ cursor });\n * allResources.push(...resources);\n * cursor = nextCursor;\n * } while (cursor);\n * console.log(\n * 'Available resources:',\n * allResources.map(r => r.name)\n * );\n * ```\n */\n async listResources(params?: ListResourcesRequest['params'], options?: RequestOptions) {\n if (!this._serverCapabilities?.resources && !this._enforceStrictCapabilities) {\n // Respect capability negotiation: server does not support resources\n console.debug('Client.listResources() called but server does not advertise resources capability - returning empty list');\n return { resources: [] };\n }\n return this._requestWithSchema({ method: 'resources/list', params }, ListResourcesResultSchema, options);\n }\n\n /**\n * Lists available resource URI templates for dynamic resources. Results may be paginated — see {@linkcode listResources | listResources()} for the cursor pattern.\n *\n * Returns an empty list if the server does not advertise resources capability\n * (or throws if {@linkcode ClientOptions.enforceStrictCapabilities} is enabled).\n */\n async listResourceTemplates(params?: ListResourceTemplatesRequest['params'], options?: RequestOptions) {\n if (!this._serverCapabilities?.resources && !this._enforceStrictCapabilities) {\n // Respect capability negotiation: server does not support resources\n console.debug(\n 'Client.listResourceTemplates() called but server does not advertise resources capability - returning empty list'\n );\n return { resourceTemplates: [] };\n }\n return this._requestWithSchema({ method: 'resources/templates/list', params }, ListResourceTemplatesResultSchema, options);\n }\n\n /** Reads the contents of a resource by URI. */\n async readResource(params: ReadResourceRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'resources/read', params }, ReadResourceResultSchema, options);\n }\n\n /** Subscribes to change notifications for a resource. The server must support resource subscriptions. */\n async subscribeResource(params: SubscribeRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'resources/subscribe', params }, EmptyResultSchema, options);\n }\n\n /** Unsubscribes from change notifications for a resource. */\n async unsubscribeResource(params: UnsubscribeRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'resources/unsubscribe', params }, EmptyResultSchema, options);\n }\n\n /**\n * Calls a tool on the connected server and returns the result. Automatically validates structured output\n * if the tool has an `outputSchema`.\n *\n * Tool results have two error surfaces: `result.isError` for tool-level failures (the tool ran but reported\n * a problem), and thrown {@linkcode ProtocolError} for protocol-level failures or {@linkcode SdkError} for\n * SDK-level issues (timeouts, missing capabilities).\n *\n * For task-based execution with streaming behavior, use {@linkcode ExperimentalClientTasks.callToolStream | client.experimental.tasks.callToolStream()} instead.\n *\n * @example Basic usage\n * ```ts source=\"./client.examples.ts#Client_callTool_basic\"\n * const result = await client.callTool({\n * name: 'calculate-bmi',\n * arguments: { weightKg: 70, heightM: 1.75 }\n * });\n *\n * // Tool-level errors are returned in the result, not thrown\n * if (result.isError) {\n * console.error('Tool error:', result.content);\n * return;\n * }\n *\n * console.log(result.content);\n * ```\n *\n * @example Structured output\n * ```ts source=\"./client.examples.ts#Client_callTool_structuredOutput\"\n * const result = await client.callTool({\n * name: 'calculate-bmi',\n * arguments: { weightKg: 70, heightM: 1.75 }\n * });\n *\n * // Machine-readable output for the client application\n * if (result.structuredContent) {\n * console.log(result.structuredContent); // e.g. { bmi: 22.86 }\n * }\n * ```\n */\n async callTool(params: CallToolRequest['params'], options?: RequestOptions) {\n // Guard: required-task tools need experimental API\n if (this.isToolTaskRequired(params.name)) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidRequest,\n `Tool \"${params.name}\" requires task-based execution. Use client.experimental.tasks.callToolStream() instead.`\n );\n }\n\n const result = await this._requestWithSchema({ method: 'tools/call', params }, CallToolResultSchema, options);\n\n // Check if the tool has an outputSchema\n const validator = this.getToolOutputValidator(params.name);\n if (validator) {\n // If tool has outputSchema, it MUST return structuredContent (unless it's an error)\n if (!result.structuredContent && !result.isError) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidRequest,\n `Tool ${params.name} has an output schema but did not return structured content`\n );\n }\n\n // Only validate structured content if present (not when there's an error)\n if (result.structuredContent) {\n try {\n // Validate the structured content against the schema\n const validationResult = validator(result.structuredContent);\n\n if (!validationResult.valid) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Structured content does not match the tool's output schema: ${validationResult.errorMessage}`\n );\n }\n } catch (error) {\n if (error instanceof ProtocolError) {\n throw error;\n }\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Failed to validate structured content: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n }\n }\n\n return result;\n }\n\n private isToolTask(toolName: string): boolean {\n if (!this._serverCapabilities?.tasks?.requests?.tools?.call) {\n return false;\n }\n\n return this._cachedKnownTaskTools.has(toolName);\n }\n\n /**\n * Check if a tool requires task-based execution.\n * Unlike {@linkcode isToolTask} which includes `'optional'` tools, this only checks for `'required'`.\n */\n private isToolTaskRequired(toolName: string): boolean {\n return this._cachedRequiredTaskTools.has(toolName);\n }\n\n /**\n * Cache validators for tool output schemas.\n * Called after {@linkcode listTools | listTools()} to pre-compile validators for better performance.\n */\n private cacheToolMetadata(tools: Tool[]): void {\n this._cachedToolOutputValidators.clear();\n this._cachedKnownTaskTools.clear();\n this._cachedRequiredTaskTools.clear();\n\n for (const tool of tools) {\n // If the tool has an outputSchema, create and cache the validator\n if (tool.outputSchema) {\n const toolValidator = this._jsonSchemaValidator.getValidator(tool.outputSchema as JsonSchemaType);\n this._cachedToolOutputValidators.set(tool.name, toolValidator);\n }\n\n // If the tool supports task-based execution, cache that information\n const taskSupport = tool.execution?.taskSupport;\n if (taskSupport === 'required' || taskSupport === 'optional') {\n this._cachedKnownTaskTools.add(tool.name);\n }\n if (taskSupport === 'required') {\n this._cachedRequiredTaskTools.add(tool.name);\n }\n }\n }\n\n /**\n * Get cached validator for a tool\n */\n private getToolOutputValidator(toolName: string): JsonSchemaValidator | undefined {\n return this._cachedToolOutputValidators.get(toolName);\n }\n\n /**\n * Lists available tools. Results may be paginated — loop on `nextCursor` to collect all pages.\n *\n * Returns an empty list if the server does not advertise tools capability\n * (or throws if {@linkcode ClientOptions.enforceStrictCapabilities} is enabled).\n *\n * @example\n * ```ts source=\"./client.examples.ts#Client_listTools_pagination\"\n * const allTools: Tool[] = [];\n * let cursor: string | undefined;\n * do {\n * const { tools, nextCursor } = await client.listTools({ cursor });\n * allTools.push(...tools);\n * cursor = nextCursor;\n * } while (cursor);\n * console.log(\n * 'Available tools:',\n * allTools.map(t => t.name)\n * );\n * ```\n */\n async listTools(params?: ListToolsRequest['params'], options?: RequestOptions) {\n if (!this._serverCapabilities?.tools && !this._enforceStrictCapabilities) {\n // Respect capability negotiation: server does not support tools\n console.debug('Client.listTools() called but server does not advertise tools capability - returning empty list');\n return { tools: [] };\n }\n const result = await this._requestWithSchema({ method: 'tools/list', params }, ListToolsResultSchema, options);\n\n // Cache the tools and their output schemas for future validation\n this.cacheToolMetadata(result.tools);\n\n return result;\n }\n\n /**\n * Set up a single list changed handler.\n * @internal\n */\n private _setupListChangedHandler(\n listType: string,\n notificationMethod: NotificationMethod,\n options: ListChangedOptions,\n fetcher: () => Promise\n ): void {\n // Validate options using Zod schema (validates autoRefresh and debounceMs)\n const parseResult = parseSchema(ListChangedOptionsBaseSchema, options);\n if (!parseResult.success) {\n throw new Error(`Invalid ${listType} listChanged options: ${parseResult.error.message}`);\n }\n\n // Validate callback\n if (typeof options.onChanged !== 'function') {\n throw new TypeError(`Invalid ${listType} listChanged options: onChanged must be a function`);\n }\n\n const { autoRefresh, debounceMs } = parseResult.data;\n const { onChanged } = options;\n\n const refresh = async () => {\n if (!autoRefresh) {\n onChanged(null, null);\n return;\n }\n\n try {\n const items = await fetcher();\n onChanged(null, items);\n } catch (error) {\n const newError = error instanceof Error ? error : new Error(String(error));\n onChanged(newError, null);\n }\n };\n\n const handler = () => {\n if (debounceMs) {\n // Clear any pending debounce timer for this list type\n const existingTimer = this._listChangedDebounceTimers.get(listType);\n if (existingTimer) {\n clearTimeout(existingTimer);\n }\n\n // Set up debounced refresh\n const timer = setTimeout(refresh, debounceMs);\n this._listChangedDebounceTimers.set(listType, timer);\n } else {\n // No debounce, refresh immediately\n refresh();\n }\n };\n\n // Register notification handler\n this.setNotificationHandler(notificationMethod, handler);\n }\n\n /** Notifies the server that the client's root list has changed. Requires the `roots.listChanged` capability. */\n async sendRootsListChanged() {\n return this.notification({ method: 'notifications/roots/list_changed' });\n }\n}\n" }, { "path": "packages/client/src/client/crossAppAccess.ts", "content": "/**\n * Cross-App Access (Enterprise Managed Authorization) Layer 2 utilities.\n *\n * Provides standalone functions for RFC 8693 Token Exchange and RFC 7523 JWT Authorization Grant\n * flows as specified in the Enterprise Managed Authorization specification (SEP-990).\n *\n * @see https://github.com/modelcontextprotocol/ext-auth/blob/main/specification/draft/enterprise-managed-authorization.mdx\n * @module\n */\n\nimport type { FetchLike } from '@modelcontextprotocol/core';\nimport { IdJagTokenExchangeResponseSchema, OAuthErrorResponseSchema, OAuthTokensSchema } from '@modelcontextprotocol/core';\n\nimport type { ClientAuthMethod } from './auth.js';\nimport { applyClientAuthentication, discoverAuthorizationServerMetadata } from './auth.js';\n\n/**\n * Options for requesting a JWT Authorization Grant via RFC 8693 Token Exchange.\n */\nexport interface RequestJwtAuthGrantOptions {\n /**\n * The IdP's token endpoint URL where the token exchange request will be sent.\n */\n tokenEndpoint: string | URL;\n\n /**\n * The authorization server URL of the target MCP server (used as `audience` in the token exchange request).\n */\n audience: string | URL;\n\n /**\n * The resource identifier of the target MCP server (RFC 9728).\n */\n resource: string | URL;\n\n /**\n * The identity assertion (ID Token) from the enterprise IdP.\n * This should be the OpenID Connect ID Token obtained during user authentication.\n */\n idToken: string;\n\n /**\n * The client ID registered with the IdP for token exchange.\n */\n clientId: string;\n\n /**\n * The client secret for authenticating with the IdP.\n *\n * Optional: the IdP may register the MCP client as a public client. RFC 8693 does\n * not mandate confidential clients for token exchange. Omitting this parameter\n * omits `client_secret` from the request body.\n */\n clientSecret?: string;\n\n /**\n * Optional space-separated list of scopes to request for the target MCP server.\n */\n scope?: string;\n\n /**\n * Custom fetch implementation. Defaults to global fetch.\n */\n fetchFn?: FetchLike;\n}\n\n/**\n * Options for discovering the IdP's token endpoint and requesting a JWT Authorization Grant.\n * Extends {@linkcode RequestJwtAuthGrantOptions} with IdP discovery.\n */\nexport interface DiscoverAndRequestJwtAuthGrantOptions extends Omit {\n /**\n * The IdP's issuer URL for OAuth metadata discovery.\n * Will be used to discover the token endpoint via `.well-known/oauth-authorization-server`.\n */\n idpUrl: string | URL;\n}\n\n/**\n * Result from a successful JWT Authorization Grant token exchange.\n */\nexport interface JwtAuthGrantResult {\n /**\n * The JWT Authorization Grant (ID-JAG) that can be used to request an access token from the MCP server.\n */\n jwtAuthGrant: string;\n\n /**\n * Optional expiration time in seconds for the JWT Authorization Grant.\n */\n expiresIn?: number;\n\n /**\n * Optional scope granted by the IdP (may differ from requested scope).\n */\n scope?: string;\n}\n\n/**\n * Requests a JWT Authorization Grant (ID-JAG) from an enterprise IdP using RFC 8693 Token Exchange.\n *\n * This function performs step 2 of the Enterprise Managed Authorization flow:\n * exchanges an ID Token for a JWT Authorization Grant that can be used with the target MCP server.\n *\n * @param options - Configuration for the token exchange request\n * @returns The JWT Authorization Grant and related metadata\n * @throws {Error} If the token exchange fails or returns an error response\n *\n * @example\n * ```ts\n * const result = await requestJwtAuthorizationGrant({\n * tokenEndpoint: 'https://idp.example.com/token',\n * audience: 'https://auth.chat.example/',\n * resource: 'https://mcp.chat.example/',\n * idToken: 'eyJhbGciOiJS...',\n * clientId: 'my-idp-client',\n * clientSecret: 'my-idp-secret',\n * scope: 'chat.read chat.history'\n * });\n *\n * // Use result.jwtAuthGrant with the MCP server's authorization server\n * ```\n */\nexport async function requestJwtAuthorizationGrant(options: RequestJwtAuthGrantOptions): Promise {\n const { tokenEndpoint, audience, resource, idToken, clientId, clientSecret, scope, fetchFn = fetch } = options;\n\n // Prepare token exchange request per RFC 8693\n const params = new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',\n requested_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n audience: String(audience),\n resource: String(resource),\n subject_token: idToken,\n subject_token_type: 'urn:ietf:params:oauth:token-type:id_token',\n client_id: clientId\n });\n\n // Only include client_secret when provided — sending an empty/undefined secret\n // triggers `invalid_client` on strict IdPs that registered this as a public client.\n if (clientSecret) {\n params.set('client_secret', clientSecret);\n }\n\n if (scope) {\n params.set('scope', scope);\n }\n\n const response = await fetchFn(String(tokenEndpoint), {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded'\n },\n body: params.toString()\n });\n\n if (!response.ok) {\n const errorBody = await response.json().catch(() => ({}));\n\n // Try to parse as OAuth error response\n const parseResult = OAuthErrorResponseSchema.safeParse(errorBody);\n if (parseResult.success) {\n const { error, error_description } = parseResult.data;\n throw new Error(`Token exchange failed: ${error}${error_description ? ` - ${error_description}` : ''}`);\n }\n\n throw new Error(`Token exchange failed with status ${response.status}: ${JSON.stringify(errorBody)}`);\n }\n\n const parseResult = IdJagTokenExchangeResponseSchema.safeParse(await response.json());\n if (!parseResult.success) {\n throw new Error(`Invalid token exchange response: ${parseResult.error.message}`);\n }\n\n return {\n jwtAuthGrant: parseResult.data.access_token,\n expiresIn: parseResult.data.expires_in,\n scope: parseResult.data.scope\n };\n}\n\n/**\n * Discovers the IdP's token endpoint and requests a JWT Authorization Grant.\n *\n * This is a convenience wrapper around {@linkcode requestJwtAuthorizationGrant} that\n * first performs OAuth metadata discovery to find the token endpoint.\n *\n * @param options - Configuration including IdP URL for discovery\n * @returns The JWT Authorization Grant and related metadata\n * @throws {Error} If discovery fails or the token exchange fails\n *\n * @example\n * ```ts\n * const result = await discoverAndRequestJwtAuthGrant({\n * idpUrl: 'https://idp.example.com',\n * audience: 'https://auth.chat.example/',\n * resource: 'https://mcp.chat.example/',\n * idToken: await getIdToken(),\n * clientId: 'my-idp-client',\n * clientSecret: 'my-idp-secret'\n * });\n * ```\n */\nexport async function discoverAndRequestJwtAuthGrant(options: DiscoverAndRequestJwtAuthGrantOptions): Promise {\n const { idpUrl, fetchFn = fetch, ...restOptions } = options;\n\n // Discover IdP's authorization server metadata\n const metadata = await discoverAuthorizationServerMetadata(String(idpUrl), { fetchFn });\n\n if (!metadata?.token_endpoint) {\n throw new Error(`Failed to discover token endpoint for IdP: ${idpUrl}`);\n }\n\n // Perform token exchange\n return requestJwtAuthorizationGrant({\n ...restOptions,\n tokenEndpoint: metadata.token_endpoint,\n fetchFn\n });\n}\n\n/**\n * Exchanges a JWT Authorization Grant for an access token at the MCP server's authorization server.\n *\n * This function performs step 3 of the Enterprise Managed Authorization flow:\n * uses the JWT Authorization Grant to obtain an access token from the MCP server.\n *\n * @param options - Configuration for the JWT grant exchange\n * @returns OAuth tokens (access token, token type, etc.)\n * @throws {Error} If the exchange fails or returns an error response\n *\n * Defaults to `client_secret_basic` (HTTP Basic Authorization header), matching\n * `CrossAppAccessProvider`'s declared `token_endpoint_auth_method` and the\n * SEP-990 conformance test requirements. Use `authMethod: 'client_secret_post'` only\n * when the authorization server explicitly requires it.\n *\n * @example\n * ```ts\n * const tokens = await exchangeJwtAuthGrant({\n * tokenEndpoint: 'https://auth.chat.example/token',\n * jwtAuthGrant: 'eyJhbGci...',\n * clientId: 'my-mcp-client',\n * clientSecret: 'my-mcp-secret'\n * });\n *\n * // Use tokens.access_token to access the MCP server\n * ```\n */\nexport async function exchangeJwtAuthGrant(options: {\n tokenEndpoint: string | URL;\n jwtAuthGrant: string;\n clientId: string;\n clientSecret?: string;\n /**\n * Client authentication method. Defaults to `'client_secret_basic'` to align with\n * `CrossAppAccessProvider` and SEP-990 conformance requirements.\n * Callers with no `clientSecret` should pass `'none'` for public-client auth.\n */\n authMethod?: ClientAuthMethod;\n fetchFn?: FetchLike;\n}): Promise<{ access_token: string; token_type: string; expires_in?: number; scope?: string }> {\n const { tokenEndpoint, jwtAuthGrant, clientId, clientSecret, authMethod = 'client_secret_basic', fetchFn = fetch } = options;\n\n // Prepare JWT bearer grant request per RFC 7523\n const params = new URLSearchParams({\n grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',\n assertion: jwtAuthGrant\n });\n\n const headers = new Headers({\n 'Content-Type': 'application/x-www-form-urlencoded'\n });\n\n applyClientAuthentication(authMethod, { client_id: clientId, client_secret: clientSecret }, headers, params);\n\n const response = await fetchFn(String(tokenEndpoint), {\n method: 'POST',\n headers,\n body: params.toString()\n });\n\n if (!response.ok) {\n const errorBody = await response.json().catch(() => ({}));\n\n // Try to parse as OAuth error response\n const parseResult = OAuthErrorResponseSchema.safeParse(errorBody);\n if (parseResult.success) {\n const { error, error_description } = parseResult.data;\n throw new Error(`JWT grant exchange failed: ${error}${error_description ? ` - ${error_description}` : ''}`);\n }\n\n throw new Error(`JWT grant exchange failed with status ${response.status}: ${JSON.stringify(errorBody)}`);\n }\n\n const responseBody = await response.json();\n\n // Validate response using core schema\n const parseResult = OAuthTokensSchema.safeParse(responseBody);\n if (!parseResult.success) {\n throw new Error(`Invalid token response: ${parseResult.error.message}`);\n }\n\n return parseResult.data;\n}\n" }, { "path": "packages/client/src/client/middleware.examples.ts", "content": "/**\n * Type-checked examples for `middleware.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { Middleware } from './middleware.js';\nimport { applyMiddlewares, createMiddleware } from './middleware.js';\n\n// Stubs for hypothetical application middleware\ndeclare function withOAuth(provider: unknown, url: string): Middleware;\ndeclare function withLogging(opts: { statusLevel: number }): Middleware;\n\n// Stubs for hypothetical application cache\ndeclare function getFromCache(key: string): Promise;\ndeclare function saveToCache(key: string, value: string): Promise;\n\n/**\n * Example: Creating a middleware pipeline for OAuth and logging.\n */\nasync function applyMiddlewares_basicUsage(oauthProvider: unknown) {\n //#region applyMiddlewares_basicUsage\n // Create a middleware pipeline that handles both OAuth and logging\n const enhancedFetch = applyMiddlewares(withOAuth(oauthProvider, 'https://api.example.com'), withLogging({ statusLevel: 400 }))(fetch);\n\n // Use the enhanced fetch - it will handle auth and log errors\n const response = await enhancedFetch('https://api.example.com/data');\n //#endregion applyMiddlewares_basicUsage\n return response;\n}\n\n/**\n * Example: Creating various custom middlewares with createMiddleware.\n */\nfunction createMiddleware_examples() {\n //#region createMiddleware_examples\n // Create custom authentication middleware\n const customAuthMiddleware = createMiddleware(async (next, input, init) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Custom-Auth', 'my-token');\n\n const response = await next(input, { ...init, headers });\n\n if (response.status === 401) {\n console.log('Authentication failed');\n }\n\n return response;\n });\n\n // Create conditional middleware\n const conditionalMiddleware = createMiddleware(async (next, input, init) => {\n const url = typeof input === 'string' ? input : input.toString();\n\n // Only add headers for API routes\n if (url.includes('/api/')) {\n const headers = new Headers(init?.headers);\n headers.set('X-API-Version', 'v2');\n return next(input, { ...init, headers });\n }\n\n // Pass through for non-API routes\n return next(input, init);\n });\n\n // Create caching middleware\n const cacheMiddleware = createMiddleware(async (next, input, init) => {\n const cacheKey = typeof input === 'string' ? input : input.toString();\n\n // Check cache first\n const cached = await getFromCache(cacheKey);\n if (cached) {\n return new Response(cached, { status: 200 });\n }\n\n // Make request and cache result\n const response = await next(input, init);\n if (response.ok) {\n await saveToCache(cacheKey, await response.clone().text());\n }\n\n return response;\n });\n //#endregion createMiddleware_examples\n return { customAuthMiddleware, conditionalMiddleware, cacheMiddleware };\n}\n" }, { "path": "packages/client/src/client/middleware.ts", "content": "import type { FetchLike } from '@modelcontextprotocol/core';\n\nimport type { OAuthClientProvider } from './auth.js';\nimport { auth, extractWWWAuthenticateParams, UnauthorizedError } from './auth.js';\n\n/**\n * Middleware function that wraps and enhances fetch functionality.\n * Takes a fetch handler and returns an enhanced fetch handler.\n */\nexport type Middleware = (next: FetchLike) => FetchLike;\n\n/**\n * Creates a fetch wrapper that handles OAuth authentication automatically.\n *\n * This wrapper will:\n * - Add `Authorization` headers with access tokens\n * - Handle 401 responses by attempting re-authentication\n * - Retry the original request after successful auth\n * - Handle OAuth errors appropriately ({@linkcode index.OAuthErrorCode.InvalidClient | OAuthErrorCode.InvalidClient}, etc.)\n *\n * The `baseUrl` parameter is optional and defaults to using the domain from the request URL.\n * However, you should explicitly provide `baseUrl` when:\n * - Making requests to multiple subdomains (e.g., api.example.com, cdn.example.com)\n * - Using API paths that differ from OAuth discovery paths (e.g., requesting /api/v1/data but OAuth is at /)\n * - The OAuth server is on a different domain than your API requests\n * - You want to ensure consistent OAuth behavior regardless of request URLs\n *\n * For MCP transports, set `baseUrl` to the same URL you pass to the transport constructor.\n *\n * Note: This wrapper is designed for general-purpose fetch operations.\n * MCP transports (SSE and StreamableHTTP) already have built-in OAuth handling\n * and should not need this wrapper.\n *\n * @param provider - OAuth client provider for authentication\n * @param baseUrl - Base URL for OAuth server discovery (defaults to request URL domain)\n * @returns A fetch middleware function\n */\nexport const withOAuth =\n (provider: OAuthClientProvider, baseUrl?: string | URL): Middleware =>\n next => {\n return async (input, init) => {\n const makeRequest = async (): Promise => {\n const headers = new Headers(init?.headers);\n\n // Add authorization header if tokens are available\n const tokens = await provider.tokens();\n if (tokens) {\n headers.set('Authorization', `Bearer ${tokens.access_token}`);\n }\n\n return await next(input, { ...init, headers });\n };\n\n let response = await makeRequest();\n\n // Handle 401 responses by attempting re-authentication\n if (response.status === 401) {\n try {\n const { resourceMetadataUrl, scope } = extractWWWAuthenticateParams(response);\n\n // Use provided baseUrl or extract from request URL\n const serverUrl = baseUrl || (typeof input === 'string' ? new URL(input).origin : input.origin);\n\n const result = await auth(provider, {\n serverUrl,\n resourceMetadataUrl,\n scope,\n fetchFn: next\n });\n\n if (result === 'REDIRECT') {\n throw new UnauthorizedError('Authentication requires user authorization - redirect initiated');\n }\n\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError(`Authentication failed with result: ${result}`);\n }\n\n // Retry the request with fresh tokens\n response = await makeRequest();\n } catch (error) {\n if (error instanceof UnauthorizedError) {\n throw error;\n }\n throw new UnauthorizedError(`Failed to re-authenticate: ${error instanceof Error ? error.message : String(error)}`);\n }\n }\n\n // If we still have a 401 after re-auth attempt, throw an error\n if (response.status === 401) {\n const url = typeof input === 'string' ? input : input.toString();\n throw new UnauthorizedError(`Authentication failed for ${url}`);\n }\n\n return response;\n };\n };\n\n/**\n * Logger function type for HTTP requests\n */\nexport type RequestLogger = (input: {\n method: string;\n url: string | URL;\n status: number;\n statusText: string;\n duration: number;\n requestHeaders?: Headers;\n responseHeaders?: Headers;\n error?: Error;\n}) => void;\n\n/**\n * Configuration options for the logging middleware\n */\nexport type LoggingOptions = {\n /**\n * Custom logger function, defaults to console logging\n */\n logger?: RequestLogger;\n\n /**\n * Whether to include request headers in logs\n * @default false\n */\n includeRequestHeaders?: boolean;\n\n /**\n * Whether to include response headers in logs\n * @default false\n */\n includeResponseHeaders?: boolean;\n\n /**\n * Status level filter - only log requests with status >= this value\n * Set to `0` to log all requests, `400` to log only errors\n * @default 0\n */\n statusLevel?: number;\n};\n\n/**\n * Creates a fetch middleware that logs HTTP requests and responses.\n *\n * When called without arguments `withLogging()`, it uses the default logger that:\n * - Logs successful requests (2xx) to `console.log`\n * - Logs error responses (4xx/5xx) and network errors to `console.error`\n * - Logs all requests regardless of status (`statusLevel: 0`)\n * - Does not include request or response headers in logs\n * - Measures and displays request duration in milliseconds\n *\n * Important: the default logger uses both `console.log` and `console.error` so it should not be used with\n * `stdio` transports and applications.\n *\n * @param options - Logging configuration options\n * @returns A fetch middleware function\n */\nexport const withLogging = (options: LoggingOptions = {}): Middleware => {\n const { logger, includeRequestHeaders = false, includeResponseHeaders = false, statusLevel = 0 } = options;\n\n const defaultLogger: RequestLogger = input => {\n const { method, url, status, statusText, duration, requestHeaders, responseHeaders, error } = input;\n\n let message = error\n ? `HTTP ${method} ${url} failed: ${error.message} (${duration}ms)`\n : `HTTP ${method} ${url} ${status} ${statusText} (${duration}ms)`;\n\n // Add headers to message if requested\n if (includeRequestHeaders && requestHeaders) {\n const reqHeaders = [...requestHeaders.entries()].map(([key, value]) => `${key}: ${value}`).join(', ');\n message += `\\n Request Headers: {${reqHeaders}}`;\n }\n\n if (includeResponseHeaders && responseHeaders) {\n const resHeaders = [...responseHeaders.entries()].map(([key, value]) => `${key}: ${value}`).join(', ');\n message += `\\n Response Headers: {${resHeaders}}`;\n }\n\n if (error || status >= 400) {\n // eslint-disable-next-line no-console\n console.error(message);\n } else {\n // eslint-disable-next-line no-console\n console.log(message);\n }\n };\n\n const logFn = logger || defaultLogger;\n\n return next => async (input, init) => {\n const startTime = performance.now();\n const method = init?.method || 'GET';\n const url = typeof input === 'string' ? input : input.toString();\n const requestHeaders = includeRequestHeaders ? new Headers(init?.headers) : undefined;\n\n try {\n const response = await next(input, init);\n const duration = performance.now() - startTime;\n\n // Only log if status meets the log level threshold\n if (response.status >= statusLevel) {\n logFn({\n method,\n url,\n status: response.status,\n statusText: response.statusText,\n duration,\n requestHeaders,\n responseHeaders: includeResponseHeaders ? response.headers : undefined\n });\n }\n\n return response;\n } catch (error) {\n const duration = performance.now() - startTime;\n\n // Always log errors regardless of log level\n logFn({\n method,\n url,\n status: 0,\n statusText: 'Network Error',\n duration,\n requestHeaders,\n error: error as Error\n });\n\n throw error;\n }\n };\n};\n\n/**\n * Composes multiple fetch middleware functions into a single middleware pipeline.\n * Middleware are applied in the order they appear, creating a chain of handlers.\n *\n * @example\n * ```ts source=\"./middleware.examples.ts#applyMiddlewares_basicUsage\"\n * // Create a middleware pipeline that handles both OAuth and logging\n * const enhancedFetch = applyMiddlewares(withOAuth(oauthProvider, 'https://api.example.com'), withLogging({ statusLevel: 400 }))(fetch);\n *\n * // Use the enhanced fetch - it will handle auth and log errors\n * const response = await enhancedFetch('https://api.example.com/data');\n * ```\n *\n * @param middleware - Array of fetch middleware to compose into a pipeline\n * @returns A single composed middleware function\n */\nexport const applyMiddlewares = (...middleware: Middleware[]): Middleware => {\n return next => {\n let handler = next;\n for (const mw of middleware) {\n handler = mw(handler);\n }\n return handler;\n };\n};\n\n/**\n * Helper function to create custom fetch middleware with cleaner syntax.\n * Provides the next handler and request details as separate parameters for easier access.\n *\n * @example\n * ```ts source=\"./middleware.examples.ts#createMiddleware_examples\"\n * // Create custom authentication middleware\n * const customAuthMiddleware = createMiddleware(async (next, input, init) => {\n * const headers = new Headers(init?.headers);\n * headers.set('X-Custom-Auth', 'my-token');\n *\n * const response = await next(input, { ...init, headers });\n *\n * if (response.status === 401) {\n * console.log('Authentication failed');\n * }\n *\n * return response;\n * });\n *\n * // Create conditional middleware\n * const conditionalMiddleware = createMiddleware(async (next, input, init) => {\n * const url = typeof input === 'string' ? input : input.toString();\n *\n * // Only add headers for API routes\n * if (url.includes('/api/')) {\n * const headers = new Headers(init?.headers);\n * headers.set('X-API-Version', 'v2');\n * return next(input, { ...init, headers });\n * }\n *\n * // Pass through for non-API routes\n * return next(input, init);\n * });\n *\n * // Create caching middleware\n * const cacheMiddleware = createMiddleware(async (next, input, init) => {\n * const cacheKey = typeof input === 'string' ? input : input.toString();\n *\n * // Check cache first\n * const cached = await getFromCache(cacheKey);\n * if (cached) {\n * return new Response(cached, { status: 200 });\n * }\n *\n * // Make request and cache result\n * const response = await next(input, init);\n * if (response.ok) {\n * await saveToCache(cacheKey, await response.clone().text());\n * }\n *\n * return response;\n * });\n * ```\n *\n * @param handler - Function that receives the next handler and request parameters\n * @returns A fetch middleware function\n */\nexport const createMiddleware = (handler: (next: FetchLike, input: string | URL, init?: RequestInit) => Promise): Middleware => {\n return next => (input, init) => handler(next, input as string | URL, init);\n};\n" }, { "path": "packages/client/src/client/sse.ts", "content": "import type { FetchLike, JSONRPCMessage, Transport } from '@modelcontextprotocol/core';\nimport { createFetchWithInit, JSONRPCMessageSchema, normalizeHeaders, SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\nimport type { ErrorEvent, EventSourceInit } from 'eventsource';\nimport { EventSource } from 'eventsource';\n\nimport type { AuthResult, OAuthClientProvider } from './auth.js';\nimport { auth, extractWWWAuthenticateParams, UnauthorizedError } from './auth.js';\n\nexport class SseError extends Error {\n constructor(\n public readonly code: number | undefined,\n message: string | undefined,\n public readonly event: ErrorEvent\n ) {\n super(`SSE error: ${message}`);\n }\n}\n\n/**\n * Configuration options for the {@linkcode SSEClientTransport}.\n */\nexport type SSEClientTransportOptions = {\n /**\n * An OAuth client provider to use for authentication.\n *\n * When an `authProvider` is specified and the SSE connection is started:\n * 1. The connection is attempted with any existing access token from the `authProvider`.\n * 2. If the access token has expired, the `authProvider` is used to refresh the token.\n * 3. If token refresh fails or no access token exists, and auth is required, {@linkcode OAuthClientProvider.redirectToAuthorization} is called, and an {@linkcode UnauthorizedError} will be thrown from {@linkcode index.Protocol.connect | connect}/{@linkcode SSEClientTransport.start | start}.\n *\n * After the user has finished authorizing via their user agent, and is redirected back to the MCP client application, call {@linkcode SSEClientTransport.finishAuth} with the authorization code before retrying the connection.\n *\n * If an `authProvider` is not provided, and auth is required, an {@linkcode UnauthorizedError} will be thrown.\n *\n * {@linkcode UnauthorizedError} might also be thrown when sending any message over the SSE transport, indicating that the session has expired, and needs to be re-authed and reconnected.\n */\n authProvider?: OAuthClientProvider;\n\n /**\n * Customizes the initial SSE request to the server (the request that begins the stream).\n *\n * NOTE: Setting this property will prevent an `Authorization` header from\n * being automatically attached to the SSE request, if an {@linkcode SSEClientTransportOptions.authProvider | authProvider} is\n * also given. This can be worked around by setting the `Authorization` header\n * manually.\n */\n eventSourceInit?: EventSourceInit;\n\n /**\n * Customizes recurring `POST` requests to the server.\n */\n requestInit?: RequestInit;\n\n /**\n * Custom fetch implementation used for all network requests.\n */\n fetch?: FetchLike;\n};\n\n/**\n * Client transport for SSE: this will connect to a server using Server-Sent Events for receiving\n * messages and make separate `POST` requests for sending messages.\n * @deprecated SSEClientTransport is deprecated. Prefer to use {@linkcode index.StreamableHTTPClientTransport | StreamableHTTPClientTransport} where possible instead. Note that because some servers are still using SSE, clients may need to support both transports during the migration period.\n */\nexport class SSEClientTransport implements Transport {\n private _eventSource?: EventSource;\n private _endpoint?: URL;\n private _abortController?: AbortController;\n private _url: URL;\n private _resourceMetadataUrl?: URL;\n private _scope?: string;\n private _eventSourceInit?: EventSourceInit;\n private _requestInit?: RequestInit;\n private _authProvider?: OAuthClientProvider;\n private _fetch?: FetchLike;\n private _fetchWithInit: FetchLike;\n private _protocolVersion?: string;\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n constructor(url: URL, opts?: SSEClientTransportOptions) {\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._scope = undefined;\n this._eventSourceInit = opts?.eventSourceInit;\n this._requestInit = opts?.requestInit;\n this._authProvider = opts?.authProvider;\n this._fetch = opts?.fetch;\n this._fetchWithInit = createFetchWithInit(opts?.fetch, opts?.requestInit);\n }\n\n private async _authThenStart(): Promise {\n if (!this._authProvider) {\n throw new UnauthorizedError('No auth provider');\n }\n\n let result: AuthResult;\n try {\n result = await auth(this._authProvider, {\n serverUrl: this._url,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError();\n }\n\n return await this._startOrAuth();\n }\n\n private async _commonHeaders(): Promise {\n const headers: RequestInit['headers'] & Record = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers['Authorization'] = `Bearer ${tokens.access_token}`;\n }\n }\n if (this._protocolVersion) {\n headers['mcp-protocol-version'] = this._protocolVersion;\n }\n\n const extraHeaders = normalizeHeaders(this._requestInit?.headers);\n\n return new Headers({\n ...headers,\n ...extraHeaders\n });\n }\n\n private _startOrAuth(): Promise {\n const fetchImpl = (this?._eventSourceInit?.fetch ?? this._fetch ?? fetch) as typeof fetch;\n return new Promise((resolve, reject) => {\n this._eventSource = new EventSource(this._url.href, {\n ...this._eventSourceInit,\n fetch: async (url, init) => {\n const headers = await this._commonHeaders();\n headers.set('Accept', 'text/event-stream');\n const response = await fetchImpl(url, {\n ...init,\n headers\n });\n\n if (response.status === 401 && response.headers.has('www-authenticate')) {\n const { resourceMetadataUrl, scope } = extractWWWAuthenticateParams(response);\n this._resourceMetadataUrl = resourceMetadataUrl;\n this._scope = scope;\n }\n\n return response;\n }\n });\n this._abortController = new AbortController();\n\n this._eventSource.onerror = event => {\n if (event.code === 401 && this._authProvider) {\n this._authThenStart().then(resolve, reject);\n return;\n }\n\n const error = new SseError(event.code, event.message, event);\n reject(error);\n this.onerror?.(error);\n };\n\n this._eventSource.onopen = () => {\n // The connection is open, but we need to wait for the endpoint to be received.\n };\n\n this._eventSource.addEventListener('endpoint', (event: Event) => {\n const messageEvent = event as MessageEvent;\n\n try {\n this._endpoint = new URL(messageEvent.data, this._url);\n if (this._endpoint.origin !== this._url.origin) {\n throw new Error(`Endpoint origin does not match connection origin: ${this._endpoint.origin}`);\n }\n } catch (error) {\n reject(error);\n this.onerror?.(error as Error);\n\n void this.close();\n return;\n }\n\n resolve();\n });\n\n this._eventSource.onmessage = (event: Event) => {\n const messageEvent = event as MessageEvent;\n let message: JSONRPCMessage;\n try {\n message = JSONRPCMessageSchema.parse(JSON.parse(messageEvent.data));\n } catch (error) {\n this.onerror?.(error as Error);\n return;\n }\n\n this.onmessage?.(message);\n };\n });\n }\n\n async start() {\n if (this._eventSource) {\n throw new Error('SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.');\n }\n\n return await this._startOrAuth();\n }\n\n /**\n * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n */\n async finishAuth(authorizationCode: string): Promise {\n if (!this._authProvider) {\n throw new UnauthorizedError('No auth provider');\n }\n\n const result = await auth(this._authProvider, {\n serverUrl: this._url,\n authorizationCode,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError('Failed to authorize');\n }\n }\n\n async close(): Promise {\n this._abortController?.abort();\n this._eventSource?.close();\n this.onclose?.();\n }\n\n async send(message: JSONRPCMessage): Promise {\n if (!this._endpoint) {\n throw new SdkError(SdkErrorCode.NotConnected, 'Not connected');\n }\n\n try {\n const headers = await this._commonHeaders();\n headers.set('content-type', 'application/json');\n const init = {\n ...this._requestInit,\n method: 'POST',\n headers,\n body: JSON.stringify(message),\n signal: this._abortController?.signal\n };\n\n const response = await (this._fetch ?? fetch)(this._endpoint, init);\n if (!response.ok) {\n const text = await response.text?.().catch(() => null);\n\n if (response.status === 401 && this._authProvider) {\n const { resourceMetadataUrl, scope } = extractWWWAuthenticateParams(response);\n this._resourceMetadataUrl = resourceMetadataUrl;\n this._scope = scope;\n\n const result = await auth(this._authProvider, {\n serverUrl: this._url,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError();\n }\n\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n\n throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n }\n\n // Release connection - POST responses don't have content we need\n await response.text?.().catch(() => {});\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n }\n\n setProtocolVersion(version: string): void {\n this._protocolVersion = version;\n }\n}\n" }, { "path": "packages/client/src/client/stdio.ts", "content": "import type { ChildProcess, IOType } from 'node:child_process';\nimport process from 'node:process';\nimport type { Stream } from 'node:stream';\nimport { PassThrough } from 'node:stream';\n\nimport type { JSONRPCMessage, Transport } from '@modelcontextprotocol/core';\nimport { ReadBuffer, SdkError, SdkErrorCode, serializeMessage } from '@modelcontextprotocol/core';\nimport spawn from 'cross-spawn';\n\nexport type StdioServerParameters = {\n /**\n * The executable to run to start the server.\n */\n command: string;\n\n /**\n * Command line arguments to pass to the executable.\n */\n args?: string[];\n\n /**\n * The environment to use when spawning the process.\n *\n * If not specified, the result of {@linkcode getDefaultEnvironment} will be used.\n */\n env?: Record;\n\n /**\n * How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.\n *\n * The default is `\"inherit\"`, meaning messages to stderr will be printed to the parent process's stderr.\n */\n stderr?: IOType | Stream | number;\n\n /**\n * The working directory to use when spawning the process.\n *\n * If not specified, the current working directory will be inherited.\n */\n cwd?: string;\n};\n\n/**\n * Environment variables to inherit by default, if an environment is not explicitly given.\n */\nexport const DEFAULT_INHERITED_ENV_VARS =\n process.platform === 'win32'\n ? [\n 'APPDATA',\n 'HOMEDRIVE',\n 'HOMEPATH',\n 'LOCALAPPDATA',\n 'PATH',\n 'PROCESSOR_ARCHITECTURE',\n 'SYSTEMDRIVE',\n 'SYSTEMROOT',\n 'TEMP',\n 'USERNAME',\n 'USERPROFILE',\n 'PROGRAMFILES'\n ]\n : /* list inspired by the default env inheritance of sudo */\n ['HOME', 'LOGNAME', 'PATH', 'SHELL', 'TERM', 'USER'];\n\n/**\n * Returns a default environment object including only environment variables deemed safe to inherit.\n */\nexport function getDefaultEnvironment(): Record {\n const env: Record = {};\n\n for (const key of DEFAULT_INHERITED_ENV_VARS) {\n const value = process.env[key];\n if (value === undefined) {\n continue;\n }\n\n if (value.startsWith('()')) {\n // Skip functions, which are a security risk.\n continue;\n }\n\n env[key] = value;\n }\n\n return env;\n}\n\n/**\n * Client transport for stdio: this will connect to a server by spawning a process and communicating with it over stdin/stdout.\n *\n * This transport is only available in Node.js environments.\n */\nexport class StdioClientTransport implements Transport {\n private _process?: ChildProcess;\n private _readBuffer: ReadBuffer = new ReadBuffer();\n private _serverParams: StdioServerParameters;\n private _stderrStream: PassThrough | null = null;\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n constructor(server: StdioServerParameters) {\n this._serverParams = server;\n if (server.stderr === 'pipe' || server.stderr === 'overlapped') {\n this._stderrStream = new PassThrough();\n }\n }\n\n /**\n * Starts the server process and prepares to communicate with it.\n */\n async start(): Promise {\n if (this._process) {\n throw new Error(\n 'StdioClientTransport already started! If using Client class, note that connect() calls start() automatically.'\n );\n }\n\n return new Promise((resolve, reject) => {\n this._process = spawn(this._serverParams.command, this._serverParams.args ?? [], {\n // merge default env with server env because mcp server needs some env vars\n env: {\n ...getDefaultEnvironment(),\n ...this._serverParams.env\n },\n stdio: ['pipe', 'pipe', this._serverParams.stderr ?? 'inherit'],\n shell: false,\n windowsHide: process.platform === 'win32' && isElectron(),\n cwd: this._serverParams.cwd\n });\n\n this._process.on('error', error => {\n reject(error);\n this.onerror?.(error);\n });\n\n this._process.on('spawn', () => {\n resolve();\n });\n\n this._process.on('close', _code => {\n this._process = undefined;\n this.onclose?.();\n });\n\n this._process.stdin?.on('error', error => {\n this.onerror?.(error);\n });\n\n this._process.stdout?.on('data', chunk => {\n this._readBuffer.append(chunk);\n this.processReadBuffer();\n });\n\n this._process.stdout?.on('error', error => {\n this.onerror?.(error);\n });\n\n if (this._stderrStream && this._process.stderr) {\n this._process.stderr.pipe(this._stderrStream);\n }\n });\n }\n\n /**\n * The `stderr` stream of the child process, if {@linkcode StdioServerParameters.stderr} was set to `\"pipe\"` or `\"overlapped\"`.\n *\n * If `stderr` piping was requested, a `PassThrough` stream is returned _immediately_, allowing callers to\n * attach listeners before the `start` method is invoked. This prevents loss of any early\n * error output emitted by the child process.\n */\n get stderr(): Stream | null {\n if (this._stderrStream) {\n return this._stderrStream;\n }\n\n return this._process?.stderr ?? null;\n }\n\n /**\n * The child process pid spawned by this transport.\n *\n * This is only available after the transport has been started.\n */\n get pid(): number | null {\n return this._process?.pid ?? null;\n }\n\n private processReadBuffer() {\n while (true) {\n try {\n const message = this._readBuffer.readMessage();\n if (message === null) {\n break;\n }\n\n this.onmessage?.(message);\n } catch (error) {\n this.onerror?.(error as Error);\n }\n }\n }\n\n async close(): Promise {\n if (this._process) {\n const processToClose = this._process;\n this._process = undefined;\n\n const closePromise = new Promise(resolve => {\n processToClose.once('close', () => {\n resolve();\n });\n });\n\n try {\n processToClose.stdin?.end();\n } catch {\n // ignore\n }\n\n await Promise.race([closePromise, new Promise(resolve => setTimeout(resolve, 2000).unref())]);\n\n if (processToClose.exitCode === null) {\n try {\n processToClose.kill('SIGTERM');\n } catch {\n // ignore\n }\n\n await Promise.race([closePromise, new Promise(resolve => setTimeout(resolve, 2000).unref())]);\n }\n\n if (processToClose.exitCode === null) {\n try {\n processToClose.kill('SIGKILL');\n } catch {\n // ignore\n }\n }\n }\n\n this._readBuffer.clear();\n }\n\n send(message: JSONRPCMessage): Promise {\n return new Promise(resolve => {\n if (!this._process?.stdin) {\n throw new SdkError(SdkErrorCode.NotConnected, 'Not connected');\n }\n\n const json = serializeMessage(message);\n if (this._process.stdin.write(json)) {\n resolve();\n } else {\n this._process.stdin.once('drain', resolve);\n }\n });\n }\n}\n\nfunction isElectron() {\n return 'type' in process;\n}\n" }, { "path": "packages/client/src/client/streamableHttp.ts", "content": "import type { ReadableWritablePair } from 'node:stream/web';\n\nimport type { FetchLike, JSONRPCMessage, Transport } from '@modelcontextprotocol/core';\nimport {\n createFetchWithInit,\n isInitializedNotification,\n isJSONRPCRequest,\n isJSONRPCResultResponse,\n JSONRPCMessageSchema,\n normalizeHeaders,\n SdkError,\n SdkErrorCode\n} from '@modelcontextprotocol/core';\nimport { EventSourceParserStream } from 'eventsource-parser/stream';\n\nimport type { AuthResult, OAuthClientProvider } from './auth.js';\nimport { auth, extractWWWAuthenticateParams, UnauthorizedError } from './auth.js';\n\n// Default reconnection options for StreamableHTTP connections\nconst DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS: StreamableHTTPReconnectionOptions = {\n initialReconnectionDelay: 1000,\n maxReconnectionDelay: 30_000,\n reconnectionDelayGrowFactor: 1.5,\n maxRetries: 2\n};\n\n/**\n * Options for starting or authenticating an SSE connection\n */\nexport interface StartSSEOptions {\n /**\n * The resumption token used to continue long-running requests that were interrupted.\n *\n * This allows clients to reconnect and continue from where they left off.\n */\n resumptionToken?: string;\n\n /**\n * A callback that is invoked when the resumption token changes.\n *\n * This allows clients to persist the latest token for potential reconnection.\n */\n onresumptiontoken?: (token: string) => void;\n\n /**\n * Override Message ID to associate with the replay message\n * so that the response can be associated with the new resumed request.\n */\n replayMessageId?: string | number;\n}\n\n/**\n * Configuration options for reconnection behavior of the {@linkcode StreamableHTTPClientTransport}.\n */\nexport interface StreamableHTTPReconnectionOptions {\n /**\n * Maximum backoff time between reconnection attempts in milliseconds.\n * Default is 30000 (30 seconds).\n */\n maxReconnectionDelay: number;\n\n /**\n * Initial backoff time between reconnection attempts in milliseconds.\n * Default is 1000 (1 second).\n */\n initialReconnectionDelay: number;\n\n /**\n * The factor by which the reconnection delay increases after each attempt.\n * Default is 1.5.\n */\n reconnectionDelayGrowFactor: number;\n\n /**\n * Maximum number of reconnection attempts before giving up.\n * Default is 2.\n */\n maxRetries: number;\n}\n\n/**\n * Configuration options for the {@linkcode StreamableHTTPClientTransport}.\n */\nexport type StreamableHTTPClientTransportOptions = {\n /**\n * An OAuth client provider to use for authentication.\n *\n * When an `authProvider` is specified and the connection is started:\n * 1. The connection is attempted with any existing access token from the `authProvider`.\n * 2. If the access token has expired, the `authProvider` is used to refresh the token.\n * 3. If token refresh fails or no access token exists, and auth is required, {@linkcode OAuthClientProvider.redirectToAuthorization} is called, and an {@linkcode UnauthorizedError} will be thrown from {@linkcode index.Protocol.connect | connect}/{@linkcode StreamableHTTPClientTransport.start | start}.\n *\n * After the user has finished authorizing via their user agent, and is redirected back to the MCP client application, call {@linkcode StreamableHTTPClientTransport.finishAuth} with the authorization code before retrying the connection.\n *\n * If an `authProvider` is not provided, and auth is required, an {@linkcode UnauthorizedError} will be thrown.\n *\n * {@linkcode UnauthorizedError} might also be thrown when sending any message over the transport, indicating that the session has expired, and needs to be re-authed and reconnected.\n */\n authProvider?: OAuthClientProvider;\n\n /**\n * Customizes HTTP requests to the server.\n */\n requestInit?: RequestInit;\n\n /**\n * Custom fetch implementation used for all network requests.\n */\n fetch?: FetchLike;\n\n /**\n * Options to configure the reconnection behavior.\n */\n reconnectionOptions?: StreamableHTTPReconnectionOptions;\n\n /**\n * Session ID for the connection. This is used to identify the session on the server.\n * When not provided and connecting to a server that supports session IDs, the server will generate a new session ID.\n */\n sessionId?: string;\n};\n\n/**\n * Client transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.\n * It will connect to a server using HTTP `POST` for sending messages and HTTP `GET` with Server-Sent Events\n * for receiving messages.\n */\nexport class StreamableHTTPClientTransport implements Transport {\n private _abortController?: AbortController;\n private _url: URL;\n private _resourceMetadataUrl?: URL;\n private _scope?: string;\n private _requestInit?: RequestInit;\n private _authProvider?: OAuthClientProvider;\n private _fetch?: FetchLike;\n private _fetchWithInit: FetchLike;\n private _sessionId?: string;\n private _reconnectionOptions: StreamableHTTPReconnectionOptions;\n private _protocolVersion?: string;\n private _hasCompletedAuthFlow = false; // Circuit breaker: detect auth success followed by immediate 401\n private _lastUpscopingHeader?: string; // Track last upscoping header to prevent infinite upscoping.\n private _serverRetryMs?: number; // Server-provided retry delay from SSE retry field\n private _reconnectionTimeout?: ReturnType;\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n constructor(url: URL, opts?: StreamableHTTPClientTransportOptions) {\n this._url = url;\n this._resourceMetadataUrl = undefined;\n this._scope = undefined;\n this._requestInit = opts?.requestInit;\n this._authProvider = opts?.authProvider;\n this._fetch = opts?.fetch;\n this._fetchWithInit = createFetchWithInit(opts?.fetch, opts?.requestInit);\n this._sessionId = opts?.sessionId;\n this._reconnectionOptions = opts?.reconnectionOptions ?? DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;\n }\n\n private async _authThenStart(): Promise {\n if (!this._authProvider) {\n throw new UnauthorizedError('No auth provider');\n }\n\n let result: AuthResult;\n try {\n result = await auth(this._authProvider, {\n serverUrl: this._url,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError();\n }\n\n return await this._startOrAuthSse({ resumptionToken: undefined });\n }\n\n private async _commonHeaders(): Promise {\n const headers: RequestInit['headers'] & Record = {};\n if (this._authProvider) {\n const tokens = await this._authProvider.tokens();\n if (tokens) {\n headers['Authorization'] = `Bearer ${tokens.access_token}`;\n }\n }\n\n if (this._sessionId) {\n headers['mcp-session-id'] = this._sessionId;\n }\n if (this._protocolVersion) {\n headers['mcp-protocol-version'] = this._protocolVersion;\n }\n\n const extraHeaders = normalizeHeaders(this._requestInit?.headers);\n\n return new Headers({\n ...headers,\n ...extraHeaders\n });\n }\n\n private async _startOrAuthSse(options: StartSSEOptions): Promise {\n const { resumptionToken } = options;\n\n try {\n // Try to open an initial SSE stream with GET to listen for server messages\n // This is optional according to the spec - server may not support it\n const headers = await this._commonHeaders();\n headers.set('Accept', 'text/event-stream');\n\n // Include Last-Event-ID header for resumable streams if provided\n if (resumptionToken) {\n headers.set('last-event-id', resumptionToken);\n }\n\n const response = await (this._fetch ?? fetch)(this._url, {\n ...this._requestInit,\n method: 'GET',\n headers,\n signal: this._abortController?.signal\n });\n\n if (!response.ok) {\n await response.text?.().catch(() => {});\n\n if (response.status === 401 && this._authProvider) {\n // Need to authenticate\n return await this._authThenStart();\n }\n\n // 405 indicates that the server does not offer an SSE stream at GET endpoint\n // This is an expected case that should not trigger an error\n if (response.status === 405) {\n return;\n }\n\n throw new SdkError(SdkErrorCode.ClientHttpFailedToOpenStream, `Failed to open SSE stream: ${response.statusText}`, {\n status: response.status,\n statusText: response.statusText\n });\n }\n\n this._handleSseStream(response.body, options, true);\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n }\n\n /**\n * Calculates the next reconnection delay using a backoff algorithm\n *\n * @param attempt Current reconnection attempt count for the specific stream\n * @returns Time to wait in milliseconds before next reconnection attempt\n */\n private _getNextReconnectionDelay(attempt: number): number {\n // Use server-provided retry value if available\n if (this._serverRetryMs !== undefined) {\n return this._serverRetryMs;\n }\n\n // Fall back to exponential backoff\n const initialDelay = this._reconnectionOptions.initialReconnectionDelay;\n const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;\n const maxDelay = this._reconnectionOptions.maxReconnectionDelay;\n\n // Cap at maximum delay\n return Math.min(initialDelay * Math.pow(growFactor, attempt), maxDelay);\n }\n\n /**\n * Schedule a reconnection attempt using server-provided retry interval or backoff\n *\n * @param lastEventId The ID of the last received event for resumability\n * @param attemptCount Current reconnection attempt count for this specific stream\n */\n private _scheduleReconnection(options: StartSSEOptions, attemptCount = 0): void {\n // Use provided options or default options\n const maxRetries = this._reconnectionOptions.maxRetries;\n\n // Check if we've exceeded maximum retry attempts\n if (attemptCount >= maxRetries) {\n this.onerror?.(new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));\n return;\n }\n\n // Calculate next delay based on current attempt count\n const delay = this._getNextReconnectionDelay(attemptCount);\n\n // Schedule the reconnection\n this._reconnectionTimeout = setTimeout(() => {\n // Use the last event ID to resume where we left off\n this._startOrAuthSse(options).catch(error => {\n this.onerror?.(new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));\n // Schedule another attempt if this one failed, incrementing the attempt counter\n this._scheduleReconnection(options, attemptCount + 1);\n });\n }, delay);\n }\n\n private _handleSseStream(stream: ReadableStream | null, options: StartSSEOptions, isReconnectable: boolean): void {\n if (!stream) {\n return;\n }\n const { onresumptiontoken, replayMessageId } = options;\n\n let lastEventId: string | undefined;\n // Track whether we've received a priming event (event with ID)\n // Per spec, server SHOULD send a priming event with ID before closing\n let hasPrimingEvent = false;\n // Track whether we've received a response - if so, no need to reconnect\n // Reconnection is for when server disconnects BEFORE sending response\n let receivedResponse = false;\n const processStream = async () => {\n // this is the closest we can get to trying to catch network errors\n // if something happens reader will throw\n try {\n // Create a pipeline: binary stream -> text decoder -> SSE parser\n const reader = stream\n .pipeThrough(new TextDecoderStream() as ReadableWritablePair)\n .pipeThrough(\n new EventSourceParserStream({\n onRetry: (retryMs: number) => {\n // Capture server-provided retry value for reconnection timing\n this._serverRetryMs = retryMs;\n }\n })\n )\n .getReader();\n\n while (true) {\n const { value: event, done } = await reader.read();\n if (done) {\n break;\n }\n\n // Update last event ID if provided\n if (event.id) {\n lastEventId = event.id;\n // Mark that we've received a priming event - stream is now resumable\n hasPrimingEvent = true;\n onresumptiontoken?.(event.id);\n }\n\n // Skip events with no data (priming events, keep-alives)\n if (!event.data) {\n continue;\n }\n\n if (!event.event || event.event === 'message') {\n try {\n const message = JSONRPCMessageSchema.parse(JSON.parse(event.data));\n if (isJSONRPCResultResponse(message)) {\n // Mark that we received a response - no need to reconnect for this request\n receivedResponse = true;\n if (replayMessageId !== undefined) {\n message.id = replayMessageId;\n }\n }\n this.onmessage?.(message);\n } catch (error) {\n this.onerror?.(error as Error);\n }\n }\n }\n\n // Handle graceful server-side disconnect\n // Server may close connection after sending event ID and retry field\n // Reconnect if: already reconnectable (GET stream) OR received a priming event (POST stream with event ID)\n // BUT don't reconnect if we already received a response - the request is complete\n const canResume = isReconnectable || hasPrimingEvent;\n const needsReconnect = canResume && !receivedResponse;\n if (needsReconnect && this._abortController && !this._abortController.signal.aborted) {\n this._scheduleReconnection(\n {\n resumptionToken: lastEventId,\n onresumptiontoken,\n replayMessageId\n },\n 0\n );\n }\n } catch (error) {\n // Handle stream errors - likely a network disconnect\n this.onerror?.(new Error(`SSE stream disconnected: ${error}`));\n\n // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing\n // Reconnect if: already reconnectable (GET stream) OR received a priming event (POST stream with event ID)\n // BUT don't reconnect if we already received a response - the request is complete\n const canResume = isReconnectable || hasPrimingEvent;\n const needsReconnect = canResume && !receivedResponse;\n if (needsReconnect && this._abortController && !this._abortController.signal.aborted) {\n // Use the exponential backoff reconnection strategy\n try {\n this._scheduleReconnection(\n {\n resumptionToken: lastEventId,\n onresumptiontoken,\n replayMessageId\n },\n 0\n );\n } catch (error) {\n this.onerror?.(new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));\n }\n }\n }\n };\n processStream();\n }\n\n async start() {\n if (this._abortController) {\n throw new Error(\n 'StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.'\n );\n }\n\n this._abortController = new AbortController();\n }\n\n /**\n * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n */\n async finishAuth(authorizationCode: string): Promise {\n if (!this._authProvider) {\n throw new UnauthorizedError('No auth provider');\n }\n\n const result = await auth(this._authProvider, {\n serverUrl: this._url,\n authorizationCode,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError('Failed to authorize');\n }\n }\n\n async close(): Promise {\n if (this._reconnectionTimeout) {\n clearTimeout(this._reconnectionTimeout);\n this._reconnectionTimeout = undefined;\n }\n this._abortController?.abort();\n this.onclose?.();\n }\n\n async send(\n message: JSONRPCMessage | JSONRPCMessage[],\n options?: { resumptionToken?: string; onresumptiontoken?: (token: string) => void }\n ): Promise {\n try {\n const { resumptionToken, onresumptiontoken } = options || {};\n\n if (resumptionToken) {\n // If we have a last event ID, we need to reconnect the SSE stream\n this._startOrAuthSse({ resumptionToken, replayMessageId: isJSONRPCRequest(message) ? message.id : undefined }).catch(\n error => this.onerror?.(error)\n );\n return;\n }\n\n const headers = await this._commonHeaders();\n headers.set('content-type', 'application/json');\n headers.set('accept', 'application/json, text/event-stream');\n\n const init = {\n ...this._requestInit,\n method: 'POST',\n headers,\n body: JSON.stringify(message),\n signal: this._abortController?.signal\n };\n\n const response = await (this._fetch ?? fetch)(this._url, init);\n\n // Handle session ID received during initialization\n const sessionId = response.headers.get('mcp-session-id');\n if (sessionId) {\n this._sessionId = sessionId;\n }\n\n if (!response.ok) {\n const text = await response.text?.().catch(() => null);\n\n if (response.status === 401 && this._authProvider) {\n // Prevent infinite recursion when server returns 401 after successful auth\n if (this._hasCompletedAuthFlow) {\n throw new SdkError(SdkErrorCode.ClientHttpAuthentication, 'Server returned 401 after successful authentication', {\n status: 401,\n text\n });\n }\n\n const { resourceMetadataUrl, scope } = extractWWWAuthenticateParams(response);\n this._resourceMetadataUrl = resourceMetadataUrl;\n this._scope = scope;\n\n const result = await auth(this._authProvider, {\n serverUrl: this._url,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetchWithInit\n });\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError();\n }\n\n // Mark that we completed auth flow\n this._hasCompletedAuthFlow = true;\n // Purposely _not_ awaited, so we don't call onerror twice\n return this.send(message);\n }\n\n if (response.status === 403 && this._authProvider) {\n const { resourceMetadataUrl, scope, error } = extractWWWAuthenticateParams(response);\n\n if (error === 'insufficient_scope') {\n const wwwAuthHeader = response.headers.get('WWW-Authenticate');\n\n // Check if we've already tried upscoping with this header to prevent infinite loops.\n if (this._lastUpscopingHeader === wwwAuthHeader) {\n throw new SdkError(SdkErrorCode.ClientHttpForbidden, 'Server returned 403 after trying upscoping', {\n status: 403,\n text\n });\n }\n\n if (scope) {\n this._scope = scope;\n }\n\n if (resourceMetadataUrl) {\n this._resourceMetadataUrl = resourceMetadataUrl;\n }\n\n // Mark that upscoping was tried.\n this._lastUpscopingHeader = wwwAuthHeader ?? undefined;\n const result = await auth(this._authProvider, {\n serverUrl: this._url,\n resourceMetadataUrl: this._resourceMetadataUrl,\n scope: this._scope,\n fetchFn: this._fetch\n });\n\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError();\n }\n\n return this.send(message);\n }\n }\n\n throw new SdkError(SdkErrorCode.ClientHttpNotImplemented, `Error POSTing to endpoint: ${text}`, {\n status: response.status,\n text\n });\n }\n\n // Reset auth loop flag on successful response\n this._hasCompletedAuthFlow = false;\n this._lastUpscopingHeader = undefined;\n\n // If the response is 202 Accepted, there's no body to process\n if (response.status === 202) {\n await response.text?.().catch(() => {});\n // if the accepted notification is initialized, we start the SSE stream\n // if it's supported by the server\n if (isInitializedNotification(message)) {\n // Start without a lastEventId since this is a fresh connection\n this._startOrAuthSse({ resumptionToken: undefined }).catch(error => this.onerror?.(error));\n }\n return;\n }\n\n // Get original message(s) for detecting request IDs\n const messages = Array.isArray(message) ? message : [message];\n\n const hasRequests = messages.some(msg => 'method' in msg && 'id' in msg && msg.id !== undefined);\n\n // Check the response type\n const contentType = response.headers.get('content-type');\n\n if (hasRequests) {\n if (contentType?.includes('text/event-stream')) {\n // Handle SSE stream responses for requests\n // We use the same handler as standalone streams, which now supports\n // reconnection with the last event ID\n this._handleSseStream(response.body, { onresumptiontoken }, false);\n } else if (contentType?.includes('application/json')) {\n // For non-streaming servers, we might get direct JSON responses\n const data = await response.json();\n const responseMessages = Array.isArray(data)\n ? data.map(msg => JSONRPCMessageSchema.parse(msg))\n : [JSONRPCMessageSchema.parse(data)];\n\n for (const msg of responseMessages) {\n this.onmessage?.(msg);\n }\n } else {\n await response.text?.().catch(() => {});\n throw new SdkError(SdkErrorCode.ClientHttpUnexpectedContent, `Unexpected content type: ${contentType}`, {\n contentType\n });\n }\n } else {\n // No requests in message but got 200 OK - still need to release connection\n await response.text?.().catch(() => {});\n }\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n }\n\n get sessionId(): string | undefined {\n return this._sessionId;\n }\n\n /**\n * Terminates the current session by sending a `DELETE` request to the server.\n *\n * Clients that no longer need a particular session\n * (e.g., because the user is leaving the client application) SHOULD send an\n * HTTP `DELETE` to the MCP endpoint with the `Mcp-Session-Id` header to explicitly\n * terminate the session.\n *\n * The server MAY respond with HTTP `405 Method Not Allowed`, indicating that\n * the server does not allow clients to terminate sessions.\n */\n async terminateSession(): Promise {\n if (!this._sessionId) {\n return; // No session to terminate\n }\n\n try {\n const headers = await this._commonHeaders();\n\n const init = {\n ...this._requestInit,\n method: 'DELETE',\n headers,\n signal: this._abortController?.signal\n };\n\n const response = await (this._fetch ?? fetch)(this._url, init);\n await response.text?.().catch(() => {});\n\n // We specifically handle 405 as a valid response according to the spec,\n // meaning the server does not support explicit session termination\n if (!response.ok && response.status !== 405) {\n throw new SdkError(SdkErrorCode.ClientHttpFailedToTerminateSession, `Failed to terminate session: ${response.statusText}`, {\n status: response.status,\n statusText: response.statusText\n });\n }\n\n this._sessionId = undefined;\n } catch (error) {\n this.onerror?.(error as Error);\n throw error;\n }\n }\n\n setProtocolVersion(version: string): void {\n this._protocolVersion = version;\n }\n get protocolVersion(): string | undefined {\n return this._protocolVersion;\n }\n\n /**\n * Resume an SSE stream from a previous event ID.\n * Opens a `GET` SSE connection with `Last-Event-ID` header to replay missed events.\n *\n * @param lastEventId The event ID to resume from\n * @param options Optional callback to receive new resumption tokens\n */\n async resumeStream(lastEventId: string, options?: { onresumptiontoken?: (token: string) => void }): Promise {\n await this._startOrAuthSse({\n resumptionToken: lastEventId,\n onresumptiontoken: options?.onresumptiontoken\n });\n }\n}\n" }, { "path": "packages/client/src/client/websocket.ts", "content": "import type { JSONRPCMessage, Transport } from '@modelcontextprotocol/core';\nimport { JSONRPCMessageSchema } from '@modelcontextprotocol/core';\n\nconst SUBPROTOCOL = 'mcp';\n\n/**\n * Client transport for WebSocket: this will connect to a server over the WebSocket protocol.\n */\nexport class WebSocketClientTransport implements Transport {\n private _socket?: WebSocket;\n private _url: URL;\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n constructor(url: URL) {\n this._url = url;\n }\n\n start(): Promise {\n if (this._socket) {\n throw new Error(\n 'WebSocketClientTransport already started! If using Client class, note that connect() calls start() automatically.'\n );\n }\n\n return new Promise((resolve, reject) => {\n this._socket = new WebSocket(this._url, SUBPROTOCOL);\n\n this._socket.onerror = event => {\n const error = 'error' in event ? (event.error as Error) : new Error(`WebSocket error: ${JSON.stringify(event)}`);\n reject(error);\n this.onerror?.(error);\n };\n\n this._socket.onopen = () => {\n resolve();\n };\n\n this._socket.onclose = () => {\n this.onclose?.();\n };\n\n this._socket.onmessage = (event: MessageEvent) => {\n let message: JSONRPCMessage;\n try {\n message = JSONRPCMessageSchema.parse(JSON.parse(event.data));\n } catch (error) {\n this.onerror?.(error as Error);\n return;\n }\n\n this.onmessage?.(message);\n };\n });\n }\n\n async close(): Promise {\n this._socket?.close();\n }\n\n send(message: JSONRPCMessage): Promise {\n return new Promise((resolve, reject) => {\n if (!this._socket) {\n reject(new Error('Not connected'));\n return;\n }\n\n this._socket?.send(JSON.stringify(message));\n resolve();\n });\n }\n}\n" }, { "path": "packages/client/src/experimental/index.ts", "content": "/**\n * Experimental MCP SDK features.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * Import experimental features from this module:\n * ```typescript\n * import { TaskStore, InMemoryTaskStore } from '@modelcontextprotocol/sdk/experimental';\n * ```\n *\n * @experimental\n */\n\nexport * from './tasks/client.js';\n" }, { "path": "packages/client/src/experimental/tasks/client.examples.ts", "content": "/**\n * Type-checked examples for `client.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { RequestOptions } from '@modelcontextprotocol/core';\n\nimport type { Client } from '../../client/client.js';\n\n/**\n * Example: Using callToolStream to execute a tool with task lifecycle events.\n */\nasync function ExperimentalClientTasks_callToolStream(client: Client) {\n //#region ExperimentalClientTasks_callToolStream\n const stream = client.experimental.tasks.callToolStream({ name: 'myTool', arguments: {} });\n for await (const message of stream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log('Tool execution started:', message.task.taskId);\n break;\n }\n case 'taskStatus': {\n console.log('Tool status:', message.task.status);\n break;\n }\n case 'result': {\n console.log('Tool result:', message.result);\n break;\n }\n case 'error': {\n console.error('Tool error:', message.error);\n break;\n }\n }\n }\n //#endregion ExperimentalClientTasks_callToolStream\n}\n\n/**\n * Example: Using requestStream to consume task lifecycle events for any request type.\n */\nasync function ExperimentalClientTasks_requestStream(client: Client, options: RequestOptions) {\n //#region ExperimentalClientTasks_requestStream\n const stream = client.experimental.tasks.requestStream({ method: 'tools/call', params: { name: 'my-tool', arguments: {} } }, options);\n for await (const message of stream) {\n switch (message.type) {\n case 'taskCreated': {\n console.log('Task created:', message.task.taskId);\n break;\n }\n case 'taskStatus': {\n console.log('Task status:', message.task.status);\n break;\n }\n case 'result': {\n console.log('Final result:', message.result);\n break;\n }\n case 'error': {\n console.error('Error:', message.error);\n break;\n }\n }\n }\n //#endregion ExperimentalClientTasks_requestStream\n}\n" }, { "path": "packages/client/src/experimental/tasks/client.ts", "content": "/**\n * Experimental client task features for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n\nimport type {\n AnyObjectSchema,\n CallToolRequest,\n CallToolResult,\n CancelTaskResult,\n CreateTaskResult,\n GetTaskResult,\n ListTasksResult,\n RequestMethod,\n RequestOptions,\n ResponseMessage,\n ResultTypeMap,\n SchemaOutput\n} from '@modelcontextprotocol/core';\nimport { ProtocolError, ProtocolErrorCode } from '@modelcontextprotocol/core';\n\nimport type { Client } from '../../client/client.js';\n\n/**\n * Internal interface for accessing {@linkcode Client}'s private methods.\n * @internal\n */\ninterface ClientInternal {\n requestStream(\n request: { method: M; params?: Record },\n options?: RequestOptions\n ): AsyncGenerator, void, void>;\n isToolTask(toolName: string): boolean;\n getToolOutputValidator(toolName: string): ((data: unknown) => { valid: boolean; errorMessage?: string }) | undefined;\n}\n\n/**\n * Experimental task features for MCP clients.\n *\n * Access via `client.experimental.tasks`:\n * ```typescript\n * const stream = client.experimental.tasks.callToolStream({ name: 'tool', arguments: {} });\n * const task = await client.experimental.tasks.getTask(taskId);\n * ```\n *\n * @experimental\n */\nexport class ExperimentalClientTasks {\n constructor(private readonly _client: Client) {}\n\n /**\n * Calls a tool and returns an AsyncGenerator that yields response messages.\n * The generator is guaranteed to end with either a `'result'` or `'error'` message.\n *\n * This method provides streaming access to tool execution, allowing you to\n * observe intermediate task status updates for long-running tool calls.\n * Automatically validates structured output if the tool has an `outputSchema`.\n *\n * @example\n * ```ts source=\"./client.examples.ts#ExperimentalClientTasks_callToolStream\"\n * const stream = client.experimental.tasks.callToolStream({ name: 'myTool', arguments: {} });\n * for await (const message of stream) {\n * switch (message.type) {\n * case 'taskCreated': {\n * console.log('Tool execution started:', message.task.taskId);\n * break;\n * }\n * case 'taskStatus': {\n * console.log('Tool status:', message.task.status);\n * break;\n * }\n * case 'result': {\n * console.log('Tool result:', message.result);\n * break;\n * }\n * case 'error': {\n * console.error('Tool error:', message.error);\n * break;\n * }\n * }\n * }\n * ```\n *\n * @param params - Tool call parameters (name and arguments)\n * @param options - Optional request options (timeout, signal, task creation params, etc.)\n * @returns AsyncGenerator that yields {@linkcode ResponseMessage} objects\n *\n * @experimental\n */\n async *callToolStream(\n params: CallToolRequest['params'],\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n // Access Client's internal methods\n const clientInternal = this._client as unknown as ClientInternal;\n\n // Add task creation parameters if server supports it and not explicitly provided\n const optionsWithTask = {\n ...options,\n // We check if the tool is known to be a task during auto-configuration, but assume\n // the caller knows what they're doing if they pass this explicitly\n task: options?.task ?? (clientInternal.isToolTask(params.name) ? {} : undefined)\n };\n\n const stream = clientInternal.requestStream({ method: 'tools/call', params }, optionsWithTask);\n\n // Get the validator for this tool (if it has an output schema)\n const validator = clientInternal.getToolOutputValidator(params.name);\n\n // Iterate through the stream and validate the final result if needed\n for await (const message of stream) {\n // If this is a result message and the tool has an output schema, validate it\n // Only validate CallToolResult (has 'content'), not CreateTaskResult (has 'task')\n if (message.type === 'result' && validator && 'content' in message.result) {\n const result = message.result as CallToolResult;\n\n // If tool has outputSchema, it MUST return structuredContent (unless it's an error)\n if (!result.structuredContent && !result.isError) {\n yield {\n type: 'error',\n error: new ProtocolError(\n ProtocolErrorCode.InvalidRequest,\n `Tool ${params.name} has an output schema but did not return structured content`\n )\n };\n return;\n }\n\n // Only validate structured content if present (not when there's an error)\n if (result.structuredContent) {\n try {\n // Validate the structured content against the schema\n const validationResult = validator(result.structuredContent);\n\n if (!validationResult.valid) {\n yield {\n type: 'error',\n error: new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Structured content does not match the tool's output schema: ${validationResult.errorMessage}`\n )\n };\n return;\n }\n } catch (error) {\n if (error instanceof ProtocolError) {\n yield { type: 'error', error };\n return;\n }\n yield {\n type: 'error',\n error: new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Failed to validate structured content: ${error instanceof Error ? error.message : String(error)}`\n )\n };\n return;\n }\n }\n }\n\n // Yield the message (either validated result or any other message type)\n yield message;\n }\n }\n\n /**\n * Gets the current status of a task.\n *\n * @param taskId - The task identifier\n * @param options - Optional request options\n * @returns The task status\n *\n * @experimental\n */\n async getTask(taskId: string, options?: RequestOptions): Promise {\n // Delegate to the client's underlying Protocol method\n type ClientWithGetTask = { getTask(params: { taskId: string }, options?: RequestOptions): Promise };\n return (this._client as unknown as ClientWithGetTask).getTask({ taskId }, options);\n }\n\n /**\n * Retrieves the result of a completed task.\n *\n * @param taskId - The task identifier\n * @param resultSchema - Zod schema for validating the result\n * @param options - Optional request options\n * @returns The task result\n *\n * @experimental\n */\n async getTaskResult(taskId: string, resultSchema?: T, options?: RequestOptions): Promise> {\n // Delegate to the client's underlying Protocol method\n return (\n this._client as unknown as {\n getTaskResult: (\n params: { taskId: string },\n resultSchema?: U,\n options?: RequestOptions\n ) => Promise>;\n }\n ).getTaskResult({ taskId }, resultSchema, options);\n }\n\n /**\n * Lists tasks with optional pagination.\n *\n * @param cursor - Optional pagination cursor\n * @param options - Optional request options\n * @returns List of tasks with optional next cursor\n *\n * @experimental\n */\n async listTasks(cursor?: string, options?: RequestOptions): Promise {\n // Delegate to the client's underlying Protocol method\n return (\n this._client as unknown as {\n listTasks: (params?: { cursor?: string }, options?: RequestOptions) => Promise;\n }\n ).listTasks(cursor ? { cursor } : undefined, options);\n }\n\n /**\n * Cancels a running task.\n *\n * @param taskId - The task identifier\n * @param options - Optional request options\n *\n * @experimental\n */\n async cancelTask(taskId: string, options?: RequestOptions): Promise {\n // Delegate to the client's underlying Protocol method\n return (\n this._client as unknown as {\n cancelTask: (params: { taskId: string }, options?: RequestOptions) => Promise;\n }\n ).cancelTask({ taskId }, options);\n }\n\n /**\n * Sends a request and returns an AsyncGenerator that yields response messages.\n * The generator is guaranteed to end with either a `'result'` or `'error'` message.\n *\n * This method provides streaming access to request processing, allowing you to\n * observe intermediate task status updates for task-augmented requests.\n *\n * @example\n * ```ts source=\"./client.examples.ts#ExperimentalClientTasks_requestStream\"\n * const stream = client.experimental.tasks.requestStream({ method: 'tools/call', params: { name: 'my-tool', arguments: {} } }, options);\n * for await (const message of stream) {\n * switch (message.type) {\n * case 'taskCreated': {\n * console.log('Task created:', message.task.taskId);\n * break;\n * }\n * case 'taskStatus': {\n * console.log('Task status:', message.task.status);\n * break;\n * }\n * case 'result': {\n * console.log('Final result:', message.result);\n * break;\n * }\n * case 'error': {\n * console.error('Error:', message.error);\n * break;\n * }\n * }\n * }\n * ```\n *\n * @param request - The request to send\n * @param options - Optional request options (timeout, signal, task creation params, etc.)\n * @returns AsyncGenerator that yields {@linkcode ResponseMessage} objects\n *\n * @experimental\n */\n requestStream(\n request: { method: M; params?: Record },\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n // Delegate to the client's underlying Protocol method\n return (this._client as unknown as ClientInternal).requestStream(request, options);\n }\n}\n" }, { "path": "packages/client/src/index.ts", "content": "export * from './client/auth.js';\nexport * from './client/authExtensions.js';\nexport * from './client/client.js';\nexport * from './client/crossAppAccess.js';\nexport * from './client/middleware.js';\nexport * from './client/sse.js';\nexport * from './client/stdio.js';\nexport * from './client/streamableHttp.js';\nexport * from './client/websocket.js';\n\n// experimental exports\nexport * from './experimental/index.js';\n\n// re-export shared types\nexport * from '@modelcontextprotocol/core';\n" }, { "path": "packages/client/src/shimsNode.ts", "content": "/**\n * Node.js runtime shims for client package\n *\n * This file is selected via package.json export conditions when running in Node.js.\n */\nexport { AjvJsonSchemaValidator as DefaultJsonSchemaValidator } from '@modelcontextprotocol/core';\n" }, { "path": "packages/client/src/shimsWorkerd.ts", "content": "/**\n * Cloudflare Workers runtime shims for client package\n *\n * This file is selected via package.json export conditions when running in workerd.\n */\nexport { CfWorkerJsonSchemaValidator as DefaultJsonSchemaValidator } from '@modelcontextprotocol/core';\n" }, { "path": "packages/client/test/client/auth.test.ts", "content": "import type { AuthorizationServerMetadata, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/core';\nimport { LATEST_PROTOCOL_VERSION, OAuthError, OAuthErrorCode } from '@modelcontextprotocol/core';\nimport type { Mock } from 'vitest';\nimport { expect, vi } from 'vitest';\n\nimport type { OAuthClientProvider } from '../../src/client/auth.js';\nimport {\n auth,\n buildDiscoveryUrls,\n discoverAuthorizationServerMetadata,\n discoverOAuthMetadata,\n discoverOAuthProtectedResourceMetadata,\n discoverOAuthServerInfo,\n exchangeAuthorization,\n extractWWWAuthenticateParams,\n isHttpsUrl,\n refreshAuthorization,\n registerClient,\n selectClientAuthMethod,\n startAuthorization\n} from '../../src/client/auth.js';\nimport { createPrivateKeyJwtAuth } from '../../src/client/authExtensions.js';\n\n// Mock pkce-challenge\nvi.mock('pkce-challenge', () => ({\n default: () => ({\n code_verifier: 'test_verifier',\n code_challenge: 'test_challenge'\n })\n}));\n\n// Mock fetch globally\nconst mockFetch = vi.fn();\nglobalThis.fetch = mockFetch;\n\ndescribe('OAuth Authorization', () => {\n beforeEach(() => {\n mockFetch.mockReset();\n });\n\n describe('extractWWWAuthenticateParams', () => {\n it('returns resource metadata url when present', async () => {\n const resourceUrl = 'https://resource.example.com/.well-known/oauth-protected-resource';\n const mockResponse = {\n headers: {\n get: vi.fn(name => (name === 'WWW-Authenticate' ? `Bearer realm=\"mcp\", resource_metadata=\"${resourceUrl}\"` : null))\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({ resourceMetadataUrl: new URL(resourceUrl) });\n });\n\n it('returns scope when present', async () => {\n const scope = 'read';\n const mockResponse = {\n headers: {\n get: vi.fn(name => (name === 'WWW-Authenticate' ? `Bearer realm=\"mcp\", scope=\"${scope}\"` : null))\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({ scope: scope });\n });\n\n it('returns empty object if not bearer', async () => {\n const resourceUrl = 'https://resource.example.com/.well-known/oauth-protected-resource';\n const scope = 'read';\n const mockResponse = {\n headers: {\n get: vi.fn(name =>\n name === 'WWW-Authenticate' ? `Basic realm=\"mcp\", resource_metadata=\"${resourceUrl}\", scope=\"${scope}\"` : null\n )\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({});\n });\n\n it('returns empty object if resource_metadata and scope not present', async () => {\n const mockResponse = {\n headers: {\n get: vi.fn(name => (name === 'WWW-Authenticate' ? `Bearer realm=\"mcp\"` : null))\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({});\n });\n\n it('returns undefined resourceMetadataUrl on invalid url', async () => {\n const resourceUrl = 'invalid-url';\n const scope = 'read';\n const mockResponse = {\n headers: {\n get: vi.fn(name =>\n name === 'WWW-Authenticate' ? `Bearer realm=\"mcp\", resource_metadata=\"${resourceUrl}\", scope=\"${scope}\"` : null\n )\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({ scope: scope });\n });\n\n it('returns error when present', async () => {\n const mockResponse = {\n headers: {\n get: vi.fn(name => (name === 'WWW-Authenticate' ? `Bearer error=\"insufficient_scope\", scope=\"admin\"` : null))\n }\n } as unknown as Response;\n\n expect(extractWWWAuthenticateParams(mockResponse)).toEqual({ error: 'insufficient_scope', scope: 'admin' });\n });\n });\n\n describe('discoverOAuthProtectedResourceMetadata', () => {\n const validMetadata = {\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n };\n\n it('returns metadata when discovery succeeds', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com');\n expect(metadata).toEqual(validMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1);\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n });\n\n it('returns metadata when first fetch fails but second without MCP header succeeds', async () => {\n // Set up a counter to control behavior\n let callCount = 0;\n\n // Mock implementation that changes behavior based on call count\n mockFetch.mockImplementation((_url, _options) => {\n callCount++;\n\n return callCount === 1\n ? Promise.reject(new TypeError('Network error'))\n : Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n });\n\n // Should succeed with the second call\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com');\n expect(metadata).toEqual(validMetadata);\n\n // Verify both calls were made\n expect(mockFetch).toHaveBeenCalledTimes(2);\n\n // Verify first call had MCP header\n expect(mockFetch.mock.calls[0]![1]?.headers).toHaveProperty('MCP-Protocol-Version');\n });\n\n it('throws an error when all fetch attempts fail', async () => {\n // Set up a counter to control behavior\n let callCount = 0;\n\n // Mock implementation that changes behavior based on call count\n mockFetch.mockImplementation((_url, _options) => {\n callCount++;\n\n return callCount === 1 ? Promise.reject(new TypeError('First failure')) : Promise.reject(new Error('Second failure'));\n });\n\n // Should fail with the second error\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com')).rejects.toThrow('Second failure');\n\n // Verify both calls were made\n expect(mockFetch).toHaveBeenCalledTimes(2);\n });\n\n it('throws on 404 errors', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com')).rejects.toThrow(\n 'Resource server does not implement OAuth 2.0 Protected Resource Metadata.'\n );\n });\n\n it('throws on non-404 errors', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 500\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com')).rejects.toThrow('HTTP 500');\n });\n\n it('validates metadata schema', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n // Missing required fields\n scopes_supported: ['email', 'mcp']\n })\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com')).rejects.toThrow();\n });\n\n it('returns metadata when discovery succeeds with path', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com/path/name');\n expect(metadata).toEqual(validMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1);\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource/path/name');\n });\n\n it('preserves query parameters in path-aware discovery', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com/path?param=value');\n expect(metadata).toEqual(validMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1);\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource/path?param=value');\n });\n\n it.each([400, 401, 403, 404, 410, 422, 429])(\n 'falls back to root discovery when path-aware discovery returns %d',\n async statusCode => {\n // First call (path-aware) returns 4xx\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: statusCode\n });\n\n // Second call (root fallback) succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com/path/name');\n expect(metadata).toEqual(validMetadata);\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n\n // First call should be path-aware\n const [firstUrl, firstOptions] = calls[0]!;\n expect(firstUrl.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource/path/name');\n expect(firstOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n\n // Second call should be root fallback\n const [secondUrl, secondOptions] = calls[1]!;\n expect(secondUrl.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n expect(secondOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n }\n );\n\n it('throws error when both path-aware and root discovery return 404', async () => {\n // First call (path-aware) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second call (root fallback) also returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com/path/name')).rejects.toThrow(\n 'Resource server does not implement OAuth 2.0 Protected Resource Metadata.'\n );\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n });\n\n it('throws error on 500 status and does not fallback', async () => {\n // First call (path-aware) returns 500\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 500\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com/path/name')).rejects.toThrow();\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback\n });\n\n it('does not fallback when the original URL is already at root path', async () => {\n // First call (path-aware for root) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com/')).rejects.toThrow(\n 'Resource server does not implement OAuth 2.0 Protected Resource Metadata.'\n );\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback\n\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n });\n\n it('does not fallback when the original URL has no path', async () => {\n // First call (path-aware for no path) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n await expect(discoverOAuthProtectedResourceMetadata('https://resource.example.com')).rejects.toThrow(\n 'Resource server does not implement OAuth 2.0 Protected Resource Metadata.'\n );\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback\n\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n });\n\n it('falls back when path-aware discovery encounters CORS error', async () => {\n // First call (path-aware) fails with TypeError (CORS)\n mockFetch.mockImplementationOnce(() => Promise.reject(new TypeError('CORS error')));\n\n // Retry path-aware without headers (simulating CORS retry)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second call (root fallback) succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com/deep/path');\n expect(metadata).toEqual(validMetadata);\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(3);\n\n // Final call should be root fallback\n const [lastUrl, lastOptions] = calls[2]!;\n expect(lastUrl.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n expect(lastOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('does not fallback when resourceMetadataUrl is provided', async () => {\n // Call with explicit URL returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n await expect(\n discoverOAuthProtectedResourceMetadata('https://resource.example.com/path', {\n resourceMetadataUrl: 'https://custom.example.com/metadata'\n })\n ).rejects.toThrow('Resource server does not implement OAuth 2.0 Protected Resource Metadata.');\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback when explicit URL is provided\n\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://custom.example.com/metadata');\n });\n\n it('supports overriding the fetch function used for requests', async () => {\n const validMetadata = {\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n };\n\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthProtectedResourceMetadata('https://resource.example.com', undefined, customFetch);\n\n expect(metadata).toEqual(validMetadata);\n expect(customFetch).toHaveBeenCalledTimes(1);\n expect(mockFetch).not.toHaveBeenCalled();\n\n const [url, options] = customFetch.mock.calls[0]!;\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n expect(options.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n });\n\n describe('discoverOAuthMetadata', () => {\n const validMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n it('returns metadata when discovery succeeds', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com');\n expect(metadata).toEqual(validMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1);\n const [url, options] = calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n expect(options.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('returns metadata when discovery succeeds with path', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com/path/name');\n expect(metadata).toEqual(validMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1);\n const [url, options] = calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server/path/name');\n expect(options.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('falls back to root discovery when path-aware discovery returns 404', async () => {\n // First call (path-aware) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second call (root fallback) succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com/path/name');\n expect(metadata).toEqual(validMetadata);\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n\n // First call should be path-aware\n const [firstUrl, firstOptions] = calls[0]!;\n expect(firstUrl.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server/path/name');\n expect(firstOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n\n // Second call should be root fallback\n const [secondUrl, secondOptions] = calls[1]!;\n expect(secondUrl.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n expect(secondOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('returns undefined when both path-aware and root discovery return 404', async () => {\n // First call (path-aware) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second call (root fallback) also returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com/path/name');\n expect(metadata).toBeUndefined();\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n });\n\n it('does not fallback when the original URL is already at root path', async () => {\n // First call (path-aware for root) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com/');\n expect(metadata).toBeUndefined();\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback\n\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n });\n\n it('does not fallback when the original URL has no path', async () => {\n // First call (path-aware for no path) returns 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com');\n expect(metadata).toBeUndefined();\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(1); // Should not attempt fallback\n\n const [url] = calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n });\n\n it('falls back when path-aware discovery encounters CORS error', async () => {\n // First call (path-aware) fails with TypeError (CORS)\n mockFetch.mockImplementationOnce(() => Promise.reject(new TypeError('CORS error')));\n\n // Retry path-aware without headers (simulating CORS retry)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second call (root fallback) succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com/deep/path');\n expect(metadata).toEqual(validMetadata);\n\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(3);\n\n // Final call should be root fallback\n const [lastUrl, lastOptions] = calls[2]!;\n expect(lastUrl.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n expect(lastOptions.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('returns metadata when first fetch fails but second without MCP header succeeds', async () => {\n // Set up a counter to control behavior\n let callCount = 0;\n\n // Mock implementation that changes behavior based on call count\n mockFetch.mockImplementation((_url, _options) => {\n callCount++;\n\n return callCount === 1\n ? Promise.reject(new TypeError('Network error'))\n : Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n });\n\n // Should succeed with the second call\n const metadata = await discoverOAuthMetadata('https://auth.example.com');\n expect(metadata).toEqual(validMetadata);\n\n // Verify both calls were made\n expect(mockFetch).toHaveBeenCalledTimes(2);\n\n // Verify first call had MCP header\n expect(mockFetch.mock.calls[0]![1]?.headers).toHaveProperty('MCP-Protocol-Version');\n });\n\n it('throws an error when all fetch attempts fail', async () => {\n // Set up a counter to control behavior\n let callCount = 0;\n\n // Mock implementation that changes behavior based on call count\n mockFetch.mockImplementation((_url, _options) => {\n callCount++;\n\n return callCount === 1 ? Promise.reject(new TypeError('First failure')) : Promise.reject(new Error('Second failure'));\n });\n\n // Should fail with the second error\n await expect(discoverOAuthMetadata('https://auth.example.com')).rejects.toThrow('Second failure');\n\n // Verify both calls were made\n expect(mockFetch).toHaveBeenCalledTimes(2);\n });\n\n it('returns undefined when both CORS requests fail in fetchWithCorsRetry', async () => {\n // fetchWithCorsRetry tries with headers (fails with CORS), then retries without headers (also fails with CORS)\n // simulating a 404 w/o headers set. We want this to return undefined, not throw TypeError\n mockFetch.mockImplementation(() => {\n // Both the initial request with headers and retry without headers fail with CORS TypeError\n return Promise.reject(new TypeError('Failed to fetch'));\n });\n\n // This should return undefined (the desired behavior after the fix)\n const metadata = await discoverOAuthMetadata('https://auth.example.com/path');\n expect(metadata).toBeUndefined();\n });\n\n it('returns undefined when discovery endpoint returns 404', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com');\n expect(metadata).toBeUndefined();\n });\n\n it('throws on non-404 errors', async () => {\n mockFetch.mockResolvedValueOnce(new Response(null, { status: 500 }));\n\n await expect(discoverOAuthMetadata('https://auth.example.com')).rejects.toThrow('HTTP 500');\n });\n\n it('validates metadata schema', async () => {\n mockFetch.mockResolvedValueOnce(\n Response.json(\n {\n // Missing required fields\n issuer: 'https://auth.example.com'\n },\n { status: 200 }\n )\n );\n\n await expect(discoverOAuthMetadata('https://auth.example.com')).rejects.toThrow();\n });\n\n it('supports overriding the fetch function used for requests', async () => {\n const validMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => validMetadata\n });\n\n const metadata = await discoverOAuthMetadata('https://auth.example.com', {}, customFetch);\n\n expect(metadata).toEqual(validMetadata);\n expect(customFetch).toHaveBeenCalledTimes(1);\n expect(mockFetch).not.toHaveBeenCalled();\n\n const [url, options] = customFetch.mock.calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n expect(options.headers).toEqual({\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n });\n\n describe('buildDiscoveryUrls', () => {\n it('generates correct URLs for server without path', () => {\n const urls = buildDiscoveryUrls('https://auth.example.com');\n\n expect(urls).toHaveLength(2);\n expect(urls.map(u => ({ url: u.url.toString(), type: u.type }))).toEqual([\n {\n url: 'https://auth.example.com/.well-known/oauth-authorization-server',\n type: 'oauth'\n },\n {\n url: 'https://auth.example.com/.well-known/openid-configuration',\n type: 'oidc'\n }\n ]);\n });\n\n it('generates correct URLs for server with path', () => {\n const urls = buildDiscoveryUrls('https://auth.example.com/tenant1');\n\n expect(urls).toHaveLength(3);\n expect(urls.map(u => ({ url: u.url.toString(), type: u.type }))).toEqual([\n {\n url: 'https://auth.example.com/.well-known/oauth-authorization-server/tenant1',\n type: 'oauth'\n },\n {\n url: 'https://auth.example.com/.well-known/openid-configuration/tenant1',\n type: 'oidc'\n },\n {\n url: 'https://auth.example.com/tenant1/.well-known/openid-configuration',\n type: 'oidc'\n }\n ]);\n });\n\n it('handles URL object input', () => {\n const urls = buildDiscoveryUrls(new URL('https://auth.example.com/tenant1'));\n\n expect(urls).toHaveLength(3);\n expect(urls[0]!.url.toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server/tenant1');\n });\n });\n\n describe('discoverAuthorizationServerMetadata', () => {\n const validOAuthMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n const validOpenIdMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n jwks_uri: 'https://auth.example.com/jwks',\n subject_types_supported: ['public'],\n id_token_signing_alg_values_supported: ['RS256'],\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n it('tries URLs in order and returns first successful metadata', async () => {\n // First OAuth URL (path before well-known) fails with 404\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404\n });\n\n // Second OIDC URL (path before well-known) succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validOpenIdMetadata\n });\n\n const metadata = await discoverAuthorizationServerMetadata('https://auth.example.com/tenant1');\n\n expect(metadata).toEqual(validOpenIdMetadata);\n\n // Verify it tried the URLs in the correct order\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n expect(calls[0]![0].toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server/tenant1');\n expect(calls[1]![0].toString()).toBe('https://auth.example.com/.well-known/openid-configuration/tenant1');\n });\n\n it('continues on 4xx errors', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 400\n });\n\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validOpenIdMetadata\n });\n\n const metadata = await discoverAuthorizationServerMetadata('https://mcp.example.com');\n\n expect(metadata).toEqual(validOpenIdMetadata);\n });\n\n it('throws on non-4xx errors', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 500\n });\n\n await expect(discoverAuthorizationServerMetadata('https://mcp.example.com')).rejects.toThrow('HTTP 500');\n });\n\n it('handles CORS errors with retry', async () => {\n // First call fails with CORS\n mockFetch.mockImplementationOnce(() => Promise.reject(new TypeError('CORS error')));\n\n // Retry without headers succeeds\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validOAuthMetadata\n });\n\n const metadata = await discoverAuthorizationServerMetadata('https://auth.example.com');\n\n expect(metadata).toEqual(validOAuthMetadata);\n const calls = mockFetch.mock.calls;\n expect(calls.length).toBe(2);\n\n // First call should have headers\n expect(calls[0]![1]?.headers).toHaveProperty('MCP-Protocol-Version');\n\n // Second call should not have headers (CORS retry)\n expect(calls[1]![1]?.headers).toBeUndefined();\n });\n\n it('supports custom fetch function', async () => {\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => validOAuthMetadata\n });\n\n const metadata = await discoverAuthorizationServerMetadata('https://auth.example.com', { fetchFn: customFetch });\n\n expect(metadata).toEqual(validOAuthMetadata);\n expect(customFetch).toHaveBeenCalledTimes(1);\n expect(mockFetch).not.toHaveBeenCalled();\n });\n\n it('supports custom protocol version', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validOAuthMetadata\n });\n\n const metadata = await discoverAuthorizationServerMetadata('https://auth.example.com', { protocolVersion: '2025-01-01' });\n\n expect(metadata).toEqual(validOAuthMetadata);\n const calls = mockFetch.mock.calls;\n const [, options] = calls[0]!;\n expect(options.headers).toEqual({\n 'MCP-Protocol-Version': '2025-01-01',\n Accept: 'application/json'\n });\n });\n\n it('returns undefined when all URLs fail with CORS errors', async () => {\n // All fetch attempts fail with CORS errors (TypeError)\n mockFetch.mockImplementation(() => Promise.reject(new TypeError('CORS error')));\n\n const metadata = await discoverAuthorizationServerMetadata('https://auth.example.com/tenant1');\n\n expect(metadata).toBeUndefined();\n\n // Verify that all discovery URLs were attempted\n expect(mockFetch).toHaveBeenCalledTimes(6); // 3 URLs × 2 attempts each (with and without headers)\n });\n });\n\n describe('discoverOAuthServerInfo', () => {\n const validResourceMetadata = {\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n };\n\n const validAuthMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code']\n };\n\n it('returns auth server from RFC 9728 protected resource metadata', async () => {\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validResourceMetadata\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validAuthMetadata\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n const result = await discoverOAuthServerInfo('https://resource.example.com');\n\n expect(result.authorizationServerUrl).toBe('https://auth.example.com');\n expect(result.resourceMetadata).toEqual(validResourceMetadata);\n expect(result.authorizationServerMetadata).toEqual(validAuthMetadata);\n });\n\n it('falls back to server URL when RFC 9728 is not supported', async () => {\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n // RFC 9728 returns 404\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: false,\n status: 404\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n ...validAuthMetadata,\n issuer: 'https://resource.example.com'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n const result = await discoverOAuthServerInfo('https://resource.example.com');\n\n // Should fall back to server URL origin\n expect(result.authorizationServerUrl).toBe('https://resource.example.com/');\n expect(result.resourceMetadata).toBeUndefined();\n expect(result.authorizationServerMetadata).toBeDefined();\n });\n\n it('forwards resourceMetadataUrl override to protected resource metadata discovery', async () => {\n const overrideUrl = new URL('https://custom.example.com/.well-known/oauth-protected-resource');\n\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString === overrideUrl.toString()) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validResourceMetadata\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validAuthMetadata\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n const result = await discoverOAuthServerInfo('https://resource.example.com', {\n resourceMetadataUrl: overrideUrl\n });\n\n expect(result.resourceMetadata).toEqual(validResourceMetadata);\n // Verify the override URL was used instead of the default well-known path\n expect(mockFetch.mock.calls[0]![0].toString()).toBe(overrideUrl.toString());\n });\n });\n\n describe('auth with provider authorization server URL caching', () => {\n const validResourceMetadata = {\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n };\n\n const validAuthMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n function createMockProvider(overrides: Partial = {}): OAuthClientProvider {\n return {\n get redirectUrl() {\n return 'http://localhost:3000/callback';\n },\n get clientMetadata() {\n return {\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n },\n clientInformation: vi.fn().mockResolvedValue({\n client_id: 'test-client-id',\n client_secret: 'test-client-secret'\n }),\n tokens: vi.fn().mockResolvedValue(undefined),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n ...overrides\n };\n }\n\n beforeEach(() => {\n vi.clearAllMocks();\n });\n\n it('calls saveDiscoveryState after discovery when provider implements it', async () => {\n const saveDiscoveryState = vi.fn();\n const provider = createMockProvider({ saveDiscoveryState });\n\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validResourceMetadata\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validAuthMetadata\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n await auth(provider, { serverUrl: 'https://resource.example.com' });\n\n expect(saveDiscoveryState).toHaveBeenCalledWith(\n expect.objectContaining({\n authorizationServerUrl: 'https://auth.example.com',\n resourceMetadata: validResourceMetadata,\n authorizationServerMetadata: validAuthMetadata\n })\n );\n });\n\n it('restores full discovery state from cache including resource metadata', async () => {\n const provider = createMockProvider({\n discoveryState: vi.fn().mockResolvedValue({\n authorizationServerUrl: 'https://auth.example.com',\n resourceMetadata: validResourceMetadata,\n authorizationServerMetadata: validAuthMetadata\n }),\n tokens: vi.fn().mockResolvedValue({\n access_token: 'valid-token',\n refresh_token: 'refresh-token',\n token_type: 'bearer'\n })\n });\n\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-token',\n token_type: 'bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n const result = await auth(provider, {\n serverUrl: 'https://resource.example.com'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Should NOT have called any discovery endpoints -- all from cache\n const discoveryCalls = mockFetch.mock.calls.filter(\n call => call[0].toString().includes('oauth-protected-resource') || call[0].toString().includes('oauth-authorization-server')\n );\n expect(discoveryCalls).toHaveLength(0);\n\n // Verify the token request includes the resource parameter from cached metadata\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n const body = tokenCall![1].body as URLSearchParams;\n expect(body.get('resource')).toBe('https://resource.example.com/');\n });\n\n it('re-saves enriched state when partial cache is supplemented with fetched metadata', async () => {\n const saveDiscoveryState = vi.fn();\n const provider = createMockProvider({\n // Partial cache: auth server URL only, no metadata\n discoveryState: vi.fn().mockResolvedValue({\n authorizationServerUrl: 'https://auth.example.com'\n }),\n saveDiscoveryState,\n tokens: vi.fn().mockResolvedValue({\n access_token: 'valid-token',\n refresh_token: 'refresh-token',\n token_type: 'bearer'\n })\n });\n\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validResourceMetadata\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validAuthMetadata\n });\n }\n\n if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-token',\n token_type: 'bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n await auth(provider, { serverUrl: 'https://resource.example.com' });\n\n // Should re-save with the enriched state including fetched metadata\n expect(saveDiscoveryState).toHaveBeenCalledWith(\n expect.objectContaining({\n authorizationServerUrl: 'https://auth.example.com',\n authorizationServerMetadata: validAuthMetadata,\n resourceMetadata: validResourceMetadata\n })\n );\n });\n\n it('uses resourceMetadataUrl from cached discovery state for PRM discovery', async () => {\n const cachedPrmUrl = 'https://custom.example.com/.well-known/oauth-protected-resource';\n const provider = createMockProvider({\n // Cache has auth server URL + resourceMetadataUrl but no resourceMetadata\n // (simulates browser redirect where PRM URL was saved but metadata wasn't)\n discoveryState: vi.fn().mockResolvedValue({\n authorizationServerUrl: 'https://auth.example.com',\n resourceMetadataUrl: cachedPrmUrl,\n authorizationServerMetadata: validAuthMetadata\n }),\n tokens: vi.fn().mockResolvedValue({\n access_token: 'valid-token',\n refresh_token: 'refresh-token',\n token_type: 'bearer'\n })\n });\n\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n // The cached PRM URL should be used for resource metadata discovery\n if (urlString === cachedPrmUrl) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => validResourceMetadata\n });\n }\n\n if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-token',\n token_type: 'bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch: ${urlString}`));\n });\n\n const result = await auth(provider, {\n serverUrl: 'https://resource.example.com'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Should have used the cached PRM URL, not the default well-known path\n const prmCalls = mockFetch.mock.calls.filter(call => call[0].toString().includes('oauth-protected-resource'));\n expect(prmCalls).toHaveLength(1);\n expect(prmCalls[0]![0].toString()).toBe(cachedPrmUrl);\n });\n });\n\n describe('selectClientAuthMethod', () => {\n it('selects the correct client authentication method from client information', () => {\n const clientInfo = {\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n token_endpoint_auth_method: 'client_secret_basic'\n };\n const supportedMethods = ['client_secret_post', 'client_secret_basic', 'none'];\n const authMethod = selectClientAuthMethod(clientInfo, supportedMethods);\n expect(authMethod).toBe('client_secret_basic');\n });\n it('selects the correct client authentication method from supported methods', () => {\n const clientInfo = { client_id: 'test-client-id' };\n const supportedMethods = ['client_secret_post', 'client_secret_basic', 'none'];\n const authMethod = selectClientAuthMethod(clientInfo, supportedMethods);\n expect(authMethod).toBe('none');\n });\n it('defaults to client_secret_basic when server omits token_endpoint_auth_methods_supported (RFC 8414 §2)', () => {\n // RFC 8414 §2: if omitted, the default is client_secret_basic.\n // RFC 6749 §2.3.1: servers MUST support HTTP Basic for clients with a secret.\n const clientInfo = { client_id: 'test-client-id', client_secret: 'test-client-secret' };\n const authMethod = selectClientAuthMethod(clientInfo, []);\n expect(authMethod).toBe('client_secret_basic');\n });\n it('defaults to none for public clients when server omits token_endpoint_auth_methods_supported', () => {\n const clientInfo = { client_id: 'test-client-id' };\n const authMethod = selectClientAuthMethod(clientInfo, []);\n expect(authMethod).toBe('none');\n });\n it('honors DCR-returned token_endpoint_auth_method even when server metadata omits supported methods', () => {\n const clientInfo = {\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n token_endpoint_auth_method: 'client_secret_post'\n };\n const authMethod = selectClientAuthMethod(clientInfo, []);\n expect(authMethod).toBe('client_secret_post');\n });\n });\n\n describe('startAuthorization', () => {\n const validMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/auth',\n token_endpoint: 'https://auth.example.com/tkn',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n const validOpenIdMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/auth',\n token_endpoint: 'https://auth.example.com/token',\n jwks_uri: 'https://auth.example.com/jwks',\n subject_types_supported: ['public'],\n id_token_signing_alg_values_supported: ['RS256'],\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n it('generates authorization URL with PKCE challenge', async () => {\n const { authorizationUrl, codeVerifier } = await startAuthorization('https://auth.example.com', {\n metadata: undefined,\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback',\n resource: new URL('https://api.example.com/mcp-server')\n });\n\n expect(authorizationUrl.toString()).toMatch(/^https:\\/\\/auth\\.example\\.com\\/authorize\\?/);\n expect(authorizationUrl.searchParams.get('response_type')).toBe('code');\n expect(authorizationUrl.searchParams.get('code_challenge')).toBe('test_challenge');\n expect(authorizationUrl.searchParams.get('code_challenge_method')).toBe('S256');\n expect(authorizationUrl.searchParams.get('redirect_uri')).toBe('http://localhost:3000/callback');\n expect(authorizationUrl.searchParams.get('resource')).toBe('https://api.example.com/mcp-server');\n expect(codeVerifier).toBe('test_verifier');\n });\n\n it('includes scope parameter when provided', async () => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback',\n scope: 'read write profile'\n });\n\n expect(authorizationUrl.searchParams.get('scope')).toBe('read write profile');\n });\n\n it('excludes scope parameter when not provided', async () => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n });\n\n expect(authorizationUrl.searchParams.has('scope')).toBe(false);\n });\n\n it('includes state parameter when provided', async () => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback',\n state: 'foobar'\n });\n\n expect(authorizationUrl.searchParams.get('state')).toBe('foobar');\n });\n\n it('excludes state parameter when not provided', async () => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n });\n\n expect(authorizationUrl.searchParams.has('state')).toBe(false);\n });\n\n // OpenID Connect requires that the user is prompted for consent if the scope includes 'offline_access'\n it(\"includes consent prompt parameter if scope includes 'offline_access'\", async () => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback',\n scope: 'read write profile offline_access'\n });\n\n expect(authorizationUrl.searchParams.get('prompt')).toBe('consent');\n });\n\n it.each([validMetadata, validOpenIdMetadata])('uses metadata authorization_endpoint when provided', async baseMetadata => {\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n metadata: baseMetadata,\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n });\n\n expect(authorizationUrl.toString()).toMatch(/^https:\\/\\/auth\\.example\\.com\\/auth\\?/);\n });\n\n it.each([validMetadata, validOpenIdMetadata])('validates response type support', async baseMetadata => {\n const metadata = {\n ...baseMetadata,\n response_types_supported: ['token'] // Does not support 'code'\n };\n\n await expect(\n startAuthorization('https://auth.example.com', {\n metadata,\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n })\n ).rejects.toThrow(/does not support response type/);\n });\n\n // https://github.com/modelcontextprotocol/typescript-sdk/issues/832\n it.each([validMetadata, validOpenIdMetadata])(\n 'assumes supported code challenge methods includes S256 if absent',\n async baseMetadata => {\n const metadata = {\n ...baseMetadata,\n response_types_supported: ['code'],\n code_challenge_methods_supported: undefined\n };\n\n const { authorizationUrl } = await startAuthorization('https://auth.example.com', {\n metadata,\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n });\n\n expect(authorizationUrl.toString()).toMatch(/^https:\\/\\/auth\\.example\\.com\\/auth\\?.+&code_challenge_method=S256/);\n }\n );\n\n it.each([validMetadata, validOpenIdMetadata])(\n 'validates supported code challenge methods includes S256 if present',\n async baseMetadata => {\n const metadata = {\n ...baseMetadata,\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['plain'] // Does not support 'S256'\n };\n\n await expect(\n startAuthorization('https://auth.example.com', {\n metadata,\n clientInformation: validClientInfo,\n redirectUrl: 'http://localhost:3000/callback'\n })\n ).rejects.toThrow(/does not support code challenge method/);\n }\n );\n });\n\n describe('exchangeAuthorization', () => {\n const validTokens: OAuthTokens = {\n access_token: 'access123',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'refresh123'\n };\n\n const validMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code']\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n it('exchanges code for tokens', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback',\n resource: new URL('https://api.example.com/mcp-server')\n });\n\n expect(tokens).toEqual(validTokens);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/token'\n }),\n expect.objectContaining({\n method: 'POST'\n })\n );\n\n const options = mockFetch.mock.calls[0]![1];\n expect(options.headers).toBeInstanceOf(Headers);\n expect(options.headers.get('Content-Type')).toBe('application/x-www-form-urlencoded');\n expect(options.body).toBeInstanceOf(URLSearchParams);\n\n const body = options.body as URLSearchParams;\n expect(body.get('grant_type')).toBe('authorization_code');\n expect(body.get('code')).toBe('code123');\n expect(body.get('code_verifier')).toBe('verifier123');\n // Default auth method is client_secret_basic when no metadata provided (RFC 8414 §2)\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n expect(options.headers.get('Authorization')).toBe('Basic ' + btoa('client123:secret123'));\n expect(body.get('redirect_uri')).toBe('http://localhost:3000/callback');\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n\n it('allows for string \"expires_in\" values', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({ ...validTokens, expires_in: '3600' })\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback',\n resource: new URL('https://api.example.com/mcp-server')\n });\n\n expect(tokens).toEqual(validTokens);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/token'\n }),\n expect.objectContaining({\n method: 'POST'\n })\n );\n\n const options = mockFetch.mock.calls[0]![1];\n expect(options.headers).toBeInstanceOf(Headers);\n expect(options.headers.get('Content-Type')).toBe('application/x-www-form-urlencoded');\n\n const body = options.body as URLSearchParams;\n expect(body.get('grant_type')).toBe('authorization_code');\n expect(body.get('code')).toBe('code123');\n expect(body.get('code_verifier')).toBe('verifier123');\n // Default auth method is client_secret_basic when no metadata provided (RFC 8414 §2)\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n expect(options.headers.get('Authorization')).toBe('Basic ' + btoa('client123:secret123'));\n expect(body.get('redirect_uri')).toBe('http://localhost:3000/callback');\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n it('exchanges code for tokens with auth', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n metadata: validMetadata,\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback',\n addClientAuthentication: (\n headers: Headers,\n params: URLSearchParams,\n url: string | URL,\n metadata?: AuthorizationServerMetadata\n ) => {\n headers.set('Authorization', 'Basic ' + btoa(validClientInfo.client_id + ':' + validClientInfo.client_secret));\n params.set('example_url', typeof url === 'string' ? url : url.toString());\n params.set('example_metadata', metadata?.authorization_endpoint ?? '');\n params.set('example_param', 'example_value');\n }\n });\n\n expect(tokens).toEqual(validTokens);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/token'\n }),\n expect.objectContaining({\n method: 'POST'\n })\n );\n\n const headers = mockFetch.mock.calls[0]![1].headers as Headers;\n expect(headers.get('Content-Type')).toBe('application/x-www-form-urlencoded');\n expect(headers.get('Authorization')).toBe('Basic Y2xpZW50MTIzOnNlY3JldDEyMw==');\n const body = mockFetch.mock.calls[0]![1].body as URLSearchParams;\n expect(body.get('grant_type')).toBe('authorization_code');\n expect(body.get('code')).toBe('code123');\n expect(body.get('code_verifier')).toBe('verifier123');\n expect(body.get('client_id')).toBeNull();\n expect(body.get('redirect_uri')).toBe('http://localhost:3000/callback');\n expect(body.get('example_url')).toBe('https://auth.example.com/token');\n expect(body.get('example_metadata')).toBe('https://auth.example.com/authorize');\n expect(body.get('example_param')).toBe('example_value');\n expect(body.get('client_secret')).toBeNull();\n });\n\n it('validates token response schema', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n // Missing required fields\n access_token: 'access123'\n })\n });\n\n await expect(\n exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback'\n })\n ).rejects.toThrow();\n });\n\n it('throws on error response', async () => {\n mockFetch.mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.ServerError, 'Token exchange failed').toResponseObject(), { status: 400 })\n );\n\n await expect(\n exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback'\n })\n ).rejects.toThrow('Token exchange failed');\n });\n\n it('supports overriding the fetch function used for requests', async () => {\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback',\n resource: new URL('https://api.example.com/mcp-server'),\n fetchFn: customFetch\n });\n\n expect(tokens).toEqual(validTokens);\n expect(customFetch).toHaveBeenCalledTimes(1);\n expect(mockFetch).not.toHaveBeenCalled();\n\n const [url, options] = customFetch.mock.calls[0]!;\n expect(url.toString()).toBe('https://auth.example.com/token');\n expect(options).toEqual(\n expect.objectContaining({\n method: 'POST',\n headers: expect.any(Headers),\n body: expect.any(URLSearchParams)\n })\n );\n\n const body = options.body as URLSearchParams;\n expect(body.get('grant_type')).toBe('authorization_code');\n expect(body.get('code')).toBe('code123');\n expect(body.get('code_verifier')).toBe('verifier123');\n // Default auth method is client_secret_basic when no metadata provided (RFC 8414 §2)\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n expect((options.headers as Headers).get('Authorization')).toBe('Basic ' + btoa('client123:secret123'));\n expect(body.get('redirect_uri')).toBe('http://localhost:3000/callback');\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n });\n\n describe('refreshAuthorization', () => {\n const validTokens = {\n access_token: 'newaccess123',\n token_type: 'Bearer',\n expires_in: 3600\n };\n const validTokensWithNewRefreshToken = {\n ...validTokens,\n refresh_token: 'newrefresh123'\n };\n\n const validMetadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code']\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n it('exchanges refresh token for new tokens', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokensWithNewRefreshToken\n });\n\n const tokens = await refreshAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n refreshToken: 'refresh123',\n resource: new URL('https://api.example.com/mcp-server')\n });\n\n expect(tokens).toEqual(validTokensWithNewRefreshToken);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/token'\n }),\n expect.objectContaining({\n method: 'POST'\n })\n );\n\n const headers = mockFetch.mock.calls[0]![1].headers as Headers;\n expect(headers.get('Content-Type')).toBe('application/x-www-form-urlencoded');\n const body = mockFetch.mock.calls[0]![1].body as URLSearchParams;\n expect(body.get('grant_type')).toBe('refresh_token');\n expect(body.get('refresh_token')).toBe('refresh123');\n // Default auth method is client_secret_basic when no metadata provided (RFC 8414 §2)\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n expect(headers.get('Authorization')).toBe('Basic ' + btoa('client123:secret123'));\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n\n it('exchanges refresh token for new tokens with auth', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokensWithNewRefreshToken\n });\n\n const tokens = await refreshAuthorization('https://auth.example.com', {\n metadata: validMetadata,\n clientInformation: validClientInfo,\n refreshToken: 'refresh123',\n addClientAuthentication: (\n headers: Headers,\n params: URLSearchParams,\n url: string | URL,\n metadata?: AuthorizationServerMetadata\n ) => {\n headers.set('Authorization', 'Basic ' + btoa(validClientInfo.client_id + ':' + validClientInfo.client_secret));\n params.set('example_url', typeof url === 'string' ? url : url.toString());\n params.set('example_metadata', metadata?.authorization_endpoint ?? '?');\n params.set('example_param', 'example_value');\n }\n });\n\n expect(tokens).toEqual(validTokensWithNewRefreshToken);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/token'\n }),\n expect.objectContaining({\n method: 'POST'\n })\n );\n\n const headers = mockFetch.mock.calls[0]![1].headers as Headers;\n expect(headers.get('Content-Type')).toBe('application/x-www-form-urlencoded');\n expect(headers.get('Authorization')).toBe('Basic Y2xpZW50MTIzOnNlY3JldDEyMw==');\n const body = mockFetch.mock.calls[0]![1].body as URLSearchParams;\n expect(body.get('grant_type')).toBe('refresh_token');\n expect(body.get('refresh_token')).toBe('refresh123');\n expect(body.get('client_id')).toBeNull();\n expect(body.get('example_url')).toBe('https://auth.example.com/token');\n expect(body.get('example_metadata')).toBe('https://auth.example.com/authorize');\n expect(body.get('example_param')).toBe('example_value');\n expect(body.get('client_secret')).toBeNull();\n });\n\n it('exchanges refresh token for new tokens and keep existing refresh token if none is returned', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const refreshToken = 'refresh123';\n const tokens = await refreshAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n refreshToken\n });\n\n expect(tokens).toEqual({ refresh_token: refreshToken, ...validTokens });\n });\n\n it('validates token response schema', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n // Missing required fields\n access_token: 'newaccess123'\n })\n });\n\n await expect(\n refreshAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n refreshToken: 'refresh123'\n })\n ).rejects.toThrow();\n });\n\n it('throws on error response', async () => {\n mockFetch.mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.ServerError, 'Token refresh failed').toResponseObject(), { status: 400 })\n );\n\n await expect(\n refreshAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n refreshToken: 'refresh123'\n })\n ).rejects.toThrow('Token refresh failed');\n });\n });\n\n describe('registerClient', () => {\n const validClientMetadata = {\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n client_id_issued_at: 1_612_137_600,\n client_secret_expires_at: 1_612_224_000,\n ...validClientMetadata\n };\n\n it('registers client and returns client information', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validClientInfo\n });\n\n const clientInfo = await registerClient('https://auth.example.com', {\n clientMetadata: validClientMetadata\n });\n\n expect(clientInfo).toEqual(validClientInfo);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/register'\n }),\n expect.objectContaining({\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify(validClientMetadata)\n })\n );\n });\n\n it('includes scope in registration body when provided, overriding clientMetadata.scope', async () => {\n const clientMetadataWithScope: OAuthClientMetadata = {\n ...validClientMetadata,\n scope: 'should-be-overridden'\n };\n\n const expectedClientInfo = {\n ...validClientInfo,\n scope: 'openid profile'\n };\n\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => expectedClientInfo\n });\n\n const clientInfo = await registerClient('https://auth.example.com', {\n clientMetadata: clientMetadataWithScope,\n scope: 'openid profile'\n });\n\n expect(clientInfo).toEqual(expectedClientInfo);\n expect(mockFetch).toHaveBeenCalledWith(\n expect.objectContaining({\n href: 'https://auth.example.com/register'\n }),\n expect.objectContaining({\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({ ...validClientMetadata, scope: 'openid profile' })\n })\n );\n });\n\n it('validates client information response schema', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n // Missing required fields\n client_secret: 'secret123'\n })\n });\n\n await expect(\n registerClient('https://auth.example.com', {\n clientMetadata: validClientMetadata\n })\n ).rejects.toThrow();\n });\n\n it('throws when registration endpoint not available in metadata', async () => {\n const metadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code']\n };\n\n await expect(\n registerClient('https://auth.example.com', {\n metadata,\n clientMetadata: validClientMetadata\n })\n ).rejects.toThrow(/does not support dynamic client registration/);\n });\n\n it('throws on error response', async () => {\n mockFetch.mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.ServerError, 'Dynamic client registration failed').toResponseObject(), {\n status: 400\n })\n );\n\n await expect(\n registerClient('https://auth.example.com', {\n clientMetadata: validClientMetadata\n })\n ).rejects.toThrow('Dynamic client registration failed');\n });\n });\n\n describe('auth function', () => {\n const mockProvider: OAuthClientProvider = {\n get redirectUrl() {\n return 'http://localhost:3000/callback';\n },\n get clientMetadata() {\n return {\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n },\n clientInformation: vi.fn(),\n tokens: vi.fn(),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn()\n };\n\n beforeEach(() => {\n vi.clearAllMocks();\n });\n\n it('performs client_credentials with private_key_jwt when provider has addClientAuthentication', async () => {\n // Arrange: metadata discovery for PRM and AS\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/mcp-server',\n authorization_servers: ['https://auth.example.com']\n })\n });\n }\n\n if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n\n if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'cc_jwt_token',\n token_type: 'bearer',\n expires_in: 3600\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch call: ${urlString}`));\n });\n\n // Create a provider with client_credentials grant and addClientAuthentication\n // redirectUrl returns undefined to indicate non-interactive flow\n const ccProvider: OAuthClientProvider = {\n get redirectUrl() {\n // eslint-disable-next-line unicorn/no-useless-undefined\n return undefined;\n },\n get clientMetadata() {\n return {\n redirect_uris: [],\n client_name: 'Test Client',\n grant_types: ['client_credentials']\n };\n },\n clientInformation: vi.fn().mockResolvedValue({\n client_id: 'client-id'\n }),\n tokens: vi.fn().mockResolvedValue(undefined),\n saveTokens: vi.fn().mockResolvedValue(undefined),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n prepareTokenRequest: () => new URLSearchParams({ grant_type: 'client_credentials' }),\n addClientAuthentication: createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: 'a-string-secret-at-least-256-bits-long',\n alg: 'HS256'\n })\n };\n\n const result = await auth(ccProvider, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Find the token request\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n\n const [, init] = tokenCall!;\n const body = init.body as URLSearchParams;\n\n // grant_type MUST be client_credentials, not the JWT-bearer grant\n expect(body.get('grant_type')).toBe('client_credentials');\n // private_key_jwt client authentication parameters\n expect(body.get('client_assertion_type')).toBe('urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n expect(body.get('client_assertion')).toBeTruthy();\n // resource parameter included based on PRM\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n\n it('falls back to /.well-known/oauth-authorization-server when no protected-resource-metadata', async () => {\n // Setup: First call to protected resource metadata fails (404)\n // Second call to auth server metadata succeeds\n let callCount = 0;\n mockFetch.mockImplementation(url => {\n callCount++;\n\n const urlString = url.toString();\n\n if (callCount === 1 && urlString.includes('/.well-known/oauth-protected-resource')) {\n // First call - protected resource metadata fails with 404\n return Promise.resolve({\n ok: false,\n status: 404\n });\n } else if (callCount === 2 && urlString.includes('/.well-known/oauth-authorization-server')) {\n // Second call - auth server metadata succeeds\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (callCount === 3 && urlString.includes('/register')) {\n // Third call - client registration succeeds\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n client_id_issued_at: 1_612_137_600,\n client_secret_expires_at: 1_612_224_000,\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch call: ${urlString}`));\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue(undefined);\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n mockProvider.saveClientInformation = vi.fn();\n\n // Call the auth function\n const result = await auth(mockProvider, {\n serverUrl: 'https://resource.example.com'\n });\n\n // Verify the result\n expect(result).toBe('REDIRECT');\n\n // Verify the sequence of calls\n expect(mockFetch).toHaveBeenCalledTimes(3);\n\n // First call should be to protected resource metadata\n expect(mockFetch.mock.calls[0]![0].toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n\n // Second call should be to oauth metadata at the root path\n expect(mockFetch.mock.calls[1]![0].toString()).toBe('https://resource.example.com/.well-known/oauth-authorization-server');\n });\n\n it('uses base URL (with root path) as authorization server when protected-resource-metadata discovery fails', async () => {\n // Setup: First call to protected resource metadata fails (404)\n // When no authorization_servers are found in protected resource metadata,\n // the auth server URL should be set to the base URL with \"/\" path\n let callCount = 0;\n mockFetch.mockImplementation(url => {\n callCount++;\n\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n // Protected resource metadata discovery attempts (both path-aware and root) fail with 404\n return Promise.resolve({\n ok: false,\n status: 404\n });\n } else if (urlString === 'https://resource.example.com/.well-known/oauth-authorization-server') {\n // Should fetch from base URL with root path, not the full serverUrl path\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://resource.example.com/',\n authorization_endpoint: 'https://resource.example.com/authorize',\n token_endpoint: 'https://resource.example.com/token',\n registration_endpoint: 'https://resource.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/register')) {\n // Client registration succeeds\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n client_id_issued_at: 1_612_137_600,\n client_secret_expires_at: 1_612_224_000,\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n })\n });\n }\n\n return Promise.reject(new Error(`Unexpected fetch call #${callCount}: ${urlString}`));\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue(undefined);\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n mockProvider.saveClientInformation = vi.fn();\n\n // Call the auth function with a server URL that has a path\n const result = await auth(mockProvider, {\n serverUrl: 'https://resource.example.com/path/to/server'\n });\n\n // Verify the result\n expect(result).toBe('REDIRECT');\n\n // Verify that the oauth-authorization-server call uses the base URL\n // This proves the fix: using new URL(\"/\", serverUrl) instead of serverUrl\n const authServerCall = mockFetch.mock.calls.find(call =>\n call[0].toString().includes('/.well-known/oauth-authorization-server')\n );\n expect(authServerCall).toBeDefined();\n expect(authServerCall![0].toString()).toBe('https://resource.example.com/.well-known/oauth-authorization-server');\n });\n\n it('passes resource parameter through authorization flow', async () => {\n // Mock successful metadata discovery - need to include protected resource metadata\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/mcp-server',\n authorization_servers: ['https://auth.example.com']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods for authorization flow\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth without authorization code (should trigger redirect)\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the authorization URL includes the resource parameter\n expect(mockProvider.redirectToAuthorization).toHaveBeenCalledWith(\n expect.objectContaining({\n searchParams: expect.any(URLSearchParams)\n })\n );\n\n const redirectCall = (mockProvider.redirectToAuthorization as Mock).mock.calls[0]!;\n const authUrl: URL = redirectCall[0];\n expect(authUrl.searchParams.get('resource')).toBe('https://api.example.com/mcp-server');\n });\n\n it('includes resource in token exchange when authorization code is provided', async () => {\n // Mock successful metadata discovery and token exchange - need protected resource metadata\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/mcp-server',\n authorization_servers: ['https://auth.example.com']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'access123',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'refresh123'\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods for token exchange\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.codeVerifier as Mock).mockResolvedValue('test-verifier');\n (mockProvider.saveTokens as Mock).mockResolvedValue(undefined);\n\n // Call auth with authorization code\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server',\n authorizationCode: 'auth-code-123'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Find the token exchange call\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n\n const body = tokenCall![1].body as URLSearchParams;\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n expect(body.get('code')).toBe('auth-code-123');\n });\n\n it('includes resource in token refresh', async () => {\n // Mock successful metadata discovery and token refresh - need protected resource metadata\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/mcp-server',\n authorization_servers: ['https://auth.example.com']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-access123',\n token_type: 'Bearer',\n expires_in: 3600\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods for token refresh\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue({\n access_token: 'old-access',\n refresh_token: 'refresh123'\n });\n (mockProvider.saveTokens as Mock).mockResolvedValue(undefined);\n\n // Call auth with existing tokens (should trigger refresh)\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Find the token refresh call\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n\n const body = tokenCall![1].body as URLSearchParams;\n expect(body.get('resource')).toBe('https://api.example.com/mcp-server');\n expect(body.get('grant_type')).toBe('refresh_token');\n expect(body.get('refresh_token')).toBe('refresh123');\n });\n\n it('skips default PRM resource validation when custom validateResourceURL is provided', async () => {\n const mockValidateResourceURL = vi.fn().mockResolvedValue(undefined);\n const providerWithCustomValidation = {\n ...mockProvider,\n validateResourceURL: mockValidateResourceURL\n };\n\n // Mock protected resource metadata with mismatched resource URL\n // This would normally throw an error in default validation, but should be skipped\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://different-resource.example.com/mcp-server', // Mismatched resource\n authorization_servers: ['https://auth.example.com']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods\n (providerWithCustomValidation.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (providerWithCustomValidation.tokens as Mock).mockResolvedValue(undefined);\n (providerWithCustomValidation.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (providerWithCustomValidation.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth - should succeed despite resource mismatch because custom validation overrides default\n const result = await auth(providerWithCustomValidation, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify custom validation method was called\n expect(mockValidateResourceURL).toHaveBeenCalledWith(\n new URL('https://api.example.com/mcp-server'),\n 'https://different-resource.example.com/mcp-server'\n );\n });\n\n it('uses prefix of server URL from PRM resource as resource parameter', async () => {\n // Mock successful metadata discovery with resource URL that is a prefix of requested URL\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n // Resource is a prefix of the requested server URL\n resource: 'https://api.example.com/',\n authorization_servers: ['https://auth.example.com']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth with a URL that has the resource as prefix\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server/endpoint'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the authorization URL includes the resource parameter from PRM\n expect(mockProvider.redirectToAuthorization).toHaveBeenCalledWith(\n expect.objectContaining({\n searchParams: expect.any(URLSearchParams)\n })\n );\n\n const redirectCall = (mockProvider.redirectToAuthorization as Mock).mock.calls[0]!;\n const authUrl: URL = redirectCall[0];\n // Should use the PRM's resource value, not the full requested URL\n expect(authUrl.searchParams.get('resource')).toBe('https://api.example.com/');\n });\n\n it('excludes resource parameter when Protected Resource Metadata is not present', async () => {\n // Mock metadata discovery where protected resource metadata is not available (404)\n // but authorization server metadata is available\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n // Protected resource metadata not available\n return Promise.resolve({\n ok: false,\n status: 404\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth - should not include resource parameter\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the authorization URL does NOT include the resource parameter\n expect(mockProvider.redirectToAuthorization).toHaveBeenCalledWith(\n expect.objectContaining({\n searchParams: expect.any(URLSearchParams)\n })\n );\n\n const redirectCall = (mockProvider.redirectToAuthorization as Mock).mock.calls[0]!;\n const authUrl: URL = redirectCall[0];\n // Resource parameter should not be present when PRM is not available\n expect(authUrl.searchParams.has('resource')).toBe(false);\n });\n\n it('excludes resource parameter in token exchange when Protected Resource Metadata is not present', async () => {\n // Mock metadata discovery - no protected resource metadata, but auth server metadata available\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: false,\n status: 404\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'access123',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'refresh123'\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods for token exchange\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.codeVerifier as Mock).mockResolvedValue('test-verifier');\n (mockProvider.saveTokens as Mock).mockResolvedValue(undefined);\n\n // Call auth with authorization code\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server',\n authorizationCode: 'auth-code-123'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Find the token exchange call\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n\n const body = tokenCall![1].body as URLSearchParams;\n // Resource parameter should not be present when PRM is not available\n expect(body.has('resource')).toBe(false);\n expect(body.get('code')).toBe('auth-code-123');\n });\n\n it('excludes resource parameter in token refresh when Protected Resource Metadata is not present', async () => {\n // Mock metadata discovery - no protected resource metadata, but auth server metadata available\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: false,\n status: 404\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/token')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-access123',\n token_type: 'Bearer',\n expires_in: 3600\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods for token refresh\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue({\n access_token: 'old-access',\n refresh_token: 'refresh123'\n });\n (mockProvider.saveTokens as Mock).mockResolvedValue(undefined);\n\n // Call auth with existing tokens (should trigger refresh)\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/mcp-server'\n });\n\n expect(result).toBe('AUTHORIZED');\n\n // Find the token refresh call\n const tokenCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/token'));\n expect(tokenCall).toBeDefined();\n\n const body = tokenCall![1].body as URLSearchParams;\n // Resource parameter should not be present when PRM is not available\n expect(body.has('resource')).toBe(false);\n expect(body.get('grant_type')).toBe('refresh_token');\n expect(body.get('refresh_token')).toBe('refresh123');\n });\n\n it('uses scopes_supported from PRM when scope is not provided', async () => {\n // Mock PRM with scopes_supported\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/',\n authorization_servers: ['https://auth.example.com'],\n scopes_supported: ['mcp:read', 'mcp:write', 'mcp:admin']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/register')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods - no scope in clientMetadata\n (mockProvider.clientInformation as Mock).mockResolvedValue(undefined);\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n mockProvider.saveClientInformation = vi.fn();\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth without scope parameter\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the authorization URL includes the scopes from PRM\n const redirectCall = (mockProvider.redirectToAuthorization as Mock).mock.calls[0]!;\n const authUrl: URL = redirectCall[0];\n expect(authUrl?.searchParams.get('scope')).toBe('mcp:read mcp:write mcp:admin');\n\n // Verify the same scope was also used in the DCR request body\n const registerCall = mockFetch.mock.calls.find(call => call[0].toString().includes('/register'));\n expect(registerCall).toBeDefined();\n const registerBody = JSON.parse(registerCall![1].body as string);\n expect(registerBody.scope).toBe('mcp:read mcp:write mcp:admin');\n });\n\n it('prefers explicit scope parameter over scopes_supported from PRM', async () => {\n // Mock PRM with scopes_supported\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString.includes('/.well-known/oauth-protected-resource')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://api.example.com/',\n authorization_servers: ['https://auth.example.com'],\n scopes_supported: ['mcp:read', 'mcp:write', 'mcp:admin']\n })\n });\n } else if (urlString.includes('/.well-known/oauth-authorization-server')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n } else if (urlString.includes('/register')) {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n client_id: 'test-client-id',\n client_secret: 'test-client-secret',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue(undefined);\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n mockProvider.saveClientInformation = vi.fn();\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth with explicit scope parameter\n const result = await auth(mockProvider, {\n serverUrl: 'https://api.example.com/',\n scope: 'mcp:read'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the authorization URL uses the explicit scope, not scopes_supported\n const redirectCall = (mockProvider.redirectToAuthorization as Mock).mock.calls[0]!;\n const authUrl: URL = redirectCall[0];\n expect(authUrl.searchParams.get('scope')).toBe('mcp:read');\n });\n\n it('fetches AS metadata with path from serverUrl when PRM returns external AS', async () => {\n // Mock PRM discovery that returns an external AS\n mockFetch.mockImplementation(url => {\n const urlString = url.toString();\n\n if (urlString === 'https://my.resource.com/.well-known/oauth-protected-resource/path/name') {\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://my.resource.com/',\n authorization_servers: ['https://auth.example.com/oauth']\n })\n });\n } else if (urlString === 'https://auth.example.com/.well-known/oauth-authorization-server/path/name') {\n // Path-aware discovery on AS with path from serverUrl\n return Promise.resolve({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n }\n\n return Promise.resolve({ ok: false, status: 404 });\n });\n\n // Mock provider methods\n (mockProvider.clientInformation as Mock).mockResolvedValue({\n client_id: 'test-client',\n client_secret: 'test-secret'\n });\n (mockProvider.tokens as Mock).mockResolvedValue(undefined);\n (mockProvider.saveCodeVerifier as Mock).mockResolvedValue(undefined);\n (mockProvider.redirectToAuthorization as Mock).mockResolvedValue(undefined);\n\n // Call auth with serverUrl that has a path\n const result = await auth(mockProvider, {\n serverUrl: 'https://my.resource.com/path/name'\n });\n\n expect(result).toBe('REDIRECT');\n\n // Verify the correct URLs were fetched\n const calls = mockFetch.mock.calls;\n\n // First call should be to PRM\n expect(calls[0]![0].toString()).toBe('https://my.resource.com/.well-known/oauth-protected-resource/path/name');\n\n // Second call should be to AS metadata with the path from authorization server\n expect(calls[1]![0].toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server/oauth');\n });\n\n it('supports overriding the fetch function used for requests', async () => {\n const customFetch = vi.fn();\n\n // Mock PRM discovery\n customFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n })\n });\n\n // Mock AS metadata discovery\n customFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n\n const mockProvider: OAuthClientProvider = {\n get redirectUrl() {\n return 'http://localhost:3000/callback';\n },\n get clientMetadata() {\n return {\n client_name: 'Test Client',\n redirect_uris: ['http://localhost:3000/callback']\n };\n },\n clientInformation: vi.fn().mockResolvedValue({\n client_id: 'client123',\n client_secret: 'secret123'\n }),\n tokens: vi.fn().mockResolvedValue(undefined),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn().mockResolvedValue('verifier123')\n };\n\n const result = await auth(mockProvider, {\n serverUrl: 'https://resource.example.com',\n fetchFn: customFetch\n });\n\n expect(result).toBe('REDIRECT');\n expect(customFetch).toHaveBeenCalledTimes(2);\n expect(mockFetch).not.toHaveBeenCalled();\n\n // Verify custom fetch was called for PRM discovery\n expect(customFetch.mock.calls[0]![0].toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n\n // Verify custom fetch was called for AS metadata discovery\n expect(customFetch.mock.calls[1]![0].toString()).toBe('https://auth.example.com/.well-known/oauth-authorization-server');\n });\n });\n\n describe('exchangeAuthorization with multiple client authentication methods', () => {\n const validTokens = {\n access_token: 'access123',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'refresh123'\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n const metadataWithBasicOnly = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/auth',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n token_endpoint_auth_methods_supported: ['client_secret_basic']\n };\n\n const metadataWithPostOnly = {\n ...metadataWithBasicOnly,\n token_endpoint_auth_methods_supported: ['client_secret_post']\n };\n\n const metadataWithNoneOnly = {\n ...metadataWithBasicOnly,\n token_endpoint_auth_methods_supported: ['none']\n };\n\n const metadataWithAllBuiltinMethods = {\n ...metadataWithBasicOnly,\n token_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post', 'none']\n };\n\n it('uses HTTP Basic authentication when client_secret_basic is supported', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n metadata: metadataWithBasicOnly,\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n redirectUri: 'http://localhost:3000/callback',\n codeVerifier: 'verifier123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check Authorization header\n const authHeader = request.headers.get('Authorization');\n const expected = 'Basic ' + btoa('client123:secret123');\n expect(authHeader).toBe(expected);\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n });\n\n it('includes credentials in request body when client_secret_post is supported', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n metadata: metadataWithPostOnly,\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n redirectUri: 'http://localhost:3000/callback',\n codeVerifier: 'verifier123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check no Authorization header\n expect(request.headers.get('Authorization')).toBeNull();\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBe('client123');\n expect(body.get('client_secret')).toBe('secret123');\n });\n\n it('it picks client_secret_basic when all builtin methods are supported', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n metadata: metadataWithAllBuiltinMethods,\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n redirectUri: 'http://localhost:3000/callback',\n codeVerifier: 'verifier123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check Authorization header - should use Basic auth as it's the most secure\n const authHeader = request.headers.get('Authorization');\n const expected = 'Basic ' + btoa('client123:secret123');\n expect(authHeader).toBe(expected);\n\n // Credentials should not be in body when using Basic auth\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n });\n\n it('uses public client authentication when none method is specified', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const clientInfoWithoutSecret = {\n client_id: 'client123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n metadata: metadataWithNoneOnly,\n clientInformation: clientInfoWithoutSecret,\n authorizationCode: 'code123',\n redirectUri: 'http://localhost:3000/callback',\n codeVerifier: 'verifier123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check no Authorization header\n expect(request.headers.get('Authorization')).toBeNull();\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBe('client123');\n expect(body.get('client_secret')).toBeNull();\n });\n\n it('defaults to client_secret_basic when no auth methods specified (RFC 8414 §2)', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n redirectUri: 'http://localhost:3000/callback',\n codeVerifier: 'verifier123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // RFC 8414 §2: when token_endpoint_auth_methods_supported is omitted,\n // the default is client_secret_basic (HTTP Basic auth, not body params)\n const authHeader = request.headers.get('Authorization');\n const expected = 'Basic ' + btoa('client123:secret123');\n expect(authHeader).toBe(expected);\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBeNull();\n expect(body.get('client_secret')).toBeNull();\n });\n });\n\n describe('refreshAuthorization with multiple client authentication methods', () => {\n const validTokens = {\n access_token: 'newaccess123',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'newrefresh123'\n };\n\n const validClientInfo = {\n client_id: 'client123',\n client_secret: 'secret123',\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client'\n };\n\n const metadataWithBasicOnly = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/auth',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n token_endpoint_auth_methods_supported: ['client_secret_basic']\n };\n\n const metadataWithPostOnly = {\n ...metadataWithBasicOnly,\n token_endpoint_auth_methods_supported: ['client_secret_post']\n };\n\n it('uses client_secret_basic for refresh token', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await refreshAuthorization('https://auth.example.com', {\n metadata: metadataWithBasicOnly,\n clientInformation: validClientInfo,\n refreshToken: 'refresh123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check Authorization header\n const authHeader = request.headers.get('Authorization');\n const expected = 'Basic ' + btoa('client123:secret123');\n expect(authHeader).toBe(expected);\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBeNull(); // should not be in body\n expect(body.get('client_secret')).toBeNull(); // should not be in body\n expect(body.get('refresh_token')).toBe('refresh123');\n });\n\n it('uses client_secret_post for refresh token', async () => {\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => validTokens\n });\n\n const tokens = await refreshAuthorization('https://auth.example.com', {\n metadata: metadataWithPostOnly,\n clientInformation: validClientInfo,\n refreshToken: 'refresh123'\n });\n\n expect(tokens).toEqual(validTokens);\n const request = mockFetch.mock.calls[0]![1];\n\n // Check no Authorization header\n expect(request.headers.get('Authorization')).toBeNull();\n\n const body = request.body as URLSearchParams;\n expect(body.get('client_id')).toBe('client123');\n expect(body.get('client_secret')).toBe('secret123');\n expect(body.get('refresh_token')).toBe('refresh123');\n });\n });\n\n describe('RequestInit headers passthrough', () => {\n it('custom headers from RequestInit are passed to auth discovery requests', async () => {\n const { createFetchWithInit } = await import('@modelcontextprotocol/core');\n\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n })\n });\n\n // Create a wrapped fetch with custom headers\n const wrappedFetch = createFetchWithInit(customFetch, {\n headers: {\n 'user-agent': 'MyApp/1.0',\n 'x-custom-header': 'test-value'\n }\n });\n\n await discoverOAuthProtectedResourceMetadata('https://resource.example.com', undefined, wrappedFetch);\n\n expect(customFetch).toHaveBeenCalledTimes(1);\n const [url, options] = customFetch.mock.calls[0]!;\n\n expect(url.toString()).toBe('https://resource.example.com/.well-known/oauth-protected-resource');\n expect(options.headers).toMatchObject({\n 'user-agent': 'MyApp/1.0',\n 'x-custom-header': 'test-value',\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('auth-specific headers override base headers from RequestInit', async () => {\n const { createFetchWithInit } = await import('@modelcontextprotocol/core');\n\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n });\n\n // Create a wrapped fetch with a custom Accept header\n const wrappedFetch = createFetchWithInit(customFetch, {\n headers: {\n Accept: 'text/plain',\n 'user-agent': 'MyApp/1.0'\n }\n });\n\n await discoverAuthorizationServerMetadata('https://auth.example.com', {\n fetchFn: wrappedFetch\n });\n\n expect(customFetch).toHaveBeenCalled();\n const [, options] = customFetch.mock.calls[0]!;\n\n // Auth-specific Accept header should override base Accept header\n expect(options.headers).toMatchObject({\n Accept: 'application/json', // Auth-specific value wins\n 'user-agent': 'MyApp/1.0', // Base value preserved\n 'MCP-Protocol-Version': LATEST_PROTOCOL_VERSION\n });\n });\n\n it('other RequestInit options are passed through', async () => {\n const { createFetchWithInit } = await import('@modelcontextprotocol/core');\n\n const customFetch = vi.fn().mockResolvedValue({\n ok: true,\n status: 200,\n json: async () => ({\n resource: 'https://resource.example.com',\n authorization_servers: ['https://auth.example.com']\n })\n });\n\n // Create a wrapped fetch with various RequestInit options\n const wrappedFetch = createFetchWithInit(customFetch, {\n credentials: 'include',\n mode: 'cors',\n cache: 'no-cache',\n headers: {\n 'user-agent': 'MyApp/1.0'\n }\n });\n\n await discoverOAuthProtectedResourceMetadata('https://resource.example.com', undefined, wrappedFetch);\n\n expect(customFetch).toHaveBeenCalledTimes(1);\n const [, options] = customFetch.mock.calls[0]!;\n\n // All RequestInit options should be preserved\n expect(options.credentials).toBe('include');\n expect(options.mode).toBe('cors');\n expect(options.cache).toBe('no-cache');\n expect(options.headers).toMatchObject({\n 'user-agent': 'MyApp/1.0'\n });\n });\n });\n\n describe('isHttpsUrl', () => {\n it('returns true for valid HTTPS URL with path', () => {\n expect(isHttpsUrl('https://example.com/client-metadata.json')).toBe(true);\n });\n\n it('returns true for HTTPS URL with query params', () => {\n expect(isHttpsUrl('https://example.com/metadata?version=1')).toBe(true);\n });\n\n it('returns false for HTTPS URL without path', () => {\n expect(isHttpsUrl('https://example.com')).toBe(false);\n expect(isHttpsUrl('https://example.com/')).toBe(false);\n });\n\n it('returns false for HTTP URL', () => {\n expect(isHttpsUrl('http://example.com/metadata')).toBe(false);\n });\n\n it('returns false for non-URL strings', () => {\n expect(isHttpsUrl('not a url')).toBe(false);\n });\n\n it('returns false for undefined', () => {\n expect(isHttpsUrl(undefined)).toBe(false);\n });\n\n it('returns false for empty string', () => {\n expect(isHttpsUrl('')).toBe(false);\n });\n\n it('returns false for javascript: scheme', () => {\n expect(isHttpsUrl('javascript:alert(1)')).toBe(false);\n });\n\n it('returns false for data: scheme', () => {\n expect(isHttpsUrl('data:text/html,')).toBe(false);\n });\n });\n\n describe('SEP-991: URL-based Client ID fallback logic', () => {\n const validClientMetadata = {\n redirect_uris: ['http://localhost:3000/callback'],\n client_name: 'Test Client',\n client_uri: 'https://example.com/client-metadata.json'\n };\n\n const mockProvider: OAuthClientProvider = {\n get redirectUrl() {\n return 'http://localhost:3000/callback';\n },\n clientMetadataUrl: 'https://example.com/client-metadata.json',\n get clientMetadata() {\n return validClientMetadata;\n },\n clientInformation: vi.fn().mockResolvedValue(undefined),\n saveClientInformation: vi.fn().mockResolvedValue(undefined),\n tokens: vi.fn().mockResolvedValue(undefined),\n saveTokens: vi.fn().mockResolvedValue(undefined),\n redirectToAuthorization: vi.fn().mockResolvedValue(undefined),\n saveCodeVerifier: vi.fn().mockResolvedValue(undefined),\n codeVerifier: vi.fn().mockResolvedValue('verifier123')\n };\n\n beforeEach(() => {\n vi.clearAllMocks();\n });\n\n it('uses URL-based client ID when server supports it', async () => {\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery to return support for URL-based client IDs\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n client_id_metadata_document_supported: true // SEP-991 support\n })\n });\n\n await auth(mockProvider, {\n serverUrl: 'https://server.example.com'\n });\n\n // Should save URL-based client info\n expect(mockProvider.saveClientInformation).toHaveBeenCalledWith({\n client_id: 'https://example.com/client-metadata.json'\n });\n });\n\n it('falls back to DCR when server does not support URL-based client IDs', async () => {\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery without SEP-991 support\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n registration_endpoint: 'https://server.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n // No client_id_metadata_document_supported\n })\n });\n\n // Mock DCR response\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 201,\n json: async () => ({\n client_id: 'generated-uuid',\n client_secret: 'generated-secret',\n redirect_uris: ['http://localhost:3000/callback']\n })\n });\n\n await auth(mockProvider, {\n serverUrl: 'https://server.example.com'\n });\n\n // Should save DCR client info\n expect(mockProvider.saveClientInformation).toHaveBeenCalledWith({\n client_id: 'generated-uuid',\n client_secret: 'generated-secret',\n redirect_uris: ['http://localhost:3000/callback']\n });\n });\n\n it('throws an error when clientMetadataUrl is not an HTTPS URL', async () => {\n const providerWithInvalidUri = {\n ...mockProvider,\n clientMetadataUrl: 'http://example.com/metadata'\n };\n\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery with SEP-991 support\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n registration_endpoint: 'https://server.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n client_id_metadata_document_supported: true\n })\n });\n\n await expect(\n auth(providerWithInvalidUri, {\n serverUrl: 'https://server.example.com'\n })\n ).rejects.toMatchObject({ code: OAuthErrorCode.InvalidClientMetadata });\n });\n\n it('throws an error when clientMetadataUrl has root pathname', async () => {\n const providerWithRootPathname = {\n ...mockProvider,\n clientMetadataUrl: 'https://example.com/'\n };\n\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery with SEP-991 support\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n registration_endpoint: 'https://server.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n client_id_metadata_document_supported: true\n })\n });\n\n await expect(\n auth(providerWithRootPathname, {\n serverUrl: 'https://server.example.com'\n })\n ).rejects.toMatchObject({ code: OAuthErrorCode.InvalidClientMetadata });\n });\n\n it('throws an error when clientMetadataUrl is not a valid URL', async () => {\n const providerWithInvalidUrl = {\n ...mockProvider,\n clientMetadataUrl: 'not-a-valid-url'\n };\n\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery with SEP-991 support\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n registration_endpoint: 'https://server.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n client_id_metadata_document_supported: true\n })\n });\n\n await expect(\n auth(providerWithInvalidUrl, {\n serverUrl: 'https://server.example.com'\n })\n ).rejects.toMatchObject({ code: OAuthErrorCode.InvalidClientMetadata });\n });\n\n it('falls back to DCR when client_uri is missing', async () => {\n const providerWithoutUri = {\n ...mockProvider,\n clientMetadataUrl: undefined\n };\n\n // Mock protected resource metadata discovery (404 to skip)\n mockFetch.mockResolvedValueOnce({\n ok: false,\n status: 404,\n json: async () => ({})\n });\n\n // Mock authorization server metadata discovery with SEP-991 support\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'https://server.example.com',\n authorization_endpoint: 'https://server.example.com/authorize',\n token_endpoint: 'https://server.example.com/token',\n registration_endpoint: 'https://server.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256'],\n client_id_metadata_document_supported: true\n })\n });\n\n // Mock DCR response\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 201,\n json: async () => ({\n client_id: 'generated-uuid',\n client_secret: 'generated-secret',\n redirect_uris: ['http://localhost:3000/callback']\n })\n });\n\n await auth(providerWithoutUri, {\n serverUrl: 'https://server.example.com'\n });\n\n // Should fall back to DCR\n expect(mockProvider.saveClientInformation).toHaveBeenCalledWith({\n client_id: 'generated-uuid',\n client_secret: 'generated-secret',\n redirect_uris: ['http://localhost:3000/callback']\n });\n });\n });\n});\n" }, { "path": "packages/client/test/client/authExtensions.test.ts", "content": "import { createMockOAuthFetch } from '@modelcontextprotocol/test-helpers';\nimport { describe, expect, it, vi } from 'vitest';\n\nimport { auth } from '../../src/client/auth.js';\nimport {\n ClientCredentialsProvider,\n createPrivateKeyJwtAuth,\n CrossAppAccessProvider,\n PrivateKeyJwtProvider,\n StaticPrivateKeyJwtProvider\n} from '../../src/client/authExtensions.js';\n\nconst RESOURCE_SERVER_URL = 'https://resource.example.com/';\nconst AUTH_SERVER_URL = 'https://auth.example.com';\n\ndescribe('auth-extensions providers (end-to-end with auth())', () => {\n it('authenticates using ClientCredentialsProvider with client_secret_basic', async () => {\n const provider = new ClientCredentialsProvider({\n clientId: 'my-client',\n clientSecret: 'my-secret',\n clientName: 'test-client'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params).toBeInstanceOf(URLSearchParams);\n expect(params.get('grant_type')).toBe('client_credentials');\n expect(params.get('resource')).toBe(RESOURCE_SERVER_URL);\n expect(params.get('client_assertion')).toBeNull();\n\n const headers = new Headers(init?.headers);\n const authHeader = headers.get('Authorization');\n expect(authHeader).toBeTruthy();\n\n const expectedCredentials = Buffer.from('my-client:my-secret').toString('base64');\n expect(authHeader).toBe(`Basic ${expectedCredentials}`);\n }\n });\n\n const result = await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n });\n\n expect(result).toBe('AUTHORIZED');\n const tokens = provider.tokens();\n expect(tokens).toBeTruthy();\n expect(tokens?.access_token).toBe('test-access-token');\n });\n\n it('authenticates using PrivateKeyJwtProvider with private_key_jwt', async () => {\n const provider = new PrivateKeyJwtProvider({\n clientId: 'client-id',\n privateKey: 'a-string-secret-at-least-256-bits-long',\n algorithm: 'HS256',\n clientName: 'private-key-jwt-client'\n });\n\n let assertionFromRequest: string | null = null;\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params).toBeInstanceOf(URLSearchParams);\n expect(params.get('grant_type')).toBe('client_credentials');\n expect(params.get('resource')).toBe(RESOURCE_SERVER_URL);\n\n assertionFromRequest = params.get('client_assertion');\n expect(assertionFromRequest).toBeTruthy();\n expect(params.get('client_assertion_type')).toBe('urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n\n const parts = assertionFromRequest!.split('.');\n expect(parts).toHaveLength(3);\n\n const headers = new Headers(init?.headers);\n expect(headers.get('Authorization')).toBeNull();\n }\n });\n\n const result = await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n });\n\n expect(result).toBe('AUTHORIZED');\n const tokens = provider.tokens();\n expect(tokens).toBeTruthy();\n expect(tokens?.access_token).toBe('test-access-token');\n expect(assertionFromRequest).toBeTruthy();\n });\n\n it('fails when PrivateKeyJwtProvider is configured with an unsupported algorithm', async () => {\n const provider = new PrivateKeyJwtProvider({\n clientId: 'client-id',\n privateKey: 'a-string-secret-at-least-256-bits-long',\n algorithm: 'none',\n clientName: 'private-key-jwt-client'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL\n });\n\n await expect(\n auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n })\n ).rejects.toThrow('Unsupported algorithm none');\n });\n\n it('authenticates using StaticPrivateKeyJwtProvider with static client assertion', async () => {\n const staticAssertion = 'header.payload.signature';\n\n const provider = new StaticPrivateKeyJwtProvider({\n clientId: 'static-client',\n jwtBearerAssertion: staticAssertion,\n clientName: 'static-private-key-jwt-client'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params).toBeInstanceOf(URLSearchParams);\n expect(params.get('grant_type')).toBe('client_credentials');\n expect(params.get('resource')).toBe(RESOURCE_SERVER_URL);\n\n expect(params.get('client_assertion')).toBe(staticAssertion);\n expect(params.get('client_assertion_type')).toBe('urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n\n const headers = new Headers(init?.headers);\n expect(headers.get('Authorization')).toBeNull();\n }\n });\n\n const result = await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n });\n\n expect(result).toBe('AUTHORIZED');\n const tokens = provider.tokens();\n expect(tokens).toBeTruthy();\n expect(tokens?.access_token).toBe('test-access-token');\n });\n});\n\ndescribe('createPrivateKeyJwtAuth', () => {\n const baseOptions = {\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: 'a-string-secret-at-least-256-bits-long',\n alg: 'HS256'\n };\n\n it('creates an addClientAuthentication function that sets JWT assertion params', async () => {\n const addClientAuth = createPrivateKeyJwtAuth(baseOptions);\n\n const headers = new Headers();\n const params = new URLSearchParams();\n\n await addClientAuth(headers, params, 'https://auth.example.com/token', undefined);\n\n expect(params.get('client_assertion')).toBeTruthy();\n expect(params.get('client_assertion_type')).toBe('urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n\n // Verify JWT structure (three dot-separated segments)\n const assertion = params.get('client_assertion')!;\n const parts = assertion.split('.');\n expect(parts).toHaveLength(3);\n });\n\n it('throws when globalThis.crypto is not available', async () => {\n // Temporarily remove globalThis.crypto to simulate older Node.js runtimes\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const globalAny = globalThis as any;\n const originalCrypto = globalAny.crypto;\n // Use delete so that typeof globalThis.crypto === 'undefined'\n // eslint-disable-next-line @typescript-eslint/no-dynamic-delete\n delete globalAny.crypto;\n\n try {\n const addClientAuth = createPrivateKeyJwtAuth(baseOptions);\n const params = new URLSearchParams();\n\n await expect(addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined)).rejects.toThrow(\n 'crypto is not available, please ensure you have Web Crypto API support for older Node.js versions'\n );\n } finally {\n // Restore original crypto to avoid affecting other tests\n globalAny.crypto = originalCrypto;\n }\n });\n\n it('creates a signed JWT when using a Uint8Array HMAC key', async () => {\n const secret = new TextEncoder().encode('a-string-secret-at-least-256-bits-long');\n\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: secret,\n alg: 'HS256'\n });\n\n const params = new URLSearchParams();\n await addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined);\n\n const assertion = params.get('client_assertion')!;\n const parts = assertion.split('.');\n expect(parts).toHaveLength(3);\n });\n\n it('creates a signed JWT when using a symmetric JWK key', async () => {\n const jwk: Record = {\n kty: 'oct',\n // \"a-string-secret-at-least-256-bits-long\" base64url-encoded\n k: 'YS1zdHJpbmctc2VjcmV0LWF0LWxlYXN0LTI1Ni1iaXRzLWxvbmc',\n alg: 'HS256'\n };\n\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: jwk,\n alg: 'HS256'\n });\n\n const params = new URLSearchParams();\n await addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined);\n\n const assertion = params.get('client_assertion')!;\n const parts = assertion.split('.');\n expect(parts).toHaveLength(3);\n });\n\n it('creates a signed JWT when using an RSA PEM private key', async () => {\n // Generate an RSA key pair on the fly\n const jose = await import('jose');\n const { privateKey } = await jose.generateKeyPair('RS256', { extractable: true });\n const pem = await jose.exportPKCS8(privateKey);\n\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: pem,\n alg: 'RS256'\n });\n\n const params = new URLSearchParams();\n await addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined);\n\n const assertion = params.get('client_assertion')!;\n const parts = assertion.split('.');\n expect(parts).toHaveLength(3);\n });\n\n it('uses metadata.issuer as audience when available', async () => {\n const addClientAuth = createPrivateKeyJwtAuth(baseOptions);\n\n const params = new URLSearchParams();\n await addClientAuth(new Headers(), params, 'https://auth.example.com/token', {\n issuer: 'https://issuer.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n response_types_supported: ['code']\n });\n\n const assertion = params.get('client_assertion')!;\n // Decode the payload to verify audience\n const [, payloadB64] = assertion.split('.');\n const payload = JSON.parse(Buffer.from(payloadB64!, 'base64url').toString());\n expect(payload.aud).toBe('https://issuer.example.com');\n });\n\n it('throws when using an unsupported algorithm', async () => {\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: 'a-string-secret-at-least-256-bits-long',\n alg: 'none'\n });\n\n const params = new URLSearchParams();\n await expect(addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined)).rejects.toThrow(\n 'Unsupported algorithm none'\n );\n });\n\n it('throws when jose cannot import an invalid RSA PEM key', async () => {\n const badPem = '-----BEGIN PRIVATE KEY-----\\nnot-a-valid-key\\n-----END PRIVATE KEY-----';\n\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: badPem,\n alg: 'RS256'\n });\n\n const params = new URLSearchParams();\n await expect(addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined)).rejects.toThrow(\n /cannot be part of a valid base64|Invalid character/\n );\n });\n\n it('throws when jose cannot import a mismatched JWK key', async () => {\n const jwk: Record = {\n kty: 'oct',\n k: 'c2VjcmV0LWtleQ', // \"secret-key\" base64url\n alg: 'HS256'\n };\n\n const addClientAuth = createPrivateKeyJwtAuth({\n issuer: 'client-id',\n subject: 'client-id',\n privateKey: jwk,\n // Ask for an RSA algorithm with an octet key, which should cause jose.importJWK to fail\n alg: 'RS256'\n });\n\n const params = new URLSearchParams();\n await expect(addClientAuth(new Headers(), params, 'https://auth.example.com/token', undefined)).rejects.toThrow(\n /Key for the RS256 algorithm must be one of type CryptoKey, KeyObject, or JSON Web Key/\n );\n });\n});\n\ndescribe('CrossAppAccessProvider', () => {\n const RESOURCE_SERVER_URL = 'https://mcp.chat.example/';\n const AUTH_SERVER_URL = 'https://auth.chat.example';\n const IDP_URL = 'https://idp.example.com';\n\n it('successfully authenticates using Cross-App Access flow', async () => {\n let assertionCallbackInvoked = false;\n let jwtGrantUsed = '';\n\n const provider = new CrossAppAccessProvider({\n assertion: async ctx => {\n assertionCallbackInvoked = true;\n expect(ctx.authorizationServerUrl).toBe(AUTH_SERVER_URL);\n expect(ctx.resourceUrl).toBe(RESOURCE_SERVER_URL);\n expect(ctx.scope).toBeUndefined();\n expect(ctx.fetchFn).toBeDefined();\n return 'jwt-authorization-grant-token';\n },\n clientId: 'my-mcp-client',\n clientSecret: 'my-mcp-secret',\n clientName: 'xaa-test-client'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params).toBeInstanceOf(URLSearchParams);\n expect(params.get('grant_type')).toBe('urn:ietf:params:oauth:grant-type:jwt-bearer');\n\n jwtGrantUsed = params.get('assertion') || '';\n expect(jwtGrantUsed).toBe('jwt-authorization-grant-token');\n\n // Verify client authentication\n const headers = new Headers(init?.headers);\n const authHeader = headers.get('Authorization');\n expect(authHeader).toBeTruthy();\n\n const expectedCredentials = Buffer.from('my-mcp-client:my-mcp-secret').toString('base64');\n expect(authHeader).toBe(`Basic ${expectedCredentials}`);\n }\n });\n\n const result = await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n });\n\n expect(result).toBe('AUTHORIZED');\n expect(assertionCallbackInvoked).toBe(true);\n expect(jwtGrantUsed).toBe('jwt-authorization-grant-token');\n\n const tokens = provider.tokens();\n expect(tokens).toBeTruthy();\n expect(tokens?.access_token).toBe('test-access-token');\n });\n\n it('passes scope to assertion callback', async () => {\n let capturedScope: string | undefined;\n\n const provider = new CrossAppAccessProvider({\n assertion: async ctx => {\n capturedScope = ctx.scope;\n return 'jwt-grant';\n },\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL\n });\n\n await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n scope: 'chat.read chat.history',\n fetchFn: fetchMock\n });\n\n expect(capturedScope).toBe('chat.read chat.history');\n });\n\n it('passes custom fetchFn to assertion callback', async () => {\n let capturedFetchFn: unknown;\n\n const customFetch = vi.fn(fetch);\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL\n });\n\n // Wrap the mock to track calls\n const wrappedFetch = vi.fn((...args: Parameters) => fetchMock(...args));\n\n const provider = new CrossAppAccessProvider({\n assertion: async ctx => {\n capturedFetchFn = ctx.fetchFn;\n return 'jwt-grant';\n },\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: customFetch\n });\n\n await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: wrappedFetch\n });\n\n // The assertion callback should receive the custom fetch function\n expect(capturedFetchFn).toBe(customFetch);\n });\n\n it('throws error when authorization server URL is not available', async () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n // Try to call prepareTokenRequest without going through auth()\n await expect(provider.prepareTokenRequest()).rejects.toThrow(\n 'Authorization server URL not available. Ensure auth() has been called first.'\n );\n });\n\n it('throws error when resource URL is not available', async () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n // Manually set authorization server URL but not resource URL\n provider.saveAuthorizationServerUrl?.(AUTH_SERVER_URL);\n\n await expect(provider.prepareTokenRequest()).rejects.toThrow(\n 'Resource URL not available — server may not implement RFC 9728 Protected Resource Metadata'\n );\n });\n\n it('stores and retrieves authorization server URL', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(provider.authorizationServerUrl?.()).toBeUndefined();\n\n provider.saveAuthorizationServerUrl?.(AUTH_SERVER_URL);\n expect(provider.authorizationServerUrl?.()).toBe(AUTH_SERVER_URL);\n });\n\n it('stores and retrieves resource URL', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(provider.resourceUrl?.()).toBeUndefined();\n\n provider.saveResourceUrl?.(RESOURCE_SERVER_URL);\n expect(provider.resourceUrl?.()).toBe(RESOURCE_SERVER_URL);\n });\n\n it('has correct client metadata', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret',\n clientName: 'custom-xaa-client'\n });\n\n const metadata = provider.clientMetadata;\n expect(metadata.client_name).toBe('custom-xaa-client');\n expect(metadata.redirect_uris).toEqual([]);\n expect(metadata.grant_types).toEqual(['urn:ietf:params:oauth:grant-type:jwt-bearer']);\n expect(metadata.token_endpoint_auth_method).toBe('client_secret_basic');\n });\n\n it('uses default client name when not provided', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(provider.clientMetadata.client_name).toBe('cross-app-access-client');\n });\n\n it('returns undefined for redirectUrl (non-interactive flow)', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(provider.redirectUrl).toBeUndefined();\n });\n\n it('throws error for redirectToAuthorization (not used in jwt-bearer)', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(() => provider.redirectToAuthorization()).toThrow('redirectToAuthorization is not used for jwt-bearer flow');\n });\n\n it('throws error for codeVerifier (not used in jwt-bearer)', () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n expect(() => provider.codeVerifier()).toThrow('codeVerifier is not used for jwt-bearer flow');\n });\n\n it('handles assertion callback errors gracefully', async () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => {\n throw new Error('Failed to get ID token from IdP');\n },\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL\n });\n\n await expect(\n auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n })\n ).rejects.toThrow('Failed to get ID token from IdP');\n });\n\n it('allows assertion callback to return a promise', async () => {\n const provider = new CrossAppAccessProvider({\n assertion: ctx => {\n return new Promise(resolve => {\n setTimeout(() => resolve('async-jwt-grant'), 10);\n });\n },\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params.get('assertion')).toBe('async-jwt-grant');\n }\n });\n\n const result = await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n fetchFn: fetchMock\n });\n\n expect(result).toBe('AUTHORIZED');\n });\n\n it('includes scope in token request params when provided', async () => {\n const provider = new CrossAppAccessProvider({\n assertion: async () => 'jwt-grant',\n clientId: 'client',\n clientSecret: 'secret'\n });\n\n const fetchMock = createMockOAuthFetch({\n resourceServerUrl: RESOURCE_SERVER_URL,\n authServerUrl: AUTH_SERVER_URL,\n onTokenRequest: async (_url, init) => {\n const params = init?.body as URLSearchParams;\n expect(params.get('scope')).toBe('chat.read chat.write');\n }\n });\n\n await auth(provider, {\n serverUrl: RESOURCE_SERVER_URL,\n scope: 'chat.read chat.write',\n fetchFn: fetchMock\n });\n });\n});\n" }, { "path": "packages/client/test/client/crossAppAccess.test.ts", "content": "import type { FetchLike } from '@modelcontextprotocol/core';\nimport { describe, expect, it, vi } from 'vitest';\n\nimport { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from '../../src/client/crossAppAccess.js';\n\ndescribe('crossAppAccess', () => {\n describe('requestJwtAuthorizationGrant', () => {\n it('successfully exchanges ID token for JWT Authorization Grant', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n access_token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',\n token_type: 'N_A',\n expires_in: 300,\n scope: 'chat.read chat.history'\n })\n } as Response);\n\n const result = await requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',\n clientId: 'my-idp-client',\n clientSecret: 'my-idp-secret',\n scope: 'chat.read chat.history',\n fetchFn: mockFetch\n });\n\n expect(result.jwtAuthGrant).toBe('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');\n expect(result.expiresIn).toBe(300);\n expect(result.scope).toBe('chat.read chat.history');\n\n expect(mockFetch).toHaveBeenCalledOnce();\n const [url, init] = mockFetch.mock.calls[0]!;\n expect(url).toBe('https://idp.example.com/token');\n expect(init?.method).toBe('POST');\n expect(init?.headers).toEqual({\n 'Content-Type': 'application/x-www-form-urlencoded'\n });\n\n const body = new URLSearchParams(init?.body as string);\n expect(body.get('grant_type')).toBe('urn:ietf:params:oauth:grant-type:token-exchange');\n expect(body.get('requested_token_type')).toBe('urn:ietf:params:oauth:token-type:id-jag');\n expect(body.get('audience')).toBe('https://auth.chat.example/');\n expect(body.get('resource')).toBe('https://mcp.chat.example/');\n expect(body.get('subject_token')).toBe('eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...');\n expect(body.get('subject_token_type')).toBe('urn:ietf:params:oauth:token-type:id_token');\n expect(body.get('client_id')).toBe('my-idp-client');\n expect(body.get('client_secret')).toBe('my-idp-secret');\n expect(body.get('scope')).toBe('chat.read chat.history');\n });\n\n it('works without optional scope parameter', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n access_token: 'jag-token',\n token_type: 'N_A'\n })\n } as Response);\n\n const result = await requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n });\n\n expect(result.jwtAuthGrant).toBe('jag-token');\n\n const body = new URLSearchParams(mockFetch.mock.calls[0]![1]?.body as string);\n expect(body.get('scope')).toBeNull();\n });\n\n it('omits client_secret from body when not provided (public client)', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n access_token: 'jag-token',\n token_type: 'N_A'\n })\n } as Response);\n\n await requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'public-client',\n fetchFn: mockFetch\n });\n\n const body = new URLSearchParams(mockFetch.mock.calls[0]![1]?.body as string);\n expect(body.get('client_id')).toBe('public-client');\n // Must be absent — not empty string, not the literal \"undefined\"\n expect(body.has('client_secret')).toBe(false);\n });\n\n it('throws error when issued_token_type is incorrect', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n access_token: 'token',\n token_type: 'N_A'\n })\n } as Response);\n\n await expect(\n requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('Invalid token exchange response');\n });\n\n it('accepts token_type other than N_A (issued_token_type is the real check)', async () => {\n // RFC 6749 §5.1: token_type is case-insensitive; RFC 8693 §2.2.1: informational\n // when the issued token isn't an access token. Real IdPs return 'n_a', 'Bearer', etc.\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n access_token: 'jag-token',\n token_type: 'n_a'\n })\n } as Response);\n\n const result = await requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n });\n\n expect(result.jwtAuthGrant).toBe('jag-token');\n });\n\n it('throws error when access_token is missing', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n token_type: 'N_A'\n })\n } as Response);\n\n await expect(\n requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('Invalid token exchange response');\n });\n\n it('handles OAuth error responses', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: false,\n status: 400,\n json: async () => ({\n error: 'invalid_grant',\n error_description: 'Audience validation failed'\n })\n } as Response);\n\n await expect(\n requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('Token exchange failed: invalid_grant - Audience validation failed');\n });\n\n it('handles non-OAuth error responses', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: false,\n status: 500,\n json: async () => ({ message: 'Internal server error' })\n } as Response);\n\n await expect(\n requestJwtAuthorizationGrant({\n tokenEndpoint: 'https://idp.example.com/token',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('Token exchange failed with status 500');\n });\n });\n\n describe('discoverAndRequestJwtAuthGrant', () => {\n it('discovers token endpoint and performs token exchange', async () => {\n const mockFetch = vi.fn();\n\n // Mock discovery response\n mockFetch.mockResolvedValueOnce({\n ok: true,\n json: async () => ({\n issuer: 'https://idp.example.com',\n authorization_endpoint: 'https://idp.example.com/authorize',\n token_endpoint: 'https://idp.example.com/token',\n jwks_uri: 'https://idp.example.com/jwks',\n response_types_supported: ['code'],\n grant_types_supported: ['urn:ietf:params:oauth:grant-type:token-exchange']\n })\n } as Response);\n\n // Mock token exchange response\n mockFetch.mockResolvedValueOnce({\n ok: true,\n json: async () => ({\n issued_token_type: 'urn:ietf:params:oauth:token-type:id-jag',\n access_token: 'jag-token',\n token_type: 'N_A',\n expires_in: 300\n })\n } as Response);\n\n const result = await discoverAndRequestJwtAuthGrant({\n idpUrl: 'https://idp.example.com',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n });\n\n expect(result.jwtAuthGrant).toBe('jag-token');\n expect(result.expiresIn).toBe(300);\n\n expect(mockFetch).toHaveBeenCalledTimes(2);\n // First call is discovery\n expect(String(mockFetch.mock.calls[0]![0])).toContain('.well-known/oauth-authorization-server');\n // Second call is token exchange\n expect(String(mockFetch.mock.calls[1]![0])).toBe('https://idp.example.com/token');\n });\n\n it('throws error when token endpoint is not discovered', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n issuer: 'https://idp.example.com',\n authorization_endpoint: 'https://idp.example.com/authorize'\n // Missing token_endpoint and response_types_supported\n })\n } as Response);\n\n await expect(\n discoverAndRequestJwtAuthGrant({\n idpUrl: 'https://idp.example.com',\n audience: 'https://auth.chat.example/',\n resource: 'https://mcp.chat.example/',\n idToken: 'id-token',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow(); // Zod validation error\n });\n });\n\n describe('exchangeJwtAuthGrant', () => {\n it('exchanges JAG for access token using client_secret_basic by default', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n access_token: 'mcp-access-token',\n token_type: 'Bearer',\n expires_in: 3600,\n scope: 'chat.read chat.history'\n })\n } as Response);\n\n const result = await exchangeJwtAuthGrant({\n tokenEndpoint: 'https://auth.chat.example/token',\n jwtAuthGrant: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',\n clientId: 'my-mcp-client',\n clientSecret: 'my-mcp-secret',\n fetchFn: mockFetch\n });\n\n expect(result.access_token).toBe('mcp-access-token');\n expect(result.token_type).toBe('Bearer');\n expect(result.expires_in).toBe(3600);\n expect(result.scope).toBe('chat.read chat.history');\n\n expect(mockFetch).toHaveBeenCalledOnce();\n const [url, init] = mockFetch.mock.calls[0]!;\n expect(url).toBe('https://auth.chat.example/token');\n expect(init?.method).toBe('POST');\n\n // SEP-990 conformance: credentials in Authorization header, NOT in body\n const headers = new Headers(init?.headers as Headers);\n const expectedCredentials = Buffer.from('my-mcp-client:my-mcp-secret').toString('base64');\n expect(headers.get('Authorization')).toBe(`Basic ${expectedCredentials}`);\n\n const body = new URLSearchParams(init?.body as string);\n expect(body.get('grant_type')).toBe('urn:ietf:params:oauth:grant-type:jwt-bearer');\n expect(body.get('assertion')).toBe('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');\n expect(body.has('client_id')).toBe(false);\n expect(body.has('client_secret')).toBe(false);\n });\n\n it('supports client_secret_post when explicitly requested', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n access_token: 'mcp-access-token',\n token_type: 'Bearer'\n })\n } as Response);\n\n await exchangeJwtAuthGrant({\n tokenEndpoint: 'https://auth.chat.example/token',\n jwtAuthGrant: 'jwt',\n clientId: 'my-mcp-client',\n clientSecret: 'my-mcp-secret',\n authMethod: 'client_secret_post',\n fetchFn: mockFetch\n });\n\n const [, init] = mockFetch.mock.calls[0]!;\n const headers = new Headers(init?.headers as Headers);\n expect(headers.get('Authorization')).toBeNull();\n\n const body = new URLSearchParams(init?.body as string);\n expect(body.get('client_id')).toBe('my-mcp-client');\n expect(body.get('client_secret')).toBe('my-mcp-secret');\n });\n\n it('supports authMethod none for public clients', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n access_token: 'mcp-access-token',\n token_type: 'Bearer'\n })\n } as Response);\n\n await exchangeJwtAuthGrant({\n tokenEndpoint: 'https://auth.chat.example/token',\n jwtAuthGrant: 'jwt',\n clientId: 'my-public-client',\n authMethod: 'none',\n fetchFn: mockFetch\n });\n\n const [, init] = mockFetch.mock.calls[0]!;\n const headers = new Headers(init?.headers as Headers);\n expect(headers.get('Authorization')).toBeNull();\n\n const body = new URLSearchParams(init?.body as string);\n expect(body.get('client_id')).toBe('my-public-client');\n expect(body.has('client_secret')).toBe(false);\n });\n\n it('handles OAuth error responses', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: false,\n status: 400,\n json: async () => ({\n error: 'invalid_grant',\n error_description: 'JWT signature verification failed'\n })\n } as Response);\n\n await expect(\n exchangeJwtAuthGrant({\n tokenEndpoint: 'https://auth.chat.example/token',\n jwtAuthGrant: 'invalid-jwt',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('JWT grant exchange failed: invalid_grant - JWT signature verification failed');\n });\n\n it('validates token response with schema', async () => {\n const mockFetch = vi.fn().mockResolvedValue({\n ok: true,\n json: async () => ({\n // Missing required fields\n token_type: 'Bearer'\n })\n } as Response);\n\n await expect(\n exchangeJwtAuthGrant({\n tokenEndpoint: 'https://auth.chat.example/token',\n jwtAuthGrant: 'jwt',\n clientId: 'client',\n clientSecret: 'secret',\n fetchFn: mockFetch\n })\n ).rejects.toThrow('Invalid token response');\n });\n });\n});\n" }, { "path": "packages/client/test/client/crossSpawn.test.ts", "content": "import type { ChildProcess } from 'node:child_process';\n\nimport type { JSONRPCMessage } from '@modelcontextprotocol/core';\nimport spawn from 'cross-spawn';\nimport type { Mock, MockedFunction } from 'vitest';\n\nimport { getDefaultEnvironment, StdioClientTransport } from '../../src/client/stdio.js';\n\n// mock cross-spawn\nvi.mock('cross-spawn');\nconst mockSpawn = spawn as unknown as MockedFunction;\n\ndescribe('StdioClientTransport using cross-spawn', () => {\n beforeEach(() => {\n // mock cross-spawn's return value\n mockSpawn.mockImplementation(() => {\n const mockProcess: {\n on: Mock;\n stdin?: { on: Mock; write: Mock };\n stdout?: { on: Mock };\n stderr?: null;\n } = {\n on: vi.fn((event: string, callback: () => void) => {\n if (event === 'spawn') {\n callback();\n }\n return mockProcess;\n }),\n stdin: {\n on: vi.fn(),\n write: vi.fn().mockReturnValue(true)\n },\n stdout: {\n on: vi.fn()\n },\n stderr: null\n };\n return mockProcess as unknown as ChildProcess;\n });\n });\n\n afterEach(() => {\n vi.clearAllMocks();\n });\n\n test('should call cross-spawn correctly', async () => {\n const transport = new StdioClientTransport({\n command: 'test-command',\n args: ['arg1', 'arg2']\n });\n\n await transport.start();\n\n // verify spawn is called correctly\n expect(mockSpawn).toHaveBeenCalledWith(\n 'test-command',\n ['arg1', 'arg2'],\n expect.objectContaining({\n shell: false\n })\n );\n });\n\n test('should pass environment variables correctly', async () => {\n const customEnv = { TEST_VAR: 'test-value' };\n const transport = new StdioClientTransport({\n command: 'test-command',\n env: customEnv\n });\n\n await transport.start();\n\n // verify environment variables are merged correctly\n expect(mockSpawn).toHaveBeenCalledWith(\n 'test-command',\n [],\n expect.objectContaining({\n env: {\n ...getDefaultEnvironment(),\n ...customEnv\n }\n })\n );\n });\n\n test('should use default environment when env is undefined', async () => {\n const transport = new StdioClientTransport({\n command: 'test-command',\n env: undefined\n });\n\n await transport.start();\n\n // verify default environment is used\n expect(mockSpawn).toHaveBeenCalledWith(\n 'test-command',\n [],\n expect.objectContaining({\n env: getDefaultEnvironment()\n })\n );\n });\n\n test('should send messages correctly', async () => {\n const transport = new StdioClientTransport({\n command: 'test-command'\n });\n\n // get the mock process object\n const mockProcess: {\n on: Mock;\n stdin: {\n on: Mock;\n write: Mock;\n once: Mock;\n };\n stdout: {\n on: Mock;\n };\n stderr: null;\n } = {\n on: vi.fn((event: string, callback: () => void) => {\n if (event === 'spawn') {\n callback();\n }\n return mockProcess;\n }),\n stdin: {\n on: vi.fn(),\n write: vi.fn().mockReturnValue(true),\n once: vi.fn()\n },\n stdout: {\n on: vi.fn()\n },\n stderr: null\n };\n\n mockSpawn.mockReturnValue(mockProcess as unknown as ChildProcess);\n\n await transport.start();\n\n // 关键修复:确保 jsonrpc 是字面量 \"2.0\"\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 'test-id',\n method: 'test-method'\n };\n\n await transport.send(message);\n\n // verify message is sent correctly\n expect(mockProcess.stdin.write).toHaveBeenCalled();\n });\n});\n" }, { "path": "packages/client/test/client/middleware.test.ts", "content": "import type { FetchLike } from '@modelcontextprotocol/core';\nimport type { Mocked, MockedFunction, MockInstance } from 'vitest';\n\nimport type { OAuthClientProvider } from '../../src/client/auth.js';\nimport { applyMiddlewares, createMiddleware, withLogging, withOAuth } from '../../src/client/middleware.js';\n\nvi.mock('../../src/client/auth.js', async () => {\n const actual = await vi.importActual('../../src/client/auth.js');\n return {\n ...actual,\n auth: vi.fn(),\n extractWWWAuthenticateParams: vi.fn()\n };\n});\n\nimport { auth, extractWWWAuthenticateParams } from '../../src/client/auth.js';\n\nconst mockAuth = auth as MockedFunction;\nconst mockExtractWWWAuthenticateParams = extractWWWAuthenticateParams as MockedFunction;\n\ndescribe('withOAuth', () => {\n let mockProvider: Mocked;\n let mockFetch: MockedFunction;\n\n beforeEach(() => {\n vi.clearAllMocks();\n\n mockProvider = {\n get redirectUrl() {\n return 'http://localhost/callback';\n },\n get clientMetadata() {\n return { redirect_uris: ['http://localhost/callback'] };\n },\n tokens: vi.fn(),\n saveTokens: vi.fn(),\n clientInformation: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n invalidateCredentials: vi.fn()\n };\n\n mockFetch = vi.fn();\n });\n\n it('should add Authorization header when tokens are available (with explicit baseUrl)', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('success', { status: 200 }));\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://api.example.com/data',\n expect.objectContaining({\n headers: expect.any(Headers)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Bearer test-token');\n });\n\n it('should add Authorization header when tokens are available (without baseUrl)', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('success', { status: 200 }));\n\n // Test without baseUrl - should extract from request URL\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://api.example.com/data',\n expect.objectContaining({\n headers: expect.any(Headers)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Bearer test-token');\n });\n\n it('should handle requests without tokens (without baseUrl)', async () => {\n mockProvider.tokens.mockResolvedValue(undefined);\n mockFetch.mockResolvedValue(new Response('success', { status: 200 }));\n\n // Test without baseUrl\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n expect(mockFetch).toHaveBeenCalledTimes(1);\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBeNull();\n });\n\n it('should retry request after successful auth on 401 response (with explicit baseUrl)', async () => {\n mockProvider.tokens\n .mockResolvedValueOnce({\n access_token: 'old-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n .mockResolvedValueOnce({\n access_token: 'new-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const unauthorizedResponse = new Response('Unauthorized', {\n status: 401,\n headers: { 'www-authenticate': 'Bearer realm=\"oauth\"' }\n });\n const successResponse = new Response('success', { status: 200 });\n\n mockFetch.mockResolvedValueOnce(unauthorizedResponse).mockResolvedValueOnce(successResponse);\n\n const mockWWWAuthenticateParams = {\n resourceMetadataUrl: new URL('https://oauth.example.com/.well-known/oauth-protected-resource'),\n scope: 'read'\n };\n mockExtractWWWAuthenticateParams.mockReturnValue(mockWWWAuthenticateParams);\n mockAuth.mockResolvedValue('AUTHORIZED');\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n const result = await enhancedFetch('https://api.example.com/data');\n\n expect(result).toBe(successResponse);\n expect(mockFetch).toHaveBeenCalledTimes(2);\n expect(mockAuth).toHaveBeenCalledWith(mockProvider, {\n serverUrl: 'https://api.example.com',\n resourceMetadataUrl: mockWWWAuthenticateParams.resourceMetadataUrl,\n scope: mockWWWAuthenticateParams.scope,\n fetchFn: mockFetch\n });\n\n // Verify the retry used the new token\n const retryCallArgs = mockFetch.mock.calls[1];\n const retryHeaders = retryCallArgs![1]?.headers as Headers;\n expect(retryHeaders.get('Authorization')).toBe('Bearer new-token');\n });\n\n it('should retry request after successful auth on 401 response (without baseUrl)', async () => {\n mockProvider.tokens\n .mockResolvedValueOnce({\n access_token: 'old-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n .mockResolvedValueOnce({\n access_token: 'new-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const unauthorizedResponse = new Response('Unauthorized', {\n status: 401,\n headers: { 'www-authenticate': 'Bearer realm=\"oauth\"' }\n });\n const successResponse = new Response('success', { status: 200 });\n\n mockFetch.mockResolvedValueOnce(unauthorizedResponse).mockResolvedValueOnce(successResponse);\n\n const mockWWWAuthenticateParams = {\n resourceMetadataUrl: new URL('https://oauth.example.com/.well-known/oauth-protected-resource'),\n scope: 'read'\n };\n mockExtractWWWAuthenticateParams.mockReturnValue(mockWWWAuthenticateParams);\n mockAuth.mockResolvedValue('AUTHORIZED');\n\n // Test without baseUrl - should extract from request URL\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n const result = await enhancedFetch('https://api.example.com/data');\n\n expect(result).toBe(successResponse);\n expect(mockFetch).toHaveBeenCalledTimes(2);\n expect(mockAuth).toHaveBeenCalledWith(mockProvider, {\n serverUrl: 'https://api.example.com', // Should be extracted from request URL\n resourceMetadataUrl: mockWWWAuthenticateParams.resourceMetadataUrl,\n scope: mockWWWAuthenticateParams.scope,\n fetchFn: mockFetch\n });\n\n // Verify the retry used the new token\n const retryCallArgs = mockFetch.mock.calls[1];\n const retryHeaders = retryCallArgs![1]?.headers as Headers;\n expect(retryHeaders.get('Authorization')).toBe('Bearer new-token');\n });\n\n it('should throw UnauthorizedError when auth returns REDIRECT (without baseUrl)', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('Unauthorized', { status: 401 }));\n mockExtractWWWAuthenticateParams.mockReturnValue({});\n mockAuth.mockResolvedValue('REDIRECT');\n\n // Test without baseUrl\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n await expect(enhancedFetch('https://api.example.com/data')).rejects.toThrow(\n 'Authentication requires user authorization - redirect initiated'\n );\n });\n\n it('should throw UnauthorizedError when auth fails', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('Unauthorized', { status: 401 }));\n mockExtractWWWAuthenticateParams.mockReturnValue({});\n mockAuth.mockRejectedValue(new Error('Network error'));\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n await expect(enhancedFetch('https://api.example.com/data')).rejects.toThrow('Failed to re-authenticate: Network error');\n });\n\n it('should handle persistent 401 responses after auth', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n // Always return 401\n mockFetch.mockResolvedValue(new Response('Unauthorized', { status: 401 }));\n mockExtractWWWAuthenticateParams.mockReturnValue({});\n mockAuth.mockResolvedValue('AUTHORIZED');\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n await expect(enhancedFetch('https://api.example.com/data')).rejects.toThrow(\n 'Authentication failed for https://api.example.com/data'\n );\n\n // Should have made initial request + 1 retry after auth = 2 total\n expect(mockFetch).toHaveBeenCalledTimes(2);\n expect(mockAuth).toHaveBeenCalledTimes(1);\n });\n\n it('should preserve original request method and body', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('success', { status: 200 }));\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n const requestBody = JSON.stringify({ data: 'test' });\n await enhancedFetch('https://api.example.com/data', {\n method: 'POST',\n body: requestBody,\n headers: { 'Content-Type': 'application/json' }\n });\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://api.example.com/data',\n expect.objectContaining({\n method: 'POST',\n body: requestBody,\n headers: expect.any(Headers)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Content-Type')).toBe('application/json');\n expect(headers.get('Authorization')).toBe('Bearer test-token');\n });\n\n it('should handle non-401 errors normally', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const serverErrorResponse = new Response('Server Error', { status: 500 });\n mockFetch.mockResolvedValue(serverErrorResponse);\n\n const enhancedFetch = withOAuth(mockProvider, 'https://api.example.com')(mockFetch);\n\n const result = await enhancedFetch('https://api.example.com/data');\n\n expect(result).toBe(serverErrorResponse);\n expect(mockFetch).toHaveBeenCalledTimes(1);\n expect(mockAuth).not.toHaveBeenCalled();\n });\n\n it('should handle URL object as input (without baseUrl)', async () => {\n mockProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n mockFetch.mockResolvedValue(new Response('success', { status: 200 }));\n\n // Test URL object without baseUrl - should extract origin from URL object\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n await enhancedFetch(new URL('https://api.example.com/data'));\n\n expect(mockFetch).toHaveBeenCalledWith(\n expect.any(URL),\n expect.objectContaining({\n headers: expect.any(Headers)\n })\n );\n });\n\n it('should handle URL object in auth retry (without baseUrl)', async () => {\n mockProvider.tokens\n .mockResolvedValueOnce({\n access_token: 'old-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n .mockResolvedValueOnce({\n access_token: 'new-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const unauthorizedResponse = new Response('Unauthorized', { status: 401 });\n const successResponse = new Response('success', { status: 200 });\n\n mockFetch.mockResolvedValueOnce(unauthorizedResponse).mockResolvedValueOnce(successResponse);\n\n mockExtractWWWAuthenticateParams.mockReturnValue({});\n mockAuth.mockResolvedValue('AUTHORIZED');\n\n const enhancedFetch = withOAuth(mockProvider)(mockFetch);\n\n const result = await enhancedFetch(new URL('https://api.example.com/data'));\n\n expect(result).toBe(successResponse);\n expect(mockFetch).toHaveBeenCalledTimes(2);\n expect(mockAuth).toHaveBeenCalledWith(mockProvider, {\n serverUrl: 'https://api.example.com', // Should extract origin from URL object\n resourceMetadataUrl: undefined,\n fetchFn: mockFetch\n });\n });\n});\n\ndescribe('withLogging', () => {\n let mockFetch: MockedFunction;\n let mockLogger: MockedFunction<\n (input: {\n method: string;\n url: string | URL;\n status: number;\n statusText: string;\n duration: number;\n requestHeaders?: Headers;\n responseHeaders?: Headers;\n error?: Error;\n }) => void\n >;\n let consoleErrorSpy: MockInstance;\n let consoleLogSpy: MockInstance;\n\n beforeEach(() => {\n vi.clearAllMocks();\n\n consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});\n consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});\n\n mockFetch = vi.fn();\n mockLogger = vi.fn();\n });\n\n afterEach(() => {\n consoleErrorSpy.mockRestore();\n consoleLogSpy.mockRestore();\n });\n\n it('should log successful requests with default logger', async () => {\n const response = new Response('success', { status: 200, statusText: 'OK' });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging()(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n expect(consoleLogSpy).toHaveBeenCalledWith(\n expect.stringMatching(/HTTP GET https:\\/\\/api\\.example\\.com\\/data 200 OK \\(\\d+\\.\\d+ms\\)/)\n );\n });\n\n it('should log error responses with default logger', async () => {\n const response = new Response('Not Found', {\n status: 404,\n statusText: 'Not Found'\n });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging()(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n expect(consoleErrorSpy).toHaveBeenCalledWith(\n expect.stringMatching(/HTTP GET https:\\/\\/api\\.example\\.com\\/data 404 Not Found \\(\\d+\\.\\d+ms\\)/)\n );\n });\n\n it('should log network errors with default logger', async () => {\n const networkError = new Error('Network connection failed');\n mockFetch.mockRejectedValue(networkError);\n\n const enhancedFetch = withLogging()(mockFetch);\n\n await expect(enhancedFetch('https://api.example.com/data')).rejects.toThrow('Network connection failed');\n\n expect(consoleErrorSpy).toHaveBeenCalledWith(\n expect.stringMatching(/HTTP GET https:\\/\\/api\\.example\\.com\\/data failed: Network connection failed \\(\\d+\\.\\d+ms\\)/)\n );\n });\n\n it('should use custom logger when provided', async () => {\n const response = new Response('success', { status: 200, statusText: 'OK' });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging({ logger: mockLogger })(mockFetch);\n\n await enhancedFetch('https://api.example.com/data', { method: 'POST' });\n\n expect(mockLogger).toHaveBeenCalledWith({\n method: 'POST',\n url: 'https://api.example.com/data',\n status: 200,\n statusText: 'OK',\n duration: expect.any(Number),\n requestHeaders: undefined,\n responseHeaders: undefined\n });\n\n expect(consoleLogSpy).not.toHaveBeenCalled();\n });\n\n it('should include request headers when configured', async () => {\n const response = new Response('success', { status: 200, statusText: 'OK' });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging({\n logger: mockLogger,\n includeRequestHeaders: true\n })(mockFetch);\n\n await enhancedFetch('https://api.example.com/data', {\n headers: {\n Authorization: 'Bearer token',\n 'Content-Type': 'application/json'\n }\n });\n\n expect(mockLogger).toHaveBeenCalledWith({\n method: 'GET',\n url: 'https://api.example.com/data',\n status: 200,\n statusText: 'OK',\n duration: expect.any(Number),\n requestHeaders: expect.any(Headers),\n responseHeaders: undefined\n });\n\n const logCall = mockLogger.mock.calls[0]![0];\n expect(logCall.requestHeaders?.get('Authorization')).toBe('Bearer token');\n expect(logCall.requestHeaders?.get('Content-Type')).toBe('application/json');\n });\n\n it('should include response headers when configured', async () => {\n const response = new Response('success', {\n status: 200,\n statusText: 'OK',\n headers: {\n 'Content-Type': 'application/json',\n 'Cache-Control': 'no-cache'\n }\n });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging({\n logger: mockLogger,\n includeResponseHeaders: true\n })(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n const logCall = mockLogger.mock.calls[0]![0];\n expect(logCall.responseHeaders?.get('Content-Type')).toBe('application/json');\n expect(logCall.responseHeaders?.get('Cache-Control')).toBe('no-cache');\n });\n\n it('should respect statusLevel option', async () => {\n const successResponse = new Response('success', {\n status: 200,\n statusText: 'OK'\n });\n const errorResponse = new Response('Server Error', {\n status: 500,\n statusText: 'Internal Server Error'\n });\n\n mockFetch.mockResolvedValueOnce(successResponse).mockResolvedValueOnce(errorResponse);\n\n const enhancedFetch = withLogging({\n logger: mockLogger,\n statusLevel: 400\n })(mockFetch);\n\n // 200 response should not be logged (below statusLevel 400)\n await enhancedFetch('https://api.example.com/success');\n expect(mockLogger).not.toHaveBeenCalled();\n\n // 500 response should be logged (above statusLevel 400)\n await enhancedFetch('https://api.example.com/error');\n expect(mockLogger).toHaveBeenCalledWith({\n method: 'GET',\n url: 'https://api.example.com/error',\n status: 500,\n statusText: 'Internal Server Error',\n duration: expect.any(Number),\n requestHeaders: undefined,\n responseHeaders: undefined\n });\n });\n\n it('should always log network errors regardless of statusLevel', async () => {\n const networkError = new Error('Connection timeout');\n mockFetch.mockRejectedValue(networkError);\n\n const enhancedFetch = withLogging({\n logger: mockLogger,\n statusLevel: 500 // Very high log level\n })(mockFetch);\n\n await expect(enhancedFetch('https://api.example.com/data')).rejects.toThrow('Connection timeout');\n\n expect(mockLogger).toHaveBeenCalledWith({\n method: 'GET',\n url: 'https://api.example.com/data',\n status: 0,\n statusText: 'Network Error',\n duration: expect.any(Number),\n requestHeaders: undefined,\n error: networkError\n });\n });\n\n it('should include headers in default logger message when configured', async () => {\n const response = new Response('success', {\n status: 200,\n statusText: 'OK',\n headers: { 'Content-Type': 'application/json' }\n });\n mockFetch.mockResolvedValue(response);\n\n const enhancedFetch = withLogging({\n includeRequestHeaders: true,\n includeResponseHeaders: true\n })(mockFetch);\n\n await enhancedFetch('https://api.example.com/data', {\n headers: { Authorization: 'Bearer token' }\n });\n\n expect(consoleLogSpy).toHaveBeenCalledWith(expect.stringContaining('Request Headers: {authorization: Bearer token}'));\n expect(consoleLogSpy).toHaveBeenCalledWith(expect.stringContaining('Response Headers: {content-type: application/json}'));\n });\n\n it('should measure request duration accurately', async () => {\n // Mock a slow response\n const response = new Response('success', { status: 200 });\n mockFetch.mockImplementation(async () => {\n await new Promise(resolve => setTimeout(resolve, 100));\n return response;\n });\n\n const enhancedFetch = withLogging({ logger: mockLogger })(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n const logCall = mockLogger.mock.calls[0]![0];\n expect(logCall.duration).toBeGreaterThanOrEqual(90); // Allow some margin for timing\n });\n});\n\ndescribe('applyMiddleware', () => {\n let mockFetch: MockedFunction;\n\n beforeEach(() => {\n vi.clearAllMocks();\n mockFetch = vi.fn();\n });\n\n it('should compose no middleware correctly', () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n const composedFetch = applyMiddlewares()(mockFetch);\n\n expect(composedFetch).toBe(mockFetch);\n });\n\n it('should compose single middleware correctly', async () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n // Create a middleware that adds a header\n const middleware1 = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Middleware-1', 'applied');\n return next(input, { ...init, headers });\n };\n\n const composedFetch = applyMiddlewares(middleware1)(mockFetch);\n\n await composedFetch('https://api.example.com/data');\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://api.example.com/data',\n expect.objectContaining({\n headers: expect.any(Headers)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('X-Middleware-1')).toBe('applied');\n });\n\n it('should compose multiple middleware in order', async () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n // Create middleware that add identifying headers\n const middleware1 = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Middleware-1', 'applied');\n return next(input, { ...init, headers });\n };\n\n const middleware2 = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Middleware-2', 'applied');\n return next(input, { ...init, headers });\n };\n\n const middleware3 = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Middleware-3', 'applied');\n return next(input, { ...init, headers });\n };\n\n const composedFetch = applyMiddlewares(middleware1, middleware2, middleware3)(mockFetch);\n\n await composedFetch('https://api.example.com/data');\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('X-Middleware-1')).toBe('applied');\n expect(headers.get('X-Middleware-2')).toBe('applied');\n expect(headers.get('X-Middleware-3')).toBe('applied');\n });\n\n it('should work with real fetch middleware functions', async () => {\n const response = new Response('success', { status: 200, statusText: 'OK' });\n mockFetch.mockResolvedValue(response);\n\n // Create middleware that add identifying headers\n const oauthMiddleware = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('Authorization', 'Bearer test-token');\n return next(input, { ...init, headers });\n };\n\n // Use custom logger to avoid console output\n const mockLogger = vi.fn();\n const composedFetch = applyMiddlewares(oauthMiddleware, withLogging({ logger: mockLogger, statusLevel: 0 }))(mockFetch);\n\n await composedFetch('https://api.example.com/data');\n\n // Should have both Authorization header and logging\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Bearer test-token');\n expect(mockLogger).toHaveBeenCalledWith({\n method: 'GET',\n url: 'https://api.example.com/data',\n status: 200,\n statusText: 'OK',\n duration: expect.any(Number),\n requestHeaders: undefined,\n responseHeaders: undefined\n });\n });\n\n it('should preserve error propagation through middleware', async () => {\n const errorMiddleware = (next: FetchLike) => async (input: string | URL, init?: RequestInit) => {\n try {\n return await next(input, init);\n } catch (error) {\n // Add context to the error\n throw new Error(`Middleware error: ${error instanceof Error ? error.message : String(error)}`);\n }\n };\n\n const originalError = new Error('Network failure');\n mockFetch.mockRejectedValue(originalError);\n\n const composedFetch = applyMiddlewares(errorMiddleware)(mockFetch);\n\n await expect(composedFetch('https://api.example.com/data')).rejects.toThrow('Middleware error: Network failure');\n });\n});\n\ndescribe('Integration Tests', () => {\n let mockProvider: Mocked;\n let mockFetch: MockedFunction;\n\n beforeEach(() => {\n vi.clearAllMocks();\n\n mockProvider = {\n get redirectUrl() {\n return 'http://localhost/callback';\n },\n get clientMetadata() {\n return { redirect_uris: ['http://localhost/callback'] };\n },\n tokens: vi.fn(),\n saveTokens: vi.fn(),\n clientInformation: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n invalidateCredentials: vi.fn()\n };\n\n mockFetch = vi.fn();\n });\n\n it('should work with SSE transport pattern', async () => {\n // Simulate how SSE transport might use the middleware\n mockProvider.tokens.mockResolvedValue({\n access_token: 'sse-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const response = new Response('{\"jsonrpc\":\"2.0\",\"id\":1,\"result\":{}}', {\n status: 200,\n headers: { 'Content-Type': 'application/json' }\n });\n mockFetch.mockResolvedValue(response);\n\n // Use custom logger to avoid console output\n const mockLogger = vi.fn();\n const enhancedFetch = applyMiddlewares(\n withOAuth(mockProvider as OAuthClientProvider, 'https://mcp-server.example.com'),\n withLogging({ logger: mockLogger, statusLevel: 400 }) // Only log errors\n )(mockFetch);\n\n // Simulate SSE POST request\n await enhancedFetch('https://mcp-server.example.com/endpoint', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n jsonrpc: '2.0',\n method: 'tools/list',\n id: 1\n })\n });\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://mcp-server.example.com/endpoint',\n expect.objectContaining({\n method: 'POST',\n headers: expect.any(Headers),\n body: expect.any(String)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Bearer sse-token');\n expect(headers.get('Content-Type')).toBe('application/json');\n });\n\n it('should work with StreamableHTTP transport pattern', async () => {\n // Simulate how StreamableHTTP transport might use the middleware\n mockProvider.tokens.mockResolvedValue({\n access_token: 'streamable-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const response = new Response(null, {\n status: 202,\n headers: { 'mcp-session-id': 'session-123' }\n });\n mockFetch.mockResolvedValue(response);\n\n // Use custom logger to avoid console output\n const mockLogger = vi.fn();\n const enhancedFetch = applyMiddlewares(\n withOAuth(mockProvider as OAuthClientProvider, 'https://streamable-server.example.com'),\n withLogging({\n logger: mockLogger,\n includeResponseHeaders: true,\n statusLevel: 0\n })\n )(mockFetch);\n\n // Simulate StreamableHTTP initialization request\n await enhancedFetch('https://streamable-server.example.com/mcp', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream'\n },\n body: JSON.stringify({\n jsonrpc: '2.0',\n method: 'initialize',\n params: { protocolVersion: '2025-03-26', clientInfo: { name: 'test' } },\n id: 1\n })\n });\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Bearer streamable-token');\n expect(headers.get('Accept')).toBe('application/json, text/event-stream');\n });\n\n it('should handle auth retry in transport-like scenario', async () => {\n mockProvider.tokens\n .mockResolvedValueOnce({\n access_token: 'expired-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n .mockResolvedValueOnce({\n access_token: 'fresh-token',\n token_type: 'Bearer',\n expires_in: 3600\n });\n\n const unauthorizedResponse = new Response('{\"error\":\"invalid_token\"}', {\n status: 401,\n headers: { 'www-authenticate': 'Bearer realm=\"mcp\"' }\n });\n const successResponse = new Response('{\"jsonrpc\":\"2.0\",\"id\":1,\"result\":{}}', {\n status: 200\n });\n\n mockFetch.mockResolvedValueOnce(unauthorizedResponse).mockResolvedValueOnce(successResponse);\n\n mockExtractWWWAuthenticateParams.mockReturnValue({\n resourceMetadataUrl: new URL('https://auth.example.com/.well-known/oauth-protected-resource'),\n scope: 'read'\n });\n mockAuth.mockResolvedValue('AUTHORIZED');\n\n // Use custom logger to avoid console output\n const mockLogger = vi.fn();\n const enhancedFetch = applyMiddlewares(\n withOAuth(mockProvider as OAuthClientProvider, 'https://mcp-server.example.com'),\n withLogging({ logger: mockLogger, statusLevel: 0 })\n )(mockFetch);\n\n const result = await enhancedFetch('https://mcp-server.example.com/endpoint', {\n method: 'POST',\n body: JSON.stringify({ jsonrpc: '2.0', method: 'test', id: 1 })\n });\n\n expect(result).toBe(successResponse);\n expect(mockFetch).toHaveBeenCalledTimes(2);\n expect(mockAuth).toHaveBeenCalledWith(mockProvider, {\n serverUrl: 'https://mcp-server.example.com',\n resourceMetadataUrl: new URL('https://auth.example.com/.well-known/oauth-protected-resource'),\n scope: 'read',\n fetchFn: mockFetch\n });\n });\n});\n\ndescribe('createMiddleware', () => {\n let mockFetch: MockedFunction;\n\n beforeEach(() => {\n vi.clearAllMocks();\n mockFetch = vi.fn();\n });\n\n it('should create middleware with cleaner syntax', async () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n const customMiddleware = createMiddleware(async (next, input, init) => {\n const headers = new Headers(init?.headers);\n headers.set('X-Custom-Header', 'custom-value');\n return next(input, { ...init, headers });\n });\n\n const enhancedFetch = customMiddleware(mockFetch);\n await enhancedFetch('https://api.example.com/data');\n\n expect(mockFetch).toHaveBeenCalledWith(\n 'https://api.example.com/data',\n expect.objectContaining({\n headers: expect.any(Headers)\n })\n );\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('X-Custom-Header')).toBe('custom-value');\n });\n\n it('should support conditional middleware logic', async () => {\n const apiResponse = new Response('api response', { status: 200 });\n const publicResponse = new Response('public response', { status: 200 });\n mockFetch.mockResolvedValueOnce(apiResponse).mockResolvedValueOnce(publicResponse);\n\n const conditionalMiddleware = createMiddleware(async (next, input, init) => {\n const url = typeof input === 'string' ? input : input.toString();\n\n if (url.includes('/api/')) {\n const headers = new Headers(init?.headers);\n headers.set('X-API-Version', 'v2');\n return next(input, { ...init, headers });\n }\n\n return next(input, init);\n });\n\n const enhancedFetch = conditionalMiddleware(mockFetch);\n\n // Test API route\n await enhancedFetch('https://example.com/api/users');\n let callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('X-API-Version')).toBe('v2');\n\n // Test non-API route\n await enhancedFetch('https://example.com/public/page');\n callArgs = mockFetch.mock.calls[1];\n const maybeHeaders = callArgs![1]?.headers as Headers | undefined;\n expect(maybeHeaders?.get('X-API-Version')).toBeUndefined();\n });\n\n it('should support short-circuit responses', async () => {\n const customMiddleware = createMiddleware(async (next, input, init) => {\n const url = typeof input === 'string' ? input : input.toString();\n\n // Short-circuit for specific URL\n if (url.includes('/cached')) {\n return new Response('cached data', { status: 200 });\n }\n\n return next(input, init);\n });\n\n const enhancedFetch = customMiddleware(mockFetch);\n\n // Test cached route (should not call mockFetch)\n const cachedResponse = await enhancedFetch('https://example.com/cached/data');\n expect(await cachedResponse.text()).toBe('cached data');\n expect(mockFetch).not.toHaveBeenCalled();\n\n // Test normal route\n mockFetch.mockResolvedValue(new Response('fresh data', { status: 200 }));\n const normalResponse = await enhancedFetch('https://example.com/normal/data');\n expect(await normalResponse.text()).toBe('fresh data');\n expect(mockFetch).toHaveBeenCalledTimes(1);\n });\n\n it('should handle response transformation', async () => {\n const originalResponse = new Response('{\"data\": \"original\"}', {\n status: 200,\n headers: { 'Content-Type': 'application/json' }\n });\n mockFetch.mockResolvedValue(originalResponse);\n\n const transformMiddleware = createMiddleware(async (next, input, init) => {\n const response = await next(input, init);\n\n if (response.headers.get('content-type')?.includes('application/json')) {\n const data = (await response.json()) as Record;\n const transformed = { ...data, timestamp: 123_456_789 };\n\n return Response.json(transformed, {\n status: response.status,\n statusText: response.statusText,\n headers: response.headers\n });\n }\n\n return response;\n });\n\n const enhancedFetch = transformMiddleware(mockFetch);\n const response = await enhancedFetch('https://api.example.com/data');\n const result = await response.json();\n\n expect(result).toEqual({\n data: 'original',\n timestamp: 123_456_789\n });\n });\n\n it('should support error handling and recovery', async () => {\n let attemptCount = 0;\n mockFetch.mockImplementation(async () => {\n attemptCount++;\n if (attemptCount === 1) {\n throw new Error('Network error');\n }\n return new Response('success', { status: 200 });\n });\n\n const retryMiddleware = createMiddleware(async (next, input, init) => {\n try {\n return await next(input, init);\n } catch (error) {\n // Retry once on network error\n console.log('Retrying request after error:', error);\n return await next(input, init);\n }\n });\n\n const enhancedFetch = retryMiddleware(mockFetch);\n const response = await enhancedFetch('https://api.example.com/data');\n\n expect(await response.text()).toBe('success');\n expect(mockFetch).toHaveBeenCalledTimes(2);\n });\n\n it('should compose well with other middleware', async () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n // Create custom middleware using createMiddleware\n const customAuth = createMiddleware(async (next, input, init) => {\n const headers = new Headers(init?.headers);\n headers.set('Authorization', 'Custom token');\n return next(input, { ...init, headers });\n });\n\n const customLogging = createMiddleware(async (next, input, init) => {\n const url = typeof input === 'string' ? input : input.toString();\n console.log(`Request to: ${url}`);\n const response = await next(input, init);\n console.log(`Response status: ${response.status}`);\n return response;\n });\n\n // Compose with existing middleware\n const enhancedFetch = applyMiddlewares(customAuth, customLogging, withLogging({ statusLevel: 400 }))(mockFetch);\n\n await enhancedFetch('https://api.example.com/data');\n\n const callArgs = mockFetch.mock.calls[0];\n const headers = callArgs![1]?.headers as Headers;\n expect(headers.get('Authorization')).toBe('Custom token');\n });\n\n it('should have access to both input types (string and URL)', async () => {\n const response = new Response('success', { status: 200 });\n mockFetch.mockResolvedValue(response);\n\n let capturedInputType: string | undefined;\n const inspectMiddleware = createMiddleware(async (next, input, init) => {\n capturedInputType = typeof input === 'string' ? 'string' : 'URL';\n return next(input, init);\n });\n\n const enhancedFetch = inspectMiddleware(mockFetch);\n\n // Test with string input\n await enhancedFetch('https://api.example.com/data');\n expect(capturedInputType).toBe('string');\n\n // Test with URL input\n await enhancedFetch(new URL('https://api.example.com/data'));\n expect(capturedInputType).toBe('URL');\n });\n});\n" }, { "path": "packages/client/test/client/sse.test.ts", "content": "import type { IncomingMessage, Server, ServerResponse } from 'node:http';\nimport { createServer } from 'node:http';\nimport type { AddressInfo } from 'node:net';\n\nimport type { JSONRPCMessage, OAuthTokens } from '@modelcontextprotocol/core';\nimport { OAuthError, OAuthErrorCode } from '@modelcontextprotocol/core';\nimport { listenOnRandomPort } from '@modelcontextprotocol/test-helpers';\nimport type { Mock, Mocked, MockedFunction, MockInstance } from 'vitest';\n\nimport type { OAuthClientProvider } from '../../src/client/auth.js';\nimport { UnauthorizedError } from '../../src/client/auth.js';\nimport { SSEClientTransport } from '../../src/client/sse.js';\n\n/**\n * Parses HTTP Basic auth from a request's Authorization header.\n * Returns the decoded client_id and client_secret, or undefined if the header is absent or malformed.\n * client_secret_basic is the default client auth method when server metadata omits\n * token_endpoint_auth_methods_supported (RFC 8414 §2).\n */\nfunction parseBasicAuth(req: IncomingMessage): { clientId: string; clientSecret: string } | undefined {\n const auth = req.headers.authorization;\n if (!auth || !auth.startsWith('Basic ')) return undefined;\n const decoded = Buffer.from(auth.slice(6), 'base64').toString('utf8');\n const sep = decoded.indexOf(':');\n if (sep === -1) return undefined;\n return { clientId: decoded.slice(0, sep), clientSecret: decoded.slice(sep + 1) };\n}\n\ndescribe('SSEClientTransport', () => {\n let resourceServer: Server;\n let authServer: Server;\n let transport: SSEClientTransport;\n let resourceBaseUrl: URL;\n let authBaseUrl: URL;\n let lastServerRequest: IncomingMessage;\n let sendServerMessage: ((message: string) => void) | null = null;\n\n beforeEach(async () => {\n // Reset state\n lastServerRequest = null as unknown as IncomingMessage;\n sendServerMessage = null;\n\n authServer = createServer((req, res) => {\n if (req.url === '/.well-known/oauth-authorization-server') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n });\n res.end(\n JSON.stringify({\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/authorize',\n token_endpoint: 'https://auth.example.com/token',\n registration_endpoint: 'https://auth.example.com/register',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n );\n return;\n }\n res.writeHead(401).end();\n });\n\n // Create a test server that will receive the EventSource connection\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n // Send SSE headers\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n\n // Send the endpoint event\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n\n // Store reference to send function for tests\n sendServerMessage = (message: string) => {\n res.write(`data: ${message}\\n\\n`);\n };\n\n // Handle request body for POST endpoints\n if (req.method === 'POST') {\n let body = '';\n req.on('data', chunk => {\n body += chunk;\n });\n req.on('end', () => {\n (req as IncomingMessage & { body: string }).body = body;\n res.end();\n });\n }\n });\n\n // Start server on random port\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n vi.spyOn(console, 'error').mockImplementation(() => {});\n });\n\n afterEach(async () => {\n await transport.close();\n await resourceServer.close();\n await authServer.close();\n\n vi.clearAllMocks();\n });\n\n describe('connection handling', () => {\n it('establishes SSE connection and receives endpoint', async () => {\n transport = new SSEClientTransport(resourceBaseUrl);\n await transport.start();\n\n expect(lastServerRequest.headers.accept).toBe('text/event-stream');\n expect(lastServerRequest.method).toBe('GET');\n });\n\n it('rejects if server returns non-200 status', async () => {\n // Create a server that returns 403\n await resourceServer.close();\n\n resourceServer = createServer((_req, res) => {\n res.writeHead(403);\n res.end();\n });\n\n resourceBaseUrl = await listenOnRandomPort(resourceServer);\n\n transport = new SSEClientTransport(resourceBaseUrl);\n await expect(transport.start()).rejects.toThrow();\n });\n\n it('closes EventSource connection on close()', async () => {\n transport = new SSEClientTransport(resourceBaseUrl);\n await transport.start();\n\n const closePromise = new Promise(resolve => {\n lastServerRequest.on('close', resolve);\n });\n\n await transport.close();\n await closePromise;\n });\n });\n\n describe('message handling', () => {\n it('receives and parses JSON-RPC messages', async () => {\n const receivedMessages: JSONRPCMessage[] = [];\n transport = new SSEClientTransport(resourceBaseUrl);\n transport.onmessage = msg => receivedMessages.push(msg);\n\n await transport.start();\n\n const testMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 'test-1',\n method: 'test',\n params: { foo: 'bar' }\n };\n\n sendServerMessage!(JSON.stringify(testMessage));\n\n // Wait for message processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(receivedMessages).toHaveLength(1);\n expect(receivedMessages[0]).toEqual(testMessage);\n });\n\n it('handles malformed JSON messages', async () => {\n const errors: Error[] = [];\n transport = new SSEClientTransport(resourceBaseUrl);\n transport.onerror = err => errors.push(err);\n\n await transport.start();\n\n sendServerMessage!('invalid json');\n\n // Wait for message processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(errors).toHaveLength(1);\n expect(errors[0]!.message).toMatch(/JSON/);\n });\n\n it('handles messages via POST requests', async () => {\n transport = new SSEClientTransport(resourceBaseUrl);\n await transport.start();\n\n const testMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 'test-1',\n method: 'test',\n params: { foo: 'bar' }\n };\n\n await transport.send(testMessage);\n\n // Wait for request processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(lastServerRequest.method).toBe('POST');\n expect(lastServerRequest.headers['content-type']).toBe('application/json');\n expect(JSON.parse((lastServerRequest as IncomingMessage & { body: string }).body)).toEqual(testMessage);\n });\n\n it('handles POST request failures', async () => {\n // Create a server that returns 500 for POST\n await resourceServer.close();\n\n resourceServer = createServer((req, res) => {\n if (req.method === 'GET') {\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n } else {\n res.writeHead(500);\n res.end('Internal error');\n }\n });\n\n resourceBaseUrl = await listenOnRandomPort(resourceServer);\n\n transport = new SSEClientTransport(resourceBaseUrl);\n await transport.start();\n\n const testMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 'test-1',\n method: 'test',\n params: {}\n };\n\n await expect(transport.send(testMessage)).rejects.toThrow(/500/);\n });\n });\n\n describe('header handling', () => {\n it('uses custom fetch implementation from EventSourceInit to add auth headers', async () => {\n const authToken = 'Bearer test-token';\n\n // Create a fetch wrapper that adds auth header\n const fetchWithAuth = (url: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('Authorization', authToken);\n return fetch(url.toString(), { ...init, headers });\n };\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n eventSourceInit: {\n fetch: fetchWithAuth\n }\n });\n\n await transport.start();\n\n // Verify the auth header was received by the server\n expect(lastServerRequest.headers.authorization).toBe(authToken);\n });\n\n it('uses custom fetch implementation from options', async () => {\n const authToken = 'Bearer custom-token';\n\n const fetchWithAuth = vi.fn((url: string | URL, init?: RequestInit) => {\n const headers = new Headers(init?.headers);\n headers.set('Authorization', authToken);\n return fetch(url.toString(), { ...init, headers });\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n fetch: fetchWithAuth\n });\n\n await transport.start();\n\n expect(lastServerRequest.headers.authorization).toBe(authToken);\n\n // Send a message to verify fetchWithAuth used for POST as well\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n expect(fetchWithAuth).toHaveBeenCalledTimes(2);\n expect(lastServerRequest.method).toBe('POST');\n expect(lastServerRequest.headers.authorization).toBe(authToken);\n });\n\n it('passes custom headers to fetch requests', async () => {\n const customHeaders = {\n Authorization: 'Bearer test-token',\n 'X-Custom-Header': 'custom-value'\n };\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n requestInit: {\n headers: customHeaders\n }\n });\n\n await transport.start();\n\n const originalFetch = globalThis.fetch;\n try {\n globalThis.fetch = vi.fn().mockResolvedValue({ ok: true });\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n const calledHeaders = (globalThis.fetch as Mock).mock.calls[0]![1].headers;\n expect(calledHeaders.get('Authorization')).toBe('Bearer test-token');\n expect(calledHeaders.get('X-Custom-Header')).toBe('custom-value');\n expect(calledHeaders.get('content-type')).toBe('application/json');\n\n customHeaders['X-Custom-Header'] = 'updated-value';\n\n await transport.send(message);\n\n const updatedHeaders = (globalThis.fetch as Mock).mock.calls[1]![1].headers;\n expect(updatedHeaders.get('X-Custom-Header')).toBe('updated-value');\n } finally {\n globalThis.fetch = originalFetch;\n }\n });\n\n it('passes custom headers to fetch requests (Headers class)', async () => {\n const customHeaders = new Headers({\n Authorization: 'Bearer test-token',\n 'X-Custom-Header': 'custom-value'\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n requestInit: {\n headers: customHeaders\n }\n });\n\n await transport.start();\n\n const originalFetch = globalThis.fetch;\n try {\n globalThis.fetch = vi.fn().mockResolvedValue({ ok: true });\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n const calledHeaders = (globalThis.fetch as Mock).mock.calls[0]![1].headers;\n expect(calledHeaders.get('Authorization')).toBe('Bearer test-token');\n expect(calledHeaders.get('X-Custom-Header')).toBe('custom-value');\n expect(calledHeaders.get('content-type')).toBe('application/json');\n\n customHeaders.set('X-Custom-Header', 'updated-value');\n\n await transport.send(message);\n\n const updatedHeaders = (globalThis.fetch as Mock).mock.calls[1]![1].headers;\n expect(updatedHeaders.get('X-Custom-Header')).toBe('updated-value');\n } finally {\n globalThis.fetch = originalFetch;\n }\n });\n\n it('passes custom headers to fetch requests (array of tuples)', async () => {\n transport = new SSEClientTransport(resourceBaseUrl, {\n requestInit: {\n headers: [\n ['Authorization', 'Bearer test-token'],\n ['X-Custom-Header', 'custom-value']\n ]\n }\n });\n\n await transport.start();\n\n const originalFetch = globalThis.fetch;\n try {\n globalThis.fetch = vi.fn().mockResolvedValue({ ok: true });\n\n await transport.send({ jsonrpc: '2.0', id: '1', method: 'test', params: {} });\n\n const calledHeaders = (globalThis.fetch as Mock).mock.calls[0]![1].headers;\n expect(calledHeaders.get('Authorization')).toBe('Bearer test-token');\n expect(calledHeaders.get('X-Custom-Header')).toBe('custom-value');\n expect(calledHeaders.get('content-type')).toBe('application/json');\n } finally {\n globalThis.fetch = originalFetch;\n }\n });\n });\n\n describe('auth handling', () => {\n const authServerMetadataUrls = new Set(['/.well-known/oauth-authorization-server', '/.well-known/openid-configuration']);\n\n let mockAuthProvider: Mocked;\n\n beforeEach(() => {\n mockAuthProvider = {\n get redirectUrl() {\n return 'http://localhost/callback';\n },\n get clientMetadata() {\n return { redirect_uris: ['http://localhost/callback'] };\n },\n clientInformation: vi.fn(() => ({ client_id: 'test-client-id', client_secret: 'test-client-secret' })),\n tokens: vi.fn(),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n invalidateCredentials: vi.fn()\n };\n });\n\n it('attaches auth header from provider on SSE connection', async () => {\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer'\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await transport.start();\n\n expect(lastServerRequest.headers.authorization).toBe('Bearer test-token');\n expect(mockAuthProvider.tokens).toHaveBeenCalled();\n });\n\n it('attaches custom header from provider on initial SSE connection', async () => {\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer'\n });\n const customHeaders = {\n 'X-Custom-Header': 'custom-value'\n };\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider,\n requestInit: {\n headers: customHeaders\n }\n });\n\n await transport.start();\n\n expect(lastServerRequest.headers.authorization).toBe('Bearer test-token');\n expect(lastServerRequest.headers['x-custom-header']).toBe('custom-value');\n expect(mockAuthProvider.tokens).toHaveBeenCalled();\n });\n\n it('attaches auth header from provider on POST requests', async () => {\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer'\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await transport.start();\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n expect(lastServerRequest.headers.authorization).toBe('Bearer test-token');\n expect(mockAuthProvider.tokens).toHaveBeenCalled();\n });\n\n it('attempts auth flow on 401 during SSE connection', async () => {\n // Create server that returns 401s\n resourceServer.close();\n authServer.close();\n\n // Start auth server on random port\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n }).end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [`${authBaseUrl}`]\n })\n );\n return;\n }\n\n if (req.url === '/') {\n res.writeHead(401).end();\n } else {\n res.writeHead(404).end();\n }\n });\n\n resourceBaseUrl = await listenOnRandomPort(resourceServer);\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await expect(() => transport.start()).rejects.toThrow(UnauthorizedError);\n expect(mockAuthProvider.redirectToAuthorization.mock.calls).toHaveLength(1);\n });\n\n it('attempts auth flow on 401 during POST request', async () => {\n // Create server that accepts SSE but returns 401 on POST\n resourceServer.close();\n authServer.close();\n\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n switch (req.method) {\n case 'GET': {\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n }).end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [`${authBaseUrl}`]\n })\n );\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n break;\n }\n\n case 'POST': {\n res.writeHead(401);\n res.end();\n break;\n }\n }\n });\n\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await transport.start();\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await expect(() => transport.send(message)).rejects.toThrow(UnauthorizedError);\n expect(mockAuthProvider.redirectToAuthorization.mock.calls).toHaveLength(1);\n });\n\n it('respects custom headers when using auth provider', async () => {\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer'\n });\n\n const customHeaders = {\n 'X-Custom-Header': 'custom-value'\n };\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider,\n requestInit: {\n headers: customHeaders\n }\n });\n\n await transport.start();\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n expect(lastServerRequest.headers.authorization).toBe('Bearer test-token');\n expect(lastServerRequest.headers['x-custom-header']).toBe('custom-value');\n });\n\n it('refreshes expired token during SSE connection', async () => {\n // Mock tokens() to return expired token until saveTokens is called\n let currentTokens: OAuthTokens = {\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n };\n mockAuthProvider.tokens.mockImplementation(() => currentTokens);\n mockAuthProvider.saveTokens.mockImplementation(tokens => {\n currentTokens = tokens;\n });\n\n // Create server that returns 401 for expired token, then accepts new token\n resourceServer.close();\n authServer.close();\n\n authServer = createServer((req, res) => {\n if (req.url && authServerMetadataUrls.has(req.url)) {\n res.writeHead(404).end();\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n // Handle token refresh request\n let body = '';\n req.on('data', chunk => {\n body += chunk;\n });\n req.on('end', () => {\n const params = new URLSearchParams(body);\n const basicAuth = parseBasicAuth(req);\n if (\n params.get('grant_type') === 'refresh_token' &&\n params.get('refresh_token') === 'refresh-token' &&\n basicAuth?.clientId === 'test-client-id' &&\n basicAuth?.clientSecret === 'test-client-secret'\n ) {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n access_token: 'new-token',\n token_type: 'Bearer',\n refresh_token: 'new-refresh-token'\n })\n );\n } else {\n res.writeHead(400).end();\n }\n });\n return;\n }\n\n res.writeHead(401).end();\n });\n\n // Start auth server on random port\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n let connectionAttempts = 0;\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n }).end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [`${authBaseUrl}`]\n })\n );\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n\n const auth = req.headers.authorization;\n if (auth === 'Bearer expired-token') {\n res.writeHead(401).end();\n return;\n }\n\n if (auth === 'Bearer new-token') {\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n connectionAttempts++;\n return;\n }\n\n res.writeHead(401).end();\n });\n\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await transport.start();\n\n expect(mockAuthProvider.saveTokens).toHaveBeenCalledWith({\n access_token: 'new-token',\n token_type: 'Bearer',\n refresh_token: 'new-refresh-token'\n });\n expect(connectionAttempts).toBe(1);\n expect(lastServerRequest.headers.authorization).toBe('Bearer new-token');\n });\n\n it('refreshes expired token during POST request', async () => {\n // Mock tokens() to return expired token until saveTokens is called\n let currentTokens: OAuthTokens = {\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n };\n mockAuthProvider.tokens.mockImplementation(() => currentTokens);\n mockAuthProvider.saveTokens.mockImplementation(tokens => {\n currentTokens = tokens;\n });\n\n // Create server that returns 401 for expired token, then accepts new token\n resourceServer.close();\n authServer.close();\n\n authServer = createServer((req, res) => {\n if (req.url && authServerMetadataUrls.has(req.url)) {\n res.writeHead(404).end();\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n // Handle token refresh request\n let body = '';\n req.on('data', chunk => {\n body += chunk;\n });\n req.on('end', () => {\n const params = new URLSearchParams(body);\n const basicAuth = parseBasicAuth(req);\n if (\n params.get('grant_type') === 'refresh_token' &&\n params.get('refresh_token') === 'refresh-token' &&\n basicAuth?.clientId === 'test-client-id' &&\n basicAuth?.clientSecret === 'test-client-secret'\n ) {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n access_token: 'new-token',\n token_type: 'Bearer',\n refresh_token: 'new-refresh-token'\n })\n );\n } else {\n res.writeHead(400).end();\n }\n });\n return;\n }\n\n res.writeHead(401).end();\n });\n\n // Start auth server on random port\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n let postAttempts = 0;\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n }).end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [`${authBaseUrl}`]\n })\n );\n return;\n }\n\n switch (req.method) {\n case 'GET': {\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n break;\n }\n\n case 'POST': {\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n\n const auth = req.headers.authorization;\n if (auth === 'Bearer expired-token') {\n res.writeHead(401).end();\n return;\n }\n\n if (auth === 'Bearer new-token') {\n res.writeHead(200).end();\n postAttempts++;\n return;\n }\n\n res.writeHead(401).end();\n break;\n }\n }\n });\n\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await transport.start();\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n await transport.send(message);\n\n expect(mockAuthProvider.saveTokens).toHaveBeenCalledWith({\n access_token: 'new-token',\n token_type: 'Bearer',\n refresh_token: 'new-refresh-token'\n });\n expect(postAttempts).toBe(1);\n expect(lastServerRequest.headers.authorization).toBe('Bearer new-token');\n });\n\n it('redirects to authorization if refresh token flow fails', async () => {\n // Mock tokens() to return expired token until saveTokens is called\n let currentTokens: OAuthTokens = {\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n };\n mockAuthProvider.tokens.mockImplementation(() => currentTokens);\n mockAuthProvider.saveTokens.mockImplementation(tokens => {\n currentTokens = tokens;\n });\n\n // Create server that returns 401 for all tokens\n resourceServer.close();\n authServer.close();\n\n authServer = createServer((req, res) => {\n if (req.url && authServerMetadataUrls.has(req.url)) {\n res.writeHead(404).end();\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n // Handle token refresh request - always fail\n res.writeHead(400).end();\n return;\n }\n\n res.writeHead(401).end();\n });\n\n // Start auth server on random port\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, {\n 'Content-Type': 'application/json'\n }).end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [`${authBaseUrl}`]\n })\n );\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n res.writeHead(401).end();\n });\n\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider\n });\n\n await expect(() => transport.start()).rejects.toThrow(UnauthorizedError);\n expect(mockAuthProvider.redirectToAuthorization).toHaveBeenCalled();\n });\n\n it('invalidates all credentials on OAuthErrorCode.InvalidClient during token refresh', async () => {\n // Mock tokens() to return token with refresh token\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n });\n\n const expectedError = new OAuthError(OAuthErrorCode.InvalidClient, 'Client authentication failed');\n let baseUrl = resourceBaseUrl;\n\n // Create server that returns OAuthErrorCode.InvalidClient on token refresh\n const server = createServer((req, res) => {\n lastServerRequest = req;\n\n // Handle OAuth metadata discovery\n if (req.url === '/.well-known/oauth-authorization-server' && req.method === 'GET') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n issuer: baseUrl.href,\n authorization_endpoint: `${baseUrl.href}authorize`,\n token_endpoint: `${baseUrl.href}token`,\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n );\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n res.writeHead(400, { 'Content-Type': 'application/json' }).end(JSON.stringify(expectedError.toResponseObject()));\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n res.writeHead(401).end();\n });\n\n baseUrl = await listenOnRandomPort(server);\n\n transport = new SSEClientTransport(baseUrl, {\n authProvider: mockAuthProvider\n });\n\n await expect(() => transport.start()).rejects.toMatchObject(expectedError);\n expect(mockAuthProvider.invalidateCredentials).toHaveBeenCalledWith('all');\n });\n\n it('invalidates all credentials on OAuthErrorCode.UnauthorizedClient during token refresh', async () => {\n // Mock tokens() to return token with refresh token\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n });\n\n const expectedError = new OAuthError(OAuthErrorCode.UnauthorizedClient, 'Client not authorized');\n let baseUrl = resourceBaseUrl;\n\n const server = createServer((req, res) => {\n lastServerRequest = req;\n\n // Handle OAuth metadata discovery\n if (req.url === '/.well-known/oauth-authorization-server' && req.method === 'GET') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n issuer: baseUrl.href,\n authorization_endpoint: `${baseUrl.href}authorize`,\n token_endpoint: `${baseUrl.href}token`,\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n );\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n res.writeHead(400, { 'Content-Type': 'application/json' }).end(JSON.stringify(expectedError.toResponseObject()));\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n res.writeHead(401).end();\n });\n\n baseUrl = await listenOnRandomPort(server);\n\n transport = new SSEClientTransport(baseUrl, {\n authProvider: mockAuthProvider\n });\n\n await expect(() => transport.start()).rejects.toMatchObject(expectedError);\n expect(mockAuthProvider.invalidateCredentials).toHaveBeenCalledWith('all');\n });\n\n it('invalidates tokens on OAuthErrorCode.InvalidGrant during token refresh', async () => {\n // Mock tokens() to return token with refresh token\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'expired-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n });\n\n const expectedError = new OAuthError(OAuthErrorCode.InvalidGrant, 'Invalid refresh token');\n let baseUrl = resourceBaseUrl;\n\n const server = createServer((req, res) => {\n lastServerRequest = req;\n\n // Handle OAuth metadata discovery\n if (req.url === '/.well-known/oauth-authorization-server' && req.method === 'GET') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n issuer: baseUrl.href,\n authorization_endpoint: `${baseUrl.href}authorize`,\n token_endpoint: `${baseUrl.href}token`,\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n );\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n res.writeHead(400, { 'Content-Type': 'application/json' }).end(JSON.stringify(expectedError.toResponseObject()));\n return;\n }\n\n if (req.url !== '/') {\n res.writeHead(404).end();\n return;\n }\n res.writeHead(401).end();\n });\n\n baseUrl = await listenOnRandomPort(server);\n\n transport = new SSEClientTransport(baseUrl, {\n authProvider: mockAuthProvider\n });\n\n await expect(() => transport.start()).rejects.toMatchObject(expectedError);\n expect(mockAuthProvider.invalidateCredentials).toHaveBeenCalledWith('tokens');\n });\n });\n\n describe('custom fetch in auth code paths', () => {\n let customFetch: MockedFunction;\n let globalFetchSpy: MockInstance;\n let mockAuthProvider: Mocked;\n let resourceServerHandler: Mock;\n\n /**\n * Helper function to create a mock auth provider with configurable behavior\n */\n const createMockAuthProvider = (\n config: {\n hasTokens?: boolean;\n tokensExpired?: boolean;\n hasRefreshToken?: boolean;\n clientRegistered?: boolean;\n authorizationCode?: string;\n } = {}\n ): Mocked => {\n const tokens = config.hasTokens\n ? {\n access_token: config.tokensExpired ? 'expired-token' : 'valid-token',\n token_type: 'Bearer' as const,\n ...(config.hasRefreshToken && { refresh_token: 'refresh-token' })\n }\n : undefined;\n\n const clientInfo = config.clientRegistered\n ? {\n client_id: 'test-client-id',\n client_secret: 'test-client-secret'\n }\n : undefined;\n\n return {\n get redirectUrl() {\n return 'http://localhost/callback';\n },\n get clientMetadata() {\n return {\n redirect_uris: ['http://localhost/callback'],\n client_name: 'Test Client'\n };\n },\n clientInformation: vi.fn().mockResolvedValue(clientInfo),\n tokens: vi.fn().mockResolvedValue(tokens),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn().mockResolvedValue('test-verifier'),\n invalidateCredentials: vi.fn()\n };\n };\n\n const createCustomFetchMockAuthServer = async () => {\n authServer = createServer((req, res) => {\n if (req.url === '/.well-known/oauth-authorization-server') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n issuer: `http://127.0.0.1:${(authServer.address() as AddressInfo).port}`,\n authorization_endpoint: `http://127.0.0.1:${(authServer.address() as AddressInfo).port}/authorize`,\n token_endpoint: `http://127.0.0.1:${(authServer.address() as AddressInfo).port}/token`,\n registration_endpoint: `http://127.0.0.1:${(authServer.address() as AddressInfo).port}/register`,\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n );\n return;\n }\n\n if (req.url === '/token' && req.method === 'POST') {\n // Handle token exchange request\n let body = '';\n req.on('data', chunk => {\n body += chunk;\n });\n req.on('end', () => {\n const params = new URLSearchParams(body);\n const basicAuth = parseBasicAuth(req);\n if (\n params.get('grant_type') === 'authorization_code' &&\n params.get('code') === 'test-auth-code' &&\n basicAuth?.clientId === 'test-client-id' &&\n basicAuth?.clientSecret === 'test-client-secret'\n ) {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n access_token: 'new-access-token',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n })\n );\n } else {\n res.writeHead(400).end();\n }\n });\n return;\n }\n\n res.writeHead(404).end();\n });\n\n // Start auth server on random port\n await new Promise(resolve => {\n authServer.listen(0, '127.0.0.1', () => {\n const addr = authServer.address() as AddressInfo;\n authBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n };\n\n const createCustomFetchMockResourceServer = async () => {\n // Set up resource server that provides OAuth metadata\n resourceServer = createServer((req, res) => {\n lastServerRequest = req;\n\n if (req.url === '/.well-known/oauth-protected-resource') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n resource: resourceBaseUrl.href,\n authorization_servers: [authBaseUrl.href]\n })\n );\n return;\n }\n\n resourceServerHandler(req, res);\n });\n\n // Start resource server on random port\n await new Promise(resolve => {\n resourceServer.listen(0, '127.0.0.1', () => {\n const addr = resourceServer.address() as AddressInfo;\n resourceBaseUrl = new URL(`http://127.0.0.1:${addr.port}`);\n resolve();\n });\n });\n };\n\n beforeEach(async () => {\n // Close existing servers to set up custom auth flow servers\n resourceServer.close();\n authServer.close();\n\n const originalFetch = fetch;\n\n // Create custom fetch spy that delegates to real fetch\n customFetch = vi.fn((url, init) => {\n return originalFetch(url.toString(), init);\n });\n\n // Spy on global fetch to detect unauthorized usage\n globalFetchSpy = vi.spyOn(globalThis, 'fetch');\n\n // Create mock auth provider with default configuration\n mockAuthProvider = createMockAuthProvider({\n hasTokens: false,\n clientRegistered: true\n });\n\n // Set up auth server that handles OAuth discovery and token requests\n await createCustomFetchMockAuthServer();\n\n // Set up resource server\n resourceServerHandler = vi.fn(\n (\n _req: IncomingMessage,\n res: ServerResponse & {\n req: IncomingMessage;\n }\n ) => {\n res.writeHead(404).end();\n }\n );\n await createCustomFetchMockResourceServer();\n });\n\n afterEach(() => {\n globalFetchSpy.mockRestore();\n });\n\n it('uses custom fetch during auth flow on SSE connection 401 - no global fetch fallback', async () => {\n // Set up resource server that returns 401 on SSE connection and provides OAuth metadata\n resourceServerHandler.mockImplementation((req: IncomingMessage, res: ServerResponse) => {\n if (req.url === '/') {\n // Return 401 to trigger auth flow\n res.writeHead(401, {\n 'WWW-Authenticate': `Bearer realm=\"mcp\", resource_metadata=\"${resourceBaseUrl.href}.well-known/oauth-protected-resource\"`\n });\n res.end();\n return;\n }\n\n res.writeHead(404).end();\n });\n\n // Create transport with custom fetch and auth provider\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider,\n fetch: customFetch\n });\n\n // Attempt to start - should trigger auth flow and eventually fail with UnauthorizedError\n await expect(transport.start()).rejects.toThrow(UnauthorizedError);\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Verify specific OAuth endpoints were called with custom fetch\n const customFetchCalls = customFetch.mock.calls;\n const callUrls = customFetchCalls.map(([url]) => url.toString());\n\n // Should have called resource metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-protected-resource'))).toBe(true);\n\n // Should have called OAuth authorization server metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-authorization-server'))).toBe(true);\n\n // Verify auth provider was called to redirect to authorization\n expect(mockAuthProvider.redirectToAuthorization).toHaveBeenCalled();\n\n // Global fetch should never have been called\n expect(globalFetchSpy).not.toHaveBeenCalled();\n });\n\n it('uses custom fetch during auth flow on POST request 401 - no global fetch fallback', async () => {\n // Set up resource server that accepts SSE connection but returns 401 on POST\n resourceServerHandler.mockImplementation((req: IncomingMessage, res: ServerResponse) => {\n switch (req.method) {\n case 'GET': {\n if (req.url === '/') {\n // Accept SSE connection\n res.writeHead(200, {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n });\n res.write('event: endpoint\\n');\n res.write(`data: ${resourceBaseUrl.href}\\n\\n`);\n return;\n }\n break;\n }\n\n case 'POST': {\n if (req.url === '/') {\n // Return 401 to trigger auth retry\n res.writeHead(401, {\n 'WWW-Authenticate': `Bearer realm=\"mcp\", resource_metadata=\"${resourceBaseUrl.href}.well-known/oauth-protected-resource\"`\n });\n res.end();\n return;\n }\n break;\n }\n }\n\n res.writeHead(404).end();\n });\n\n // Create transport with custom fetch and auth provider\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: mockAuthProvider,\n fetch: customFetch\n });\n\n // Start the transport (should succeed)\n await transport.start();\n\n // Send a message that should trigger 401 and auth retry\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: '1',\n method: 'test',\n params: {}\n };\n\n // Attempt to send message - should trigger auth flow and eventually fail\n await expect(transport.send(message)).rejects.toThrow(UnauthorizedError);\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Verify specific OAuth endpoints were called with custom fetch\n const customFetchCalls = customFetch.mock.calls;\n const callUrls = customFetchCalls.map(([url]) => url.toString());\n\n // Should have called resource metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-protected-resource'))).toBe(true);\n\n // Should have called OAuth authorization server metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-authorization-server'))).toBe(true);\n\n // Should have attempted the POST request that triggered the 401\n const postCalls = customFetchCalls.filter(\n ([url, options]) => url.toString() === resourceBaseUrl.href && options?.method === 'POST'\n );\n expect(postCalls.length).toBeGreaterThan(0);\n\n // Verify auth provider was called to redirect to authorization\n expect(mockAuthProvider.redirectToAuthorization).toHaveBeenCalled();\n\n // Global fetch should never have been called\n expect(globalFetchSpy).not.toHaveBeenCalled();\n });\n\n it('uses custom fetch in finishAuth method - no global fetch fallback', async () => {\n // Create mock auth provider that expects to save tokens\n const authProviderWithCode = createMockAuthProvider({\n clientRegistered: true,\n authorizationCode: 'test-auth-code'\n });\n\n // Create transport with custom fetch and auth provider\n transport = new SSEClientTransport(resourceBaseUrl, {\n authProvider: authProviderWithCode,\n fetch: customFetch\n });\n\n // Call finishAuth with authorization code\n await transport.finishAuth('test-auth-code');\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Verify specific OAuth endpoints were called with custom fetch\n const customFetchCalls = customFetch.mock.calls;\n const callUrls = customFetchCalls.map(([url]) => url.toString());\n\n // Should have called resource metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-protected-resource'))).toBe(true);\n\n // Should have called OAuth authorization server metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-authorization-server'))).toBe(true);\n\n // Should have called token endpoint for authorization code exchange\n const tokenCalls = customFetchCalls.filter(([url, options]) => url.toString().includes('/token') && options?.method === 'POST');\n expect(tokenCalls.length).toBeGreaterThan(0);\n\n // Verify tokens were saved\n expect(authProviderWithCode.saveTokens).toHaveBeenCalledWith({\n access_token: 'new-access-token',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n });\n\n // Global fetch should never have been called\n expect(globalFetchSpy).not.toHaveBeenCalled();\n });\n });\n});\n" }, { "path": "packages/client/test/client/stdio.test.ts", "content": "import type { JSONRPCMessage } from '@modelcontextprotocol/core';\n\nimport type { StdioServerParameters } from '../../src/client/stdio.js';\nimport { StdioClientTransport } from '../../src/client/stdio.js';\n\n// Configure default server parameters based on OS\n// Uses 'more' command for Windows and 'tee' command for Unix/Linux\nconst getDefaultServerParameters = (): StdioServerParameters => {\n if (process.platform === 'win32') {\n return { command: 'more' };\n }\n return { command: '/usr/bin/tee' };\n};\n\nconst serverParameters = getDefaultServerParameters();\n\ntest('should start then close cleanly', async () => {\n const client = new StdioClientTransport(serverParameters);\n client.onerror = error => {\n throw error;\n };\n\n let didClose = false;\n client.onclose = () => {\n didClose = true;\n };\n\n await client.start();\n expect(didClose).toBeFalsy();\n await client.close();\n expect(didClose).toBeTruthy();\n});\n\ntest('should read messages', async () => {\n const client = new StdioClientTransport(serverParameters);\n client.onerror = error => {\n throw error;\n };\n\n const messages: JSONRPCMessage[] = [\n {\n jsonrpc: '2.0',\n id: 1,\n method: 'ping'\n },\n {\n jsonrpc: '2.0',\n method: 'notifications/initialized'\n }\n ];\n\n const readMessages: JSONRPCMessage[] = [];\n const finished = new Promise(resolve => {\n client.onmessage = message => {\n readMessages.push(message);\n\n if (JSON.stringify(message) === JSON.stringify(messages[1])) {\n resolve();\n }\n };\n });\n\n await client.start();\n await client.send(messages[0]!);\n await client.send(messages[1]!);\n await finished;\n expect(readMessages).toEqual(messages);\n\n await client.close();\n});\n\ntest('should return child process pid', async () => {\n const client = new StdioClientTransport(serverParameters);\n\n await client.start();\n expect(client.pid).not.toBeNull();\n await client.close();\n expect(client.pid).toBeNull();\n});\n" }, { "path": "packages/client/test/client/streamableHttp.test.ts", "content": "import type { JSONRPCMessage, JSONRPCRequest } from '@modelcontextprotocol/core';\nimport { OAuthError, OAuthErrorCode, SdkError, SdkErrorCode } from '@modelcontextprotocol/core';\nimport type { Mock, Mocked } from 'vitest';\n\nimport type { OAuthClientProvider } from '../../src/client/auth.js';\nimport { UnauthorizedError } from '../../src/client/auth.js';\nimport type { StartSSEOptions, StreamableHTTPReconnectionOptions } from '../../src/client/streamableHttp.js';\nimport { StreamableHTTPClientTransport } from '../../src/client/streamableHttp.js';\n\ndescribe('StreamableHTTPClientTransport', () => {\n let transport: StreamableHTTPClientTransport;\n let mockAuthProvider: Mocked;\n\n beforeEach(() => {\n mockAuthProvider = {\n get redirectUrl() {\n return 'http://localhost/callback';\n },\n get clientMetadata() {\n return { redirect_uris: ['http://localhost/callback'] };\n },\n clientInformation: vi.fn(() => ({ client_id: 'test-client-id', client_secret: 'test-client-secret' })),\n tokens: vi.fn(),\n saveTokens: vi.fn(),\n redirectToAuthorization: vi.fn(),\n saveCodeVerifier: vi.fn(),\n codeVerifier: vi.fn(),\n invalidateCredentials: vi.fn()\n };\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), { authProvider: mockAuthProvider });\n vi.spyOn(globalThis, 'fetch');\n });\n\n afterEach(async () => {\n await transport.close().catch(() => {});\n vi.clearAllMocks();\n });\n\n it('should send JSON-RPC messages via POST', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 202,\n headers: new Headers()\n });\n\n await transport.send(message);\n\n expect(globalThis.fetch).toHaveBeenCalledWith(\n expect.anything(),\n expect.objectContaining({\n method: 'POST',\n headers: expect.any(Headers),\n body: JSON.stringify(message)\n })\n );\n });\n\n it('should send batch messages', async () => {\n const messages: JSONRPCMessage[] = [\n { jsonrpc: '2.0', method: 'test1', params: {}, id: 'id1' },\n { jsonrpc: '2.0', method: 'test2', params: {}, id: 'id2' }\n ];\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: null\n });\n\n await transport.send(messages);\n\n expect(globalThis.fetch).toHaveBeenCalledWith(\n expect.anything(),\n expect.objectContaining({\n method: 'POST',\n headers: expect.any(Headers),\n body: JSON.stringify(messages)\n })\n );\n });\n\n it('should store session ID received during initialization', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-03-26'\n },\n id: 'init-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream', 'mcp-session-id': 'test-session-id' })\n });\n\n await transport.send(message);\n\n // Send a second message that should include the session ID\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 202,\n headers: new Headers()\n });\n\n await transport.send({ jsonrpc: '2.0', method: 'test', params: {} } as JSONRPCMessage);\n\n // Check that second request included session ID header\n const calls = (globalThis.fetch as Mock).mock.calls;\n const lastCall = calls.at(-1)!;\n expect(lastCall[1].headers).toBeDefined();\n expect(lastCall[1].headers.get('mcp-session-id')).toBe('test-session-id');\n });\n\n it('should terminate session with DELETE request', async () => {\n // First, simulate getting a session ID\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-03-26'\n },\n id: 'init-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream', 'mcp-session-id': 'test-session-id' })\n });\n\n await transport.send(message);\n expect(transport.sessionId).toBe('test-session-id');\n\n // Now terminate the session\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers()\n });\n\n await transport.terminateSession();\n\n // Verify the DELETE request was sent with the session ID\n const calls = (globalThis.fetch as Mock).mock.calls;\n const lastCall = calls.at(-1)!;\n expect(lastCall[1].method).toBe('DELETE');\n expect(lastCall[1].headers.get('mcp-session-id')).toBe('test-session-id');\n\n // The session ID should be cleared after successful termination\n expect(transport.sessionId).toBeUndefined();\n });\n\n it(\"should handle 405 response when server doesn't support session termination\", async () => {\n // First, simulate getting a session ID\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-03-26'\n },\n id: 'init-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream', 'mcp-session-id': 'test-session-id' })\n });\n\n await transport.send(message);\n\n // Now terminate the session, but server responds with 405\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: false,\n status: 405,\n statusText: 'Method Not Allowed',\n headers: new Headers()\n });\n\n await expect(transport.terminateSession()).resolves.not.toThrow();\n });\n\n it('should handle 404 response when session expires', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: false,\n status: 404,\n statusText: 'Not Found',\n text: () => Promise.resolve('Session not found'),\n headers: new Headers()\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n await expect(transport.send(message)).rejects.toThrow(\n new SdkError(SdkErrorCode.ClientHttpNotImplemented, 'Error POSTing to endpoint: Session not found', {\n status: 404,\n text: 'Session not found'\n })\n );\n expect(errorSpy).toHaveBeenCalled();\n });\n\n it('should handle non-streaming JSON response', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n const responseMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n result: { success: true },\n id: 'test-id'\n };\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'application/json' }),\n json: () => Promise.resolve(responseMessage)\n });\n\n const messageSpy = vi.fn();\n transport.onmessage = messageSpy;\n\n await transport.send(message);\n\n expect(messageSpy).toHaveBeenCalledWith(responseMessage);\n });\n\n it('should attempt initial GET connection and handle 405 gracefully', async () => {\n // Mock the server not supporting GET for SSE (returning 405)\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: false,\n status: 405,\n statusText: 'Method Not Allowed'\n });\n\n // We expect the 405 error to be caught and handled gracefully\n // This should not throw an error that breaks the transport\n await transport.start();\n await expect(transport['_startOrAuthSse']({})).resolves.not.toThrow('Failed to open SSE stream: Method Not Allowed');\n // Check that GET was attempted\n expect(globalThis.fetch).toHaveBeenCalledWith(\n expect.anything(),\n expect.objectContaining({\n method: 'GET',\n headers: expect.any(Headers)\n })\n );\n\n // Verify transport still works after 405\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 202,\n headers: new Headers()\n });\n\n await transport.send({ jsonrpc: '2.0', method: 'test', params: {} } as JSONRPCMessage);\n expect(globalThis.fetch).toHaveBeenCalledTimes(2);\n });\n\n it('should handle successful initial GET connection for SSE', async () => {\n // Set up readable stream for SSE events\n const encoder = new TextEncoder();\n const stream = new ReadableStream({\n start(controller) {\n // Send a server notification via SSE\n const event = 'event: message\\ndata: {\"jsonrpc\": \"2.0\", \"method\": \"serverNotification\", \"params\": {}}\\n\\n';\n controller.enqueue(encoder.encode(event));\n }\n });\n\n // Mock successful GET connection\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: stream\n });\n\n const messageSpy = vi.fn();\n transport.onmessage = messageSpy;\n\n await transport.start();\n await transport['_startOrAuthSse']({});\n\n // Give time for the SSE event to be processed\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(messageSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n jsonrpc: '2.0',\n method: 'serverNotification',\n params: {}\n })\n );\n });\n\n it('should handle multiple concurrent SSE streams', async () => {\n // Mock two POST requests that return SSE streams\n const makeStream = (id: string) => {\n const encoder = new TextEncoder();\n return new ReadableStream({\n start(controller) {\n const event = `event: message\\ndata: {\"jsonrpc\": \"2.0\", \"result\": {\"id\": \"${id}\"}, \"id\": \"${id}\"}\\n\\n`;\n controller.enqueue(encoder.encode(event));\n }\n });\n };\n\n (globalThis.fetch as Mock)\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: makeStream('request1')\n })\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: makeStream('request2')\n });\n\n const messageSpy = vi.fn();\n transport.onmessage = messageSpy;\n\n // Send two concurrent requests\n await Promise.all([\n transport.send({ jsonrpc: '2.0', method: 'test1', params: {}, id: 'request1' }),\n transport.send({ jsonrpc: '2.0', method: 'test2', params: {}, id: 'request2' })\n ]);\n\n // Give time for SSE processing\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Both streams should have delivered their messages\n expect(messageSpy).toHaveBeenCalledTimes(2);\n\n // Verify received messages without assuming specific order\n expect(\n messageSpy.mock.calls.some(call => {\n const msg = call[0];\n return msg.id === 'request1' && msg.result?.id === 'request1';\n })\n ).toBe(true);\n\n expect(\n messageSpy.mock.calls.some(call => {\n const msg = call[0];\n return msg.id === 'request2' && msg.result?.id === 'request2';\n })\n ).toBe(true);\n });\n\n it('should support custom reconnection options', () => {\n // Create a transport with custom reconnection options\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 500,\n maxReconnectionDelay: 10_000,\n reconnectionDelayGrowFactor: 2,\n maxRetries: 5\n }\n });\n\n // Verify options were set correctly (checking implementation details)\n // Access private properties for testing\n const transportInstance = transport as unknown as {\n _reconnectionOptions: StreamableHTTPReconnectionOptions;\n };\n expect(transportInstance._reconnectionOptions.initialReconnectionDelay).toBe(500);\n expect(transportInstance._reconnectionOptions.maxRetries).toBe(5);\n });\n\n it('should pass lastEventId when reconnecting', async () => {\n // Create a fresh transport\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'));\n\n // Mock fetch to verify headers sent\n const fetchSpy = globalThis.fetch as Mock;\n fetchSpy.mockReset();\n fetchSpy.mockResolvedValue({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: new ReadableStream()\n });\n\n // Call the reconnect method directly with a lastEventId\n await transport.start();\n // Type assertion to access private method\n const transportWithPrivateMethods = transport as unknown as {\n _startOrAuthSse: (options: { resumptionToken?: string }) => Promise;\n };\n await transportWithPrivateMethods._startOrAuthSse({ resumptionToken: 'test-event-id' });\n\n // Verify fetch was called with the lastEventId header\n expect(fetchSpy).toHaveBeenCalled();\n const fetchCall = fetchSpy.mock.calls[0]!;\n const headers = fetchCall[1].headers;\n expect(headers.get('last-event-id')).toBe('test-event-id');\n });\n\n it('should include requestInit options (credentials, mode, etc.) in GET SSE request', async () => {\n // Regression test for #895: POST and DELETE requests spread _requestInit but the\n // GET SSE request did not, so non-header options like credentials were dropped.\n vi.clearAllMocks();\n\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n requestInit: { credentials: 'include', mode: 'cors' }\n });\n\n const fetchSpy = globalThis.fetch as Mock;\n fetchSpy.mockReset();\n fetchSpy.mockResolvedValue({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: new ReadableStream()\n });\n\n await transport.start();\n await (transport as unknown as { _startOrAuthSse: (opts: StartSSEOptions) => Promise })._startOrAuthSse({});\n\n expect(fetchSpy).toHaveBeenCalled();\n const init = fetchSpy.mock.calls[0]![1];\n expect(init.method).toBe('GET');\n expect(init.credentials).toBe('include');\n expect(init.mode).toBe('cors');\n });\n\n it('should throw error when invalid content-type is received', async () => {\n // Clear any previous state from other tests\n vi.clearAllMocks();\n\n // Create a fresh transport instance\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'));\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n const stream = new ReadableStream({\n start(controller) {\n controller.enqueue(new TextEncoder().encode('invalid text response'));\n controller.close();\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n (globalThis.fetch as Mock).mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/plain' }),\n body: stream\n });\n\n await transport.start();\n await expect(transport.send(message)).rejects.toThrow('Unexpected content type: text/plain');\n expect(errorSpy).toHaveBeenCalled();\n });\n\n it('uses custom fetch implementation if provided', async () => {\n // Create custom fetch\n const customFetch = vi\n .fn()\n .mockResolvedValueOnce(new Response(null, { status: 200, headers: { 'content-type': 'text/event-stream' } }))\n .mockResolvedValueOnce(new Response(null, { status: 202 }));\n\n // Create transport instance\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n fetch: customFetch\n });\n\n await transport.start();\n await (transport as unknown as { _startOrAuthSse: (opts: StartSSEOptions) => Promise })._startOrAuthSse({});\n\n await transport.send({ jsonrpc: '2.0', method: 'test', params: {}, id: '1' } as JSONRPCMessage);\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Global fetch should never have been called\n expect(globalThis.fetch).not.toHaveBeenCalled();\n });\n\n it('should always send specified custom headers', async () => {\n const requestInit = {\n headers: {\n Authorization: 'Bearer test-token',\n 'X-Custom-Header': 'CustomValue'\n }\n };\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n requestInit: requestInit\n });\n\n let actualReqInit: RequestInit = {};\n\n (globalThis.fetch as Mock).mockImplementation(async (_url, reqInit) => {\n actualReqInit = reqInit;\n return new Response(null, { status: 200, headers: { 'content-type': 'text/event-stream' } });\n });\n\n await transport.start();\n\n await transport['_startOrAuthSse']({});\n expect((actualReqInit.headers as Headers).get('authorization')).toBe('Bearer test-token');\n expect((actualReqInit.headers as Headers).get('x-custom-header')).toBe('CustomValue');\n\n requestInit.headers['X-Custom-Header'] = 'SecondCustomValue';\n\n await transport.send({ jsonrpc: '2.0', method: 'test', params: {} } as JSONRPCMessage);\n expect((actualReqInit.headers as Headers).get('x-custom-header')).toBe('SecondCustomValue');\n\n expect(globalThis.fetch).toHaveBeenCalledTimes(2);\n });\n\n it('should always send specified custom headers (Headers class)', async () => {\n const requestInit = {\n headers: new Headers({\n Authorization: 'Bearer test-token',\n 'X-Custom-Header': 'CustomValue'\n })\n };\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n requestInit: requestInit\n });\n\n let actualReqInit: RequestInit = {};\n\n (globalThis.fetch as Mock).mockImplementation(async (_url, reqInit) => {\n actualReqInit = reqInit;\n return new Response(null, { status: 200, headers: { 'content-type': 'text/event-stream' } });\n });\n\n await transport.start();\n\n await transport['_startOrAuthSse']({});\n expect((actualReqInit.headers as Headers).get('authorization')).toBe('Bearer test-token');\n expect((actualReqInit.headers as Headers).get('x-custom-header')).toBe('CustomValue');\n\n (requestInit.headers as Headers).set('X-Custom-Header', 'SecondCustomValue');\n\n await transport.send({ jsonrpc: '2.0', method: 'test', params: {} } as JSONRPCMessage);\n expect((actualReqInit.headers as Headers).get('x-custom-header')).toBe('SecondCustomValue');\n\n expect(globalThis.fetch).toHaveBeenCalledTimes(2);\n });\n\n it('should always send specified custom headers (array of tuples)', async () => {\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n requestInit: {\n headers: [\n ['Authorization', 'Bearer test-token'],\n ['X-Custom-Header', 'CustomValue']\n ]\n }\n });\n\n let actualReqInit: RequestInit = {};\n\n (globalThis.fetch as Mock).mockImplementation(async (_url, reqInit) => {\n actualReqInit = reqInit;\n return new Response(null, { status: 200, headers: { 'content-type': 'text/event-stream' } });\n });\n\n await transport.start();\n\n await transport['_startOrAuthSse']({});\n expect((actualReqInit.headers as Headers).get('authorization')).toBe('Bearer test-token');\n expect((actualReqInit.headers as Headers).get('x-custom-header')).toBe('CustomValue');\n });\n\n it('should have exponential backoff with configurable maxRetries', () => {\n // This test verifies the maxRetries and backoff calculation directly\n\n // Create transport with specific options for testing\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 100,\n maxReconnectionDelay: 5000,\n reconnectionDelayGrowFactor: 2,\n maxRetries: 3\n }\n });\n\n // Get access to the internal implementation\n const getDelay = transport['_getNextReconnectionDelay'].bind(transport);\n\n // First retry - should use initial delay\n expect(getDelay(0)).toBe(100);\n\n // Second retry - should double (2^1 * 100 = 200)\n expect(getDelay(1)).toBe(200);\n\n // Third retry - should double again (2^2 * 100 = 400)\n expect(getDelay(2)).toBe(400);\n\n // Fourth retry - should double again (2^3 * 100 = 800)\n expect(getDelay(3)).toBe(800);\n\n // Tenth retry - should be capped at maxReconnectionDelay\n expect(getDelay(10)).toBe(5000);\n });\n\n it('attempts auth flow on 401 during POST request', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n (globalThis.fetch as Mock)\n .mockResolvedValueOnce({\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n })\n .mockResolvedValue({\n ok: false,\n status: 404,\n text: async () => {\n throw 'dont read my body';\n }\n });\n\n await expect(transport.send(message)).rejects.toThrow(UnauthorizedError);\n expect(mockAuthProvider.redirectToAuthorization.mock.calls).toHaveLength(1);\n });\n\n it('attempts upscoping on 403 with WWW-Authenticate header', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n const fetchMock = globalThis.fetch as Mock;\n fetchMock\n // First call: returns 403 with insufficient_scope\n .mockResolvedValueOnce({\n ok: false,\n status: 403,\n statusText: 'Forbidden',\n headers: new Headers({\n 'WWW-Authenticate':\n 'Bearer error=\"insufficient_scope\", scope=\"new_scope\", resource_metadata=\"http://example.com/resource\"'\n }),\n text: () => Promise.resolve('Insufficient scope')\n })\n // Second call: successful after upscoping\n .mockResolvedValueOnce({\n ok: true,\n status: 202,\n headers: new Headers()\n });\n\n // Spy on the imported auth function and mock successful authorization\n const authModule = await import('../../src/client/auth.js');\n const authSpy = vi.spyOn(authModule, 'auth');\n authSpy.mockResolvedValue('AUTHORIZED');\n\n await transport.send(message);\n\n // Verify fetch was called twice\n expect(fetchMock).toHaveBeenCalledTimes(2);\n\n // Verify auth was called with the new scope\n expect(authSpy).toHaveBeenCalledWith(\n mockAuthProvider,\n expect.objectContaining({\n scope: 'new_scope',\n resourceMetadataUrl: new URL('http://example.com/resource')\n })\n );\n\n authSpy.mockRestore();\n });\n\n it('prevents infinite upscoping on repeated 403', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n // Mock fetch calls to always return 403 with insufficient_scope\n const fetchMock = globalThis.fetch as Mock;\n fetchMock.mockResolvedValue({\n ok: false,\n status: 403,\n statusText: 'Forbidden',\n headers: new Headers({\n 'WWW-Authenticate': 'Bearer error=\"insufficient_scope\", scope=\"new_scope\"'\n }),\n text: () => Promise.resolve('Insufficient scope')\n });\n\n // Spy on the imported auth function and mock successful authorization\n const authModule = await import('../../src/client/auth.js');\n const authSpy = vi.spyOn(authModule as typeof import('../../src/client/auth.js'), 'auth');\n authSpy.mockResolvedValue('AUTHORIZED');\n\n // First send: should trigger upscoping\n await expect(transport.send(message)).rejects.toThrow('Server returned 403 after trying upscoping');\n\n expect(fetchMock).toHaveBeenCalledTimes(2); // Initial call + one retry after auth\n expect(authSpy).toHaveBeenCalledTimes(1); // Auth called once\n\n // Second send: should fail immediately without re-calling auth\n fetchMock.mockClear();\n authSpy.mockClear();\n await expect(transport.send(message)).rejects.toThrow('Server returned 403 after trying upscoping');\n\n expect(fetchMock).toHaveBeenCalledTimes(1); // Only one fetch call\n expect(authSpy).not.toHaveBeenCalled(); // Auth not called again\n\n authSpy.mockRestore();\n });\n\n describe('Reconnection Logic', () => {\n let transport: StreamableHTTPClientTransport;\n\n // Use fake timers to control setTimeout and make the test instant.\n beforeEach(() => vi.useFakeTimers());\n afterEach(() => vi.useRealTimers());\n\n it('should reconnect a GET-initiated notification stream that fails', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 1,\n maxReconnectionDelay: 1000, // Ensure it doesn't retry indefinitely\n reconnectionDelayGrowFactor: 1 // No exponential backoff for simplicity\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n const failingStream = new ReadableStream({\n start(controller) {\n controller.error(new Error('Network failure'));\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n // Mock the initial GET request, which will fail.\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: failingStream\n });\n // Mock the reconnection GET request, which will succeed.\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: new ReadableStream()\n });\n\n // ACT\n await transport.start();\n // Trigger the GET stream directly using the internal method for a clean test.\n await transport['_startOrAuthSse']({});\n await vi.advanceTimersByTimeAsync(20); // Trigger reconnection timeout\n\n // ASSERT\n expect(errorSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('SSE stream disconnected: Error: Network failure')\n })\n );\n // THE KEY ASSERTION: A second fetch call proves reconnection was attempted.\n expect(fetchMock).toHaveBeenCalledTimes(2);\n expect(fetchMock.mock.calls[0]![1]?.method).toBe('GET');\n expect(fetchMock.mock.calls[1]![1]?.method).toBe('GET');\n });\n\n it('should NOT reconnect a POST-initiated stream that fails', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 1,\n maxReconnectionDelay: 1000, // Ensure it doesn't retry indefinitely\n reconnectionDelayGrowFactor: 1 // No exponential backoff for simplicity\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n const failingStream = new ReadableStream({\n start(controller) {\n controller.error(new Error('Network failure'));\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n // Mock the POST request. It returns a streaming content-type but a failing body.\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: failingStream\n });\n\n // A dummy request message to trigger the `send` logic.\n const requestMessage: JSONRPCRequest = {\n jsonrpc: '2.0',\n method: 'long_running_tool',\n id: 'request-1',\n params: {}\n };\n\n // ACT\n await transport.start();\n // Use the public `send` method to initiate a POST that gets a stream response.\n await transport.send(requestMessage);\n await vi.advanceTimersByTimeAsync(20); // Advance time to check for reconnections\n\n // ASSERT\n // THE KEY ASSERTION: Fetch was only called ONCE. No reconnection was attempted.\n expect(fetchMock).toHaveBeenCalledTimes(1);\n expect(fetchMock.mock.calls[0]![1]?.method).toBe('POST');\n });\n\n it('should reconnect a POST-initiated stream after receiving a priming event', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 1,\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n // Create a stream that sends a priming event (with ID) then closes\n const streamWithPrimingEvent = new ReadableStream({\n start(controller) {\n // Send a priming event with an ID - this enables reconnection\n controller.enqueue(\n new TextEncoder().encode('id: event-123\\ndata: {\"jsonrpc\":\"2.0\",\"method\":\"notifications/message\",\"params\":{}}\\n\\n')\n );\n // Then close the stream (simulating server disconnect)\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n // First call: POST returns streaming response with priming event\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: streamWithPrimingEvent\n });\n // Second call: GET reconnection - return 405 to stop further reconnection\n fetchMock.mockResolvedValueOnce({\n ok: false,\n status: 405,\n headers: new Headers()\n });\n\n const requestMessage: JSONRPCRequest = {\n jsonrpc: '2.0',\n method: 'long_running_tool',\n id: 'request-1',\n params: {}\n };\n\n // ACT\n await transport.start();\n await transport.send(requestMessage);\n // Wait for stream to process and reconnection to be scheduled\n await vi.advanceTimersByTimeAsync(50);\n\n // ASSERT\n // Verify we performed at least one POST for the initial stream.\n expect(fetchMock).toHaveBeenCalled();\n const postCall = fetchMock.mock.calls.find(call => call[1]?.method === 'POST');\n expect(postCall).toBeDefined();\n });\n\n it('should NOT reconnect a POST stream when response was received', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 1,\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1\n }\n });\n\n // Create a stream that sends:\n // 1. Priming event with ID (enables potential reconnection)\n // 2. The actual response (should prevent reconnection)\n // 3. Then closes\n const streamWithResponse = new ReadableStream({\n start(controller) {\n // Priming event with ID\n controller.enqueue(new TextEncoder().encode('id: priming-123\\ndata: \\n\\n'));\n // The actual response to the request\n controller.enqueue(\n new TextEncoder().encode('id: response-456\\ndata: {\"jsonrpc\":\"2.0\",\"result\":{\"tools\":[]},\"id\":\"request-1\"}\\n\\n')\n );\n // Stream closes normally\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: streamWithResponse\n });\n\n const requestMessage: JSONRPCRequest = {\n jsonrpc: '2.0',\n method: 'tools/list',\n id: 'request-1',\n params: {}\n };\n\n // ACT\n await transport.start();\n await transport.send(requestMessage);\n await vi.advanceTimersByTimeAsync(50);\n\n // ASSERT\n // THE KEY ASSERTION: Fetch was called ONCE only - no reconnection!\n // The response was received, so no need to reconnect.\n expect(fetchMock).toHaveBeenCalledTimes(1);\n expect(fetchMock.mock.calls[0]![1]?.method).toBe('POST');\n });\n\n it('should not attempt reconnection after close() is called', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 100,\n maxRetries: 3,\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1\n }\n });\n\n // Stream with priming event + notification (no response) that closes\n // This triggers reconnection scheduling\n const streamWithPriming = new ReadableStream({\n start(controller) {\n controller.enqueue(\n new TextEncoder().encode('id: event-123\\ndata: {\"jsonrpc\":\"2.0\",\"method\":\"notifications/test\",\"params\":{}}\\n\\n')\n );\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n\n // POST request returns streaming response\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: streamWithPriming\n });\n\n // ACT\n await transport.start();\n await transport.send({ jsonrpc: '2.0', method: 'test', id: '1', params: {} });\n\n // Wait a tick to let stream processing complete and schedule reconnection\n await vi.advanceTimersByTimeAsync(10);\n\n // Now close() - reconnection timeout is pending (scheduled for 100ms)\n await transport.close();\n\n // Advance past reconnection delay\n await vi.advanceTimersByTimeAsync(200);\n\n // ASSERT\n // Only 1 call: the initial POST. No reconnection attempts after close().\n expect(fetchMock).toHaveBeenCalledTimes(1);\n expect(fetchMock.mock.calls[0]![1]?.method).toBe('POST');\n });\n\n it('should not throw JSON parse error on priming events with empty data', async () => {\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'));\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n const resumptionTokenSpy = vi.fn();\n\n // Create a stream that sends a priming event (ID only, empty data) then a real message\n const streamWithPrimingEvent = new ReadableStream({\n start(controller) {\n // Send a priming event with ID but empty data - this should NOT cause a JSON parse error\n controller.enqueue(new TextEncoder().encode('id: priming-123\\ndata: \\n\\n'));\n // Send a real message\n controller.enqueue(\n new TextEncoder().encode('id: msg-456\\ndata: {\"jsonrpc\":\"2.0\",\"result\":{\"tools\":[]},\"id\":\"req-1\"}\\n\\n')\n );\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: streamWithPrimingEvent\n });\n\n await transport.start();\n transport.send(\n {\n jsonrpc: '2.0',\n method: 'tools/list',\n id: 'req-1',\n params: {}\n },\n { resumptionToken: undefined, onresumptiontoken: resumptionTokenSpy }\n );\n\n await vi.advanceTimersByTimeAsync(50);\n\n // No JSON parse errors should have occurred\n expect(errorSpy).not.toHaveBeenCalledWith(\n expect.objectContaining({ message: expect.stringContaining('Unexpected end of JSON') })\n );\n // Resumption token callback may be invoked, but the primary assertion\n // here is that no JSON parse errors occurred for the priming event.\n });\n });\n\n it('invalidates all credentials on OAuthErrorCode.InvalidClient during auth', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n refresh_token: 'test-refresh'\n });\n\n const unauthedResponse = {\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n };\n (globalThis.fetch as Mock)\n // Initial connection\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, path aware\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, root\n .mockResolvedValueOnce(unauthedResponse)\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Token refresh fails with OAuthErrorCode.InvalidClient\n .mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.InvalidClient, 'Client authentication failed').toResponseObject(), {\n status: 400\n })\n )\n // Fallback should fail to complete the flow\n .mockResolvedValue({\n ok: false,\n status: 404\n });\n\n // Ensure the auth flow completes without unhandled rejections for this\n // error type; token invalidation behavior is covered in dedicated tests.\n await transport.send(message).catch(() => {});\n });\n\n it('invalidates all credentials on OAuthErrorCode.UnauthorizedClient during auth', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n refresh_token: 'test-refresh'\n });\n\n const unauthedResponse = {\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n };\n (globalThis.fetch as Mock)\n // Initial connection\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, path aware\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, root\n .mockResolvedValueOnce(unauthedResponse)\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Token refresh fails with OAuthErrorCode.UnauthorizedClient\n .mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.UnauthorizedClient, 'Client not authorized').toResponseObject(), {\n status: 400\n })\n )\n // Fallback should fail to complete the flow\n .mockResolvedValue({\n ok: false,\n status: 404,\n text: async () => {\n throw 'dont read my body';\n }\n });\n\n // As above, just ensure the auth flow completes without unhandled\n // rejections in this scenario.\n await transport.send(message).catch(() => {});\n });\n\n it('invalidates tokens on OAuthErrorCode.InvalidGrant during auth', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n refresh_token: 'test-refresh'\n });\n\n const unauthedResponse = {\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n };\n (globalThis.fetch as Mock)\n // Initial connection\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, path aware\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, root\n .mockResolvedValueOnce(unauthedResponse)\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Token refresh fails with OAuthErrorCode.InvalidGrant\n .mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.InvalidGrant, 'Invalid refresh token').toResponseObject(), { status: 400 })\n )\n // Fallback should fail to complete the flow\n .mockResolvedValue({\n ok: false,\n status: 404,\n text: async () => {\n throw 'dont read my body';\n }\n });\n\n // Behavior for OAuthErrorCode.InvalidGrant during auth is covered in dedicated OAuth\n // unit tests and SSE transport tests. Here we just assert that the call\n // path completes without unhandled rejections.\n await transport.send(message).catch(() => {});\n });\n\n describe('custom fetch in auth code paths', () => {\n it('uses custom fetch during auth flow on 401 - no global fetch fallback', async () => {\n const unauthedResponse = {\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n };\n\n // Create custom fetch\n const customFetch = vi\n .fn()\n // Initial connection\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery\n .mockResolvedValueOnce(unauthedResponse)\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Token refresh fails with OAuthErrorCode.InvalidClient\n .mockResolvedValueOnce(\n Response.json(new OAuthError(OAuthErrorCode.InvalidClient, 'Client authentication failed').toResponseObject(), {\n status: 400\n })\n )\n // Fallback should fail to complete the flow\n .mockResolvedValue({\n ok: false,\n status: 404\n });\n\n // Create transport instance\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n authProvider: mockAuthProvider,\n fetch: customFetch\n });\n\n // Attempt to start - should trigger auth flow and eventually fail with UnauthorizedError\n await transport.start();\n await expect(\n (transport as unknown as { _startOrAuthSse: (opts: StartSSEOptions) => Promise })._startOrAuthSse({})\n ).rejects.toThrow(UnauthorizedError);\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Verify specific OAuth endpoints were called with custom fetch\n const customFetchCalls = customFetch.mock.calls;\n const callUrls = customFetchCalls.map(([url]) => url.toString());\n\n // Should have called resource metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-protected-resource'))).toBe(true);\n\n // Should have called OAuth authorization server metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-authorization-server'))).toBe(true);\n\n // Verify auth provider was called to redirect to authorization\n expect(mockAuthProvider.redirectToAuthorization).toHaveBeenCalled();\n\n // Global fetch should never have been called\n expect(globalThis.fetch).not.toHaveBeenCalled();\n });\n\n it('uses custom fetch in finishAuth method - no global fetch fallback', async () => {\n // Create custom fetch\n const customFetch = vi\n .fn()\n // Protected resource metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n authorization_servers: ['http://localhost:1234'],\n resource: 'http://localhost:1234/mcp'\n })\n })\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Code exchange\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-access-token',\n refresh_token: 'new-refresh-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n });\n\n // Create transport instance\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n authProvider: mockAuthProvider,\n fetch: customFetch\n });\n\n // Call finishAuth with authorization code\n await transport.finishAuth('test-auth-code');\n\n // Verify custom fetch was used\n expect(customFetch).toHaveBeenCalled();\n\n // Verify specific OAuth endpoints were called with custom fetch\n const customFetchCalls = customFetch.mock.calls;\n const callUrls = customFetchCalls.map(([url]) => url.toString());\n\n // Should have called resource metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-protected-resource'))).toBe(true);\n\n // Should have called OAuth authorization server metadata discovery\n expect(callUrls.some(url => url.includes('/.well-known/oauth-authorization-server'))).toBe(true);\n\n // Should have called token endpoint for authorization code exchange\n const tokenCalls = customFetchCalls.filter(([url, options]) => url.toString().includes('/token') && options?.method === 'POST');\n expect(tokenCalls.length).toBeGreaterThan(0);\n\n // Verify tokens were saved\n expect(mockAuthProvider.saveTokens).toHaveBeenCalledWith({\n access_token: 'new-access-token',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'new-refresh-token'\n });\n\n // Global fetch should never have been called\n expect(globalThis.fetch).not.toHaveBeenCalled();\n });\n });\n\n describe('SSE retry field handling', () => {\n beforeEach(() => {\n vi.useFakeTimers();\n (globalThis.fetch as Mock).mockReset();\n });\n afterEach(() => vi.useRealTimers());\n\n it('should use server-provided retry value for reconnection delay', async () => {\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 100,\n maxReconnectionDelay: 5000,\n reconnectionDelayGrowFactor: 2,\n maxRetries: 3\n }\n });\n\n // Create a stream that sends a retry field\n const encoder = new TextEncoder();\n const stream = new ReadableStream({\n start(controller) {\n // Send SSE event with retry field\n const event =\n 'retry: 3000\\nevent: message\\nid: evt-1\\ndata: {\"jsonrpc\": \"2.0\", \"method\": \"notification\", \"params\": {}}\\n\\n';\n controller.enqueue(encoder.encode(event));\n // Close stream to trigger reconnection\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: stream\n });\n\n // Second request for reconnection\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: new ReadableStream()\n });\n\n await transport.start();\n await transport['_startOrAuthSse']({});\n\n // Wait for stream to close and reconnection to be scheduled\n await vi.advanceTimersByTimeAsync(100);\n\n // Verify the server retry value was captured\n const transportInternal = transport as unknown as { _serverRetryMs?: number };\n expect(transportInternal._serverRetryMs).toBe(3000);\n\n // Verify the delay calculation uses server retry value\n const getDelay = transport['_getNextReconnectionDelay'].bind(transport);\n expect(getDelay(0)).toBe(3000); // Should use server value, not 100ms initial\n expect(getDelay(5)).toBe(3000); // Should still use server value for any attempt\n });\n\n it('should fall back to exponential backoff when no server retry value', () => {\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 100,\n maxReconnectionDelay: 5000,\n reconnectionDelayGrowFactor: 2,\n maxRetries: 3\n }\n });\n\n // Without any SSE stream, _serverRetryMs should be undefined\n const transportInternal = transport as unknown as { _serverRetryMs?: number };\n expect(transportInternal._serverRetryMs).toBeUndefined();\n\n // Should use exponential backoff\n const getDelay = transport['_getNextReconnectionDelay'].bind(transport);\n expect(getDelay(0)).toBe(100); // 100 * 2^0\n expect(getDelay(1)).toBe(200); // 100 * 2^1\n expect(getDelay(2)).toBe(400); // 100 * 2^2\n expect(getDelay(10)).toBe(5000); // capped at max\n });\n\n it('should reconnect on graceful stream close', async () => {\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1,\n maxRetries: 1\n }\n });\n\n // Create a stream that closes gracefully after sending an event with ID\n const encoder = new TextEncoder();\n const stream = new ReadableStream({\n start(controller) {\n // Send priming event with ID and retry field\n const event = 'id: evt-1\\nretry: 100\\ndata: \\n\\n';\n controller.enqueue(encoder.encode(event));\n // Graceful close\n controller.close();\n }\n });\n\n const fetchMock = globalThis.fetch as Mock;\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: stream\n });\n\n // Second request for reconnection\n fetchMock.mockResolvedValueOnce({\n ok: true,\n status: 200,\n headers: new Headers({ 'content-type': 'text/event-stream' }),\n body: new ReadableStream()\n });\n\n await transport.start();\n await transport['_startOrAuthSse']({});\n\n // Wait for stream to process and close\n await vi.advanceTimersByTimeAsync(50);\n\n // Wait for reconnection delay (100ms from retry field)\n await vi.advanceTimersByTimeAsync(150);\n\n // Should have attempted reconnection\n expect(fetchMock).toHaveBeenCalledTimes(2);\n expect(fetchMock.mock.calls[0]![1]?.method).toBe('GET');\n expect(fetchMock.mock.calls[1]![1]?.method).toBe('GET');\n\n // Second call should include Last-Event-ID\n const secondCallHeaders = fetchMock.mock.calls[1]![1]?.headers;\n expect(secondCallHeaders?.get('last-event-id')).toBe('evt-1');\n });\n });\n\n describe('Reconnection Logic with maxRetries 0', () => {\n let transport: StreamableHTTPClientTransport;\n\n // Use fake timers to control setTimeout and make the test instant.\n beforeEach(() => vi.useFakeTimers());\n afterEach(() => vi.useRealTimers());\n\n it('should not schedule any reconnection attempts when maxRetries is 0', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 0, // This should disable retries completely\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n // ACT - directly call _scheduleReconnection which is the code path the fix affects\n transport['_scheduleReconnection']({});\n\n // ASSERT - should immediately report max retries exceeded, not schedule a retry\n expect(errorSpy).toHaveBeenCalledTimes(1);\n expect(errorSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n message: 'Maximum reconnection attempts (0) exceeded.'\n })\n );\n\n // Verify no timeout was scheduled (no reconnection attempt)\n expect(transport['_reconnectionTimeout']).toBeUndefined();\n });\n\n it('should schedule reconnection when maxRetries is greater than 0', async () => {\n // ARRANGE\n transport = new StreamableHTTPClientTransport(new URL('http://localhost:1234/mcp'), {\n reconnectionOptions: {\n initialReconnectionDelay: 10,\n maxRetries: 1, // Allow 1 retry\n maxReconnectionDelay: 1000,\n reconnectionDelayGrowFactor: 1\n }\n });\n\n const errorSpy = vi.fn();\n transport.onerror = errorSpy;\n\n // ACT - call _scheduleReconnection with attemptCount 0\n transport['_scheduleReconnection']({});\n\n // ASSERT - should schedule a reconnection, not report error yet\n expect(errorSpy).not.toHaveBeenCalled();\n expect(transport['_reconnectionTimeout']).toBeDefined();\n\n // Clean up the timeout to avoid test pollution\n clearTimeout(transport['_reconnectionTimeout']);\n });\n });\n\n describe('prevent infinite recursion when server returns 401 after successful auth', () => {\n it('should throw error when server returns 401 after successful auth', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n params: {},\n id: 'test-id'\n };\n\n // Mock provider with refresh token to enable token refresh flow\n mockAuthProvider.tokens.mockResolvedValue({\n access_token: 'test-token',\n token_type: 'Bearer',\n refresh_token: 'refresh-token'\n });\n\n const unauthedResponse = {\n ok: false,\n status: 401,\n statusText: 'Unauthorized',\n headers: new Headers(),\n text: async () => {\n throw 'dont read my body';\n }\n };\n\n (globalThis.fetch as Mock)\n // First request - 401, triggers auth flow\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, path aware\n .mockResolvedValueOnce(unauthedResponse)\n // Resource discovery, root\n .mockResolvedValueOnce(unauthedResponse)\n // OAuth metadata discovery\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n issuer: 'http://localhost:1234',\n authorization_endpoint: 'http://localhost:1234/authorize',\n token_endpoint: 'http://localhost:1234/token',\n response_types_supported: ['code'],\n code_challenge_methods_supported: ['S256']\n })\n })\n // Token refresh succeeds\n .mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n access_token: 'new-access-token',\n token_type: 'Bearer',\n expires_in: 3600\n })\n })\n // Retry the original request - still 401 (broken server)\n .mockResolvedValueOnce(unauthedResponse);\n\n await expect(transport.send(message)).rejects.toThrow('Server returned 401 after successful authentication');\n expect(mockAuthProvider.saveTokens).toHaveBeenCalledWith({\n access_token: 'new-access-token',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'refresh-token' // Refresh token is preserved\n });\n });\n });\n});\n" }, { "path": "packages/client/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"],\n \"@modelcontextprotocol/client/_shims\": [\"./src/shimsNode.ts\"]\n }\n }\n}\n" }, { "path": "packages/client/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n // 1. Entry Points\n // Directly matches package.json include/exclude globs\n entry: ['src/index.ts', 'src/shimsNode.ts', 'src/shimsWorkerd.ts'],\n\n // 2. Output Configuration\n format: ['esm'],\n outDir: 'dist',\n clean: true, // Recommended: Cleans 'dist' before building\n sourcemap: true,\n\n // 3. Platform & Target\n target: 'esnext',\n platform: 'node',\n shims: true, // Polyfills common Node.js shims (__dirname, etc.)\n\n // 4. Type Definitions\n // Bundles d.ts files into a single output\n dts: {\n resolver: 'tsc',\n // override just for DTS generation:\n compilerOptions: {\n baseUrl: '.',\n paths: {\n '@modelcontextprotocol/core': ['../core/src/index.ts']\n }\n }\n },\n // 5. Vendoring Strategy - Bundle the code for this specific package into the output,\n // but treat all other dependencies as external (require/import).\n noExternal: ['@modelcontextprotocol/core'],\n\n // 6. External packages - keep self-reference imports external for runtime resolution\n external: ['@modelcontextprotocol/client/_shims']\n});\n" }, { "path": "packages/client/typedoc.json", "content": "{\n \"$schema\": \"https://typedoc.org/schema.json\",\n \"entryPoints\": [\"src\"],\n \"entryPointStrategy\": \"expand\",\n \"exclude\": [\"**/*.test.ts\"],\n \"navigation\": {\n \"includeGroups\": true,\n \"includeCategories\": true\n }\n}\n" }, { "path": "packages/client/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\nimport { mergeConfig } from 'vitest/config';\n\nexport default mergeConfig(baseConfig, {\n test: {\n setupFiles: ['./vitest.setup.js']\n }\n});\n" }, { "path": "packages/client/vitest.setup.js", "content": "import { webcrypto } from 'node:crypto';\n\n// Polyfill globalThis.crypto for environments (e.g. Node 18) where it is not defined.\n// This is necessary for the tests to run in Node 18, specifically for the jose library, which relies on the globalThis.crypto object.\nif (typeof globalThis.crypto === 'undefined') {\n globalThis.crypto = webcrypto;\n}\n" }, { "path": "packages/core/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default baseConfig;\n" }, { "path": "packages/core/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/core\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript - Core package\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"core\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"ajv\": \"catalog:runtimeShared\",\n \"ajv-formats\": \"catalog:runtimeShared\",\n \"json-schema-typed\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependencies\": {\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependenciesMeta\": {\n \"@cfworker/json-schema\": {\n \"optional\": true\n },\n \"zod\": {\n \"optional\": false\n }\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@types/content-type\": \"catalog:devTools\",\n \"@types/cors\": \"catalog:devTools\",\n \"@types/cross-spawn\": \"catalog:devTools\",\n \"@types/eventsource\": \"catalog:devTools\",\n \"@types/express\": \"catalog:devTools\",\n \"@types/express-serve-static-core\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsx\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/core/src/auth/errors.ts", "content": "import type { OAuthErrorResponse } from '../shared/auth.js';\n\n/**\n * OAuth error codes as defined by {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC 6749}\n * and extensions.\n */\nexport enum OAuthErrorCode {\n /**\n * The request is missing a required parameter, includes an invalid parameter value,\n * includes a parameter more than once, or is otherwise malformed.\n */\n InvalidRequest = 'invalid_request',\n\n /**\n * Client authentication failed (e.g., unknown client, no client authentication included,\n * or unsupported authentication method).\n */\n InvalidClient = 'invalid_client',\n\n /**\n * The provided authorization grant or refresh token is invalid, expired, revoked,\n * does not match the redirection URI used in the authorization request, or was issued to another client.\n */\n InvalidGrant = 'invalid_grant',\n\n /**\n * The authenticated client is not authorized to use this authorization grant type.\n */\n UnauthorizedClient = 'unauthorized_client',\n\n /**\n * The authorization grant type is not supported by the authorization server.\n */\n UnsupportedGrantType = 'unsupported_grant_type',\n\n /**\n * The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.\n */\n InvalidScope = 'invalid_scope',\n\n /**\n * The resource owner or authorization server denied the request.\n */\n AccessDenied = 'access_denied',\n\n /**\n * The authorization server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n ServerError = 'server_error',\n\n /**\n * The authorization server is currently unable to handle the request due to temporary overloading or maintenance.\n */\n TemporarilyUnavailable = 'temporarily_unavailable',\n\n /**\n * The authorization server does not support obtaining an authorization code using this method.\n */\n UnsupportedResponseType = 'unsupported_response_type',\n\n /**\n * The authorization server does not support the requested token type.\n */\n UnsupportedTokenType = 'unsupported_token_type',\n\n /**\n * The access token provided is expired, revoked, malformed, or invalid for other reasons.\n */\n InvalidToken = 'invalid_token',\n\n /**\n * The HTTP method used is not allowed for this endpoint. (Custom, non-standard error)\n */\n MethodNotAllowed = 'method_not_allowed',\n\n /**\n * Rate limit exceeded. (Custom, non-standard error based on RFC 6585)\n */\n TooManyRequests = 'too_many_requests',\n\n /**\n * The client metadata is invalid. (Custom error for dynamic client registration - RFC 7591)\n */\n InvalidClientMetadata = 'invalid_client_metadata',\n\n /**\n * The request requires higher privileges than provided by the access token.\n */\n InsufficientScope = 'insufficient_scope',\n\n /**\n * The requested resource is invalid, missing, unknown, or malformed. (Custom error for resource indicators - RFC 8707)\n */\n InvalidTarget = 'invalid_target'\n}\n\n/**\n * OAuth error class for all OAuth-related errors.\n */\nexport class OAuthError extends Error {\n constructor(\n public readonly code: OAuthErrorCode | string,\n message: string,\n public readonly errorUri?: string\n ) {\n super(message);\n this.name = 'OAuthError';\n }\n\n /**\n * Converts the error to a standard OAuth error response object.\n */\n toResponseObject(): OAuthErrorResponse {\n const response: OAuthErrorResponse = {\n error: this.code,\n error_description: this.message\n };\n\n if (this.errorUri) {\n response.error_uri = this.errorUri;\n }\n\n return response;\n }\n\n /**\n * Creates an {@linkcode OAuthError} from an OAuth error response.\n */\n static fromResponse(response: OAuthErrorResponse): OAuthError {\n return new OAuthError(response.error as OAuthErrorCode, response.error_description ?? response.error, response.error_uri);\n }\n}\n" }, { "path": "packages/core/src/errors/sdkErrors.examples.ts", "content": "/**\n * Type-checked examples for `sdkErrors.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { SdkError, SdkErrorCode } from './sdkErrors.js';\n\n/**\n * Example: Throwing and catching SDK errors.\n */\nfunction SdkError_basicUsage() {\n //#region SdkError_basicUsage\n try {\n // Throwing an SDK error\n throw new SdkError(SdkErrorCode.NotConnected, 'Transport is not connected');\n } catch (error) {\n // Checking error type by code\n if (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) {\n // Handle timeout\n }\n }\n //#endregion SdkError_basicUsage\n}\n" }, { "path": "packages/core/src/errors/sdkErrors.ts", "content": "/**\n * Error codes for SDK errors (local errors that never cross the wire).\n * Unlike {@linkcode ProtocolErrorCode} which uses numeric JSON-RPC codes, `SdkErrorCode` uses\n * descriptive string values for better developer experience.\n *\n * These errors are thrown locally by the SDK and are never serialized as\n * JSON-RPC error responses.\n */\nexport enum SdkErrorCode {\n // State errors\n /** Transport is not connected */\n NotConnected = 'NOT_CONNECTED',\n /** Transport is already connected */\n AlreadyConnected = 'ALREADY_CONNECTED',\n /** Protocol is not initialized */\n NotInitialized = 'NOT_INITIALIZED',\n\n // Capability errors\n /** Required capability is not supported by the remote side */\n CapabilityNotSupported = 'CAPABILITY_NOT_SUPPORTED',\n\n // Transport errors\n /** Request timed out waiting for response */\n RequestTimeout = 'REQUEST_TIMEOUT',\n /** Connection was closed */\n ConnectionClosed = 'CONNECTION_CLOSED',\n /** Failed to send message */\n SendFailed = 'SEND_FAILED',\n\n // Transport errors\n ClientHttpNotImplemented = 'CLIENT_HTTP_NOT_IMPLEMENTED',\n ClientHttpAuthentication = 'CLIENT_HTTP_AUTHENTICATION',\n ClientHttpForbidden = 'CLIENT_HTTP_FORBIDDEN',\n ClientHttpUnexpectedContent = 'CLIENT_HTTP_UNEXPECTED_CONTENT',\n ClientHttpFailedToOpenStream = 'CLIENT_HTTP_FAILED_TO_OPEN_STREAM',\n ClientHttpFailedToTerminateSession = 'CLIENT_HTTP_FAILED_TO_TERMINATE_SESSION'\n}\n\n/**\n * SDK errors are local errors that never cross the wire.\n * They are distinct from {@linkcode ProtocolError} which represents JSON-RPC protocol errors\n * that are serialized and sent as error responses.\n *\n * @example\n * ```ts source=\"./sdkErrors.examples.ts#SdkError_basicUsage\"\n * try {\n * // Throwing an SDK error\n * throw new SdkError(SdkErrorCode.NotConnected, 'Transport is not connected');\n * } catch (error) {\n * // Checking error type by code\n * if (error instanceof SdkError && error.code === SdkErrorCode.RequestTimeout) {\n * // Handle timeout\n * }\n * }\n * ```\n */\nexport class SdkError extends Error {\n constructor(\n public readonly code: SdkErrorCode,\n message: string,\n public readonly data?: unknown\n ) {\n super(message);\n this.name = 'SdkError';\n }\n}\n" }, { "path": "packages/core/src/experimental/index.ts", "content": "export * from './tasks/helpers.js';\nexport * from './tasks/interfaces.js';\nexport * from './tasks/stores/inMemory.js';\n" }, { "path": "packages/core/src/experimental/tasks/helpers.ts", "content": "/**\n * Experimental task capability assertion helpers.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n\n/**\n * Type representing the task requests capability structure.\n * This is derived from `ClientTasksCapability.requests` and `ServerTasksCapability.requests`.\n */\ninterface TaskRequestsCapability {\n tools?: { call?: object };\n sampling?: { createMessage?: object };\n elicitation?: { create?: object };\n}\n\n/**\n * Asserts that task creation is supported for `tools/call`.\n * Used by {@linkcode @modelcontextprotocol/client!client/client.Client.assertTaskCapability | Client.assertTaskCapability} and {@linkcode @modelcontextprotocol/server!server/server.Server.assertTaskHandlerCapability | Server.assertTaskHandlerCapability}.\n *\n * @param requests - The task requests capability object\n * @param method - The method being checked\n * @param entityName - `'Server'` or `'Client'` for error messages\n * @throws Error if the capability is not supported\n *\n * @experimental\n */\nexport function assertToolsCallTaskCapability(\n requests: TaskRequestsCapability | undefined,\n method: string,\n entityName: 'Server' | 'Client'\n): void {\n if (!requests) {\n throw new Error(`${entityName} does not support task creation (required for ${method})`);\n }\n\n switch (method) {\n case 'tools/call': {\n if (!requests.tools?.call) {\n throw new Error(`${entityName} does not support task creation for tools/call (required for ${method})`);\n }\n break;\n }\n\n default: {\n // Method doesn't support tasks, which is fine - no error\n break;\n }\n }\n}\n\n/**\n * Asserts that task creation is supported for `sampling/createMessage` or `elicitation/create`.\n * Used by {@linkcode @modelcontextprotocol/server!server/server.Server.assertTaskCapability | Server.assertTaskCapability} and {@linkcode @modelcontextprotocol/client!client/client.Client.assertTaskHandlerCapability | Client.assertTaskHandlerCapability}.\n *\n * @param requests - The task requests capability object\n * @param method - The method being checked\n * @param entityName - `'Server'` or `'Client'` for error messages\n * @throws Error if the capability is not supported\n *\n * @experimental\n */\nexport function assertClientRequestTaskCapability(\n requests: TaskRequestsCapability | undefined,\n method: string,\n entityName: 'Server' | 'Client'\n): void {\n if (!requests) {\n throw new Error(`${entityName} does not support task creation (required for ${method})`);\n }\n\n switch (method) {\n case 'sampling/createMessage': {\n if (!requests.sampling?.createMessage) {\n throw new Error(`${entityName} does not support task creation for sampling/createMessage (required for ${method})`);\n }\n break;\n }\n\n case 'elicitation/create': {\n if (!requests.elicitation?.create) {\n throw new Error(`${entityName} does not support task creation for elicitation/create (required for ${method})`);\n }\n break;\n }\n\n default: {\n // Method doesn't support tasks, which is fine - no error\n break;\n }\n }\n}\n" }, { "path": "packages/core/src/experimental/tasks/interfaces.ts", "content": "/**\n * Experimental task interfaces for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n */\n\nimport type { RequestTaskStore, ServerContext } from '../../shared/protocol.js';\nimport type {\n JSONRPCErrorResponse,\n JSONRPCNotification,\n JSONRPCRequest,\n JSONRPCResultResponse,\n Request,\n RequestId,\n Result,\n Task,\n ToolExecution\n} from '../../types/types.js';\n\n// ============================================================================\n// Task Handler Types (for registerToolTask)\n// ============================================================================\n\n/**\n * Server context with guaranteed task store for task creation.\n * @experimental\n */\nexport type CreateTaskServerContext = ServerContext & {\n task: { store: RequestTaskStore; requestedTtl?: number | null };\n};\n\n/**\n * Server context with guaranteed task ID and store for task operations.\n * @experimental\n */\nexport type TaskServerContext = ServerContext & {\n task: { id: string; store: RequestTaskStore; requestedTtl?: number | null };\n};\n\n/**\n * Task-specific execution configuration.\n * `taskSupport` cannot be `'forbidden'` for task-based tools.\n * @experimental\n */\nexport type TaskToolExecution = Omit & {\n taskSupport: TaskSupport extends 'forbidden' | undefined ? never : TaskSupport;\n};\n\n/**\n * Represents a message queued for side-channel delivery via tasks/result.\n *\n * This is a serializable data structure that can be stored in external systems.\n * All fields are JSON-serializable.\n */\nexport type QueuedMessage = QueuedRequest | QueuedNotification | QueuedResponse | QueuedError;\n\nexport interface BaseQueuedMessage {\n /** Type of message */\n type: string;\n /** When the message was queued (milliseconds since epoch) */\n timestamp: number;\n}\n\nexport interface QueuedRequest extends BaseQueuedMessage {\n type: 'request';\n /** The actual JSONRPC request */\n message: JSONRPCRequest;\n}\n\nexport interface QueuedNotification extends BaseQueuedMessage {\n type: 'notification';\n /** The actual JSONRPC notification */\n message: JSONRPCNotification;\n}\n\nexport interface QueuedResponse extends BaseQueuedMessage {\n type: 'response';\n /** The actual JSONRPC response */\n message: JSONRPCResultResponse;\n}\n\nexport interface QueuedError extends BaseQueuedMessage {\n type: 'error';\n /** The actual JSONRPC error */\n message: JSONRPCErrorResponse;\n}\n\n/**\n * Interface for managing per-task FIFO message queues.\n *\n * Similar to {@linkcode TaskStore}, this allows pluggable queue implementations\n * (in-memory, Redis, other distributed queues, etc.).\n *\n * Each method accepts taskId and optional sessionId parameters to enable\n * a single queue instance to manage messages for multiple tasks, with\n * isolation based on task ID and session ID.\n *\n * All methods are async to support external storage implementations.\n * All data in {@linkcode QueuedMessage} must be JSON-serializable.\n *\n * @see {@linkcode InMemoryTaskMessageQueue} for a reference implementation\n * @experimental\n */\nexport interface TaskMessageQueue {\n /**\n * Adds a message to the end of the queue for a specific task.\n * Atomically checks queue size and throws if maxSize would be exceeded.\n * @param taskId The task identifier\n * @param message The message to enqueue\n * @param sessionId Optional session ID for binding the operation to a specific session\n * @param maxSize Optional maximum queue size - if specified and queue is full, throws an error\n * @throws Error if maxSize is specified and would be exceeded\n */\n enqueue(taskId: string, message: QueuedMessage, sessionId?: string, maxSize?: number): Promise;\n\n /**\n * Removes and returns the first message from the queue for a specific task.\n * @param taskId The task identifier\n * @param sessionId Optional session ID for binding the query to a specific session\n * @returns The first message, or `undefined` if the queue is empty\n */\n dequeue(taskId: string, sessionId?: string): Promise;\n\n /**\n * Removes and returns all messages from the queue for a specific task.\n * Used when tasks are cancelled or failed to clean up pending messages.\n * @param taskId The task identifier\n * @param sessionId Optional session ID for binding the query to a specific session\n * @returns Array of all messages that were in the queue\n */\n dequeueAll(taskId: string, sessionId?: string): Promise;\n}\n\n/**\n * Task creation options.\n * @experimental\n */\nexport interface CreateTaskOptions {\n /**\n * Time in milliseconds to keep task results available after completion.\n * If `null`, the task has unlimited lifetime until manually cleaned up.\n */\n ttl?: number | null;\n\n /**\n * Time in milliseconds to wait between task status requests.\n */\n pollInterval?: number;\n\n /**\n * Additional context to pass to the task store.\n */\n context?: Record;\n}\n\n/**\n * Interface for storing and retrieving task state and results.\n *\n * Similar to {@linkcode Transport}, this allows pluggable task storage implementations\n * (in-memory, database, distributed cache, etc.).\n *\n * @see {@linkcode InMemoryTaskStore} for a reference implementation\n * @experimental\n */\nexport interface TaskStore {\n /**\n * Creates a new task with the given creation parameters and original request.\n * The implementation must generate a unique taskId and createdAt timestamp.\n *\n * TTL Management:\n * - The implementation receives the TTL suggested by the requestor via `taskParams.ttl`\n * - The implementation MAY override the requested TTL (e.g., to enforce limits)\n * - The actual TTL used MUST be returned in the {@linkcode Task} object\n * - `null` TTL indicates unlimited task lifetime (no automatic cleanup)\n * - Cleanup SHOULD occur automatically after TTL expires, regardless of task status\n *\n * @param taskParams - The task creation parameters from the request (ttl, pollInterval)\n * @param requestId - The JSON-RPC request ID\n * @param request - The original request that triggered task creation\n * @param sessionId - Optional session ID for binding the task to a specific session\n * @returns The created {@linkcode Task} object\n */\n createTask(taskParams: CreateTaskOptions, requestId: RequestId, request: Request, sessionId?: string): Promise;\n\n /**\n * Gets the current status of a task.\n *\n * @param taskId - The task identifier\n * @param sessionId - Optional session ID for binding the query to a specific session\n * @returns The {@linkcode Task} object, or `null` if it does not exist\n */\n getTask(taskId: string, sessionId?: string): Promise;\n\n /**\n * Stores the result of a task and sets its final status.\n *\n * @param taskId - The task identifier\n * @param status - The final status: `'completed'` for success, `'failed'` for errors\n * @param result - The result to store\n * @param sessionId - Optional session ID for binding the operation to a specific session\n */\n storeTaskResult(taskId: string, status: 'completed' | 'failed', result: Result, sessionId?: string): Promise;\n\n /**\n * Retrieves the stored result of a task.\n *\n * @param taskId - The task identifier\n * @param sessionId - Optional session ID for binding the query to a specific session\n * @returns The stored result\n */\n getTaskResult(taskId: string, sessionId?: string): Promise;\n\n /**\n * Updates a task's status (e.g., to `'cancelled'`, `'failed'`, `'completed'`).\n *\n * @param taskId - The task identifier\n * @param status - The new status\n * @param statusMessage - Optional diagnostic message for failed tasks or other status information\n * @param sessionId - Optional session ID for binding the operation to a specific session\n */\n updateTaskStatus(taskId: string, status: Task['status'], statusMessage?: string, sessionId?: string): Promise;\n\n /**\n * Lists tasks, optionally starting from a pagination cursor.\n *\n * @param cursor - Optional cursor for pagination\n * @param sessionId - Optional session ID for binding the query to a specific session\n * @returns An object containing the tasks array and an optional nextCursor\n */\n listTasks(cursor?: string, sessionId?: string): Promise<{ tasks: Task[]; nextCursor?: string }>;\n}\n\n/**\n * Checks if a task status represents a terminal state.\n * Terminal states are those where the task has finished and will not change.\n *\n * @param status - The task status to check\n * @returns `true` if the status is terminal (`completed`, `failed`, or `cancelled`)\n * @experimental\n */\nexport function isTerminal(status: Task['status']): boolean {\n return status === 'completed' || status === 'failed' || status === 'cancelled';\n}\n" }, { "path": "packages/core/src/experimental/tasks/stores/inMemory.ts", "content": "/**\n * In-memory implementations of {@linkcode TaskStore} and {@linkcode TaskMessageQueue}.\n * @experimental\n */\n\nimport type { Request, RequestId, Result, Task } from '../../../types/types.js';\nimport type { CreateTaskOptions, QueuedMessage, TaskMessageQueue, TaskStore } from '../interfaces.js';\nimport { isTerminal } from '../interfaces.js';\n\ninterface StoredTask {\n task: Task;\n request: Request;\n requestId: RequestId;\n sessionId?: string;\n result?: Result;\n}\n\n/**\n * In-memory {@linkcode TaskStore} implementation for development and testing.\n * For production, use a database or distributed cache.\n * @experimental\n */\nexport class InMemoryTaskStore implements TaskStore {\n private tasks = new Map();\n private cleanupTimers = new Map>();\n\n /**\n * Generates a unique task ID using Web Crypto API.\n */\n private generateTaskId(): string {\n return crypto.randomUUID().replaceAll('-', '');\n }\n\n /** {@inheritDoc TaskStore.createTask} */\n async createTask(taskParams: CreateTaskOptions, requestId: RequestId, request: Request, sessionId?: string): Promise {\n // Generate a unique task ID\n const taskId = this.generateTaskId();\n\n // Ensure uniqueness\n if (this.tasks.has(taskId)) {\n throw new Error(`Task with ID ${taskId} already exists`);\n }\n\n const actualTtl = taskParams.ttl ?? null;\n\n // Create task with generated ID and timestamps\n const createdAt = new Date().toISOString();\n const task: Task = {\n taskId,\n status: 'working',\n ttl: actualTtl,\n createdAt,\n lastUpdatedAt: createdAt,\n pollInterval: taskParams.pollInterval ?? 1000\n };\n\n this.tasks.set(taskId, {\n task,\n request,\n requestId,\n sessionId\n });\n\n // Schedule cleanup if ttl is specified\n // Cleanup occurs regardless of task status\n if (actualTtl) {\n const timer = setTimeout(() => {\n this.tasks.delete(taskId);\n this.cleanupTimers.delete(taskId);\n }, actualTtl);\n\n this.cleanupTimers.set(taskId, timer);\n }\n\n return task;\n }\n\n /**\n * Retrieves a stored task, enforcing session ownership when a sessionId is provided.\n * Returns undefined if the task does not exist or belongs to a different session.\n */\n private getStoredTask(taskId: string, sessionId?: string): StoredTask | undefined {\n const stored = this.tasks.get(taskId);\n if (!stored) {\n return undefined;\n }\n // Enforce session isolation: if a sessionId is provided and the task\n // was created with a sessionId, they must match.\n if (sessionId !== undefined && stored.sessionId !== undefined && stored.sessionId !== sessionId) {\n return undefined;\n }\n return stored;\n }\n\n async getTask(taskId: string, sessionId?: string): Promise {\n const stored = this.getStoredTask(taskId, sessionId);\n return stored ? { ...stored.task } : null;\n }\n\n /** {@inheritDoc TaskStore.storeTaskResult} */\n async storeTaskResult(taskId: string, status: 'completed' | 'failed', result: Result, sessionId?: string): Promise {\n const stored = this.getStoredTask(taskId, sessionId);\n if (!stored) {\n throw new Error(`Task with ID ${taskId} not found`);\n }\n\n // Don't allow storing results for tasks already in terminal state\n if (isTerminal(stored.task.status)) {\n throw new Error(\n `Cannot store result for task ${taskId} in terminal status '${stored.task.status}'. Task results can only be stored once.`\n );\n }\n\n stored.result = result;\n stored.task.status = status;\n stored.task.lastUpdatedAt = new Date().toISOString();\n\n // Reset cleanup timer to start from now (if ttl is set)\n if (stored.task.ttl) {\n const existingTimer = this.cleanupTimers.get(taskId);\n if (existingTimer) {\n clearTimeout(existingTimer);\n }\n\n const timer = setTimeout(() => {\n this.tasks.delete(taskId);\n this.cleanupTimers.delete(taskId);\n }, stored.task.ttl);\n\n this.cleanupTimers.set(taskId, timer);\n }\n }\n\n /** {@inheritDoc TaskStore.getTaskResult} */\n async getTaskResult(taskId: string, sessionId?: string): Promise {\n const stored = this.getStoredTask(taskId, sessionId);\n if (!stored) {\n throw new Error(`Task with ID ${taskId} not found`);\n }\n\n if (!stored.result) {\n throw new Error(`Task ${taskId} has no result stored`);\n }\n\n return stored.result;\n }\n\n /** {@inheritDoc TaskStore.updateTaskStatus} */\n async updateTaskStatus(taskId: string, status: Task['status'], statusMessage?: string, sessionId?: string): Promise {\n const stored = this.getStoredTask(taskId, sessionId);\n if (!stored) {\n throw new Error(`Task with ID ${taskId} not found`);\n }\n\n // Don't allow transitions from terminal states\n if (isTerminal(stored.task.status)) {\n throw new Error(\n `Cannot update task ${taskId} from terminal status '${stored.task.status}' to '${status}'. Terminal states (completed, failed, cancelled) cannot transition to other states.`\n );\n }\n\n stored.task.status = status;\n if (statusMessage) {\n stored.task.statusMessage = statusMessage;\n }\n\n stored.task.lastUpdatedAt = new Date().toISOString();\n\n // If task is in a terminal state and has ttl, start cleanup timer\n if (isTerminal(status) && stored.task.ttl) {\n const existingTimer = this.cleanupTimers.get(taskId);\n if (existingTimer) {\n clearTimeout(existingTimer);\n }\n\n const timer = setTimeout(() => {\n this.tasks.delete(taskId);\n this.cleanupTimers.delete(taskId);\n }, stored.task.ttl);\n\n this.cleanupTimers.set(taskId, timer);\n }\n }\n\n /** {@inheritDoc TaskStore.listTasks} */\n async listTasks(cursor?: string, sessionId?: string): Promise<{ tasks: Task[]; nextCursor?: string }> {\n const PAGE_SIZE = 10;\n\n // Filter tasks by session ownership before pagination\n const filteredTaskIds = [...this.tasks.entries()]\n .filter(([, stored]) => {\n if (sessionId === undefined || stored.sessionId === undefined) {\n return true;\n }\n return stored.sessionId === sessionId;\n })\n .map(([taskId]) => taskId);\n\n let startIndex = 0;\n if (cursor) {\n const cursorIndex = filteredTaskIds.indexOf(cursor);\n if (cursorIndex === -1) {\n // Invalid cursor - throw error\n throw new Error(`Invalid cursor: ${cursor}`);\n } else {\n startIndex = cursorIndex + 1;\n }\n }\n\n const pageTaskIds = filteredTaskIds.slice(startIndex, startIndex + PAGE_SIZE);\n const tasks = pageTaskIds.map(taskId => {\n const stored = this.tasks.get(taskId)!;\n return { ...stored.task };\n });\n\n const nextCursor = startIndex + PAGE_SIZE < filteredTaskIds.length ? pageTaskIds.at(-1) : undefined;\n\n return { tasks, nextCursor };\n }\n\n /**\n * Cleanup all timers (useful for testing or graceful shutdown)\n */\n cleanup(): void {\n for (const timer of this.cleanupTimers.values()) {\n clearTimeout(timer);\n }\n this.cleanupTimers.clear();\n this.tasks.clear();\n }\n\n /**\n * Get all tasks (useful for debugging)\n */\n getAllTasks(): Task[] {\n return [...this.tasks.values()].map(stored => ({ ...stored.task }));\n }\n}\n\n/**\n * In-memory {@linkcode TaskMessageQueue} implementation for development and testing.\n * For production, use Redis or another distributed queue.\n * @experimental\n */\nexport class InMemoryTaskMessageQueue implements TaskMessageQueue {\n private queues = new Map();\n\n /**\n * Generates a queue key from taskId.\n * SessionId is intentionally ignored because taskIds are globally unique\n * and tasks need to be accessible across HTTP requests/sessions.\n */\n private getQueueKey(taskId: string, _sessionId?: string): string {\n return taskId;\n }\n\n /**\n * Gets or creates a queue for the given task and session.\n */\n private getQueue(taskId: string, sessionId?: string): QueuedMessage[] {\n const key = this.getQueueKey(taskId, sessionId);\n let queue = this.queues.get(key);\n if (!queue) {\n queue = [];\n this.queues.set(key, queue);\n }\n return queue;\n }\n\n /**\n * Adds a message to the end of the queue for a specific task.\n * Atomically checks queue size and throws if maxSize would be exceeded.\n * @param taskId The task identifier\n * @param message The message to enqueue\n * @param sessionId Optional session ID for binding the operation to a specific session\n * @param maxSize Optional maximum queue size - if specified and queue is full, throws an error\n * @throws Error if maxSize is specified and would be exceeded\n */\n async enqueue(taskId: string, message: QueuedMessage, sessionId?: string, maxSize?: number): Promise {\n const queue = this.getQueue(taskId, sessionId);\n\n // Atomically check size and enqueue\n if (maxSize !== undefined && queue.length >= maxSize) {\n throw new Error(`Task message queue overflow: queue size (${queue.length}) exceeds maximum (${maxSize})`);\n }\n\n queue.push(message);\n }\n\n /**\n * Removes and returns the first message from the queue for a specific task.\n * @param taskId The task identifier\n * @param sessionId Optional session ID for binding the query to a specific session\n * @returns The first message, or `undefined` if the queue is empty\n */\n async dequeue(taskId: string, sessionId?: string): Promise {\n const queue = this.getQueue(taskId, sessionId);\n return queue.shift();\n }\n\n /**\n * Removes and returns all messages from the queue for a specific task.\n * @param taskId The task identifier\n * @param sessionId Optional session ID for binding the query to a specific session\n * @returns Array of all messages that were in the queue\n */\n async dequeueAll(taskId: string, sessionId?: string): Promise {\n const key = this.getQueueKey(taskId, sessionId);\n const queue = this.queues.get(key) ?? [];\n this.queues.delete(key);\n return queue;\n }\n}\n" }, { "path": "packages/core/src/exports/types/index.ts", "content": "export type * from '../../types/types.js';\n" }, { "path": "packages/core/src/index.examples.ts", "content": "/**\n * Type-checked examples for `index.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { AjvJsonSchemaValidator } from './validators/ajvProvider.js';\nimport { CfWorkerJsonSchemaValidator } from './validators/cfWorkerProvider.js';\n\n/**\n * Example: AJV validator for Node.js.\n */\nfunction validation_ajv() {\n //#region validation_ajv\n const validator = new AjvJsonSchemaValidator();\n //#endregion validation_ajv\n return validator;\n}\n\n/**\n * Example: CfWorker validator for edge runtimes.\n */\nfunction validation_cfWorker() {\n //#region validation_cfWorker\n const validator = new CfWorkerJsonSchemaValidator();\n //#endregion validation_cfWorker\n return validator;\n}\n" }, { "path": "packages/core/src/index.ts", "content": "export * from './auth/errors.js';\nexport * from './errors/sdkErrors.js';\nexport * from './shared/auth.js';\nexport * from './shared/authUtils.js';\nexport * from './shared/metadataUtils.js';\nexport * from './shared/protocol.js';\nexport * from './shared/responseMessage.js';\nexport * from './shared/stdio.js';\nexport * from './shared/toolNameValidation.js';\nexport * from './shared/transport.js';\nexport * from './shared/uriTemplate.js';\nexport * from './types/types.js';\nexport * from './util/inMemory.js';\nexport * from './util/schema.js';\n\n// experimental exports\nexport * from './experimental/index.js';\nexport * from './validators/ajvProvider.js';\nexport * from './validators/cfWorkerProvider.js';\n/**\n * JSON Schema validation\n *\n * This module provides configurable JSON Schema validation for the MCP SDK.\n * Choose a validator based on your runtime environment:\n *\n * - {@linkcode AjvJsonSchemaValidator}: Best for Node.js (default, fastest)\n * Import from: @modelcontextprotocol/sdk/validators/ajv\n * Requires peer dependencies: ajv, ajv-formats\n *\n * - {@linkcode CfWorkerJsonSchemaValidator}: Best for edge runtimes\n * Import from: @modelcontextprotocol/sdk/validators/cfworker\n * Requires peer dependency: @cfworker/json-schema\n *\n * @example For Node.js with AJV\n * ```ts source=\"./index.examples.ts#validation_ajv\"\n * const validator = new AjvJsonSchemaValidator();\n * ```\n *\n * @example For Cloudflare Workers\n * ```ts source=\"./index.examples.ts#validation_cfWorker\"\n * const validator = new CfWorkerJsonSchemaValidator();\n * ```\n *\n * @module validation\n */\n\n// Core types only - implementations are exported via separate entry points\nexport type { JsonSchemaType, JsonSchemaValidator, jsonSchemaValidator, JsonSchemaValidatorResult } from './validators/types.js';\n" }, { "path": "packages/core/src/shared/auth.ts", "content": "import * as z from 'zod/v4';\n\n/**\n * Reusable URL validation that disallows `javascript:` scheme\n */\nexport const SafeUrlSchema = z\n .url()\n .superRefine((val, ctx) => {\n if (!URL.canParse(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'URL must be parseable',\n fatal: true\n });\n\n return z.NEVER;\n }\n })\n .refine(\n url => {\n const u = new URL(url);\n return u.protocol !== 'javascript:' && u.protocol !== 'data:' && u.protocol !== 'vbscript:';\n },\n { message: 'URL cannot use javascript:, data:, or vbscript: scheme' }\n );\n\n/**\n * RFC 9728 OAuth Protected Resource Metadata\n */\nexport const OAuthProtectedResourceMetadataSchema = z.looseObject({\n resource: z.string().url(),\n authorization_servers: z.array(SafeUrlSchema).optional(),\n jwks_uri: z.string().url().optional(),\n scopes_supported: z.array(z.string()).optional(),\n bearer_methods_supported: z.array(z.string()).optional(),\n resource_signing_alg_values_supported: z.array(z.string()).optional(),\n resource_name: z.string().optional(),\n resource_documentation: z.string().optional(),\n resource_policy_uri: z.string().url().optional(),\n resource_tos_uri: z.string().url().optional(),\n tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n authorization_details_types_supported: z.array(z.string()).optional(),\n dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n dpop_bound_access_tokens_required: z.boolean().optional()\n});\n\n/**\n * RFC 8414 OAuth 2.0 Authorization Server Metadata\n */\nexport const OAuthMetadataSchema = z.looseObject({\n issuer: z.string(),\n authorization_endpoint: SafeUrlSchema,\n token_endpoint: SafeUrlSchema,\n registration_endpoint: SafeUrlSchema.optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z.array(z.string()).optional(),\n service_documentation: SafeUrlSchema.optional(),\n revocation_endpoint: SafeUrlSchema.optional(),\n revocation_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n revocation_endpoint_auth_signing_alg_values_supported: z.array(z.string()).optional(),\n introspection_endpoint: z.string().optional(),\n introspection_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n introspection_endpoint_auth_signing_alg_values_supported: z.array(z.string()).optional(),\n code_challenge_methods_supported: z.array(z.string()).optional(),\n client_id_metadata_document_supported: z.boolean().optional()\n});\n\n/**\n * OpenID Connect Discovery 1.0 Provider Metadata\n *\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\n */\nexport const OpenIdProviderMetadataSchema = z.looseObject({\n issuer: z.string(),\n authorization_endpoint: SafeUrlSchema,\n token_endpoint: SafeUrlSchema,\n userinfo_endpoint: SafeUrlSchema.optional(),\n jwks_uri: SafeUrlSchema,\n registration_endpoint: SafeUrlSchema.optional(),\n scopes_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n acr_values_supported: z.array(z.string()).optional(),\n subject_types_supported: z.array(z.string()),\n id_token_signing_alg_values_supported: z.array(z.string()),\n id_token_encryption_alg_values_supported: z.array(z.string()).optional(),\n id_token_encryption_enc_values_supported: z.array(z.string()).optional(),\n userinfo_signing_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_alg_values_supported: z.array(z.string()).optional(),\n userinfo_encryption_enc_values_supported: z.array(z.string()).optional(),\n request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n request_object_encryption_alg_values_supported: z.array(z.string()).optional(),\n request_object_encryption_enc_values_supported: z.array(z.string()).optional(),\n token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n token_endpoint_auth_signing_alg_values_supported: z.array(z.string()).optional(),\n display_values_supported: z.array(z.string()).optional(),\n claim_types_supported: z.array(z.string()).optional(),\n claims_supported: z.array(z.string()).optional(),\n service_documentation: z.string().optional(),\n claims_locales_supported: z.array(z.string()).optional(),\n ui_locales_supported: z.array(z.string()).optional(),\n claims_parameter_supported: z.boolean().optional(),\n request_parameter_supported: z.boolean().optional(),\n request_uri_parameter_supported: z.boolean().optional(),\n require_request_uri_registration: z.boolean().optional(),\n op_policy_uri: SafeUrlSchema.optional(),\n op_tos_uri: SafeUrlSchema.optional(),\n client_id_metadata_document_supported: z.boolean().optional()\n});\n\n/**\n * OpenID Connect Discovery metadata that may include OAuth 2.0 fields\n * This schema represents the real-world scenario where OIDC providers\n * return a mix of OpenID Connect and OAuth 2.0 metadata fields\n */\nexport const OpenIdProviderDiscoveryMetadataSchema = z.object({\n ...OpenIdProviderMetadataSchema.shape,\n ...OAuthMetadataSchema.pick({\n code_challenge_methods_supported: true\n }).shape\n});\n\n/**\n * OAuth 2.1 token response\n */\nexport const OAuthTokensSchema = z\n .object({\n access_token: z.string(),\n id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect\n token_type: z.string(),\n expires_in: z.coerce.number().optional(),\n scope: z.string().optional(),\n refresh_token: z.string().optional()\n })\n .strip();\n\n/**\n * RFC 8693 §2.2.1 Token Exchange response for ID-JAG tokens.\n *\n * `token_type` is intentionally optional: per RFC 8693 §2.2.1 it is informational when\n * the issued token is not an access token, and per RFC 6749 §5.1 it is case-insensitive,\n * so strict checking rejects conformant IdPs.\n */\nexport const IdJagTokenExchangeResponseSchema = z\n .object({\n issued_token_type: z.literal('urn:ietf:params:oauth:token-type:id-jag'),\n access_token: z.string(),\n token_type: z.string().optional(),\n expires_in: z.number().optional(),\n scope: z.string().optional()\n })\n .strip();\n\nexport type IdJagTokenExchangeResponse = z.infer;\n\n/**\n * OAuth 2.1 error response\n */\nexport const OAuthErrorResponseSchema = z.object({\n error: z.string(),\n error_description: z.string().optional(),\n error_uri: z.string().optional()\n});\n\n/**\n * Optional version of {@linkcode SafeUrlSchema} that allows empty string for backward compatibility on `tos_uri` and `logo_uri`\n */\n// eslint-disable-next-line unicorn/no-useless-undefined\nexport const OptionalSafeUrlSchema = SafeUrlSchema.optional().or(z.literal('').transform(() => undefined));\n\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata\n */\nexport const OAuthClientMetadataSchema = z\n .object({\n redirect_uris: z.array(SafeUrlSchema),\n token_endpoint_auth_method: z.string().optional(),\n grant_types: z.array(z.string()).optional(),\n response_types: z.array(z.string()).optional(),\n client_name: z.string().optional(),\n client_uri: SafeUrlSchema.optional(),\n logo_uri: OptionalSafeUrlSchema,\n scope: z.string().optional(),\n contacts: z.array(z.string()).optional(),\n tos_uri: OptionalSafeUrlSchema,\n policy_uri: z.string().optional(),\n jwks_uri: SafeUrlSchema.optional(),\n jwks: z.any().optional(),\n software_id: z.string().optional(),\n software_version: z.string().optional(),\n software_statement: z.string().optional()\n })\n .strip();\n\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration client information\n */\nexport const OAuthClientInformationSchema = z\n .object({\n client_id: z.string(),\n client_secret: z.string().optional(),\n client_id_issued_at: z.number().optional(),\n client_secret_expires_at: z.number().optional()\n })\n .strip();\n\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)\n */\nexport const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);\n\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration error response\n */\nexport const OAuthClientRegistrationErrorSchema = z\n .object({\n error: z.string(),\n error_description: z.string().optional()\n })\n .strip();\n\n/**\n * RFC 7009 OAuth 2.0 Token Revocation request\n */\nexport const OAuthTokenRevocationRequestSchema = z\n .object({\n token: z.string(),\n token_type_hint: z.string().optional()\n })\n .strip();\n\nexport type OAuthMetadata = z.infer;\nexport type OpenIdProviderMetadata = z.infer;\nexport type OpenIdProviderDiscoveryMetadata = z.infer;\n\nexport type OAuthTokens = z.infer;\nexport type OAuthErrorResponse = z.infer;\nexport type OAuthClientMetadata = z.infer;\nexport type OAuthClientInformation = z.infer;\nexport type OAuthClientInformationFull = z.infer;\nexport type OAuthClientInformationMixed = OAuthClientInformation | OAuthClientInformationFull;\nexport type OAuthClientRegistrationError = z.infer;\nexport type OAuthTokenRevocationRequest = z.infer;\nexport type OAuthProtectedResourceMetadata = z.infer;\n\n// Unified type for authorization server metadata\nexport type AuthorizationServerMetadata = OAuthMetadata | OpenIdProviderDiscoveryMetadata;\n" }, { "path": "packages/core/src/shared/authUtils.ts", "content": "/**\n * Utilities for handling OAuth resource URIs.\n */\n\n/**\n * Converts a server URL to a resource URL by removing the fragment.\n * {@link https://datatracker.ietf.org/doc/html/rfc8707#section-2 | RFC 8707 section 2}\n * states that resource URIs \"MUST NOT include a fragment component\".\n * Keeps everything else unchanged (scheme, domain, port, path, query).\n */\nexport function resourceUrlFromServerUrl(url: URL | string): URL {\n const resourceURL = typeof url === 'string' ? new URL(url) : new URL(url.href);\n resourceURL.hash = ''; // Remove fragment\n return resourceURL;\n}\n\n/**\n * Checks if a requested resource URL matches a configured resource URL.\n * A requested resource matches if it has the same scheme, domain, port,\n * and its path starts with the configured resource's path.\n *\n * @param options - The options object\n * @param options.requestedResource - The resource URL being requested\n * @param options.configuredResource - The resource URL that has been configured\n * @returns true if the requested resource matches the configured resource, false otherwise\n */\nexport function checkResourceAllowed({\n requestedResource,\n configuredResource\n}: {\n requestedResource: URL | string;\n configuredResource: URL | string;\n}): boolean {\n const requested = typeof requestedResource === 'string' ? new URL(requestedResource) : new URL(requestedResource.href);\n const configured = typeof configuredResource === 'string' ? new URL(configuredResource) : new URL(configuredResource.href);\n\n // Compare the origin (scheme, domain, and port)\n if (requested.origin !== configured.origin) {\n return false;\n }\n\n // Handle cases like requested=/foo and configured=/foo/\n if (requested.pathname.length < configured.pathname.length) {\n return false;\n }\n\n // Check if the requested path starts with the configured path\n // Ensure both paths end with / for proper comparison\n // This ensures that if we have paths like \"/api\" and \"/api/users\",\n // we properly detect that \"/api/users\" is a subpath of \"/api\"\n // By adding a trailing slash if missing, we avoid false positives\n // where paths like \"/api123\" would incorrectly match \"/api\"\n const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';\n const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';\n\n return requestedPath.startsWith(configuredPath);\n}\n" }, { "path": "packages/core/src/shared/metadataUtils.ts", "content": "import type { BaseMetadata } from '../types/types.js';\n\n/**\n * Utilities for working with {@linkcode BaseMetadata} objects.\n */\n\n/**\n * Gets the display name for an object with {@linkcode BaseMetadata}.\n * For tools, the precedence is: `title` → {@linkcode index.ToolAnnotations | annotations}.`title` → `name`\n * For other objects: `title` → `name`\n * This implements the spec requirement: \"if no title is provided, name should be used for display purposes\"\n */\nexport function getDisplayName(metadata: BaseMetadata | (BaseMetadata & { annotations?: { title?: string } })): string {\n // First check for title (not undefined and not empty string)\n if (metadata.title !== undefined && metadata.title !== '') {\n return metadata.title;\n }\n\n // Then check for annotations.title (only present in Tool objects)\n if ('annotations' in metadata && metadata.annotations?.title) {\n return metadata.annotations.title;\n }\n\n // Finally fall back to name\n return metadata.name;\n}\n" }, { "path": "packages/core/src/shared/protocol.ts", "content": "import { SdkError, SdkErrorCode } from '../errors/sdkErrors.js';\nimport type { CreateTaskOptions, QueuedMessage, TaskMessageQueue, TaskStore } from '../experimental/tasks/interfaces.js';\nimport { isTerminal } from '../experimental/tasks/interfaces.js';\nimport type {\n AuthInfo,\n CancelledNotification,\n ClientCapabilities,\n CreateMessageRequest,\n CreateMessageResult,\n CreateMessageResultWithTools,\n ElicitRequestFormParams,\n ElicitRequestURLParams,\n ElicitResult,\n GetTaskPayloadRequest,\n GetTaskRequest,\n GetTaskResult,\n JSONRPCErrorResponse,\n JSONRPCNotification,\n JSONRPCRequest,\n JSONRPCResponse,\n JSONRPCResultResponse,\n LoggingLevel,\n MessageExtraInfo,\n Notification,\n NotificationMethod,\n NotificationTypeMap,\n Progress,\n ProgressNotification,\n RelatedTaskMetadata,\n Request,\n RequestId,\n RequestInfo,\n RequestMeta,\n RequestMethod,\n RequestTypeMap,\n Result,\n ResultTypeMap,\n ServerCapabilities,\n Task,\n TaskCreationParams,\n TaskStatusNotification\n} from '../types/types.js';\nimport {\n CancelTaskResultSchema,\n CreateTaskResultSchema,\n getNotificationSchema,\n getRequestSchema,\n getResultSchema,\n GetTaskResultSchema,\n isJSONRPCErrorResponse,\n isJSONRPCNotification,\n isJSONRPCRequest,\n isJSONRPCResultResponse,\n isTaskAugmentedRequestParams,\n ListTasksResultSchema,\n ProtocolError,\n ProtocolErrorCode,\n RELATED_TASK_META_KEY,\n SUPPORTED_PROTOCOL_VERSIONS,\n TaskStatusNotificationSchema\n} from '../types/types.js';\nimport type { AnyObjectSchema, AnySchema, SchemaOutput } from '../util/schema.js';\nimport { parseSchema } from '../util/schema.js';\nimport type { ResponseMessage } from './responseMessage.js';\nimport type { Transport, TransportSendOptions } from './transport.js';\n\n/**\n * Callback for progress notifications.\n */\nexport type ProgressCallback = (progress: Progress) => void;\n\n/**\n * Additional initialization options.\n */\nexport type ProtocolOptions = {\n /**\n * Protocol versions supported. First version is preferred (sent by client,\n * used as fallback by server). Passed to transport during {@linkcode Protocol.connect | connect()}.\n *\n * @default {@linkcode SUPPORTED_PROTOCOL_VERSIONS}\n */\n supportedProtocolVersions?: string[];\n\n /**\n * Whether to restrict emitted requests to only those that the remote side has indicated that they can handle, through their advertised capabilities.\n *\n * Note that this DOES NOT affect checking of _local_ side capabilities, as it is considered a logic error to mis-specify those.\n *\n * Currently this defaults to `false`, for backwards compatibility with SDK versions that did not advertise capabilities correctly. In future, this will default to `true`.\n */\n enforceStrictCapabilities?: boolean;\n /**\n * An array of notification method names that should be automatically debounced.\n * Any notifications with a method in this list will be coalesced if they\n * occur in the same tick of the event loop.\n * e.g., `['notifications/tools/list_changed']`\n */\n debouncedNotificationMethods?: string[];\n /**\n * Optional task storage implementation. If provided, enables task-related request handlers\n * and provides task storage capabilities to request handlers.\n */\n taskStore?: TaskStore;\n /**\n * Optional task message queue implementation for managing server-initiated messages\n * that will be delivered through the tasks/result response stream.\n */\n taskMessageQueue?: TaskMessageQueue;\n /**\n * Default polling interval (in milliseconds) for task status checks when no `pollInterval`\n * is provided by the server. Defaults to 5000ms if not specified.\n */\n defaultTaskPollInterval?: number;\n /**\n * Maximum number of messages that can be queued per task for side-channel delivery.\n * If undefined, the queue size is unbounded.\n * When the limit is exceeded, the {@linkcode TaskMessageQueue} implementation's {@linkcode TaskMessageQueue.enqueue | enqueue()} method\n * will throw an error. It's the implementation's responsibility to handle overflow\n * appropriately (e.g., by failing the task, dropping messages, etc.).\n */\n maxTaskQueueSize?: number;\n};\n\n/**\n * The default request timeout, in milliseconds.\n */\nexport const DEFAULT_REQUEST_TIMEOUT_MSEC = 60_000;\n\n/**\n * Options that can be given per request.\n */\nexport type RequestOptions = {\n /**\n * If set, requests progress notifications from the remote end (if supported). When progress notifications are received, this callback will be invoked.\n *\n * For task-augmented requests: progress notifications continue after {@linkcode CreateTaskResult} is returned and stop automatically when the task reaches a terminal status.\n */\n onprogress?: ProgressCallback;\n\n /**\n * Can be used to cancel an in-flight request. This will cause an `AbortError` to be raised from {@linkcode Protocol.request | request()}.\n */\n signal?: AbortSignal;\n\n /**\n * A timeout (in milliseconds) for this request. If exceeded, an {@linkcode SdkError} with code {@linkcode SdkErrorCode.RequestTimeout} will be raised from {@linkcode Protocol.request | request()}.\n *\n * If not specified, {@linkcode DEFAULT_REQUEST_TIMEOUT_MSEC} will be used as the timeout.\n */\n timeout?: number;\n\n /**\n * If `true`, receiving a progress notification will reset the request timeout.\n * This is useful for long-running operations that send periodic progress updates.\n * Default: `false`\n */\n resetTimeoutOnProgress?: boolean;\n\n /**\n * Maximum total time (in milliseconds) to wait for a response.\n * If exceeded, an {@linkcode SdkError} with code {@linkcode SdkErrorCode.RequestTimeout} will be raised, regardless of progress notifications.\n * If not specified, there is no maximum total timeout.\n */\n maxTotalTimeout?: number;\n\n /**\n * If provided, augments the request with task creation parameters to enable call-now, fetch-later execution patterns.\n */\n task?: TaskCreationParams;\n\n /**\n * If provided, associates this request with a related task.\n */\n relatedTask?: RelatedTaskMetadata;\n} & TransportSendOptions;\n\n/**\n * Options that can be given per notification.\n */\nexport type NotificationOptions = {\n /**\n * May be used to indicate to the transport which incoming request to associate this outgoing notification with.\n */\n relatedRequestId?: RequestId;\n\n /**\n * If provided, associates this notification with a related task.\n */\n relatedTask?: RelatedTaskMetadata;\n};\n\n/**\n * Options that can be given per request.\n */\n// relatedTask is excluded as the SDK controls if this is sent according to if the source is a task.\nexport type TaskRequestOptions = Omit;\n\n/**\n * Request-scoped {@linkcode TaskStore} interface.\n */\nexport interface RequestTaskStore {\n /**\n * Creates a new task with the given creation parameters.\n * The implementation generates a unique `taskId` and `createdAt` timestamp.\n *\n * @param taskParams - The task creation parameters from the request\n * @returns The created {@linkcode Task} object\n */\n createTask(taskParams: CreateTaskOptions): Promise;\n\n /**\n * Gets the current status of a task.\n *\n * @param taskId - The task identifier\n * @returns The {@linkcode Task} object\n * @throws If the task does not exist\n */\n getTask(taskId: string): Promise;\n\n /**\n * Stores the result of a task and sets its final status.\n *\n * @param taskId - The task identifier\n * @param status - The final status: `'completed'` for success, `'failed'` for errors\n * @param result - The result to store\n */\n storeTaskResult(taskId: string, status: 'completed' | 'failed', result: Result): Promise;\n\n /**\n * Retrieves the stored result of a task.\n *\n * @param taskId - The task identifier\n * @returns The stored result\n */\n getTaskResult(taskId: string): Promise;\n\n /**\n * Updates a task's status (e.g., to `'cancelled'`, `'failed'`, `'completed'`).\n *\n * @param taskId - The task identifier\n * @param status - The new status\n * @param statusMessage - Optional diagnostic message for failed tasks or other status information\n */\n updateTaskStatus(taskId: string, status: Task['status'], statusMessage?: string): Promise;\n\n /**\n * Lists tasks, optionally starting from a pagination cursor.\n *\n * @param cursor - Optional cursor for pagination\n * @returns An object containing the `tasks` array and an optional `nextCursor`\n */\n listTasks(cursor?: string): Promise<{ tasks: Task[]; nextCursor?: string }>;\n}\n\n/**\n * Task context provided to request handlers when task storage is configured.\n */\nexport type TaskContext = {\n id?: string;\n store: RequestTaskStore;\n requestedTtl?: number | null;\n};\n\n/**\n * Base context provided to all request handlers.\n */\nexport type BaseContext = {\n /**\n * The session ID from the transport, if available.\n */\n sessionId?: string;\n\n /**\n * Information about the MCP request being handled.\n */\n mcpReq: {\n /**\n * The JSON-RPC ID of the request being handled.\n */\n id: RequestId;\n\n /**\n * The method name of the request (e.g., 'tools/call', 'ping').\n */\n method: string;\n\n /**\n * Metadata from the original request.\n */\n _meta?: RequestMeta;\n\n /**\n * An abort signal used to communicate if the request was cancelled from the sender's side.\n */\n signal: AbortSignal;\n\n /**\n * Sends a request that relates to the current request being handled.\n *\n * This is used by certain transports to correctly associate related messages.\n */\n send: (\n request: { method: M; params?: Record },\n options?: TaskRequestOptions\n ) => Promise;\n\n /**\n * Sends a notification that relates to the current request being handled.\n *\n * This is used by certain transports to correctly associate related messages.\n */\n notify: (notification: Notification) => Promise;\n };\n\n /**\n * HTTP transport information, only available when using an HTTP-based transport.\n */\n http?: {\n /**\n * Information about a validated access token, provided to request handlers.\n */\n authInfo?: AuthInfo;\n };\n\n /**\n * Task context, available when task storage is configured.\n */\n task?: TaskContext;\n};\n\n/**\n * Context provided to server-side request handlers, extending {@linkcode BaseContext} with server-specific fields.\n */\nexport type ServerContext = BaseContext & {\n mcpReq: {\n /**\n * Send a log message notification to the client.\n * Respects the client's log level filter set via logging/setLevel.\n */\n log: (level: LoggingLevel, data: unknown, logger?: string) => Promise;\n\n /**\n * Send an elicitation request to the client, requesting user input.\n */\n elicitInput: (params: ElicitRequestFormParams | ElicitRequestURLParams, options?: RequestOptions) => Promise;\n\n /**\n * Request LLM sampling from the client.\n */\n requestSampling: (\n params: CreateMessageRequest['params'],\n options?: RequestOptions\n ) => Promise;\n };\n\n http?: {\n /**\n * The original HTTP request information.\n */\n req?: RequestInfo;\n\n /**\n * Closes the SSE stream for this request, triggering client reconnection.\n * Only available when using a StreamableHTTPServerTransport with eventStore configured.\n */\n closeSSE?: () => void;\n\n /**\n * Closes the standalone GET SSE stream, triggering client reconnection.\n * Only available when using a StreamableHTTPServerTransport with eventStore configured.\n */\n closeStandaloneSSE?: () => void;\n };\n};\n\n/**\n * Context provided to client-side request handlers.\n */\nexport type ClientContext = BaseContext;\n\n/**\n * Information about a request's timeout state\n */\ntype TimeoutInfo = {\n timeoutId: ReturnType;\n startTime: number;\n timeout: number;\n maxTotalTimeout?: number;\n resetTimeoutOnProgress: boolean;\n onTimeout: () => void;\n};\n\n/**\n * Implements MCP protocol framing on top of a pluggable transport, including\n * features like request/response linking, notifications, and progress.\n */\nexport abstract class Protocol {\n private _transport?: Transport;\n private _requestMessageId = 0;\n private _requestHandlers: Map Promise> = new Map();\n private _requestHandlerAbortControllers: Map = new Map();\n private _notificationHandlers: Map Promise> = new Map();\n private _responseHandlers: Map void> = new Map();\n private _progressHandlers: Map = new Map();\n private _timeoutInfo: Map = new Map();\n private _pendingDebouncedNotifications = new Set();\n\n // Maps task IDs to progress tokens to keep handlers alive after CreateTaskResult\n private _taskProgressTokens: Map = new Map();\n\n private _taskStore?: TaskStore;\n private _taskMessageQueue?: TaskMessageQueue;\n\n private _requestResolvers: Map void> = new Map();\n\n protected _supportedProtocolVersions: string[];\n\n /**\n * Callback for when the connection is closed for any reason.\n *\n * This is invoked when {@linkcode Protocol.close | close()} is called as well.\n */\n onclose?: () => void;\n\n /**\n * Callback for when an error occurs.\n *\n * Note that errors are not necessarily fatal; they are used for reporting any kind of exceptional condition out of band.\n */\n onerror?: (error: Error) => void;\n\n /**\n * A handler to invoke for any request types that do not have their own handler installed.\n */\n fallbackRequestHandler?: (request: JSONRPCRequest, ctx: ContextT) => Promise;\n\n /**\n * A handler to invoke for any notification types that do not have their own handler installed.\n */\n fallbackNotificationHandler?: (notification: Notification) => Promise;\n\n constructor(private _options?: ProtocolOptions) {\n this._supportedProtocolVersions = _options?.supportedProtocolVersions ?? SUPPORTED_PROTOCOL_VERSIONS;\n\n this.setNotificationHandler('notifications/cancelled', notification => {\n this._oncancel(notification);\n });\n\n this.setNotificationHandler('notifications/progress', notification => {\n this._onprogress(notification);\n });\n\n this.setRequestHandler(\n 'ping',\n // Automatic pong by default.\n _request => ({}) as Result\n );\n\n // Install task handlers if TaskStore is provided\n this._taskStore = _options?.taskStore;\n this._taskMessageQueue = _options?.taskMessageQueue;\n if (this._taskStore) {\n this.setRequestHandler('tasks/get', async (request, ctx) => {\n const task = await this._taskStore!.getTask(request.params.taskId, ctx.sessionId);\n if (!task) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, 'Failed to retrieve task: Task not found');\n }\n\n // Per spec: tasks/get responses SHALL NOT include related-task metadata\n // as the taskId parameter is the source of truth\n return {\n ...task\n } as Result;\n });\n\n this.setRequestHandler('tasks/result', async (request, ctx) => {\n const handleTaskResult = async (): Promise => {\n const taskId = request.params.taskId;\n\n // Deliver queued messages\n if (this._taskMessageQueue) {\n let queuedMessage: QueuedMessage | undefined;\n while ((queuedMessage = await this._taskMessageQueue.dequeue(taskId, ctx.sessionId))) {\n // Handle response and error messages by routing them to the appropriate resolver\n if (queuedMessage.type === 'response' || queuedMessage.type === 'error') {\n const message = queuedMessage.message;\n const requestId = message.id;\n\n // Lookup resolver in _requestResolvers map\n const resolver = this._requestResolvers.get(requestId as RequestId);\n\n if (resolver) {\n // Remove resolver from map after invocation\n this._requestResolvers.delete(requestId as RequestId);\n\n // Invoke resolver with response or error\n if (queuedMessage.type === 'response') {\n resolver(message as JSONRPCResultResponse);\n } else {\n // Convert JSONRPCError to ProtocolError\n const errorMessage = message as JSONRPCErrorResponse;\n const error = new ProtocolError(\n errorMessage.error.code,\n errorMessage.error.message,\n errorMessage.error.data\n );\n resolver(error);\n }\n } else {\n // Handle missing resolver gracefully with error logging\n const messageType = queuedMessage.type === 'response' ? 'Response' : 'Error';\n this._onerror(new Error(`${messageType} handler missing for request ${requestId}`));\n }\n\n // Continue to next message\n continue;\n }\n\n // Send the message on the response stream by passing the relatedRequestId\n // This tells the transport to write the message to the tasks/result response stream\n await this._transport?.send(queuedMessage.message, { relatedRequestId: ctx.mcpReq.id });\n }\n }\n\n // Now check task status\n const task = await this._taskStore!.getTask(taskId, ctx.sessionId);\n if (!task) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Task not found: ${taskId}`);\n }\n\n // Block if task is not terminal (we've already delivered all queued messages above)\n if (!isTerminal(task.status)) {\n // Wait for status change or new messages\n await this._waitForTaskUpdate(taskId, ctx.mcpReq.signal);\n\n // After waking up, recursively call to deliver any new messages or result\n return await handleTaskResult();\n }\n\n // If task is terminal, return the result\n if (isTerminal(task.status)) {\n const result = await this._taskStore!.getTaskResult(taskId, ctx.sessionId);\n\n this._clearTaskQueue(taskId);\n\n return {\n ...result,\n _meta: {\n ...result._meta,\n [RELATED_TASK_META_KEY]: {\n taskId: taskId\n }\n }\n } as Result;\n }\n\n return await handleTaskResult();\n };\n\n return await handleTaskResult();\n });\n\n this.setRequestHandler('tasks/list', async (request, ctx) => {\n try {\n const { tasks, nextCursor } = await this._taskStore!.listTasks(request.params?.cursor, ctx.sessionId);\n return {\n tasks,\n nextCursor,\n _meta: {}\n } as Result;\n } catch (error) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Failed to list tasks: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n\n this.setRequestHandler('tasks/cancel', async (request, ctx) => {\n try {\n // Get the current task to check if it's in a terminal state, in case the implementation is not atomic\n const task = await this._taskStore!.getTask(request.params.taskId, ctx.sessionId);\n\n if (!task) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Task not found: ${request.params.taskId}`);\n }\n\n // Reject cancellation of terminal tasks\n if (isTerminal(task.status)) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Cannot cancel task in terminal status: ${task.status}`);\n }\n\n await this._taskStore!.updateTaskStatus(\n request.params.taskId,\n 'cancelled',\n 'Client cancelled task execution.',\n ctx.sessionId\n );\n\n this._clearTaskQueue(request.params.taskId);\n\n const cancelledTask = await this._taskStore!.getTask(request.params.taskId, ctx.sessionId);\n if (!cancelledTask) {\n // Task was deleted during cancellation (e.g., cleanup happened)\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Task not found after cancellation: ${request.params.taskId}`\n );\n }\n\n return {\n _meta: {},\n ...cancelledTask\n } as Result;\n } catch (error) {\n // Re-throw ProtocolError as-is\n if (error instanceof ProtocolError) {\n throw error;\n }\n throw new ProtocolError(\n ProtocolErrorCode.InvalidRequest,\n `Failed to cancel task: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n }\n }\n\n /**\n * Builds the context object for request handlers. Subclasses must override\n * to return the appropriate context type (e.g., ServerContext adds requestInfo).\n */\n protected abstract buildContext(ctx: BaseContext, transportInfo?: MessageExtraInfo): ContextT;\n\n private async _oncancel(notification: CancelledNotification): Promise {\n if (!notification.params.requestId) {\n return;\n }\n // Handle request cancellation\n const controller = this._requestHandlerAbortControllers.get(notification.params.requestId);\n controller?.abort(notification.params.reason);\n }\n\n private _setupTimeout(\n messageId: number,\n timeout: number,\n maxTotalTimeout: number | undefined,\n onTimeout: () => void,\n resetTimeoutOnProgress: boolean = false\n ) {\n this._timeoutInfo.set(messageId, {\n timeoutId: setTimeout(onTimeout, timeout),\n startTime: Date.now(),\n timeout,\n maxTotalTimeout,\n resetTimeoutOnProgress,\n onTimeout\n });\n }\n\n private _resetTimeout(messageId: number): boolean {\n const info = this._timeoutInfo.get(messageId);\n if (!info) return false;\n\n const totalElapsed = Date.now() - info.startTime;\n if (info.maxTotalTimeout && totalElapsed >= info.maxTotalTimeout) {\n this._timeoutInfo.delete(messageId);\n throw new SdkError(SdkErrorCode.RequestTimeout, 'Maximum total timeout exceeded', {\n maxTotalTimeout: info.maxTotalTimeout,\n totalElapsed\n });\n }\n\n clearTimeout(info.timeoutId);\n info.timeoutId = setTimeout(info.onTimeout, info.timeout);\n return true;\n }\n\n private _cleanupTimeout(messageId: number) {\n const info = this._timeoutInfo.get(messageId);\n if (info) {\n clearTimeout(info.timeoutId);\n this._timeoutInfo.delete(messageId);\n }\n }\n\n /**\n * Attaches to the given transport, starts it, and starts listening for messages.\n *\n * The {@linkcode Protocol} object assumes ownership of the {@linkcode Transport}, replacing any callbacks that have already been set, and expects that it is the only user of the {@linkcode Transport} instance going forward.\n */\n async connect(transport: Transport): Promise {\n this._transport = transport;\n const _onclose = this.transport?.onclose;\n this._transport.onclose = () => {\n _onclose?.();\n this._onclose();\n };\n\n const _onerror = this.transport?.onerror;\n this._transport.onerror = (error: Error) => {\n _onerror?.(error);\n this._onerror(error);\n };\n\n const _onmessage = this._transport?.onmessage;\n this._transport.onmessage = (message, extra) => {\n _onmessage?.(message, extra);\n if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {\n this._onresponse(message);\n } else if (isJSONRPCRequest(message)) {\n this._onrequest(message, extra);\n } else if (isJSONRPCNotification(message)) {\n this._onnotification(message);\n } else {\n this._onerror(new Error(`Unknown message type: ${JSON.stringify(message)}`));\n }\n };\n\n // Pass supported protocol versions to transport for header validation\n transport.setSupportedProtocolVersions?.(this._supportedProtocolVersions);\n\n await this._transport.start();\n }\n\n private _onclose(): void {\n const responseHandlers = this._responseHandlers;\n this._responseHandlers = new Map();\n this._progressHandlers.clear();\n this._taskProgressTokens.clear();\n this._pendingDebouncedNotifications.clear();\n\n const error = new SdkError(SdkErrorCode.ConnectionClosed, 'Connection closed');\n\n this._transport = undefined;\n this.onclose?.();\n\n for (const handler of responseHandlers.values()) {\n handler(error);\n }\n }\n\n private _onerror(error: Error): void {\n this.onerror?.(error);\n }\n\n private _onnotification(notification: JSONRPCNotification): void {\n const handler = this._notificationHandlers.get(notification.method) ?? this.fallbackNotificationHandler;\n\n // Ignore notifications not being subscribed to.\n if (handler === undefined) {\n return;\n }\n\n // Starting with Promise.resolve() puts any synchronous errors into the monad as well.\n Promise.resolve()\n .then(() => handler(notification))\n .catch(error => this._onerror(new Error(`Uncaught error in notification handler: ${error}`)));\n }\n\n private _onrequest(request: JSONRPCRequest, extra?: MessageExtraInfo): void {\n const handler = this._requestHandlers.get(request.method) ?? this.fallbackRequestHandler;\n\n // Capture the current transport at request time to ensure responses go to the correct client\n const capturedTransport = this._transport;\n\n // Extract taskId from request metadata if present (needed early for method not found case)\n const relatedTaskId = request.params?._meta?.[RELATED_TASK_META_KEY]?.taskId;\n\n if (handler === undefined) {\n const errorResponse: JSONRPCErrorResponse = {\n jsonrpc: '2.0',\n id: request.id,\n error: {\n code: ProtocolErrorCode.MethodNotFound,\n message: 'Method not found'\n }\n };\n\n // Queue or send the error response based on whether this is a task-related request\n if (relatedTaskId && this._taskMessageQueue) {\n this._enqueueTaskMessage(\n relatedTaskId,\n {\n type: 'error',\n message: errorResponse,\n timestamp: Date.now()\n },\n capturedTransport?.sessionId\n ).catch(error => this._onerror(new Error(`Failed to enqueue error response: ${error}`)));\n } else {\n capturedTransport\n ?.send(errorResponse)\n .catch(error => this._onerror(new Error(`Failed to send an error response: ${error}`)));\n }\n return;\n }\n\n const abortController = new AbortController();\n this._requestHandlerAbortControllers.set(request.id, abortController);\n\n const taskCreationParams = isTaskAugmentedRequestParams(request.params) ? request.params.task : undefined;\n const taskStore = this._taskStore ? this.requestTaskStore(request, capturedTransport?.sessionId) : undefined;\n\n const task: TaskContext | undefined = taskStore\n ? { id: relatedTaskId, store: taskStore, requestedTtl: taskCreationParams?.ttl }\n : undefined;\n\n const baseCtx: BaseContext = {\n sessionId: capturedTransport?.sessionId,\n mcpReq: {\n id: request.id,\n method: request.method,\n _meta: request.params?._meta,\n signal: abortController.signal,\n send: async (r, options?) => {\n const requestOptions: RequestOptions = { ...options, relatedRequestId: request.id };\n if (relatedTaskId && !requestOptions.relatedTask) {\n requestOptions.relatedTask = { taskId: relatedTaskId };\n }\n const effectiveTaskId = requestOptions.relatedTask?.taskId ?? relatedTaskId;\n if (effectiveTaskId && taskStore) {\n await taskStore.updateTaskStatus(effectiveTaskId, 'input_required');\n }\n return await this.request(r, requestOptions);\n },\n notify: async notification => {\n const notificationOptions: NotificationOptions = { relatedRequestId: request.id };\n if (relatedTaskId) {\n notificationOptions.relatedTask = { taskId: relatedTaskId };\n }\n await this.notification(notification, notificationOptions);\n }\n },\n http: extra?.authInfo ? { authInfo: extra.authInfo } : undefined,\n task\n };\n const ctx = this.buildContext(baseCtx, extra);\n\n // Starting with Promise.resolve() puts any synchronous errors into the monad as well.\n Promise.resolve()\n .then(() => {\n // If this request asked for task creation, check capability first\n if (taskCreationParams) {\n // Check if the request method supports task creation\n this.assertTaskHandlerCapability(request.method);\n }\n })\n .then(() => handler(request, ctx))\n .then(\n async result => {\n if (abortController.signal.aborted) {\n // Request was cancelled\n return;\n }\n\n const response: JSONRPCResponse = {\n result,\n jsonrpc: '2.0',\n id: request.id\n };\n\n // Queue or send the response based on whether this is a task-related request\n await (relatedTaskId && this._taskMessageQueue\n ? this._enqueueTaskMessage(\n relatedTaskId,\n {\n type: 'response',\n message: response,\n timestamp: Date.now()\n },\n capturedTransport?.sessionId\n )\n : capturedTransport?.send(response));\n },\n async error => {\n if (abortController.signal.aborted) {\n // Request was cancelled\n return;\n }\n\n const errorResponse: JSONRPCErrorResponse = {\n jsonrpc: '2.0',\n id: request.id,\n error: {\n code: Number.isSafeInteger(error['code']) ? error['code'] : ProtocolErrorCode.InternalError,\n message: error.message ?? 'Internal error',\n ...(error['data'] !== undefined && { data: error['data'] })\n }\n };\n\n // Queue or send the error response based on whether this is a task-related request\n await (relatedTaskId && this._taskMessageQueue\n ? this._enqueueTaskMessage(\n relatedTaskId,\n {\n type: 'error',\n message: errorResponse,\n timestamp: Date.now()\n },\n capturedTransport?.sessionId\n )\n : capturedTransport?.send(errorResponse));\n }\n )\n .catch(error => this._onerror(new Error(`Failed to send response: ${error}`)))\n .finally(() => {\n this._requestHandlerAbortControllers.delete(request.id);\n });\n }\n\n private _onprogress(notification: ProgressNotification): void {\n const { progressToken, ...params } = notification.params;\n const messageId = Number(progressToken);\n\n const handler = this._progressHandlers.get(messageId);\n if (!handler) {\n this._onerror(new Error(`Received a progress notification for an unknown token: ${JSON.stringify(notification)}`));\n return;\n }\n\n const responseHandler = this._responseHandlers.get(messageId);\n const timeoutInfo = this._timeoutInfo.get(messageId);\n\n if (timeoutInfo && responseHandler && timeoutInfo.resetTimeoutOnProgress) {\n try {\n this._resetTimeout(messageId);\n } catch (error) {\n // Clean up if maxTotalTimeout was exceeded\n this._responseHandlers.delete(messageId);\n this._progressHandlers.delete(messageId);\n this._cleanupTimeout(messageId);\n responseHandler(error as Error);\n return;\n }\n }\n\n handler(params);\n }\n\n private _onresponse(response: JSONRPCResponse | JSONRPCErrorResponse): void {\n const messageId = Number(response.id);\n\n // Check if this is a response to a queued request\n const resolver = this._requestResolvers.get(messageId);\n if (resolver) {\n this._requestResolvers.delete(messageId);\n if (isJSONRPCResultResponse(response)) {\n resolver(response);\n } else {\n const error = new ProtocolError(response.error.code, response.error.message, response.error.data);\n resolver(error);\n }\n return;\n }\n\n const handler = this._responseHandlers.get(messageId);\n if (handler === undefined) {\n this._onerror(new Error(`Received a response for an unknown message ID: ${JSON.stringify(response)}`));\n return;\n }\n\n this._responseHandlers.delete(messageId);\n this._cleanupTimeout(messageId);\n\n // Keep progress handler alive for CreateTaskResult responses\n let isTaskResponse = false;\n if (isJSONRPCResultResponse(response) && response.result && typeof response.result === 'object') {\n const result = response.result as Record;\n if (result.task && typeof result.task === 'object') {\n const task = result.task as Record;\n if (typeof task.taskId === 'string') {\n isTaskResponse = true;\n this._taskProgressTokens.set(task.taskId, messageId);\n }\n }\n }\n\n if (!isTaskResponse) {\n this._progressHandlers.delete(messageId);\n }\n\n if (isJSONRPCResultResponse(response)) {\n handler(response);\n } else {\n const error = ProtocolError.fromError(response.error.code, response.error.message, response.error.data);\n handler(error);\n }\n }\n\n get transport(): Transport | undefined {\n return this._transport;\n }\n\n /**\n * Closes the connection.\n */\n async close(): Promise {\n await this._transport?.close();\n }\n\n /**\n * A method to check if a capability is supported by the remote side, for the given method to be called.\n *\n * This should be implemented by subclasses.\n */\n protected abstract assertCapabilityForMethod(method: RequestMethod): void;\n\n /**\n * A method to check if a notification is supported by the local side, for the given method to be sent.\n *\n * This should be implemented by subclasses.\n */\n protected abstract assertNotificationCapability(method: NotificationMethod): void;\n\n /**\n * A method to check if a request handler is supported by the local side, for the given method to be handled.\n *\n * This should be implemented by subclasses.\n */\n protected abstract assertRequestHandlerCapability(method: string): void;\n\n /**\n * A method to check if task creation is supported for the given request method.\n *\n * This should be implemented by subclasses.\n */\n protected abstract assertTaskCapability(method: string): void;\n\n /**\n * A method to check if a task handler is supported by the local side, for the given method to be handled.\n *\n * This should be implemented by subclasses.\n */\n protected abstract assertTaskHandlerCapability(method: string): void;\n\n /**\n * Sends a request and returns an AsyncGenerator that yields response messages,\n * resolving the result schema automatically from the method name.\n * The generator is guaranteed to end with either a `'result'` or `'error'` message.\n *\n * @experimental Use `client.experimental.tasks.requestStream()` to access this method.\n */\n protected async *requestStream(\n request: { method: M; params?: Record },\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n const resultSchema = getResultSchema(request.method) as unknown as AnyObjectSchema;\n yield* this._requestStreamWithSchema(request as Request, resultSchema, options) as AsyncGenerator<\n ResponseMessage,\n void,\n void\n >;\n }\n\n /**\n * Sends a request and returns an AsyncGenerator that yields response messages,\n * using the provided schema for validation.\n *\n * This is the internal implementation used by SDK methods that need to specify\n * a particular result schema.\n */\n protected async *_requestStreamWithSchema(\n request: Request,\n resultSchema: T,\n options?: RequestOptions\n ): AsyncGenerator>, void, void> {\n const { task } = options ?? {};\n\n // For non-task requests, just yield the result\n if (!task) {\n try {\n const result = await this._requestWithSchema(request, resultSchema, options);\n yield { type: 'result', result };\n } catch (error) {\n yield {\n type: 'error',\n error: error instanceof Error ? error : new Error(String(error))\n };\n }\n return;\n }\n\n // For task-augmented requests, we need to poll for status\n // First, make the request to create the task\n let taskId: string | undefined;\n try {\n // Send the request and get the CreateTaskResult\n const createResult = await this._requestWithSchema(request, CreateTaskResultSchema, options);\n\n // Extract taskId from the result\n if (createResult.task) {\n taskId = createResult.task.taskId;\n yield { type: 'taskCreated', task: createResult.task };\n } else {\n throw new ProtocolError(ProtocolErrorCode.InternalError, 'Task creation did not return a task');\n }\n\n // Poll for task completion\n while (true) {\n // Get current task status\n const task = await this.getTask({ taskId }, options);\n yield { type: 'taskStatus', task };\n\n // Check if task is terminal\n if (isTerminal(task.status)) {\n switch (task.status) {\n case 'completed': {\n // Get the final result\n const result = await this.getTaskResult({ taskId }, resultSchema, options);\n yield { type: 'result', result };\n\n break;\n }\n case 'failed': {\n yield {\n type: 'error',\n error: new ProtocolError(ProtocolErrorCode.InternalError, `Task ${taskId} failed`)\n };\n\n break;\n }\n case 'cancelled': {\n yield {\n type: 'error',\n error: new ProtocolError(ProtocolErrorCode.InternalError, `Task ${taskId} was cancelled`)\n };\n\n break;\n }\n // No default\n }\n return;\n }\n\n // When input_required, call tasks/result to deliver queued messages\n // (elicitation, sampling) via SSE and block until terminal\n if (task.status === 'input_required') {\n const result = await this.getTaskResult({ taskId }, resultSchema, options);\n yield { type: 'result', result };\n return;\n }\n\n // Wait before polling again\n const pollInterval = task.pollInterval ?? this._options?.defaultTaskPollInterval ?? 1000;\n await new Promise(resolve => setTimeout(resolve, pollInterval));\n\n // Check if cancelled\n options?.signal?.throwIfAborted();\n }\n } catch (error) {\n yield {\n type: 'error',\n error: error instanceof Error ? error : new Error(String(error))\n };\n }\n }\n\n /**\n * Sends a request and waits for a response, resolving the result schema\n * automatically from the method name.\n *\n * Do not use this method to emit notifications! Use {@linkcode Protocol.notification | notification()} instead.\n */\n request(\n request: { method: M; params?: Record },\n options?: RequestOptions\n ): Promise {\n const resultSchema = getResultSchema(request.method);\n return this._requestWithSchema(request as Request, resultSchema, options) as Promise;\n }\n\n /**\n * Sends a request and waits for a response, using the provided schema for validation.\n *\n * This is the internal implementation used by SDK methods that need to specify\n * a particular result schema (e.g., for compatibility or task-specific schemas).\n */\n protected _requestWithSchema(\n request: Request,\n resultSchema: T,\n options?: RequestOptions\n ): Promise> {\n const { relatedRequestId, resumptionToken, onresumptiontoken, task, relatedTask } = options ?? {};\n\n // Send the request\n return new Promise>((resolve, reject) => {\n const earlyReject = (error: unknown) => {\n reject(error);\n };\n\n if (!this._transport) {\n earlyReject(new Error('Not connected'));\n return;\n }\n\n if (this._options?.enforceStrictCapabilities === true) {\n try {\n this.assertCapabilityForMethod(request.method as RequestMethod);\n\n // If task creation is requested, also check task capabilities\n if (task) {\n this.assertTaskCapability(request.method);\n }\n } catch (error) {\n earlyReject(error);\n return;\n }\n }\n\n options?.signal?.throwIfAborted();\n\n const messageId = this._requestMessageId++;\n const jsonrpcRequest: JSONRPCRequest = {\n ...request,\n jsonrpc: '2.0',\n id: messageId\n };\n\n if (options?.onprogress) {\n this._progressHandlers.set(messageId, options.onprogress);\n jsonrpcRequest.params = {\n ...request.params,\n _meta: {\n ...request.params?._meta,\n progressToken: messageId\n }\n };\n }\n\n // Augment with task creation parameters if provided\n if (task) {\n jsonrpcRequest.params = {\n ...jsonrpcRequest.params,\n task: task\n };\n }\n\n // Augment with related task metadata if relatedTask is provided\n if (relatedTask) {\n jsonrpcRequest.params = {\n ...jsonrpcRequest.params,\n _meta: {\n ...jsonrpcRequest.params?._meta,\n [RELATED_TASK_META_KEY]: relatedTask\n }\n };\n }\n\n const cancel = (reason: unknown) => {\n this._responseHandlers.delete(messageId);\n this._progressHandlers.delete(messageId);\n this._cleanupTimeout(messageId);\n\n this._transport\n ?.send(\n {\n jsonrpc: '2.0',\n method: 'notifications/cancelled',\n params: {\n requestId: messageId,\n reason: String(reason)\n }\n },\n { relatedRequestId, resumptionToken, onresumptiontoken }\n )\n .catch(error => this._onerror(new Error(`Failed to send cancellation: ${error}`)));\n\n // Wrap the reason in an SdkError if it isn't already\n const error = reason instanceof SdkError ? reason : new SdkError(SdkErrorCode.RequestTimeout, String(reason));\n reject(error);\n };\n\n this._responseHandlers.set(messageId, response => {\n if (options?.signal?.aborted) {\n return;\n }\n\n if (response instanceof Error) {\n return reject(response);\n }\n\n try {\n const parseResult = parseSchema(resultSchema, response.result);\n if (parseResult.success) {\n resolve(parseResult.data as SchemaOutput);\n } else {\n reject(parseResult.error);\n }\n } catch (error) {\n reject(error);\n }\n });\n\n options?.signal?.addEventListener('abort', () => {\n cancel(options?.signal?.reason);\n });\n\n const timeout = options?.timeout ?? DEFAULT_REQUEST_TIMEOUT_MSEC;\n const timeoutHandler = () => cancel(new SdkError(SdkErrorCode.RequestTimeout, 'Request timed out', { timeout }));\n\n this._setupTimeout(messageId, timeout, options?.maxTotalTimeout, timeoutHandler, options?.resetTimeoutOnProgress ?? false);\n\n // Queue request if related to a task\n const relatedTaskId = relatedTask?.taskId;\n if (relatedTaskId) {\n // Store the response resolver for this request so responses can be routed back\n const responseResolver = (response: JSONRPCResultResponse | Error) => {\n const handler = this._responseHandlers.get(messageId);\n if (handler) {\n handler(response);\n } else {\n // Log error when resolver is missing, but don't fail\n this._onerror(new Error(`Response handler missing for side-channeled request ${messageId}`));\n }\n };\n this._requestResolvers.set(messageId, responseResolver);\n\n this._enqueueTaskMessage(relatedTaskId, {\n type: 'request',\n message: jsonrpcRequest,\n timestamp: Date.now()\n }).catch(error => {\n this._cleanupTimeout(messageId);\n reject(error);\n });\n\n // Don't send through transport - queued messages are delivered via tasks/result only\n // This prevents duplicate delivery for bidirectional transports\n } else {\n // No related task - send through transport normally\n this._transport.send(jsonrpcRequest, { relatedRequestId, resumptionToken, onresumptiontoken }).catch(error => {\n this._cleanupTimeout(messageId);\n reject(error);\n });\n }\n });\n }\n\n /**\n * Gets the current status of a task.\n *\n * @experimental Use `client.experimental.tasks.getTask()` to access this method.\n */\n protected async getTask(params: GetTaskRequest['params'], options?: RequestOptions): Promise {\n return this._requestWithSchema({ method: 'tasks/get', params }, GetTaskResultSchema, options);\n }\n\n /**\n * Retrieves the result of a completed task.\n *\n * @experimental Use `client.experimental.tasks.getTaskResult()` to access this method.\n */\n protected async getTaskResult(\n params: GetTaskPayloadRequest['params'],\n resultSchema: T,\n options?: RequestOptions\n ): Promise> {\n return this._requestWithSchema({ method: 'tasks/result', params }, resultSchema, options);\n }\n\n /**\n * Lists tasks, optionally starting from a pagination cursor.\n *\n * @experimental Use `client.experimental.tasks.listTasks()` to access this method.\n */\n protected async listTasks(params?: { cursor?: string }, options?: RequestOptions): Promise> {\n return this._requestWithSchema({ method: 'tasks/list', params }, ListTasksResultSchema, options);\n }\n\n /**\n * Cancels a specific task.\n *\n * @experimental Use `client.experimental.tasks.cancelTask()` to access this method.\n */\n protected async cancelTask(params: { taskId: string }, options?: RequestOptions): Promise> {\n return this._requestWithSchema({ method: 'tasks/cancel', params }, CancelTaskResultSchema, options);\n }\n\n /**\n * Emits a notification, which is a one-way message that does not expect a response.\n */\n async notification(notification: Notification, options?: NotificationOptions): Promise {\n if (!this._transport) {\n throw new SdkError(SdkErrorCode.NotConnected, 'Not connected');\n }\n\n this.assertNotificationCapability(notification.method as NotificationMethod);\n\n // Queue notification if related to a task\n const relatedTaskId = options?.relatedTask?.taskId;\n if (relatedTaskId) {\n // Build the JSONRPC notification with metadata\n const jsonrpcNotification: JSONRPCNotification = {\n ...notification,\n jsonrpc: '2.0',\n params: {\n ...notification.params,\n _meta: {\n ...notification.params?._meta,\n [RELATED_TASK_META_KEY]: options.relatedTask\n }\n }\n };\n\n await this._enqueueTaskMessage(relatedTaskId, {\n type: 'notification',\n message: jsonrpcNotification,\n timestamp: Date.now()\n });\n\n // Don't send through transport - queued messages are delivered via tasks/result only\n // This prevents duplicate delivery for bidirectional transports\n return;\n }\n\n const debouncedMethods = this._options?.debouncedNotificationMethods ?? [];\n // A notification can only be debounced if it's in the list AND it's \"simple\"\n // (i.e., has no parameters and no related request ID or related task that could be lost).\n const canDebounce =\n debouncedMethods.includes(notification.method) && !notification.params && !options?.relatedRequestId && !options?.relatedTask;\n\n if (canDebounce) {\n // If a notification of this type is already scheduled, do nothing.\n if (this._pendingDebouncedNotifications.has(notification.method)) {\n return;\n }\n\n // Mark this notification type as pending.\n this._pendingDebouncedNotifications.add(notification.method);\n\n // Schedule the actual send to happen in the next microtask.\n // This allows all synchronous calls in the current event loop tick to be coalesced.\n Promise.resolve().then(() => {\n // Un-mark the notification so the next one can be scheduled.\n this._pendingDebouncedNotifications.delete(notification.method);\n\n // SAFETY CHECK: If the connection was closed while this was pending, abort.\n if (!this._transport) {\n return;\n }\n\n let jsonrpcNotification: JSONRPCNotification = {\n ...notification,\n jsonrpc: '2.0'\n };\n\n // Augment with related task metadata if relatedTask is provided\n if (options?.relatedTask) {\n jsonrpcNotification = {\n ...jsonrpcNotification,\n params: {\n ...jsonrpcNotification.params,\n _meta: {\n ...jsonrpcNotification.params?._meta,\n [RELATED_TASK_META_KEY]: options.relatedTask\n }\n }\n };\n }\n\n // Send the notification, but don't await it here to avoid blocking.\n // Handle potential errors with a .catch().\n this._transport?.send(jsonrpcNotification, options).catch(error => this._onerror(error));\n });\n\n // Return immediately.\n return;\n }\n\n let jsonrpcNotification: JSONRPCNotification = {\n ...notification,\n jsonrpc: '2.0'\n };\n\n // Augment with related task metadata if relatedTask is provided\n if (options?.relatedTask) {\n jsonrpcNotification = {\n ...jsonrpcNotification,\n params: {\n ...jsonrpcNotification.params,\n _meta: {\n ...jsonrpcNotification.params?._meta,\n [RELATED_TASK_META_KEY]: options.relatedTask\n }\n }\n };\n }\n\n await this._transport.send(jsonrpcNotification, options);\n }\n\n /**\n * Registers a handler to invoke when this protocol object receives a request with the given method.\n *\n * Note that this will replace any previous request handler for the same method.\n */\n setRequestHandler(\n method: M,\n handler: (request: RequestTypeMap[M], ctx: ContextT) => Result | Promise\n ): void {\n this.assertRequestHandlerCapability(method);\n const schema = getRequestSchema(method);\n\n this._requestHandlers.set(method, (request, ctx) => {\n const parsed = schema.parse(request) as RequestTypeMap[M];\n return Promise.resolve(handler(parsed, ctx));\n });\n }\n\n /**\n * Removes the request handler for the given method.\n */\n removeRequestHandler(method: RequestMethod): void {\n this._requestHandlers.delete(method);\n }\n\n /**\n * Asserts that a request handler has not already been set for the given method, in preparation for a new one being automatically installed.\n */\n assertCanSetRequestHandler(method: RequestMethod): void {\n if (this._requestHandlers.has(method)) {\n throw new Error(`A request handler for ${method} already exists, which would be overridden`);\n }\n }\n\n /**\n * Registers a handler to invoke when this protocol object receives a notification with the given method.\n *\n * Note that this will replace any previous notification handler for the same method.\n */\n setNotificationHandler(\n method: M,\n handler: (notification: NotificationTypeMap[M]) => void | Promise\n ): void {\n const schema = getNotificationSchema(method);\n\n this._notificationHandlers.set(method, notification => {\n const parsed = schema.parse(notification);\n return Promise.resolve(handler(parsed));\n });\n }\n\n /**\n * Removes the notification handler for the given method.\n */\n removeNotificationHandler(method: NotificationMethod): void {\n this._notificationHandlers.delete(method);\n }\n\n /**\n * Cleans up the progress handler associated with a task.\n * This should be called when a task reaches a terminal status.\n */\n private _cleanupTaskProgressHandler(taskId: string): void {\n const progressToken = this._taskProgressTokens.get(taskId);\n if (progressToken !== undefined) {\n this._progressHandlers.delete(progressToken);\n this._taskProgressTokens.delete(taskId);\n }\n }\n\n /**\n * Enqueues a task-related message for side-channel delivery via `tasks/result`.\n * @param taskId The task ID to associate the message with\n * @param message The message to enqueue\n * @param sessionId Optional session ID for binding the operation to a specific session\n * @throws Error if `taskStore` is not configured or if enqueue fails (e.g., queue overflow)\n *\n * Note: If enqueue fails, it's the {@linkcode TaskMessageQueue} implementation's responsibility to handle\n * the error appropriately (e.g., by failing the task, logging, etc.). The Protocol layer\n * simply propagates the error.\n */\n private async _enqueueTaskMessage(taskId: string, message: QueuedMessage, sessionId?: string): Promise {\n // Task message queues are only used when taskStore is configured\n if (!this._taskStore || !this._taskMessageQueue) {\n throw new Error('Cannot enqueue task message: taskStore and taskMessageQueue are not configured');\n }\n\n const maxQueueSize = this._options?.maxTaskQueueSize;\n await this._taskMessageQueue.enqueue(taskId, message, sessionId, maxQueueSize);\n }\n\n /**\n * Clears the message queue for a task and rejects any pending request resolvers.\n * @param taskId The task ID whose queue should be cleared\n * @param sessionId Optional session ID for binding the operation to a specific session\n */\n private async _clearTaskQueue(taskId: string, sessionId?: string): Promise {\n if (this._taskMessageQueue) {\n // Reject any pending request resolvers\n const messages = await this._taskMessageQueue.dequeueAll(taskId, sessionId);\n for (const message of messages) {\n if (message.type === 'request' && isJSONRPCRequest(message.message)) {\n // Extract request ID from the message\n const requestId = message.message.id as RequestId;\n const resolver = this._requestResolvers.get(requestId);\n if (resolver) {\n resolver(new ProtocolError(ProtocolErrorCode.InternalError, 'Task cancelled or completed'));\n this._requestResolvers.delete(requestId);\n } else {\n // Log error when resolver is missing during cleanup for better observability\n this._onerror(new Error(`Resolver missing for request ${requestId} during task ${taskId} cleanup`));\n }\n }\n }\n }\n }\n\n /**\n * Waits for a task update (new messages or status change) with abort signal support.\n * Uses polling to check for updates at the task's configured poll interval.\n * @param taskId The task ID to wait for\n * @param signal Abort signal to cancel the wait\n * @returns Promise that resolves when an update occurs or rejects if aborted\n */\n private async _waitForTaskUpdate(taskId: string, signal: AbortSignal): Promise {\n // Get the task's poll interval, falling back to default\n let interval = this._options?.defaultTaskPollInterval ?? 1000;\n try {\n const task = await this._taskStore?.getTask(taskId);\n if (task?.pollInterval) {\n interval = task.pollInterval;\n }\n } catch {\n // Use default interval if task lookup fails\n }\n\n return new Promise((resolve, reject) => {\n if (signal.aborted) {\n reject(new ProtocolError(ProtocolErrorCode.InvalidRequest, 'Request cancelled'));\n return;\n }\n\n // Wait for the poll interval, then resolve so caller can check for updates\n const timeoutId = setTimeout(resolve, interval);\n\n // Clean up timeout and reject if aborted\n signal.addEventListener(\n 'abort',\n () => {\n clearTimeout(timeoutId);\n reject(new ProtocolError(ProtocolErrorCode.InvalidRequest, 'Request cancelled'));\n },\n { once: true }\n );\n });\n }\n\n private requestTaskStore(request?: JSONRPCRequest, sessionId?: string): RequestTaskStore {\n const taskStore = this._taskStore;\n if (!taskStore) {\n throw new Error('No task store configured');\n }\n\n return {\n createTask: async taskParams => {\n if (!request) {\n throw new Error('No request provided');\n }\n\n return await taskStore.createTask(\n taskParams,\n request.id,\n {\n method: request.method,\n params: request.params\n },\n sessionId\n );\n },\n getTask: async taskId => {\n const task = await taskStore.getTask(taskId, sessionId);\n if (!task) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, 'Failed to retrieve task: Task not found');\n }\n\n return task;\n },\n storeTaskResult: async (taskId, status, result) => {\n await taskStore.storeTaskResult(taskId, status, result, sessionId);\n\n // Get updated task state and send notification\n const task = await taskStore.getTask(taskId, sessionId);\n if (task) {\n const notification: TaskStatusNotification = TaskStatusNotificationSchema.parse({\n method: 'notifications/tasks/status',\n params: task\n });\n await this.notification(notification as Notification);\n\n if (isTerminal(task.status)) {\n this._cleanupTaskProgressHandler(taskId);\n // Don't clear queue here - it will be cleared after delivery via tasks/result\n }\n }\n },\n getTaskResult: taskId => {\n return taskStore.getTaskResult(taskId, sessionId);\n },\n updateTaskStatus: async (taskId, status, statusMessage) => {\n // Check if task exists\n const task = await taskStore.getTask(taskId, sessionId);\n if (!task) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Task \"${taskId}\" not found - it may have been cleaned up`);\n }\n\n // Don't allow transitions from terminal states\n if (isTerminal(task.status)) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Cannot update task \"${taskId}\" from terminal status \"${task.status}\" to \"${status}\". Terminal states (completed, failed, cancelled) cannot transition to other states.`\n );\n }\n\n await taskStore.updateTaskStatus(taskId, status, statusMessage, sessionId);\n\n // Get updated task state and send notification\n const updatedTask = await taskStore.getTask(taskId, sessionId);\n if (updatedTask) {\n const notification: TaskStatusNotification = TaskStatusNotificationSchema.parse({\n method: 'notifications/tasks/status',\n params: updatedTask\n });\n await this.notification(notification as Notification);\n\n if (isTerminal(updatedTask.status)) {\n this._cleanupTaskProgressHandler(taskId);\n // Don't clear queue here - it will be cleared after delivery via tasks/result\n }\n }\n },\n listTasks: cursor => {\n return taskStore.listTasks(cursor, sessionId);\n }\n };\n }\n}\n\nfunction isPlainObject(value: unknown): value is Record {\n return value !== null && typeof value === 'object' && !Array.isArray(value);\n}\n\nexport function mergeCapabilities(base: ServerCapabilities, additional: Partial): ServerCapabilities;\nexport function mergeCapabilities(base: ClientCapabilities, additional: Partial): ClientCapabilities;\nexport function mergeCapabilities(base: T, additional: Partial): T {\n const result: T = { ...base };\n for (const key in additional) {\n const k = key as keyof T;\n const addValue = additional[k];\n if (addValue === undefined) continue;\n const baseValue = result[k];\n result[k] =\n isPlainObject(baseValue) && isPlainObject(addValue)\n ? ({ ...(baseValue as Record), ...(addValue as Record) } as T[typeof k])\n : (addValue as T[typeof k]);\n }\n return result;\n}\n" }, { "path": "packages/core/src/shared/responseMessage.ts", "content": "import type { Result, Task } from '../types/types.js';\n\n/**\n * Base message type for the response stream.\n */\nexport interface BaseResponseMessage {\n type: string;\n}\n\n/**\n * Task status update message.\n *\n * Yielded on each poll iteration while the task is active (e.g. while\n * `working`). May be emitted multiple times with the same status.\n */\nexport interface TaskStatusMessage extends BaseResponseMessage {\n type: 'taskStatus';\n task: Task;\n}\n\n/**\n * Task created message.\n *\n * Yielded once when the server creates a new task for a long-running operation.\n * This is always the first message for task-augmented requests.\n */\nexport interface TaskCreatedMessage extends BaseResponseMessage {\n type: 'taskCreated';\n task: Task;\n}\n\n/**\n * Final result message.\n *\n * Yielded once when the operation completes successfully. Terminal — no further\n * messages will follow.\n */\nexport interface ResultMessage extends BaseResponseMessage {\n type: 'result';\n result: T;\n}\n\n/**\n * Error message.\n *\n * Yielded once if the operation fails. Terminal — no further messages will follow.\n */\nexport interface ErrorMessage extends BaseResponseMessage {\n type: 'error';\n error: Error;\n}\n\n/**\n * Union of all message types yielded by task-aware streaming APIs such as\n * {@linkcode @modelcontextprotocol/client!experimental/tasks/client.ExperimentalClientTasks#callToolStream | callToolStream()},\n * {@linkcode @modelcontextprotocol/client!experimental/tasks/client.ExperimentalClientTasks#requestStream | ExperimentalClientTasks.requestStream()}, and\n * {@linkcode @modelcontextprotocol/server!experimental/tasks/server.ExperimentalServerTasks#requestStream | ExperimentalServerTasks.requestStream()}.\n *\n * A typical sequence is:\n * 1. `taskCreated` — task is registered (once)\n * 2. `taskStatus` — zero or more progress updates\n * 3. `result` **or** `error` — terminal message (once)\n *\n * Progress notifications are handled through the existing {@linkcode index.RequestOptions | onprogress} callback.\n * Side-channeled messages (server requests/notifications) are handled through registered handlers.\n */\nexport type ResponseMessage = TaskStatusMessage | TaskCreatedMessage | ResultMessage | ErrorMessage;\n\nexport type AsyncGeneratorValue = T extends AsyncGenerator ? U : never;\n\n/**\n * Collects all values from an async generator into an array.\n */\nexport async function toArrayAsync>(it: T): Promise[]> {\n const arr: AsyncGeneratorValue[] = [];\n for await (const o of it) {\n arr.push(o as AsyncGeneratorValue);\n }\n\n return arr;\n}\n\n/**\n * Consumes a {@linkcode ResponseMessage} stream and returns the final result,\n * discarding intermediate `taskCreated` and `taskStatus` messages. Throws\n * if an `error` message is received or the stream ends without a result.\n */\nexport async function takeResult>>(it: U): Promise {\n for await (const o of it) {\n if (o.type === 'result') {\n return o.result;\n } else if (o.type === 'error') {\n throw o.error;\n }\n }\n\n throw new Error('No result in stream.');\n}\n" }, { "path": "packages/core/src/shared/stdio.ts", "content": "import type { JSONRPCMessage } from '../types/types.js';\nimport { JSONRPCMessageSchema } from '../types/types.js';\n\n/**\n * Buffers a continuous stdio stream into discrete JSON-RPC messages.\n */\nexport class ReadBuffer {\n private _buffer?: Buffer;\n\n append(chunk: Buffer): void {\n this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;\n }\n\n readMessage(): JSONRPCMessage | null {\n if (!this._buffer) {\n return null;\n }\n\n const index = this._buffer.indexOf('\\n');\n if (index === -1) {\n return null;\n }\n\n const line = this._buffer.toString('utf8', 0, index).replace(/\\r$/, '');\n this._buffer = this._buffer.subarray(index + 1);\n return deserializeMessage(line);\n }\n\n clear(): void {\n this._buffer = undefined;\n }\n}\n\nexport function deserializeMessage(line: string): JSONRPCMessage {\n return JSONRPCMessageSchema.parse(JSON.parse(line));\n}\n\nexport function serializeMessage(message: JSONRPCMessage): string {\n return JSON.stringify(message) + '\\n';\n}\n" }, { "path": "packages/core/src/shared/toolNameValidation.ts", "content": "/**\n * Tool name validation utilities according to SEP: Specify Format for Tool Names\n *\n * Tool names SHOULD be between 1 and 128 characters in length (inclusive).\n * Tool names are case-sensitive.\n * Allowed characters: uppercase and lowercase ASCII letters (`A-Z`, `a-z`), digits\n * (`0-9`), underscore (`_`), dash (`-`), and dot (`.`).\n * Tool names SHOULD NOT contain spaces, commas, or other special characters.\n *\n * @see {@link https://github.com/modelcontextprotocol/modelcontextprotocol/issues/986 | SEP-986: Specify Format for Tool Names}\n */\n\n/**\n * Regular expression for valid tool names according to SEP-986 specification\n */\nconst TOOL_NAME_REGEX = /^[A-Za-z0-9._-]{1,128}$/;\n\n/**\n * Validates a tool name according to the SEP specification\n * @param name - The tool name to validate\n * @returns An object containing validation result and any warnings\n */\nexport function validateToolName(name: string): {\n isValid: boolean;\n warnings: string[];\n} {\n const warnings: string[] = [];\n\n // Check length\n if (name.length === 0) {\n return {\n isValid: false,\n warnings: ['Tool name cannot be empty']\n };\n }\n\n if (name.length > 128) {\n return {\n isValid: false,\n warnings: [`Tool name exceeds maximum length of 128 characters (current: ${name.length})`]\n };\n }\n\n // Check for specific problematic patterns (these are warnings, not validation failures)\n if (name.includes(' ')) {\n warnings.push('Tool name contains spaces, which may cause parsing issues');\n }\n\n if (name.includes(',')) {\n warnings.push('Tool name contains commas, which may cause parsing issues');\n }\n\n // Check for potentially confusing patterns (leading/trailing dashes, dots, slashes)\n if (name.startsWith('-') || name.endsWith('-')) {\n warnings.push('Tool name starts or ends with a dash, which may cause parsing issues in some contexts');\n }\n\n if (name.startsWith('.') || name.endsWith('.')) {\n warnings.push('Tool name starts or ends with a dot, which may cause parsing issues in some contexts');\n }\n\n // Check for invalid characters\n if (!TOOL_NAME_REGEX.test(name)) {\n const invalidChars = [...name]\n .filter(char => !/[A-Za-z0-9._-]/.test(char))\n .filter((char, index, arr) => arr.indexOf(char) === index); // Remove duplicates\n\n warnings.push(\n `Tool name contains invalid characters: ${invalidChars.map(c => `\"${c}\"`).join(', ')}`,\n 'Allowed characters are: A-Z, a-z, 0-9, underscore (_), dash (-), and dot (.)'\n );\n\n return {\n isValid: false,\n warnings\n };\n }\n\n return {\n isValid: true,\n warnings\n };\n}\n\n/**\n * Issues warnings for non-conforming tool names\n * @param name - The tool name that triggered the warnings\n * @param warnings - Array of warning messages\n */\nexport function issueToolNameWarning(name: string, warnings: string[]): void {\n if (warnings.length > 0) {\n console.warn(`Tool name validation warning for \"${name}\":`);\n for (const warning of warnings) {\n console.warn(` - ${warning}`);\n }\n console.warn('Tool registration will proceed, but this may cause compatibility issues.');\n console.warn('Consider updating the tool name to conform to the MCP tool naming standard.');\n console.warn(\n 'See SEP: Specify Format for Tool Names (https://github.com/modelcontextprotocol/modelcontextprotocol/issues/986) for more details.'\n );\n }\n}\n\n/**\n * Validates a tool name and issues warnings for non-conforming names\n * @param name - The tool name to validate\n * @returns `true` if the name is valid, `false` otherwise\n */\nexport function validateAndWarnToolName(name: string): boolean {\n const result = validateToolName(name);\n\n // Always issue warnings for any validation issues (both invalid names and warnings)\n issueToolNameWarning(name, result.warnings);\n\n return result.isValid;\n}\n" }, { "path": "packages/core/src/shared/transport.ts", "content": "import type { JSONRPCMessage, MessageExtraInfo, RequestId } from '../types/types.js';\n\nexport type FetchLike = (url: string | URL, init?: RequestInit) => Promise;\n\n/**\n * Normalizes `HeadersInit` to a plain `Record` for manipulation.\n * Handles `Headers` objects, arrays of tuples, and plain objects.\n */\nexport function normalizeHeaders(headers: RequestInit['headers'] | undefined): Record {\n if (!headers) return {};\n\n if (headers instanceof Headers) {\n return Object.fromEntries(headers.entries());\n }\n\n if (Array.isArray(headers)) {\n return Object.fromEntries(headers);\n }\n\n return { ...(headers as Record) };\n}\n\n/**\n * Creates a fetch function that includes base `RequestInit` options.\n * This ensures requests inherit settings like credentials, mode, headers, etc. from the base init.\n *\n * @param baseFetch - The base fetch function to wrap (defaults to global `fetch`)\n * @param baseInit - The base `RequestInit` to merge with each request\n * @returns A wrapped fetch function that merges base options with call-specific options\n */\nexport function createFetchWithInit(baseFetch: FetchLike = fetch, baseInit?: RequestInit): FetchLike {\n if (!baseInit) {\n return baseFetch;\n }\n\n // Return a wrapped fetch that merges base RequestInit with call-specific init\n return async (url: string | URL, init?: RequestInit): Promise => {\n const mergedInit: RequestInit = {\n ...baseInit,\n ...init,\n // Headers need special handling - merge instead of replace\n headers: init?.headers ? { ...normalizeHeaders(baseInit.headers), ...normalizeHeaders(init.headers) } : baseInit.headers\n };\n return baseFetch(url, mergedInit);\n };\n}\n\n/**\n * Options for sending a JSON-RPC message.\n */\nexport type TransportSendOptions = {\n /**\n * If present, `relatedRequestId` is used to indicate to the transport which incoming request to associate this outgoing message with.\n */\n relatedRequestId?: RequestId;\n\n /**\n * The resumption token used to continue long-running requests that were interrupted.\n *\n * This allows clients to reconnect and continue from where they left off, if supported by the transport.\n */\n resumptionToken?: string;\n\n /**\n * A callback that is invoked when the resumption token changes, if supported by the transport.\n *\n * This allows clients to persist the latest token for potential reconnection.\n */\n onresumptiontoken?: (token: string) => void;\n};\n/**\n * Describes the minimal contract for an MCP transport that a client or server can communicate over.\n */\nexport interface Transport {\n /**\n * Starts processing messages on the transport, including any connection steps that might need to be taken.\n *\n * This method should only be called after callbacks are installed, or else messages may be lost.\n *\n * NOTE: This method should not be called explicitly when using {@linkcode @modelcontextprotocol/client!client/client.Client | Client}, {@linkcode @modelcontextprotocol/server!server/server.Server | Server}, or {@linkcode @modelcontextprotocol/server!index.Protocol | Protocol} classes, as they will implicitly call {@linkcode Transport.start | start()}.\n */\n start(): Promise;\n\n /**\n * Sends a JSON-RPC message (request or response).\n *\n * If present, `relatedRequestId` is used to indicate to the transport which incoming request to associate this outgoing message with.\n */\n send(message: JSONRPCMessage, options?: TransportSendOptions): Promise;\n\n /**\n * Closes the connection.\n */\n close(): Promise;\n\n /**\n * Callback for when the connection is closed for any reason.\n *\n * This should be invoked when {@linkcode Transport.close | close()} is called as well.\n */\n onclose?: () => void;\n\n /**\n * Callback for when an error occurs.\n *\n * Note that errors are not necessarily fatal; they are used for reporting any kind of exceptional condition out of band.\n */\n onerror?: (error: Error) => void;\n\n /**\n * Callback for when a message (request or response) is received over the connection.\n *\n * Includes the {@linkcode MessageExtraInfo.requestInfo | requestInfo} and {@linkcode MessageExtraInfo.authInfo | authInfo} if the transport is authenticated.\n *\n * The {@linkcode MessageExtraInfo.requestInfo | requestInfo} can be used to get the original request information (headers, etc.)\n */\n onmessage?: (message: T, extra?: MessageExtraInfo) => void;\n\n /**\n * The session ID generated for this connection.\n */\n sessionId?: string;\n\n /**\n * Sets the protocol version used for the connection (called when the initialize response is received).\n */\n setProtocolVersion?: (version: string) => void;\n\n /**\n * Sets the supported protocol versions for header validation (called during connect).\n * This allows the server to pass its supported versions to the transport.\n */\n setSupportedProtocolVersions?: (versions: string[]) => void;\n}\n" }, { "path": "packages/core/src/shared/uriTemplate.ts", "content": "// Claude-authored implementation of RFC 6570 URI Templates\n\nexport type Variables = Record;\n\nconst MAX_TEMPLATE_LENGTH = 1_000_000; // 1MB\nconst MAX_VARIABLE_LENGTH = 1_000_000; // 1MB\nconst MAX_TEMPLATE_EXPRESSIONS = 10_000;\nconst MAX_REGEX_LENGTH = 1_000_000; // 1MB\n\nexport class UriTemplate {\n /**\n * Returns true if the given string contains any URI template expressions.\n * A template expression is a sequence of characters enclosed in curly braces,\n * like `{foo}` or `{?bar}`.\n */\n static isTemplate(str: string): boolean {\n // Look for any sequence of characters between curly braces\n // that isn't just whitespace\n return /\\{[^}\\s]+\\}/.test(str);\n }\n\n private static validateLength(str: string, max: number, context: string): void {\n if (str.length > max) {\n throw new Error(`${context} exceeds maximum length of ${max} characters (got ${str.length})`);\n }\n }\n private readonly template: string;\n private readonly parts: Array;\n\n get variableNames(): string[] {\n return this.parts.flatMap(part => (typeof part === 'string' ? [] : part.names));\n }\n\n constructor(template: string) {\n UriTemplate.validateLength(template, MAX_TEMPLATE_LENGTH, 'Template');\n this.template = template;\n this.parts = this.parse(template);\n }\n\n toString(): string {\n return this.template;\n }\n\n private parse(template: string): Array {\n const parts: Array = [];\n let currentText = '';\n let i = 0;\n let expressionCount = 0;\n\n while (i < template.length) {\n if (template[i] === '{') {\n if (currentText) {\n parts.push(currentText);\n currentText = '';\n }\n const end = template.indexOf('}', i);\n if (end === -1) throw new Error('Unclosed template expression');\n\n expressionCount++;\n if (expressionCount > MAX_TEMPLATE_EXPRESSIONS) {\n throw new Error(`Template contains too many expressions (max ${MAX_TEMPLATE_EXPRESSIONS})`);\n }\n\n const expr = template.slice(i + 1, end);\n const operator = this.getOperator(expr);\n const exploded = expr.includes('*');\n const names = this.getNames(expr);\n const name = names[0]!;\n\n // Validate variable name length\n for (const name of names) {\n UriTemplate.validateLength(name, MAX_VARIABLE_LENGTH, 'Variable name');\n }\n\n parts.push({ name, operator, names, exploded });\n i = end + 1;\n } else {\n currentText += template[i];\n i++;\n }\n }\n\n if (currentText) {\n parts.push(currentText);\n }\n\n return parts;\n }\n\n private getOperator(expr: string): string {\n const operators = ['+', '#', '.', '/', '?', '&'];\n return operators.find(op => expr.startsWith(op)) || '';\n }\n\n private getNames(expr: string): string[] {\n const operator = this.getOperator(expr);\n return expr\n .slice(operator.length)\n .split(',')\n .map(name => name.replace('*', '').trim())\n .filter(name => name.length > 0);\n }\n\n private encodeValue(value: string, operator: string): string {\n UriTemplate.validateLength(value, MAX_VARIABLE_LENGTH, 'Variable value');\n if (operator === '+' || operator === '#') {\n return encodeURI(value);\n }\n return encodeURIComponent(value);\n }\n\n private expandPart(\n part: {\n name: string;\n operator: string;\n names: string[];\n exploded: boolean;\n },\n variables: Variables\n ): string {\n if (part.operator === '?' || part.operator === '&') {\n const pairs = part.names\n .map(name => {\n const value = variables[name];\n if (value === undefined) return '';\n const encoded = Array.isArray(value)\n ? value.map(v => this.encodeValue(v, part.operator)).join(',')\n : this.encodeValue(value.toString(), part.operator);\n return `${name}=${encoded}`;\n })\n .filter(pair => pair.length > 0);\n\n if (pairs.length === 0) return '';\n const separator = part.operator === '?' ? '?' : '&';\n return separator + pairs.join('&');\n }\n\n if (part.names.length > 1) {\n const values = part.names.map(name => variables[name]).filter(v => v !== undefined);\n if (values.length === 0) return '';\n return values.map(v => (Array.isArray(v) ? v[0] : v)).join(',');\n }\n\n const value = variables[part.name];\n if (value === undefined) return '';\n\n const values = Array.isArray(value) ? value : [value];\n const encoded = values.map(v => this.encodeValue(v, part.operator));\n\n switch (part.operator) {\n case '': {\n return encoded.join(',');\n }\n case '+': {\n return encoded.join(',');\n }\n case '#': {\n return '#' + encoded.join(',');\n }\n case '.': {\n return '.' + encoded.join('.');\n }\n case '/': {\n return '/' + encoded.join('/');\n }\n default: {\n return encoded.join(',');\n }\n }\n }\n\n expand(variables: Variables): string {\n let result = '';\n let hasQueryParam = false;\n\n for (const part of this.parts) {\n if (typeof part === 'string') {\n result += part;\n continue;\n }\n\n const expanded = this.expandPart(part, variables);\n if (!expanded) continue;\n\n // Convert ? to & if we already have a query parameter\n result += (part.operator === '?' || part.operator === '&') && hasQueryParam ? expanded.replace('?', '&') : expanded;\n\n if (part.operator === '?' || part.operator === '&') {\n hasQueryParam = true;\n }\n }\n\n return result;\n }\n\n private escapeRegExp(str: string): string {\n return str.replaceAll(/[.*+?^${}()|[\\]\\\\]/g, String.raw`\\$&`);\n }\n\n private partToRegExp(part: {\n name: string;\n operator: string;\n names: string[];\n exploded: boolean;\n }): Array<{ pattern: string; name: string }> {\n const patterns: Array<{ pattern: string; name: string }> = [];\n\n // Validate variable name length for matching\n for (const name of part.names) {\n UriTemplate.validateLength(name, MAX_VARIABLE_LENGTH, 'Variable name');\n }\n\n if (part.operator === '?' || part.operator === '&') {\n for (let i = 0; i < part.names.length; i++) {\n const name = part.names[i]!;\n const prefix = i === 0 ? '\\\\' + part.operator : '&';\n patterns.push({\n pattern: prefix + this.escapeRegExp(name) + '=([^&]+)',\n name\n });\n }\n return patterns;\n }\n\n let pattern: string;\n const name = part.name;\n\n switch (part.operator) {\n case '': {\n pattern = part.exploded ? '([^/,]+(?:,[^/,]+)*)' : '([^/,]+)';\n break;\n }\n case '+':\n case '#': {\n pattern = '(.+)';\n break;\n }\n case '.': {\n pattern = String.raw`\\.([^/,]+)`;\n break;\n }\n case '/': {\n pattern = '/' + (part.exploded ? '([^/,]+(?:,[^/,]+)*)' : '([^/,]+)');\n break;\n }\n default: {\n pattern = '([^/]+)';\n }\n }\n\n patterns.push({ pattern, name });\n return patterns;\n }\n\n match(uri: string): Variables | null {\n UriTemplate.validateLength(uri, MAX_TEMPLATE_LENGTH, 'URI');\n let pattern = '^';\n const names: Array<{ name: string; exploded: boolean }> = [];\n\n for (const part of this.parts) {\n if (typeof part === 'string') {\n pattern += this.escapeRegExp(part);\n } else {\n const patterns = this.partToRegExp(part);\n for (const { pattern: partPattern, name } of patterns) {\n pattern += partPattern;\n names.push({ name, exploded: part.exploded });\n }\n }\n }\n\n pattern += '$';\n UriTemplate.validateLength(pattern, MAX_REGEX_LENGTH, 'Generated regex pattern');\n const regex = new RegExp(pattern);\n const match = uri.match(regex);\n\n if (!match) return null;\n\n const result: Variables = {};\n for (const [i, name_] of names.entries()) {\n const { name, exploded } = name_!;\n const value = match[i + 1]!;\n const cleanName = name.replace('*', '');\n\n result[cleanName] = exploded && value.includes(',') ? value.split(',') : value;\n }\n\n return result;\n }\n}\n" }, { "path": "packages/core/src/types/spec.types.ts", "content": "/**\n * This file is automatically generated from the Model Context Protocol specification.\n *\n * Source: https://github.com/modelcontextprotocol/modelcontextprotocol\n * Pulled from: https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/main/schema/draft/schema.ts\n * Last updated from commit: 838d6f69055f1d14400d67a47eb1d76207c7c34b\n *\n * DO NOT EDIT THIS FILE MANUALLY. Changes will be overwritten by automated updates.\n * To update this file, run: pnpm run fetch:spec-types\n */ /* JSON types */\n\n/**\n * @category Common Types\n */\nexport type JSONValue = string | number | boolean | null | JSONObject | JSONArray;\n\n/**\n * @category Common Types\n */\nexport type JSONObject = { [key: string]: JSONValue };\n\n/**\n * @category Common Types\n */\nexport type JSONArray = JSONValue[];\n\n/* JSON-RPC types */\n\n/**\n * Refers to any valid JSON-RPC object that can be decoded off the wire, or encoded to be sent.\n *\n * @category JSON-RPC\n */\nexport type JSONRPCMessage = JSONRPCRequest | JSONRPCNotification | JSONRPCResponse;\n\n/** @internal */\nexport const LATEST_PROTOCOL_VERSION = 'DRAFT-2026-v1';\n/** @internal */\nexport const JSONRPC_VERSION = '2.0';\n\n/**\n * Represents the contents of a `_meta` field, which clients and servers use to attach additional metadata to their interactions.\n *\n * Certain key names are reserved by MCP for protocol-level metadata; implementations MUST NOT make assumptions about values at these keys. Additionally, specific schema definitions may reserve particular names for purpose-specific metadata, as declared in those definitions.\n *\n * Valid keys have two segments:\n *\n * **Prefix:**\n * - Optional — if specified, MUST be a series of _labels_ separated by dots (`.`), followed by a slash (`/`).\n * - Labels MUST start with a letter and end with a letter or digit. Interior characters may be letters, digits, or hyphens (`-`).\n * - Any prefix consisting of zero or more labels, followed by `modelcontextprotocol` or `mcp`, followed by any label, is **reserved** for MCP use. For example: `modelcontextprotocol.io/`, `mcp.dev/`, `api.modelcontextprotocol.org/`, and `tools.mcp.com/` are all reserved.\n *\n * **Name:**\n * - Unless empty, MUST start and end with an alphanumeric character (`[a-z0-9A-Z]`).\n * - Interior characters may be alphanumeric, hyphens (`-`), underscores (`_`), or dots (`.`).\n *\n * @see [General fields: `_meta`](/specification/draft/basic/index#meta) for more details.\n * @category Common Types\n */\nexport type MetaObject = Record;\n\n/**\n * Extends {@link MetaObject} with additional request-specific fields. All key naming rules from `MetaObject` apply.\n *\n * @see {@link MetaObject} for key naming rules and reserved prefixes.\n * @see [General fields: `_meta`](/specification/draft/basic/index#meta) for more details.\n * @category Common Types\n */\nexport interface RequestMetaObject extends MetaObject {\n /**\n * If specified, the caller is requesting out-of-band progress notifications for this request (as represented by {@link ProgressNotification | notifications/progress}). The value of this parameter is an opaque token that will be attached to any subsequent notifications. The receiver is not obligated to provide these notifications.\n */\n progressToken?: ProgressToken;\n}\n\n/**\n * A progress token, used to associate progress notifications with the original request.\n *\n * @category Common Types\n */\nexport type ProgressToken = string | number;\n\n/**\n * An opaque token used to represent a cursor for pagination.\n *\n * @category Common Types\n */\nexport type Cursor = string;\n\n/**\n * Common params for any task-augmented request.\n *\n * @internal\n */\nexport interface TaskAugmentedRequestParams extends RequestParams {\n /**\n * If specified, the caller is requesting task-augmented execution for this request.\n * The request will return a {@link CreateTaskResult} immediately, and the actual result can be\n * retrieved later via {@link GetTaskPayloadRequest | tasks/result}.\n *\n * Task augmentation is subject to capability negotiation - receivers MUST declare support\n * for task augmentation of specific request types in their capabilities.\n */\n task?: TaskMetadata;\n}\n\n/**\n * Common params for any request.\n *\n * @category Common Types\n */\nexport interface RequestParams {\n _meta?: RequestMetaObject;\n}\n\n/** @internal */\nexport interface Request {\n method: string;\n // Allow unofficial extensions of `Request.params` without impacting `RequestParams`.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n params?: { [key: string]: any };\n}\n\n/**\n * Common params for any notification.\n *\n * @category Common Types\n */\nexport interface NotificationParams {\n _meta?: MetaObject;\n}\n\n/** @internal */\nexport interface Notification {\n method: string;\n // Allow unofficial extensions of `Notification.params` without impacting `NotificationParams`.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n params?: { [key: string]: any };\n}\n\n/**\n * Common result fields.\n *\n * @category Common Types\n */\nexport interface Result {\n _meta?: MetaObject;\n [key: string]: unknown;\n}\n\n/**\n * @category Errors\n */\nexport interface Error {\n /**\n * The error type that occurred.\n */\n code: number;\n /**\n * A short description of the error. The message SHOULD be limited to a concise single sentence.\n */\n message: string;\n /**\n * Additional information about the error. The value of this member is defined by the sender (e.g. detailed error information, nested errors etc.).\n */\n data?: unknown;\n}\n\n/**\n * A uniquely identifying ID for a request in JSON-RPC.\n *\n * @category Common Types\n */\nexport type RequestId = string | number;\n\n/**\n * A request that expects a response.\n *\n * @category JSON-RPC\n */\nexport interface JSONRPCRequest extends Request {\n jsonrpc: typeof JSONRPC_VERSION;\n id: RequestId;\n}\n\n/**\n * A notification which does not expect a response.\n *\n * @category JSON-RPC\n */\nexport interface JSONRPCNotification extends Notification {\n jsonrpc: typeof JSONRPC_VERSION;\n}\n\n/**\n * A successful (non-error) response to a request.\n *\n * @category JSON-RPC\n */\nexport interface JSONRPCResultResponse {\n jsonrpc: typeof JSONRPC_VERSION;\n id: RequestId;\n result: Result;\n}\n\n/**\n * A response to a request that indicates an error occurred.\n *\n * @category JSON-RPC\n */\nexport interface JSONRPCErrorResponse {\n jsonrpc: typeof JSONRPC_VERSION;\n id?: RequestId;\n error: Error;\n}\n\n/**\n * A response to a request, containing either the result or error.\n *\n * @category JSON-RPC\n */\nexport type JSONRPCResponse = JSONRPCResultResponse | JSONRPCErrorResponse;\n\n// Standard JSON-RPC error codes\nexport const PARSE_ERROR = -32700;\nexport const INVALID_REQUEST = -32600;\nexport const METHOD_NOT_FOUND = -32601;\nexport const INVALID_PARAMS = -32602;\nexport const INTERNAL_ERROR = -32603;\n\n/**\n * A JSON-RPC error indicating that invalid JSON was received by the server. This error is returned when the server cannot parse the JSON text of a message.\n *\n * @see {@link https://www.jsonrpc.org/specification#error_object | JSON-RPC 2.0 Error Object}\n *\n * @example Invalid JSON\n * {@includeCode ./examples/ParseError/invalid-json.json}\n *\n * @category Errors\n */\nexport interface ParseError extends Error {\n code: typeof PARSE_ERROR;\n}\n\n/**\n * A JSON-RPC error indicating that the request is not a valid request object. This error is returned when the message structure does not conform to the JSON-RPC 2.0 specification requirements for a request (e.g., missing required fields like `jsonrpc` or `method`, or using invalid types for these fields).\n *\n * @see {@link https://www.jsonrpc.org/specification#error_object | JSON-RPC 2.0 Error Object}\n *\n * @category Errors\n */\nexport interface InvalidRequestError extends Error {\n code: typeof INVALID_REQUEST;\n}\n\n/**\n * A JSON-RPC error indicating that the requested method does not exist or is not available.\n *\n * In MCP, this error is returned when a request is made for a method that requires a capability that has not been declared. This can occur in either direction:\n *\n * - A server returning this error when the client requests a capability it doesn't support (e.g., requesting completions when the `completions` capability was not advertised)\n * - A client returning this error when the server requests a capability it doesn't support (e.g., requesting roots when the client did not declare the `roots` capability)\n *\n * @see {@link https://www.jsonrpc.org/specification#error_object | JSON-RPC 2.0 Error Object}\n *\n * @example Roots not supported\n * {@includeCode ./examples/MethodNotFoundError/roots-not-supported.json}\n *\n * @category Errors\n */\nexport interface MethodNotFoundError extends Error {\n code: typeof METHOD_NOT_FOUND;\n}\n\n/**\n * A JSON-RPC error indicating that the method parameters are invalid or malformed.\n *\n * In MCP, this error is returned in various contexts when request parameters fail validation:\n *\n * - **Tools**: Unknown tool name or invalid tool arguments\n * - **Prompts**: Unknown prompt name or missing required arguments\n * - **Pagination**: Invalid or expired cursor values\n * - **Logging**: Invalid log level\n * - **Tasks**: Invalid or nonexistent task ID, invalid cursor, or attempting to cancel a task already in a terminal status\n * - **Elicitation**: Server requests an elicitation mode not declared in client capabilities\n * - **Sampling**: Missing tool result or tool results mixed with other content\n *\n * @see {@link https://www.jsonrpc.org/specification#error_object | JSON-RPC 2.0 Error Object}\n *\n * @example Unknown tool\n * {@includeCode ./examples/InvalidParamsError/unknown-tool.json}\n *\n * @example Invalid tool arguments\n * {@includeCode ./examples/InvalidParamsError/invalid-tool-arguments.json}\n *\n * @example Unknown prompt\n * {@includeCode ./examples/InvalidParamsError/unknown-prompt.json}\n *\n * @example Invalid cursor\n * {@includeCode ./examples/InvalidParamsError/invalid-cursor.json}\n *\n * @category Errors\n */\nexport interface InvalidParamsError extends Error {\n code: typeof INVALID_PARAMS;\n}\n\n/**\n * A JSON-RPC error indicating that an internal error occurred on the receiver. This error is returned when the receiver encounters an unexpected condition that prevents it from fulfilling the request.\n *\n * @see {@link https://www.jsonrpc.org/specification#error_object | JSON-RPC 2.0 Error Object}\n *\n * @example Unexpected error\n * {@includeCode ./examples/InternalError/unexpected-error.json}\n *\n * @category Errors\n */\nexport interface InternalError extends Error {\n code: typeof INTERNAL_ERROR;\n}\n\n// Implementation-specific JSON-RPC error codes [-32000, -32099]\n/** @internal */\nexport const URL_ELICITATION_REQUIRED = -32042;\n\n/**\n * An error response that indicates that the server requires the client to provide additional information via an elicitation request.\n *\n * @example Authorization required\n * {@includeCode ./examples/URLElicitationRequiredError/authorization-required.json}\n *\n * @internal\n */\nexport interface URLElicitationRequiredError extends Omit {\n error: Error & {\n code: typeof URL_ELICITATION_REQUIRED;\n data: {\n elicitations: ElicitRequestURLParams[];\n [key: string]: unknown;\n };\n };\n}\n\n/* Empty result */\n/**\n * A result that indicates success but carries no data.\n *\n * @category Common Types\n */\nexport type EmptyResult = Result;\n\n/* Cancellation */\n/**\n * Parameters for a `notifications/cancelled` notification.\n *\n * @example User-requested cancellation\n * {@includeCode ./examples/CancelledNotificationParams/user-requested-cancellation.json}\n *\n * @category `notifications/cancelled`\n */\nexport interface CancelledNotificationParams extends NotificationParams {\n /**\n * The ID of the request to cancel.\n *\n * This MUST correspond to the ID of a request previously issued in the same direction.\n * This MUST be provided for cancelling non-task requests.\n * This MUST NOT be used for cancelling tasks (use the {@link CancelTaskRequest | tasks/cancel} request instead).\n */\n requestId?: RequestId;\n\n /**\n * An optional string describing the reason for the cancellation. This MAY be logged or presented to the user.\n */\n reason?: string;\n}\n\n/**\n * This notification can be sent by either side to indicate that it is cancelling a previously-issued request.\n *\n * The request SHOULD still be in-flight, but due to communication latency, it is always possible that this notification MAY arrive after the request has already finished.\n *\n * This notification indicates that the result will be unused, so any associated processing SHOULD cease.\n *\n * A client MUST NOT attempt to cancel its `initialize` request.\n *\n * For task cancellation, use the {@link CancelTaskRequest | tasks/cancel} request instead of this notification.\n *\n * @example User-requested cancellation\n * {@includeCode ./examples/CancelledNotification/user-requested-cancellation.json}\n *\n * @category `notifications/cancelled`\n */\nexport interface CancelledNotification extends JSONRPCNotification {\n method: 'notifications/cancelled';\n params: CancelledNotificationParams;\n}\n\n/* Initialization */\n/**\n * Parameters for an `initialize` request.\n *\n * @example Full client capabilities\n * {@includeCode ./examples/InitializeRequestParams/full-client-capabilities.json}\n *\n * @category `initialize`\n */\nexport interface InitializeRequestParams extends RequestParams {\n /**\n * The latest version of the Model Context Protocol that the client supports. The client MAY decide to support older versions as well.\n */\n protocolVersion: string;\n capabilities: ClientCapabilities;\n clientInfo: Implementation;\n}\n\n/**\n * This request is sent from the client to the server when it first connects, asking it to begin initialization.\n *\n * @example Initialize request\n * {@includeCode ./examples/InitializeRequest/initialize-request.json}\n *\n * @category `initialize`\n */\nexport interface InitializeRequest extends JSONRPCRequest {\n method: 'initialize';\n params: InitializeRequestParams;\n}\n\n/**\n * The result returned by the server for an {@link InitializeRequest | initialize} request.\n *\n * @example Full server capabilities\n * {@includeCode ./examples/InitializeResult/full-server-capabilities.json}\n *\n * @category `initialize`\n */\nexport interface InitializeResult extends Result {\n /**\n * The version of the Model Context Protocol that the server wants to use. This may not match the version that the client requested. If the client cannot support this version, it MUST disconnect.\n */\n protocolVersion: string;\n capabilities: ServerCapabilities;\n serverInfo: Implementation;\n\n /**\n * Instructions describing how to use the server and its features.\n *\n * Instructions should focus on information that helps the model use the server effectively (e.g., cross-tool relationships, workflow patterns, constraints), but should not duplicate information already in tool descriptions.\n *\n * Clients MAY add this information to the system prompt.\n *\n * @example Server with workflow instructions\n * {@includeCode ./examples/InitializeResult/with-instructions.json}\n */\n instructions?: string;\n}\n\n/**\n * A successful response from the server for a {@link InitializeRequest | initialize} request.\n *\n * @example Initialize result response\n * {@includeCode ./examples/InitializeResultResponse/initialize-result-response.json}\n *\n * @category `initialize`\n */\nexport interface InitializeResultResponse extends JSONRPCResultResponse {\n result: InitializeResult;\n}\n\n/**\n * This notification is sent from the client to the server after initialization has finished.\n *\n * @example Initialized notification\n * {@includeCode ./examples/InitializedNotification/initialized-notification.json}\n *\n * @category `notifications/initialized`\n */\nexport interface InitializedNotification extends JSONRPCNotification {\n method: 'notifications/initialized';\n params?: NotificationParams;\n}\n\n/**\n * Capabilities a client may support. Known capabilities are defined here, in this schema, but this is not a closed set: any client can define its own, additional capabilities.\n *\n * @category `initialize`\n */\nexport interface ClientCapabilities {\n /**\n * Experimental, non-standard capabilities that the client supports.\n */\n experimental?: { [key: string]: JSONObject };\n /**\n * Present if the client supports listing roots.\n *\n * @example Roots — minimum baseline support\n * {@includeCode ./examples/ClientCapabilities/roots-minimum-baseline-support.json}\n *\n * @example Roots — list changed notifications\n * {@includeCode ./examples/ClientCapabilities/roots-list-changed-notifications.json}\n */\n roots?: {\n /**\n * Whether the client supports notifications for changes to the roots list.\n */\n listChanged?: boolean;\n };\n /**\n * Present if the client supports sampling from an LLM.\n *\n * @example Sampling — minimum baseline support\n * {@includeCode ./examples/ClientCapabilities/sampling-minimum-baseline-support.json}\n *\n * @example Sampling — tool use support\n * {@includeCode ./examples/ClientCapabilities/sampling-tool-use-support.json}\n *\n * @example Sampling — context inclusion support (soft-deprecated)\n * {@includeCode ./examples/ClientCapabilities/sampling-context-inclusion-support-soft-deprecated.json}\n */\n sampling?: {\n /**\n * Whether the client supports context inclusion via `includeContext` parameter.\n * If not declared, servers SHOULD only use `includeContext: \"none\"` (or omit it).\n */\n context?: JSONObject;\n /**\n * Whether the client supports tool use via `tools` and `toolChoice` parameters.\n */\n tools?: JSONObject;\n };\n /**\n * Present if the client supports elicitation from the server.\n *\n * @example Elicitation — form and URL mode support\n * {@includeCode ./examples/ClientCapabilities/elicitation-form-and-url-mode-support.json}\n *\n * @example Elicitation — form mode only (implicit)\n * {@includeCode ./examples/ClientCapabilities/elicitation-form-only-implicit.json}\n */\n elicitation?: {\n form?: JSONObject;\n url?: JSONObject;\n };\n\n /**\n * Present if the client supports task-augmented requests.\n */\n tasks?: {\n /**\n * Whether this client supports {@link ListTasksRequest | tasks/list}.\n */\n list?: JSONObject;\n /**\n * Whether this client supports {@link CancelTaskRequest | tasks/cancel}.\n */\n cancel?: JSONObject;\n /**\n * Specifies which request types can be augmented with tasks.\n */\n requests?: {\n /**\n * Task support for sampling-related requests.\n */\n sampling?: {\n /**\n * Whether the client supports task-augmented `sampling/createMessage` requests.\n */\n createMessage?: JSONObject;\n };\n /**\n * Task support for elicitation-related requests.\n */\n elicitation?: {\n /**\n * Whether the client supports task-augmented {@link ElicitRequest | elicitation/create} requests.\n */\n create?: JSONObject;\n };\n };\n };\n /**\n * Optional MCP extensions that the client supports. Keys are extension identifiers\n * (e.g., \"io.modelcontextprotocol/oauth-client-credentials\"), and values are\n * per-extension settings objects. An empty object indicates support with no settings.\n *\n * @example Extensions — UI extension with MIME type support\n * {@includeCode ./examples/ClientCapabilities/extensions-ui-mime-types.json}\n */\n extensions?: { [key: string]: object };\n}\n\n/**\n * Capabilities that a server may support. Known capabilities are defined here, in this schema, but this is not a closed set: any server can define its own, additional capabilities.\n *\n * @category `initialize`\n */\nexport interface ServerCapabilities {\n /**\n * Experimental, non-standard capabilities that the server supports.\n */\n experimental?: { [key: string]: JSONObject };\n /**\n * Present if the server supports sending log messages to the client.\n *\n * @example Logging — minimum baseline support\n * {@includeCode ./examples/ServerCapabilities/logging-minimum-baseline-support.json}\n */\n logging?: JSONObject;\n /**\n * Present if the server supports argument autocompletion suggestions.\n *\n * @example Completions — minimum baseline support\n * {@includeCode ./examples/ServerCapabilities/completions-minimum-baseline-support.json}\n */\n completions?: JSONObject;\n /**\n * Present if the server offers any prompt templates.\n *\n * @example Prompts — minimum baseline support\n * {@includeCode ./examples/ServerCapabilities/prompts-minimum-baseline-support.json}\n *\n * @example Prompts — list changed notifications\n * {@includeCode ./examples/ServerCapabilities/prompts-list-changed-notifications.json}\n */\n prompts?: {\n /**\n * Whether this server supports notifications for changes to the prompt list.\n */\n listChanged?: boolean;\n };\n /**\n * Present if the server offers any resources to read.\n *\n * @example Resources — minimum baseline support\n * {@includeCode ./examples/ServerCapabilities/resources-minimum-baseline-support.json}\n *\n * @example Resources — subscription to individual resource updates (only)\n * {@includeCode ./examples/ServerCapabilities/resources-subscription-to-individual-resource-updates-only.json}\n *\n * @example Resources — list changed notifications (only)\n * {@includeCode ./examples/ServerCapabilities/resources-list-changed-notifications-only.json}\n *\n * @example Resources — all notifications\n * {@includeCode ./examples/ServerCapabilities/resources-all-notifications.json}\n */\n resources?: {\n /**\n * Whether this server supports subscribing to resource updates.\n */\n subscribe?: boolean;\n /**\n * Whether this server supports notifications for changes to the resource list.\n */\n listChanged?: boolean;\n };\n /**\n * Present if the server offers any tools to call.\n *\n * @example Tools — minimum baseline support\n * {@includeCode ./examples/ServerCapabilities/tools-minimum-baseline-support.json}\n *\n * @example Tools — list changed notifications\n * {@includeCode ./examples/ServerCapabilities/tools-list-changed-notifications.json}\n */\n tools?: {\n /**\n * Whether this server supports notifications for changes to the tool list.\n */\n listChanged?: boolean;\n };\n /**\n * Present if the server supports task-augmented requests.\n */\n tasks?: {\n /**\n * Whether this server supports {@link ListTasksRequest | tasks/list}.\n */\n list?: JSONObject;\n /**\n * Whether this server supports {@link CancelTaskRequest | tasks/cancel}.\n */\n cancel?: JSONObject;\n /**\n * Specifies which request types can be augmented with tasks.\n */\n requests?: {\n /**\n * Task support for tool-related requests.\n */\n tools?: {\n /**\n * Whether the server supports task-augmented {@link CallToolRequest | tools/call} requests.\n */\n call?: JSONObject;\n };\n };\n };\n /**\n * Optional MCP extensions that the server supports. Keys are extension identifiers\n * (e.g., \"io.modelcontextprotocol/apps\"), and values are per-extension settings\n * objects. An empty object indicates support with no settings.\n *\n * @example Extensions — UI extension support\n * {@includeCode ./examples/ServerCapabilities/extensions-ui.json}\n */\n extensions?: { [key: string]: object };\n}\n\n/**\n * An optionally-sized icon that can be displayed in a user interface.\n *\n * @category Common Types\n */\nexport interface Icon {\n /**\n * A standard URI pointing to an icon resource. May be an HTTP/HTTPS URL or a\n * `data:` URI with Base64-encoded image data.\n *\n * Consumers SHOULD take steps to ensure URLs serving icons are from the\n * same domain as the client/server or a trusted domain.\n *\n * Consumers SHOULD take appropriate precautions when consuming SVGs as they can contain\n * executable JavaScript.\n *\n * @format uri\n */\n src: string;\n\n /**\n * Optional MIME type override if the source MIME type is missing or generic.\n * For example: `\"image/png\"`, `\"image/jpeg\"`, or `\"image/svg+xml\"`.\n */\n mimeType?: string;\n\n /**\n * Optional array of strings that specify sizes at which the icon can be used.\n * Each string should be in WxH format (e.g., `\"48x48\"`, `\"96x96\"`) or `\"any\"` for scalable formats like SVG.\n *\n * If not provided, the client should assume that the icon can be used at any size.\n */\n sizes?: string[];\n\n /**\n * Optional specifier for the theme this icon is designed for. `\"light\"` indicates\n * the icon is designed to be used with a light background, and `\"dark\"` indicates\n * the icon is designed to be used with a dark background.\n *\n * If not provided, the client should assume the icon can be used with any theme.\n */\n theme?: 'light' | 'dark';\n}\n\n/**\n * Base interface to add `icons` property.\n *\n * @internal\n */\nexport interface Icons {\n /**\n * Optional set of sized icons that the client can display in a user interface.\n *\n * Clients that support rendering icons MUST support at least the following MIME types:\n * - `image/png` - PNG images (safe, universal compatibility)\n * - `image/jpeg` (and `image/jpg`) - JPEG images (safe, universal compatibility)\n *\n * Clients that support rendering icons SHOULD also support:\n * - `image/svg+xml` - SVG images (scalable but requires security precautions)\n * - `image/webp` - WebP images (modern, efficient format)\n */\n icons?: Icon[];\n}\n\n/**\n * Base interface for metadata with name (identifier) and title (display name) properties.\n *\n * @internal\n */\nexport interface BaseMetadata {\n /**\n * Intended for programmatic or logical use, but used as a display name in past specs or fallback (if title isn't present).\n */\n name: string;\n\n /**\n * Intended for UI and end-user contexts — optimized to be human-readable and easily understood,\n * even by those unfamiliar with domain-specific terminology.\n *\n * If not provided, the name should be used for display (except for {@link Tool},\n * where `annotations.title` should be given precedence over using `name`,\n * if present).\n */\n title?: string;\n}\n\n/**\n * Describes the MCP implementation.\n *\n * @category `initialize`\n */\nexport interface Implementation extends BaseMetadata, Icons {\n /**\n * The version of this implementation.\n */\n version: string;\n\n /**\n * An optional human-readable description of what this implementation does.\n *\n * This can be used by clients or servers to provide context about their purpose\n * and capabilities. For example, a server might describe the types of resources\n * or tools it provides, while a client might describe its intended use case.\n */\n description?: string;\n\n /**\n * An optional URL of the website for this implementation.\n *\n * @format uri\n */\n websiteUrl?: string;\n}\n\n/* Ping */\n/**\n * A ping, issued by either the server or the client, to check that the other party is still alive. The receiver must promptly respond, or else may be disconnected.\n *\n * @example Ping request\n * {@includeCode ./examples/PingRequest/ping-request.json}\n *\n * @category `ping`\n */\nexport interface PingRequest extends JSONRPCRequest {\n method: 'ping';\n params?: RequestParams;\n}\n\n/**\n * A successful response for a {@link PingRequest | ping} request.\n *\n * @example Ping result response\n * {@includeCode ./examples/PingResultResponse/ping-result-response.json}\n *\n * @category `ping`\n */\nexport interface PingResultResponse extends JSONRPCResultResponse {\n result: EmptyResult;\n}\n\n/* Progress notifications */\n\n/**\n * Parameters for a {@link ProgressNotification | notifications/progress} notification.\n *\n * @example Progress message\n * {@includeCode ./examples/ProgressNotificationParams/progress-message.json}\n *\n * @category `notifications/progress`\n */\nexport interface ProgressNotificationParams extends NotificationParams {\n /**\n * The progress token which was given in the initial request, used to associate this notification with the request that is proceeding.\n */\n progressToken: ProgressToken;\n /**\n * The progress thus far. This should increase every time progress is made, even if the total is unknown.\n *\n * @TJS-type number\n */\n progress: number;\n /**\n * Total number of items to process (or total progress required), if known.\n *\n * @TJS-type number\n */\n total?: number;\n /**\n * An optional message describing the current progress.\n */\n message?: string;\n}\n\n/**\n * An out-of-band notification used to inform the receiver of a progress update for a long-running request.\n *\n * @example Progress message\n * {@includeCode ./examples/ProgressNotification/progress-message.json}\n *\n * @category `notifications/progress`\n */\nexport interface ProgressNotification extends JSONRPCNotification {\n method: 'notifications/progress';\n params: ProgressNotificationParams;\n}\n\n/* Pagination */\n/**\n * Common params for paginated requests.\n *\n * @example List request with cursor\n * {@includeCode ./examples/PaginatedRequestParams/list-with-cursor.json}\n *\n * @category Common Types\n */\nexport interface PaginatedRequestParams extends RequestParams {\n /**\n * An opaque token representing the current pagination position.\n * If provided, the server should return results starting after this cursor.\n */\n cursor?: Cursor;\n}\n\n/** @internal */\nexport interface PaginatedRequest extends JSONRPCRequest {\n params?: PaginatedRequestParams;\n}\n\n/** @internal */\nexport interface PaginatedResult extends Result {\n /**\n * An opaque token representing the pagination position after the last returned result.\n * If present, there may be more results available.\n */\n nextCursor?: Cursor;\n}\n\n/* Resources */\n/**\n * Sent from the client to request a list of resources the server has.\n *\n * @example List resources request\n * {@includeCode ./examples/ListResourcesRequest/list-resources-request.json}\n *\n * @category `resources/list`\n */\nexport interface ListResourcesRequest extends PaginatedRequest {\n method: 'resources/list';\n}\n\n/**\n * The result returned by the server for a {@link ListResourcesRequest | resources/list} request.\n *\n * @example Resources list with cursor\n * {@includeCode ./examples/ListResourcesResult/resources-list-with-cursor.json}\n *\n * @category `resources/list`\n */\nexport interface ListResourcesResult extends PaginatedResult {\n resources: Resource[];\n}\n\n/**\n * A successful response from the server for a {@link ListResourcesRequest | resources/list} request.\n *\n * @example List resources result response\n * {@includeCode ./examples/ListResourcesResultResponse/list-resources-result-response.json}\n *\n * @category `resources/list`\n */\nexport interface ListResourcesResultResponse extends JSONRPCResultResponse {\n result: ListResourcesResult;\n}\n\n/**\n * Sent from the client to request a list of resource templates the server has.\n *\n * @example List resource templates request\n * {@includeCode ./examples/ListResourceTemplatesRequest/list-resource-templates-request.json}\n *\n * @category `resources/templates/list`\n */\nexport interface ListResourceTemplatesRequest extends PaginatedRequest {\n method: 'resources/templates/list';\n}\n\n/**\n * The result returned by the server for a {@link ListResourceTemplatesRequest | resources/templates/list} request.\n *\n * @example Resource templates list\n * {@includeCode ./examples/ListResourceTemplatesResult/resource-templates-list.json}\n *\n * @category `resources/templates/list`\n */\nexport interface ListResourceTemplatesResult extends PaginatedResult {\n resourceTemplates: ResourceTemplate[];\n}\n\n/**\n * A successful response from the server for a {@link ListResourceTemplatesRequest | resources/templates/list} request.\n *\n * @example List resource templates result response\n * {@includeCode ./examples/ListResourceTemplatesResultResponse/list-resource-templates-result-response.json}\n *\n * @category `resources/templates/list`\n */\nexport interface ListResourceTemplatesResultResponse extends JSONRPCResultResponse {\n result: ListResourceTemplatesResult;\n}\n\n/**\n * Common params for resource-related requests.\n *\n * @internal\n */\nexport interface ResourceRequestParams extends RequestParams {\n /**\n * The URI of the resource. The URI can use any protocol; it is up to the server how to interpret it.\n *\n * @format uri\n */\n uri: string;\n}\n\n/**\n * Parameters for a `resources/read` request.\n *\n * @category `resources/read`\n */\n// eslint-disable-next-line @typescript-eslint/no-empty-object-type\nexport interface ReadResourceRequestParams extends ResourceRequestParams {}\n\n/**\n * Sent from the client to the server, to read a specific resource URI.\n *\n * @example Read resource request\n * {@includeCode ./examples/ReadResourceRequest/read-resource-request.json}\n *\n * @category `resources/read`\n */\nexport interface ReadResourceRequest extends JSONRPCRequest {\n method: 'resources/read';\n params: ReadResourceRequestParams;\n}\n\n/**\n * The result returned by the server for a {@link ReadResourceRequest | resources/read} request.\n *\n * @example File resource contents\n * {@includeCode ./examples/ReadResourceResult/file-resource-contents.json}\n *\n * @category `resources/read`\n */\nexport interface ReadResourceResult extends Result {\n contents: (TextResourceContents | BlobResourceContents)[];\n}\n\n/**\n * A successful response from the server for a {@link ReadResourceRequest | resources/read} request.\n *\n * @example Read resource result response\n * {@includeCode ./examples/ReadResourceResultResponse/read-resource-result-response.json}\n *\n * @category `resources/read`\n */\nexport interface ReadResourceResultResponse extends JSONRPCResultResponse {\n result: ReadResourceResult;\n}\n\n/**\n * An optional notification from the server to the client, informing it that the list of resources it can read from has changed. This may be issued by servers without any previous subscription from the client.\n *\n * @example Resources list changed\n * {@includeCode ./examples/ResourceListChangedNotification/resources-list-changed.json}\n *\n * @category `notifications/resources/list_changed`\n */\nexport interface ResourceListChangedNotification extends JSONRPCNotification {\n method: 'notifications/resources/list_changed';\n params?: NotificationParams;\n}\n\n/**\n * Parameters for a `resources/subscribe` request.\n *\n * @example Subscribe to file resource\n * {@includeCode ./examples/SubscribeRequestParams/subscribe-to-file-resource.json}\n *\n * @category `resources/subscribe`\n */\n// eslint-disable-next-line @typescript-eslint/no-empty-object-type\nexport interface SubscribeRequestParams extends ResourceRequestParams {}\n\n/**\n * Sent from the client to request {@link ResourceUpdatedNotification | resources/updated} notifications from the server whenever a particular resource changes.\n *\n * @example Subscribe request\n * {@includeCode ./examples/SubscribeRequest/subscribe-request.json}\n *\n * @category `resources/subscribe`\n */\nexport interface SubscribeRequest extends JSONRPCRequest {\n method: 'resources/subscribe';\n params: SubscribeRequestParams;\n}\n\n/**\n * A successful response from the server for a {@link SubscribeRequest | resources/subscribe} request.\n *\n * @example Subscribe result response\n * {@includeCode ./examples/SubscribeResultResponse/subscribe-result-response.json}\n *\n * @category `resources/subscribe`\n */\nexport interface SubscribeResultResponse extends JSONRPCResultResponse {\n result: EmptyResult;\n}\n\n/**\n * Parameters for a `resources/unsubscribe` request.\n *\n * @category `resources/unsubscribe`\n */\n// eslint-disable-next-line @typescript-eslint/no-empty-object-type\nexport interface UnsubscribeRequestParams extends ResourceRequestParams {}\n\n/**\n * Sent from the client to request cancellation of {@link ResourceUpdatedNotification | resources/updated} notifications from the server. This should follow a previous {@link SubscribeRequest | resources/subscribe} request.\n *\n * @example Unsubscribe request\n * {@includeCode ./examples/UnsubscribeRequest/unsubscribe-request.json}\n *\n * @category `resources/unsubscribe`\n */\nexport interface UnsubscribeRequest extends JSONRPCRequest {\n method: 'resources/unsubscribe';\n params: UnsubscribeRequestParams;\n}\n\n/**\n * A successful response from the server for a {@link UnsubscribeRequest | resources/unsubscribe} request.\n *\n * @example Unsubscribe result response\n * {@includeCode ./examples/UnsubscribeResultResponse/unsubscribe-result-response.json}\n *\n * @category `resources/unsubscribe`\n */\nexport interface UnsubscribeResultResponse extends JSONRPCResultResponse {\n result: EmptyResult;\n}\n\n/**\n * Parameters for a `notifications/resources/updated` notification.\n *\n * @example File resource updated\n * {@includeCode ./examples/ResourceUpdatedNotificationParams/file-resource-updated.json}\n *\n * @category `notifications/resources/updated`\n */\nexport interface ResourceUpdatedNotificationParams extends NotificationParams {\n /**\n * The URI of the resource that has been updated. This might be a sub-resource of the one that the client actually subscribed to.\n *\n * @format uri\n */\n uri: string;\n}\n\n/**\n * A notification from the server to the client, informing it that a resource has changed and may need to be read again. This should only be sent if the client previously sent a {@link SubscribeRequest | resources/subscribe} request.\n *\n * @example File resource updated notification\n * {@includeCode ./examples/ResourceUpdatedNotification/file-resource-updated-notification.json}\n *\n * @category `notifications/resources/updated`\n */\nexport interface ResourceUpdatedNotification extends JSONRPCNotification {\n method: 'notifications/resources/updated';\n params: ResourceUpdatedNotificationParams;\n}\n\n/**\n * A known resource that the server is capable of reading.\n *\n * @example File resource with annotations\n * {@includeCode ./examples/Resource/file-resource-with-annotations.json}\n *\n * @category `resources/list`\n */\nexport interface Resource extends BaseMetadata, Icons {\n /**\n * The URI of this resource.\n *\n * @format uri\n */\n uri: string;\n\n /**\n * A description of what this resource represents.\n *\n * This can be used by clients to improve the LLM's understanding of available resources. It can be thought of like a \"hint\" to the model.\n */\n description?: string;\n\n /**\n * The MIME type of this resource, if known.\n */\n mimeType?: string;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n /**\n * The size of the raw resource content, in bytes (i.e., before base64 encoding or any tokenization), if known.\n *\n * This can be used by Hosts to display file sizes and estimate context window usage.\n */\n size?: number;\n\n _meta?: MetaObject;\n}\n\n/**\n * A template description for resources available on the server.\n *\n * @category `resources/templates/list`\n */\nexport interface ResourceTemplate extends BaseMetadata, Icons {\n /**\n * A URI template (according to RFC 6570) that can be used to construct resource URIs.\n *\n * @format uri-template\n */\n uriTemplate: string;\n\n /**\n * A description of what this template is for.\n *\n * This can be used by clients to improve the LLM's understanding of available resources. It can be thought of like a \"hint\" to the model.\n */\n description?: string;\n\n /**\n * The MIME type for all resources that match this template. This should only be included if all resources matching this template have the same type.\n */\n mimeType?: string;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n _meta?: MetaObject;\n}\n\n/**\n * The contents of a specific resource or sub-resource.\n *\n * @internal\n */\nexport interface ResourceContents {\n /**\n * The URI of this resource.\n *\n * @format uri\n */\n uri: string;\n /**\n * The MIME type of this resource, if known.\n */\n mimeType?: string;\n\n _meta?: MetaObject;\n}\n\n/**\n * @example Text file contents\n * {@includeCode ./examples/TextResourceContents/text-file-contents.json}\n *\n * @category Content\n */\nexport interface TextResourceContents extends ResourceContents {\n /**\n * The text of the item. This must only be set if the item can actually be represented as text (not binary data).\n */\n text: string;\n}\n\n/**\n * @example Image file contents\n * {@includeCode ./examples/BlobResourceContents/image-file-contents.json}\n *\n * @category Content\n */\nexport interface BlobResourceContents extends ResourceContents {\n /**\n * A base64-encoded string representing the binary data of the item.\n *\n * @format byte\n */\n blob: string;\n}\n\n/* Prompts */\n/**\n * Sent from the client to request a list of prompts and prompt templates the server has.\n *\n * @example List prompts request\n * {@includeCode ./examples/ListPromptsRequest/list-prompts-request.json}\n *\n * @category `prompts/list`\n */\nexport interface ListPromptsRequest extends PaginatedRequest {\n method: 'prompts/list';\n}\n\n/**\n * The result returned by the server for a {@link ListPromptsRequest | prompts/list} request.\n *\n * @example Prompts list with cursor\n * {@includeCode ./examples/ListPromptsResult/prompts-list-with-cursor.json}\n *\n * @category `prompts/list`\n */\nexport interface ListPromptsResult extends PaginatedResult {\n prompts: Prompt[];\n}\n\n/**\n * A successful response from the server for a {@link ListPromptsRequest | prompts/list} request.\n *\n * @example List prompts result response\n * {@includeCode ./examples/ListPromptsResultResponse/list-prompts-result-response.json}\n *\n * @category `prompts/list`\n */\nexport interface ListPromptsResultResponse extends JSONRPCResultResponse {\n result: ListPromptsResult;\n}\n\n/**\n * Parameters for a `prompts/get` request.\n *\n * @example Get code review prompt\n * {@includeCode ./examples/GetPromptRequestParams/get-code-review-prompt.json}\n *\n * @category `prompts/get`\n */\nexport interface GetPromptRequestParams extends RequestParams {\n /**\n * The name of the prompt or prompt template.\n */\n name: string;\n /**\n * Arguments to use for templating the prompt.\n */\n arguments?: { [key: string]: string };\n}\n\n/**\n * Used by the client to get a prompt provided by the server.\n *\n * @example Get prompt request\n * {@includeCode ./examples/GetPromptRequest/get-prompt-request.json}\n *\n * @category `prompts/get`\n */\nexport interface GetPromptRequest extends JSONRPCRequest {\n method: 'prompts/get';\n params: GetPromptRequestParams;\n}\n\n/**\n * The result returned by the server for a {@link GetPromptRequest | prompts/get} request.\n *\n * @example Code review prompt\n * {@includeCode ./examples/GetPromptResult/code-review-prompt.json}\n *\n * @category `prompts/get`\n */\nexport interface GetPromptResult extends Result {\n /**\n * An optional description for the prompt.\n */\n description?: string;\n messages: PromptMessage[];\n}\n\n/**\n * A successful response from the server for a {@link GetPromptRequest | prompts/get} request.\n *\n * @example Get prompt result response\n * {@includeCode ./examples/GetPromptResultResponse/get-prompt-result-response.json}\n *\n * @category `prompts/get`\n */\nexport interface GetPromptResultResponse extends JSONRPCResultResponse {\n result: GetPromptResult;\n}\n\n/**\n * A prompt or prompt template that the server offers.\n *\n * @category `prompts/list`\n */\nexport interface Prompt extends BaseMetadata, Icons {\n /**\n * An optional description of what this prompt provides\n */\n description?: string;\n\n /**\n * A list of arguments to use for templating the prompt.\n */\n arguments?: PromptArgument[];\n\n _meta?: MetaObject;\n}\n\n/**\n * Describes an argument that a prompt can accept.\n *\n * @category `prompts/list`\n */\nexport interface PromptArgument extends BaseMetadata {\n /**\n * A human-readable description of the argument.\n */\n description?: string;\n /**\n * Whether this argument must be provided.\n */\n required?: boolean;\n}\n\n/**\n * The sender or recipient of messages and data in a conversation.\n *\n * @category Common Types\n */\nexport type Role = 'user' | 'assistant';\n\n/**\n * Describes a message returned as part of a prompt.\n *\n * This is similar to {@link SamplingMessage}, but also supports the embedding of\n * resources from the MCP server.\n *\n * @category `prompts/get`\n */\nexport interface PromptMessage {\n role: Role;\n content: ContentBlock;\n}\n\n/**\n * A resource that the server is capable of reading, included in a prompt or tool call result.\n *\n * Note: resource links returned by tools are not guaranteed to appear in the results of {@link ListResourcesRequest | resources/list} requests.\n *\n * @example File resource link\n * {@includeCode ./examples/ResourceLink/file-resource-link.json}\n *\n * @category Content\n */\nexport interface ResourceLink extends Resource {\n type: 'resource_link';\n}\n\n/**\n * The contents of a resource, embedded into a prompt or tool call result.\n *\n * It is up to the client how best to render embedded resources for the benefit\n * of the LLM and/or the user.\n *\n * @example Embedded file resource with annotations\n * {@includeCode ./examples/EmbeddedResource/embedded-file-resource-with-annotations.json}\n *\n * @category Content\n */\nexport interface EmbeddedResource {\n type: 'resource';\n resource: TextResourceContents | BlobResourceContents;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n _meta?: MetaObject;\n}\n/**\n * An optional notification from the server to the client, informing it that the list of prompts it offers has changed. This may be issued by servers without any previous subscription from the client.\n *\n * @example Prompts list changed\n * {@includeCode ./examples/PromptListChangedNotification/prompts-list-changed.json}\n *\n * @category `notifications/prompts/list_changed`\n */\nexport interface PromptListChangedNotification extends JSONRPCNotification {\n method: 'notifications/prompts/list_changed';\n params?: NotificationParams;\n}\n\n/* Tools */\n/**\n * Sent from the client to request a list of tools the server has.\n *\n * @example List tools request\n * {@includeCode ./examples/ListToolsRequest/list-tools-request.json}\n *\n * @category `tools/list`\n */\nexport interface ListToolsRequest extends PaginatedRequest {\n method: 'tools/list';\n}\n\n/**\n * The result returned by the server for a {@link ListToolsRequest | tools/list} request.\n *\n * @example Tools list with cursor\n * {@includeCode ./examples/ListToolsResult/tools-list-with-cursor.json}\n *\n * @category `tools/list`\n */\nexport interface ListToolsResult extends PaginatedResult {\n tools: Tool[];\n}\n\n/**\n * A successful response from the server for a {@link ListToolsRequest | tools/list} request.\n *\n * @example List tools result response\n * {@includeCode ./examples/ListToolsResultResponse/list-tools-result-response.json}\n *\n * @category `tools/list`\n */\nexport interface ListToolsResultResponse extends JSONRPCResultResponse {\n result: ListToolsResult;\n}\n\n/**\n * The result returned by the server for a {@link CallToolRequest | tools/call} request.\n *\n * @example Result with unstructured text\n * {@includeCode ./examples/CallToolResult/result-with-unstructured-text.json}\n *\n * @example Result with structured content\n * {@includeCode ./examples/CallToolResult/result-with-structured-content.json}\n *\n * @example Invalid tool input error\n * {@includeCode ./examples/CallToolResult/invalid-tool-input-error.json}\n *\n * @category `tools/call`\n */\nexport interface CallToolResult extends Result {\n /**\n * A list of content objects that represent the unstructured result of the tool call.\n */\n content: ContentBlock[];\n\n /**\n * An optional JSON object that represents the structured result of the tool call.\n */\n structuredContent?: { [key: string]: unknown };\n\n /**\n * Whether the tool call ended in an error.\n *\n * If not set, this is assumed to be false (the call was successful).\n *\n * Any errors that originate from the tool SHOULD be reported inside the result\n * object, with `isError` set to true, _not_ as an MCP protocol-level error\n * response. Otherwise, the LLM would not be able to see that an error occurred\n * and self-correct.\n *\n * However, any errors in _finding_ the tool, an error indicating that the\n * server does not support tool calls, or any other exceptional conditions,\n * should be reported as an MCP error response.\n */\n isError?: boolean;\n}\n\n/**\n * A successful response from the server for a {@link CallToolRequest | tools/call} request.\n *\n * @example Call tool result response\n * {@includeCode ./examples/CallToolResultResponse/call-tool-result-response.json}\n *\n * @category `tools/call`\n */\nexport interface CallToolResultResponse extends JSONRPCResultResponse {\n result: CallToolResult;\n}\n\n/**\n * Parameters for a `tools/call` request.\n *\n * @example `get_weather` tool call params\n * {@includeCode ./examples/CallToolRequestParams/get-weather-tool-call-params.json}\n *\n * @example Tool call params with progress token\n * {@includeCode ./examples/CallToolRequestParams/tool-call-params-with-progress-token.json}\n *\n * @category `tools/call`\n */\nexport interface CallToolRequestParams extends TaskAugmentedRequestParams {\n /**\n * The name of the tool.\n */\n name: string;\n /**\n * Arguments to use for the tool call.\n */\n arguments?: { [key: string]: unknown };\n}\n\n/**\n * Used by the client to invoke a tool provided by the server.\n *\n * @example Call tool request\n * {@includeCode ./examples/CallToolRequest/call-tool-request.json}\n *\n * @category `tools/call`\n */\nexport interface CallToolRequest extends JSONRPCRequest {\n method: 'tools/call';\n params: CallToolRequestParams;\n}\n\n/**\n * An optional notification from the server to the client, informing it that the list of tools it offers has changed. This may be issued by servers without any previous subscription from the client.\n *\n * @example Tools list changed\n * {@includeCode ./examples/ToolListChangedNotification/tools-list-changed.json}\n *\n * @category `notifications/tools/list_changed`\n */\nexport interface ToolListChangedNotification extends JSONRPCNotification {\n method: 'notifications/tools/list_changed';\n params?: NotificationParams;\n}\n\n/**\n * Additional properties describing a {@link Tool} to clients.\n *\n * NOTE: all properties in `ToolAnnotations` are **hints**.\n * They are not guaranteed to provide a faithful description of\n * tool behavior (including descriptive properties like `title`).\n *\n * Clients should never make tool use decisions based on `ToolAnnotations`\n * received from untrusted servers.\n *\n * @category `tools/list`\n */\nexport interface ToolAnnotations {\n /**\n * A human-readable title for the tool.\n */\n title?: string;\n\n /**\n * If true, the tool does not modify its environment.\n *\n * Default: false\n */\n readOnlyHint?: boolean;\n\n /**\n * If true, the tool may perform destructive updates to its environment.\n * If false, the tool performs only additive updates.\n *\n * (This property is meaningful only when `readOnlyHint == false`)\n *\n * Default: true\n */\n destructiveHint?: boolean;\n\n /**\n * If true, calling the tool repeatedly with the same arguments\n * will have no additional effect on its environment.\n *\n * (This property is meaningful only when `readOnlyHint == false`)\n *\n * Default: false\n */\n idempotentHint?: boolean;\n\n /**\n * If true, this tool may interact with an \"open world\" of external\n * entities. If false, the tool's domain of interaction is closed.\n * For example, the world of a web search tool is open, whereas that\n * of a memory tool is not.\n *\n * Default: true\n */\n openWorldHint?: boolean;\n}\n\n/**\n * Execution-related properties for a tool.\n *\n * @category `tools/list`\n */\nexport interface ToolExecution {\n /**\n * Indicates whether this tool supports task-augmented execution.\n * This allows clients to handle long-running operations through polling\n * the task system.\n *\n * - `\"forbidden\"`: Tool does not support task-augmented execution (default when absent)\n * - `\"optional\"`: Tool may support task-augmented execution\n * - `\"required\"`: Tool requires task-augmented execution\n *\n * Default: `\"forbidden\"`\n */\n taskSupport?: 'forbidden' | 'optional' | 'required';\n}\n\n/**\n * Definition for a tool the client can call.\n *\n * @example With default 2020-12 input schema\n * {@includeCode ./examples/Tool/with-default-2020-12-input-schema.json}\n *\n * @example With explicit draft-07 input schema\n * {@includeCode ./examples/Tool/with-explicit-draft-07-input-schema.json}\n *\n * @example With no parameters\n * {@includeCode ./examples/Tool/with-no-parameters.json}\n *\n * @example With output schema for structured content\n * {@includeCode ./examples/Tool/with-output-schema-for-structured-content.json}\n *\n * @category `tools/list`\n */\nexport interface Tool extends BaseMetadata, Icons {\n /**\n * A human-readable description of the tool.\n *\n * This can be used by clients to improve the LLM's understanding of available tools. It can be thought of like a \"hint\" to the model.\n */\n description?: string;\n\n /**\n * A JSON Schema object defining the expected parameters for the tool.\n */\n inputSchema: {\n $schema?: string;\n type: 'object';\n properties?: { [key: string]: JSONValue };\n required?: string[];\n };\n\n /**\n * Execution-related properties for this tool.\n */\n execution?: ToolExecution;\n\n /**\n * An optional JSON Schema object defining the structure of the tool's output returned in\n * the structuredContent field of a {@link CallToolResult}.\n *\n * Defaults to JSON Schema 2020-12 when no explicit `$schema` is provided.\n * Currently restricted to `type: \"object\"` at the root level.\n */\n outputSchema?: {\n $schema?: string;\n type: 'object';\n properties?: { [key: string]: JSONValue };\n required?: string[];\n };\n\n /**\n * Optional additional tool information.\n *\n * Display name precedence order is: `title`, `annotations.title`, then `name`.\n */\n annotations?: ToolAnnotations;\n\n _meta?: MetaObject;\n}\n\n/* Tasks */\n\n/**\n * The status of a task.\n *\n * @category `tasks`\n */\nexport type TaskStatus =\n | 'working' // The request is currently being processed\n | 'input_required' // The task is waiting for input (e.g., elicitation or sampling)\n | 'completed' // The request completed successfully and results are available\n | 'failed' // The associated request did not complete successfully. For tool calls specifically, this includes cases where the tool call result has `isError` set to true.\n | 'cancelled'; // The request was cancelled before completion\n\n/**\n * Metadata for augmenting a request with task execution.\n * Include this in the `task` field of the request parameters.\n *\n * @category `tasks`\n */\nexport interface TaskMetadata {\n /**\n * Requested duration in milliseconds to retain task from creation.\n */\n ttl?: number;\n}\n\n/**\n * Metadata for associating messages with a task.\n * Include this in the `_meta` field under the key `io.modelcontextprotocol/related-task`.\n *\n * @category `tasks`\n */\nexport interface RelatedTaskMetadata {\n /**\n * The task identifier this message is associated with.\n */\n taskId: string;\n}\n\n/**\n * Data associated with a task.\n *\n * @category `tasks`\n */\nexport interface Task {\n /**\n * The task identifier.\n */\n taskId: string;\n\n /**\n * Current task state.\n */\n status: TaskStatus;\n\n /**\n * Optional human-readable message describing the current task state.\n * This can provide context for any status, including:\n * - Reasons for \"cancelled\" status\n * - Summaries for \"completed\" status\n * - Diagnostic information for \"failed\" status (e.g., error details, what went wrong)\n */\n statusMessage?: string;\n\n /**\n * ISO 8601 timestamp when the task was created.\n */\n createdAt: string;\n\n /**\n * ISO 8601 timestamp when the task was last updated.\n */\n lastUpdatedAt: string;\n\n /**\n * Actual retention duration from creation in milliseconds, null for unlimited.\n */\n ttl: number | null;\n\n /**\n * Suggested polling interval in milliseconds.\n */\n pollInterval?: number;\n}\n\n/**\n * The result returned for a task-augmented request.\n *\n * @category `tasks`\n */\nexport interface CreateTaskResult extends Result {\n task: Task;\n}\n\n/**\n * A successful response for a task-augmented request.\n *\n * @category `tasks`\n */\nexport interface CreateTaskResultResponse extends JSONRPCResultResponse {\n result: CreateTaskResult;\n}\n\n/**\n * A request to retrieve the state of a task.\n *\n * @category `tasks/get`\n */\nexport interface GetTaskRequest extends JSONRPCRequest {\n method: 'tasks/get';\n params: {\n /**\n * The task identifier to query.\n */\n taskId: string;\n };\n}\n\n/**\n * The result returned for a {@link GetTaskRequest | tasks/get} request.\n *\n * @category `tasks/get`\n */\nexport type GetTaskResult = Result & Task;\n\n/**\n * A successful response for a {@link GetTaskRequest | tasks/get} request.\n *\n * @category `tasks/get`\n */\nexport interface GetTaskResultResponse extends JSONRPCResultResponse {\n result: GetTaskResult;\n}\n\n/**\n * A request to retrieve the result of a completed task.\n *\n * @category `tasks/result`\n */\nexport interface GetTaskPayloadRequest extends JSONRPCRequest {\n method: 'tasks/result';\n params: {\n /**\n * The task identifier to retrieve results for.\n */\n taskId: string;\n };\n}\n\n/**\n * The result returned for a {@link GetTaskPayloadRequest | tasks/result} request.\n * The structure matches the result type of the original request.\n * For example, a {@link CallToolRequest | tools/call} task would return the {@link CallToolResult} structure.\n *\n * @category `tasks/result`\n */\nexport interface GetTaskPayloadResult extends Result {\n [key: string]: unknown;\n}\n\n/**\n * A successful response for a {@link GetTaskPayloadRequest | tasks/result} request.\n *\n * @category `tasks/result`\n */\nexport interface GetTaskPayloadResultResponse extends JSONRPCResultResponse {\n result: GetTaskPayloadResult;\n}\n\n/**\n * A request to cancel a task.\n *\n * @category `tasks/cancel`\n */\nexport interface CancelTaskRequest extends JSONRPCRequest {\n method: 'tasks/cancel';\n params: {\n /**\n * The task identifier to cancel.\n */\n taskId: string;\n };\n}\n\n/**\n * The result returned for a {@link CancelTaskRequest | tasks/cancel} request.\n *\n * @category `tasks/cancel`\n */\nexport type CancelTaskResult = Result & Task;\n\n/**\n * A successful response for a {@link CancelTaskRequest | tasks/cancel} request.\n *\n * @category `tasks/cancel`\n */\nexport interface CancelTaskResultResponse extends JSONRPCResultResponse {\n result: CancelTaskResult;\n}\n\n/**\n * A request to retrieve a list of tasks.\n *\n * @category `tasks/list`\n */\nexport interface ListTasksRequest extends PaginatedRequest {\n method: 'tasks/list';\n}\n\n/**\n * The result returned for a {@link ListTasksRequest | tasks/list} request.\n *\n * @category `tasks/list`\n */\nexport interface ListTasksResult extends PaginatedResult {\n tasks: Task[];\n}\n\n/**\n * A successful response for a {@link ListTasksRequest | tasks/list} request.\n *\n * @category `tasks/list`\n */\nexport interface ListTasksResultResponse extends JSONRPCResultResponse {\n result: ListTasksResult;\n}\n\n/**\n * Parameters for a `notifications/tasks/status` notification.\n *\n * @category `notifications/tasks/status`\n */\nexport type TaskStatusNotificationParams = NotificationParams & Task;\n\n/**\n * An optional notification from the receiver to the requestor, informing them that a task's status has changed. Receivers are not required to send these notifications.\n *\n * @category `notifications/tasks/status`\n */\nexport interface TaskStatusNotification extends JSONRPCNotification {\n method: 'notifications/tasks/status';\n params: TaskStatusNotificationParams;\n}\n\n/* Logging */\n\n/**\n * Parameters for a `logging/setLevel` request.\n *\n * @example Set log level to \"info\"\n * {@includeCode ./examples/SetLevelRequestParams/set-log-level-to-info.json}\n *\n * @category `logging/setLevel`\n */\nexport interface SetLevelRequestParams extends RequestParams {\n /**\n * The level of logging that the client wants to receive from the server. The server should send all logs at this level and higher (i.e., more severe) to the client as {@link LoggingMessageNotification | notifications/message}.\n */\n level: LoggingLevel;\n}\n\n/**\n * A request from the client to the server, to enable or adjust logging.\n *\n * @example Set logging level request\n * {@includeCode ./examples/SetLevelRequest/set-logging-level-request.json}\n *\n * @category `logging/setLevel`\n */\nexport interface SetLevelRequest extends JSONRPCRequest {\n method: 'logging/setLevel';\n params: SetLevelRequestParams;\n}\n\n/**\n * A successful response from the server for a {@link SetLevelRequest | logging/setLevel} request.\n *\n * @example Set logging level result response\n * {@includeCode ./examples/SetLevelResultResponse/set-logging-level-result-response.json}\n *\n * @category `logging/setLevel`\n */\nexport interface SetLevelResultResponse extends JSONRPCResultResponse {\n result: EmptyResult;\n}\n\n/**\n * Parameters for a `notifications/message` notification.\n *\n * @example Log database connection failed\n * {@includeCode ./examples/LoggingMessageNotificationParams/log-database-connection-failed.json}\n *\n * @category `notifications/message`\n */\nexport interface LoggingMessageNotificationParams extends NotificationParams {\n /**\n * The severity of this log message.\n */\n level: LoggingLevel;\n /**\n * An optional name of the logger issuing this message.\n */\n logger?: string;\n /**\n * The data to be logged, such as a string message or an object. Any JSON serializable type is allowed here.\n */\n data: unknown;\n}\n\n/**\n * JSONRPCNotification of a log message passed from server to client. If no `logging/setLevel` request has been sent from the client, the server MAY decide which messages to send automatically.\n *\n * @example Log database connection failed\n * {@includeCode ./examples/LoggingMessageNotification/log-database-connection-failed.json}\n *\n * @category `notifications/message`\n */\nexport interface LoggingMessageNotification extends JSONRPCNotification {\n method: 'notifications/message';\n params: LoggingMessageNotificationParams;\n}\n\n/**\n * The severity of a log message.\n *\n * These map to syslog message severities, as specified in RFC-5424:\n * https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.1\n *\n * @category Common Types\n */\nexport type LoggingLevel = 'debug' | 'info' | 'notice' | 'warning' | 'error' | 'critical' | 'alert' | 'emergency';\n\n/* Sampling */\n/**\n * Parameters for a `sampling/createMessage` request.\n *\n * @example Basic request\n * {@includeCode ./examples/CreateMessageRequestParams/basic-request.json}\n *\n * @example Request with tools\n * {@includeCode ./examples/CreateMessageRequestParams/request-with-tools.json}\n *\n * @example Follow-up request with tool results\n * {@includeCode ./examples/CreateMessageRequestParams/follow-up-with-tool-results.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface CreateMessageRequestParams extends TaskAugmentedRequestParams {\n messages: SamplingMessage[];\n /**\n * The server's preferences for which model to select. The client MAY ignore these preferences.\n */\n modelPreferences?: ModelPreferences;\n /**\n * An optional system prompt the server wants to use for sampling. The client MAY modify or omit this prompt.\n */\n systemPrompt?: string;\n /**\n * A request to include context from one or more MCP servers (including the caller), to be attached to the prompt.\n * The client MAY ignore this request.\n *\n * Default is `\"none\"`. Values `\"thisServer\"` and `\"allServers\"` are soft-deprecated. Servers SHOULD only use these values if the client\n * declares {@link ClientCapabilities.sampling.context}. These values may be removed in future spec releases.\n */\n includeContext?: 'none' | 'thisServer' | 'allServers';\n /**\n * @TJS-type number\n */\n temperature?: number;\n /**\n * The requested maximum number of tokens to sample (to prevent runaway completions).\n *\n * The client MAY choose to sample fewer tokens than the requested maximum.\n */\n maxTokens: number;\n stopSequences?: string[];\n /**\n * Optional metadata to pass through to the LLM provider. The format of this metadata is provider-specific.\n */\n metadata?: JSONObject;\n /**\n * Tools that the model may use during generation.\n * The client MUST return an error if this field is provided but {@link ClientCapabilities.sampling.tools} is not declared.\n */\n tools?: Tool[];\n /**\n * Controls how the model uses tools.\n * The client MUST return an error if this field is provided but {@link ClientCapabilities.sampling.tools} is not declared.\n * Default is `{ mode: \"auto\" }`.\n */\n toolChoice?: ToolChoice;\n}\n\n/**\n * Controls tool selection behavior for sampling requests.\n *\n * @category `sampling/createMessage`\n */\nexport interface ToolChoice {\n /**\n * Controls the tool use ability of the model:\n * - `\"auto\"`: Model decides whether to use tools (default)\n * - `\"required\"`: Model MUST use at least one tool before completing\n * - `\"none\"`: Model MUST NOT use any tools\n */\n mode?: 'auto' | 'required' | 'none';\n}\n\n/**\n * A request from the server to sample an LLM via the client. The client has full discretion over which model to select. The client should also inform the user before beginning sampling, to allow them to inspect the request (human in the loop) and decide whether to approve it.\n *\n * @example Sampling request\n * {@includeCode ./examples/CreateMessageRequest/sampling-request.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface CreateMessageRequest extends JSONRPCRequest {\n method: 'sampling/createMessage';\n params: CreateMessageRequestParams;\n}\n\n/**\n * The result returned by the client for a {@link CreateMessageRequest | sampling/createMessage} request.\n * The client should inform the user before returning the sampled message, to allow them\n * to inspect the response (human in the loop) and decide whether to allow the server to see it.\n *\n * @example Text response\n * {@includeCode ./examples/CreateMessageResult/text-response.json}\n *\n * @example Tool use response\n * {@includeCode ./examples/CreateMessageResult/tool-use-response.json}\n *\n * @example Final response after tool use\n * {@includeCode ./examples/CreateMessageResult/final-response.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface CreateMessageResult extends Result, SamplingMessage {\n /**\n * The name of the model that generated the message.\n */\n model: string;\n\n /**\n * The reason why sampling stopped, if known.\n *\n * Standard values:\n * - `\"endTurn\"`: Natural end of the assistant's turn\n * - `\"stopSequence\"`: A stop sequence was encountered\n * - `\"maxTokens\"`: Maximum token limit was reached\n * - `\"toolUse\"`: The model wants to use one or more tools\n *\n * This field is an open string to allow for provider-specific stop reasons.\n */\n stopReason?: 'endTurn' | 'stopSequence' | 'maxTokens' | 'toolUse' | string;\n}\n\n/**\n * A successful response from the client for a {@link CreateMessageRequest | sampling/createMessage} request.\n *\n * @example Sampling result response\n * {@includeCode ./examples/CreateMessageResultResponse/sampling-result-response.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface CreateMessageResultResponse extends JSONRPCResultResponse {\n result: CreateMessageResult;\n}\n\n/**\n * Describes a message issued to or received from an LLM API.\n *\n * @example Single content block\n * {@includeCode ./examples/SamplingMessage/single-content-block.json}\n *\n * @example Multiple content blocks\n * {@includeCode ./examples/SamplingMessage/multiple-content-blocks.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface SamplingMessage {\n role: Role;\n content: SamplingMessageContentBlock | SamplingMessageContentBlock[];\n _meta?: MetaObject;\n}\n\n/**\n * @category `sampling/createMessage`\n */\nexport type SamplingMessageContentBlock = TextContent | ImageContent | AudioContent | ToolUseContent | ToolResultContent;\n\n/**\n * Optional annotations for the client. The client can use annotations to inform how objects are used or displayed\n *\n * @category Common Types\n */\nexport interface Annotations {\n /**\n * Describes who the intended audience of this object or data is.\n *\n * It can include multiple entries to indicate content useful for multiple audiences (e.g., `[\"user\", \"assistant\"]`).\n */\n audience?: Role[];\n\n /**\n * Describes how important this data is for operating the server.\n *\n * A value of 1 means \"most important,\" and indicates that the data is\n * effectively required, while 0 means \"least important,\" and indicates that\n * the data is entirely optional.\n *\n * @TJS-type number\n * @minimum 0\n * @maximum 1\n */\n priority?: number;\n\n /**\n * The moment the resource was last modified, as an ISO 8601 formatted string.\n *\n * Should be an ISO 8601 formatted string (e.g., \"2025-01-12T15:00:58Z\").\n *\n * Examples: last activity timestamp in an open file, timestamp when the resource\n * was attached, etc.\n */\n lastModified?: string;\n}\n\n/**\n * @category Content\n */\nexport type ContentBlock = TextContent | ImageContent | AudioContent | ResourceLink | EmbeddedResource;\n\n/**\n * Text provided to or from an LLM.\n *\n * @example Text content\n * {@includeCode ./examples/TextContent/text-content.json}\n *\n * @category Content\n */\nexport interface TextContent {\n type: 'text';\n\n /**\n * The text content of the message.\n */\n text: string;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n _meta?: MetaObject;\n}\n\n/**\n * An image provided to or from an LLM.\n *\n * @example `image/png` content with annotations\n * {@includeCode ./examples/ImageContent/image-png-content-with-annotations.json}\n *\n * @category Content\n */\nexport interface ImageContent {\n type: 'image';\n\n /**\n * The base64-encoded image data.\n *\n * @format byte\n */\n data: string;\n\n /**\n * The MIME type of the image. Different providers may support different image types.\n */\n mimeType: string;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n _meta?: MetaObject;\n}\n\n/**\n * Audio provided to or from an LLM.\n *\n * @example `audio/wav` content\n * {@includeCode ./examples/AudioContent/audio-wav-content.json}\n *\n * @category Content\n */\nexport interface AudioContent {\n type: 'audio';\n\n /**\n * The base64-encoded audio data.\n *\n * @format byte\n */\n data: string;\n\n /**\n * The MIME type of the audio. Different providers may support different audio types.\n */\n mimeType: string;\n\n /**\n * Optional annotations for the client.\n */\n annotations?: Annotations;\n\n _meta?: MetaObject;\n}\n\n/**\n * A request from the assistant to call a tool.\n *\n * @example `get_weather` tool use\n * {@includeCode ./examples/ToolUseContent/get-weather-tool-use.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface ToolUseContent {\n type: 'tool_use';\n\n /**\n * A unique identifier for this tool use.\n *\n * This ID is used to match tool results to their corresponding tool uses.\n */\n id: string;\n\n /**\n * The name of the tool to call.\n */\n name: string;\n\n /**\n * The arguments to pass to the tool, conforming to the tool's input schema.\n */\n input: { [key: string]: unknown };\n\n /**\n * Optional metadata about the tool use. Clients SHOULD preserve this field when\n * including tool uses in subsequent sampling requests to enable caching optimizations.\n */\n _meta?: MetaObject;\n}\n\n/**\n * The result of a tool use, provided by the user back to the assistant.\n *\n * @example `get_weather` tool result\n * {@includeCode ./examples/ToolResultContent/get-weather-tool-result.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface ToolResultContent {\n type: 'tool_result';\n\n /**\n * The ID of the tool use this result corresponds to.\n *\n * This MUST match the ID from a previous {@link ToolUseContent}.\n */\n toolUseId: string;\n\n /**\n * The unstructured result content of the tool use.\n *\n * This has the same format as {@link CallToolResult.content} and can include text, images,\n * audio, resource links, and embedded resources.\n */\n content: ContentBlock[];\n\n /**\n * An optional structured result object.\n *\n * If the tool defined an {@link Tool.outputSchema}, this SHOULD conform to that schema.\n */\n structuredContent?: { [key: string]: unknown };\n\n /**\n * Whether the tool use resulted in an error.\n *\n * If true, the content typically describes the error that occurred.\n * Default: false\n */\n isError?: boolean;\n\n /**\n * Optional metadata about the tool result. Clients SHOULD preserve this field when\n * including tool results in subsequent sampling requests to enable caching optimizations.\n */\n _meta?: MetaObject;\n}\n\n/**\n * The server's preferences for model selection, requested of the client during sampling.\n *\n * Because LLMs can vary along multiple dimensions, choosing the \"best\" model is\n * rarely straightforward. Different models excel in different areas—some are\n * faster but less capable, others are more capable but more expensive, and so\n * on. This interface allows servers to express their priorities across multiple\n * dimensions to help clients make an appropriate selection for their use case.\n *\n * These preferences are always advisory. The client MAY ignore them. It is also\n * up to the client to decide how to interpret these preferences and how to\n * balance them against other considerations.\n *\n * @example With hints and priorities\n * {@includeCode ./examples/ModelPreferences/with-hints-and-priorities.json}\n *\n * @category `sampling/createMessage`\n */\nexport interface ModelPreferences {\n /**\n * Optional hints to use for model selection.\n *\n * If multiple hints are specified, the client MUST evaluate them in order\n * (such that the first match is taken).\n *\n * The client SHOULD prioritize these hints over the numeric priorities, but\n * MAY still use the priorities to select from ambiguous matches.\n */\n hints?: ModelHint[];\n\n /**\n * How much to prioritize cost when selecting a model. A value of 0 means cost\n * is not important, while a value of 1 means cost is the most important\n * factor.\n *\n * @TJS-type number\n * @minimum 0\n * @maximum 1\n */\n costPriority?: number;\n\n /**\n * How much to prioritize sampling speed (latency) when selecting a model. A\n * value of 0 means speed is not important, while a value of 1 means speed is\n * the most important factor.\n *\n * @TJS-type number\n * @minimum 0\n * @maximum 1\n */\n speedPriority?: number;\n\n /**\n * How much to prioritize intelligence and capabilities when selecting a\n * model. A value of 0 means intelligence is not important, while a value of 1\n * means intelligence is the most important factor.\n *\n * @TJS-type number\n * @minimum 0\n * @maximum 1\n */\n intelligencePriority?: number;\n}\n\n/**\n * Hints to use for model selection.\n *\n * Keys not declared here are currently left unspecified by the spec and are up\n * to the client to interpret.\n *\n * @category `sampling/createMessage`\n */\nexport interface ModelHint {\n /**\n * A hint for a model name.\n *\n * The client SHOULD treat this as a substring of a model name; for example:\n * - `claude-3-5-sonnet` should match `claude-3-5-sonnet-20241022`\n * - `sonnet` should match `claude-3-5-sonnet-20241022`, `claude-3-sonnet-20240229`, etc.\n * - `claude` should match any Claude model\n *\n * The client MAY also map the string to a different provider's model name or a different model family, as long as it fills a similar niche; for example:\n * - `gemini-1.5-flash` could match `claude-3-haiku-20240307`\n */\n name?: string;\n}\n\n/* Autocomplete */\n/**\n * Parameters for a `completion/complete` request.\n *\n * @category `completion/complete`\n *\n * @example Prompt argument completion\n * {@includeCode ./examples/CompleteRequestParams/prompt-argument-completion.json}\n *\n * @example Prompt argument completion with context\n * {@includeCode ./examples/CompleteRequestParams/prompt-argument-completion-with-context.json}\n */\nexport interface CompleteRequestParams extends RequestParams {\n ref: PromptReference | ResourceTemplateReference;\n /**\n * The argument's information\n */\n argument: {\n /**\n * The name of the argument\n */\n name: string;\n /**\n * The value of the argument to use for completion matching.\n */\n value: string;\n };\n\n /**\n * Additional, optional context for completions\n */\n context?: {\n /**\n * Previously-resolved variables in a URI template or prompt.\n */\n arguments?: { [key: string]: string };\n };\n}\n\n/**\n * A request from the client to the server, to ask for completion options.\n *\n * @example Completion request\n * {@includeCode ./examples/CompleteRequest/completion-request.json}\n *\n * @category `completion/complete`\n */\nexport interface CompleteRequest extends JSONRPCRequest {\n method: 'completion/complete';\n params: CompleteRequestParams;\n}\n\n/**\n * The result returned by the server for a {@link CompleteRequest | completion/complete} request.\n *\n * @category `completion/complete`\n *\n * @example Single completion value\n * {@includeCode ./examples/CompleteResult/single-completion-value.json}\n *\n * @example Multiple completion values with more available\n * {@includeCode ./examples/CompleteResult/multiple-completion-values-with-more-available.json}\n */\nexport interface CompleteResult extends Result {\n completion: {\n /**\n * An array of completion values. Must not exceed 100 items.\n */\n values: string[];\n /**\n * The total number of completion options available. This can exceed the number of values actually sent in the response.\n */\n total?: number;\n /**\n * Indicates whether there are additional completion options beyond those provided in the current response, even if the exact total is unknown.\n */\n hasMore?: boolean;\n };\n}\n\n/**\n * A successful response from the server for a {@link CompleteRequest | completion/complete} request.\n *\n * @example Completion result response\n * {@includeCode ./examples/CompleteResultResponse/completion-result-response.json}\n *\n * @category `completion/complete`\n */\nexport interface CompleteResultResponse extends JSONRPCResultResponse {\n result: CompleteResult;\n}\n\n/**\n * A reference to a resource or resource template definition.\n *\n * @category `completion/complete`\n */\nexport interface ResourceTemplateReference {\n type: 'ref/resource';\n /**\n * The URI or URI template of the resource.\n *\n * @format uri-template\n */\n uri: string;\n}\n\n/**\n * Identifies a prompt.\n *\n * @category `completion/complete`\n */\nexport interface PromptReference extends BaseMetadata {\n type: 'ref/prompt';\n}\n\n/* Roots */\n/**\n * Sent from the server to request a list of root URIs from the client. Roots allow\n * servers to ask for specific directories or files to operate on. A common example\n * for roots is providing a set of repositories or directories a server should operate\n * on.\n *\n * This request is typically used when the server needs to understand the file system\n * structure or access specific locations that the client has permission to read from.\n *\n * @example List roots request\n * {@includeCode ./examples/ListRootsRequest/list-roots-request.json}\n *\n * @category `roots/list`\n */\nexport interface ListRootsRequest extends JSONRPCRequest {\n method: 'roots/list';\n params?: RequestParams;\n}\n\n/**\n * The result returned by the client for a {@link ListRootsRequest | roots/list} request.\n * This result contains an array of {@link Root} objects, each representing a root directory\n * or file that the server can operate on.\n *\n * @example Single root directory\n * {@includeCode ./examples/ListRootsResult/single-root-directory.json}\n *\n * @example Multiple root directories\n * {@includeCode ./examples/ListRootsResult/multiple-root-directories.json}\n *\n * @category `roots/list`\n */\nexport interface ListRootsResult extends Result {\n roots: Root[];\n}\n\n/**\n * A successful response from the client for a {@link ListRootsRequest | roots/list} request.\n *\n * @example List roots result response\n * {@includeCode ./examples/ListRootsResultResponse/list-roots-result-response.json}\n *\n * @category `roots/list`\n */\nexport interface ListRootsResultResponse extends JSONRPCResultResponse {\n result: ListRootsResult;\n}\n\n/**\n * Represents a root directory or file that the server can operate on.\n *\n * @example Project directory root\n * {@includeCode ./examples/Root/project-directory.json}\n *\n * @category `roots/list`\n */\nexport interface Root {\n /**\n * The URI identifying the root. This *must* start with `file://` for now.\n * This restriction may be relaxed in future versions of the protocol to allow\n * other URI schemes.\n *\n * @format uri\n */\n uri: string;\n /**\n * An optional name for the root. This can be used to provide a human-readable\n * identifier for the root, which may be useful for display purposes or for\n * referencing the root in other parts of the application.\n */\n name?: string;\n\n _meta?: MetaObject;\n}\n\n/**\n * A notification from the client to the server, informing it that the list of roots has changed.\n * This notification should be sent whenever the client adds, removes, or modifies any root.\n * The server should then request an updated list of roots using the {@link ListRootsRequest}.\n *\n * @example Roots list changed\n * {@includeCode ./examples/RootsListChangedNotification/roots-list-changed.json}\n *\n * @category `notifications/roots/list_changed`\n */\nexport interface RootsListChangedNotification extends JSONRPCNotification {\n method: 'notifications/roots/list_changed';\n params?: NotificationParams;\n}\n\n/**\n * The parameters for a request to elicit non-sensitive information from the user via a form in the client.\n *\n * @example Elicit single field\n * {@includeCode ./examples/ElicitRequestFormParams/elicit-single-field.json}\n *\n * @example Elicit multiple fields\n * {@includeCode ./examples/ElicitRequestFormParams/elicit-multiple-fields.json}\n *\n * @category `elicitation/create`\n */\nexport interface ElicitRequestFormParams extends TaskAugmentedRequestParams {\n /**\n * The elicitation mode.\n */\n mode?: 'form';\n\n /**\n * The message to present to the user describing what information is being requested.\n */\n message: string;\n\n /**\n * A restricted subset of JSON Schema.\n * Only top-level properties are allowed, without nesting.\n */\n requestedSchema: {\n $schema?: string;\n type: 'object';\n properties: {\n [key: string]: PrimitiveSchemaDefinition;\n };\n required?: string[];\n };\n}\n\n/**\n * The parameters for a request to elicit information from the user via a URL in the client.\n *\n * @example Elicit sensitive data\n * {@includeCode ./examples/ElicitRequestURLParams/elicit-sensitive-data.json}\n *\n * @category `elicitation/create`\n */\nexport interface ElicitRequestURLParams extends TaskAugmentedRequestParams {\n /**\n * The elicitation mode.\n */\n mode: 'url';\n\n /**\n * The message to present to the user explaining why the interaction is needed.\n */\n message: string;\n\n /**\n * The ID of the elicitation, which must be unique within the context of the server.\n * The client MUST treat this ID as an opaque value.\n */\n elicitationId: string;\n\n /**\n * The URL that the user should navigate to.\n *\n * @format uri\n */\n url: string;\n}\n\n/**\n * The parameters for a request to elicit additional information from the user via the client.\n *\n * @category `elicitation/create`\n */\nexport type ElicitRequestParams = ElicitRequestFormParams | ElicitRequestURLParams;\n\n/**\n * A request from the server to elicit additional information from the user via the client.\n *\n * @example Elicitation request\n * {@includeCode ./examples/ElicitRequest/elicitation-request.json}\n *\n * @category `elicitation/create`\n */\nexport interface ElicitRequest extends JSONRPCRequest {\n method: 'elicitation/create';\n params: ElicitRequestParams;\n}\n\n/**\n * Restricted schema definitions that only allow primitive types\n * without nested objects or arrays.\n *\n * @category `elicitation/create`\n */\nexport type PrimitiveSchemaDefinition = StringSchema | NumberSchema | BooleanSchema | EnumSchema;\n\n/**\n * @example Email input schema\n * {@includeCode ./examples/StringSchema/email-input-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface StringSchema {\n type: 'string';\n title?: string;\n description?: string;\n minLength?: number;\n maxLength?: number;\n format?: 'email' | 'uri' | 'date' | 'date-time';\n default?: string;\n}\n\n/**\n * @example Number input schema\n * {@includeCode ./examples/NumberSchema/number-input-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface NumberSchema {\n type: 'number' | 'integer';\n title?: string;\n description?: string;\n minimum?: number;\n maximum?: number;\n default?: number;\n}\n\n/**\n * @example Boolean input schema\n * {@includeCode ./examples/BooleanSchema/boolean-input-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface BooleanSchema {\n type: 'boolean';\n title?: string;\n description?: string;\n default?: boolean;\n}\n\n/**\n * Schema for single-selection enumeration without display titles for options.\n *\n * @example Color select schema\n * {@includeCode ./examples/UntitledSingleSelectEnumSchema/color-select-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface UntitledSingleSelectEnumSchema {\n type: 'string';\n /**\n * Optional title for the enum field.\n */\n title?: string;\n /**\n * Optional description for the enum field.\n */\n description?: string;\n /**\n * Array of enum values to choose from.\n */\n enum: string[];\n /**\n * Optional default value.\n */\n default?: string;\n}\n\n/**\n * Schema for single-selection enumeration with display titles for each option.\n *\n * @example Titled color select schema\n * {@includeCode ./examples/TitledSingleSelectEnumSchema/titled-color-select-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface TitledSingleSelectEnumSchema {\n type: 'string';\n /**\n * Optional title for the enum field.\n */\n title?: string;\n /**\n * Optional description for the enum field.\n */\n description?: string;\n /**\n * Array of enum options with values and display labels.\n */\n oneOf: Array<{\n /**\n * The enum value.\n */\n const: string;\n /**\n * Display label for this option.\n */\n title: string;\n }>;\n /**\n * Optional default value.\n */\n default?: string;\n}\n\n/**\n * @category `elicitation/create`\n */\n// Combined single selection enumeration\nexport type SingleSelectEnumSchema = UntitledSingleSelectEnumSchema | TitledSingleSelectEnumSchema;\n\n/**\n * Schema for multiple-selection enumeration without display titles for options.\n *\n * @example Color multi-select schema\n * {@includeCode ./examples/UntitledMultiSelectEnumSchema/color-multi-select-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface UntitledMultiSelectEnumSchema {\n type: 'array';\n /**\n * Optional title for the enum field.\n */\n title?: string;\n /**\n * Optional description for the enum field.\n */\n description?: string;\n /**\n * Minimum number of items to select.\n */\n minItems?: number;\n /**\n * Maximum number of items to select.\n */\n maxItems?: number;\n /**\n * Schema for the array items.\n */\n items: {\n type: 'string';\n /**\n * Array of enum values to choose from.\n */\n enum: string[];\n };\n /**\n * Optional default value.\n */\n default?: string[];\n}\n\n/**\n * Schema for multiple-selection enumeration with display titles for each option.\n *\n * @example Titled color multi-select schema\n * {@includeCode ./examples/TitledMultiSelectEnumSchema/titled-color-multi-select-schema.json}\n *\n * @category `elicitation/create`\n */\nexport interface TitledMultiSelectEnumSchema {\n type: 'array';\n /**\n * Optional title for the enum field.\n */\n title?: string;\n /**\n * Optional description for the enum field.\n */\n description?: string;\n /**\n * Minimum number of items to select.\n */\n minItems?: number;\n /**\n * Maximum number of items to select.\n */\n maxItems?: number;\n /**\n * Schema for array items with enum options and display labels.\n */\n items: {\n /**\n * Array of enum options with values and display labels.\n */\n anyOf: Array<{\n /**\n * The constant enum value.\n */\n const: string;\n /**\n * Display title for this option.\n */\n title: string;\n }>;\n };\n /**\n * Optional default value.\n */\n default?: string[];\n}\n\n/**\n * @category `elicitation/create`\n */\n// Combined multiple selection enumeration\nexport type MultiSelectEnumSchema = UntitledMultiSelectEnumSchema | TitledMultiSelectEnumSchema;\n\n/**\n * Use {@link TitledSingleSelectEnumSchema} instead.\n * This interface will be removed in a future version.\n *\n * @category `elicitation/create`\n */\nexport interface LegacyTitledEnumSchema {\n type: 'string';\n title?: string;\n description?: string;\n enum: string[];\n /**\n * (Legacy) Display names for enum values.\n * Non-standard according to JSON schema 2020-12.\n */\n enumNames?: string[];\n default?: string;\n}\n\n/**\n * @category `elicitation/create`\n */\n// Union type for all enum schemas\nexport type EnumSchema = SingleSelectEnumSchema | MultiSelectEnumSchema | LegacyTitledEnumSchema;\n\n/**\n * The result returned by the client for an {@link ElicitRequest | elicitation/create} request.\n *\n * @example Input single field\n * {@includeCode ./examples/ElicitResult/input-single-field.json}\n *\n * @example Input multiple fields\n * {@includeCode ./examples/ElicitResult/input-multiple-fields.json}\n *\n * @example Accept URL mode (no content)\n * {@includeCode ./examples/ElicitResult/accept-url-mode-no-content.json}\n *\n * @category `elicitation/create`\n */\nexport interface ElicitResult extends Result {\n /**\n * The user action in response to the elicitation.\n * - `\"accept\"`: User submitted the form/confirmed the action\n * - `\"decline\"`: User explicitly declined the action\n * - `\"cancel\"`: User dismissed without making an explicit choice\n */\n action: 'accept' | 'decline' | 'cancel';\n\n /**\n * The submitted form data, only present when action is `\"accept\"` and mode was `\"form\"`.\n * Contains values matching the requested schema.\n * Omitted for out-of-band mode responses.\n */\n content?: { [key: string]: string | number | boolean | string[] };\n}\n\n/**\n * A successful response from the client for a {@link ElicitRequest | elicitation/create} request.\n *\n * @example Elicitation result response\n * {@includeCode ./examples/ElicitResultResponse/elicitation-result-response.json}\n *\n * @category `elicitation/create`\n */\nexport interface ElicitResultResponse extends JSONRPCResultResponse {\n result: ElicitResult;\n}\n\n/**\n * An optional notification from the server to the client, informing it of a completion of a out-of-band elicitation request.\n *\n * @example Elicitation complete\n * {@includeCode ./examples/ElicitationCompleteNotification/elicitation-complete.json}\n *\n * @category `notifications/elicitation/complete`\n */\nexport interface ElicitationCompleteNotification extends JSONRPCNotification {\n method: 'notifications/elicitation/complete';\n params: {\n /**\n * The ID of the elicitation that completed.\n */\n elicitationId: string;\n };\n}\n\n/* Client messages */\n/** @internal */\nexport type ClientRequest =\n | PingRequest\n | InitializeRequest\n | CompleteRequest\n | SetLevelRequest\n | GetPromptRequest\n | ListPromptsRequest\n | ListResourcesRequest\n | ListResourceTemplatesRequest\n | ReadResourceRequest\n | SubscribeRequest\n | UnsubscribeRequest\n | CallToolRequest\n | ListToolsRequest\n | GetTaskRequest\n | GetTaskPayloadRequest\n | ListTasksRequest\n | CancelTaskRequest;\n\n/** @internal */\nexport type ClientNotification =\n | CancelledNotification\n | ProgressNotification\n | InitializedNotification\n | RootsListChangedNotification\n | TaskStatusNotification;\n\n/** @internal */\nexport type ClientResult =\n | EmptyResult\n | CreateMessageResult\n | ListRootsResult\n | ElicitResult\n | GetTaskResult\n | GetTaskPayloadResult\n | ListTasksResult\n | CancelTaskResult;\n\n/* Server messages */\n/** @internal */\nexport type ServerRequest =\n | PingRequest\n | CreateMessageRequest\n | ListRootsRequest\n | ElicitRequest\n | GetTaskRequest\n | GetTaskPayloadRequest\n | ListTasksRequest\n | CancelTaskRequest;\n\n/** @internal */\nexport type ServerNotification =\n | CancelledNotification\n | ProgressNotification\n | LoggingMessageNotification\n | ResourceUpdatedNotification\n | ResourceListChangedNotification\n | ToolListChangedNotification\n | PromptListChangedNotification\n | ElicitationCompleteNotification\n | TaskStatusNotification;\n\n/** @internal */\nexport type ServerResult =\n | EmptyResult\n | InitializeResult\n | CompleteResult\n | GetPromptResult\n | ListPromptsResult\n | ListResourceTemplatesResult\n | ListResourcesResult\n | ReadResourceResult\n | CallToolResult\n | CreateTaskResult\n | ListToolsResult\n | GetTaskResult\n | GetTaskPayloadResult\n | ListTasksResult\n | CancelTaskResult;\n" }, { "path": "packages/core/src/types/types.ts", "content": "import * as z from 'zod/v4';\n\nexport const LATEST_PROTOCOL_VERSION = '2025-11-25';\nexport const DEFAULT_NEGOTIATED_PROTOCOL_VERSION = '2025-03-26';\nexport const SUPPORTED_PROTOCOL_VERSIONS = [LATEST_PROTOCOL_VERSION, '2025-06-18', '2025-03-26', '2024-11-05', '2024-10-07'];\n\nexport const RELATED_TASK_META_KEY = 'io.modelcontextprotocol/related-task';\n\n/* JSON types */\nexport type JSONValue = string | number | boolean | null | JSONObject | JSONArray;\nexport type JSONObject = { [key: string]: JSONValue };\nexport type JSONArray = JSONValue[];\n\nexport const JSONValueSchema: z.ZodType = z.lazy(() =>\n z.union([z.string(), z.number(), z.boolean(), z.null(), z.record(z.string(), JSONValueSchema), z.array(JSONValueSchema)])\n);\nexport const JSONObjectSchema: z.ZodType = z.record(z.string(), JSONValueSchema);\nexport const JSONArraySchema: z.ZodType = z.array(JSONValueSchema);\n\n/* JSON-RPC types */\nexport const JSONRPC_VERSION = '2.0';\n\n/**\n * Information about a validated access token, provided to request handlers.\n */\nexport interface AuthInfo {\n /**\n * The access token.\n */\n token: string;\n\n /**\n * The client ID associated with this token.\n */\n clientId: string;\n\n /**\n * Scopes associated with this token.\n */\n scopes: string[];\n\n /**\n * When the token expires (in seconds since epoch).\n */\n expiresAt?: number;\n\n /**\n * The RFC 8707 resource server identifier for which this token is valid.\n * If set, this MUST match the MCP server's resource identifier (minus hash fragment).\n */\n resource?: URL;\n\n /**\n * Additional data associated with the token.\n * This field should be used for any additional data that needs to be attached to the auth info.\n */\n extra?: Record;\n}\n\n/**\n * Utility types\n */\ntype ExpandRecursively = T extends object ? (T extends infer O ? { [K in keyof O]: ExpandRecursively } : never) : T;\n/**\n * A progress token, used to associate progress notifications with the original request.\n */\nexport const ProgressTokenSchema = z.union([z.string(), z.number().int()]);\n\n/**\n * An opaque token used to represent a cursor for pagination.\n */\nexport const CursorSchema = z.string();\n\n/**\n * Task creation parameters, used to ask that the server create a task to represent a request.\n */\nexport const TaskCreationParamsSchema = z.looseObject({\n /**\n * Time in milliseconds to keep task results available after completion.\n * If `null`, the task has unlimited lifetime until manually cleaned up.\n */\n ttl: z.union([z.number(), z.null()]).optional(),\n\n /**\n * Time in milliseconds to wait between task status requests.\n */\n pollInterval: z.number().optional()\n});\n\nexport const TaskMetadataSchema = z.object({\n ttl: z.number().optional()\n});\n\n/**\n * Metadata for associating messages with a task.\n * Include this in the `_meta` field under the key `io.modelcontextprotocol/related-task`.\n */\nexport const RelatedTaskMetadataSchema = z.object({\n taskId: z.string()\n});\n\nconst RequestMetaSchema = z.looseObject({\n /**\n * If specified, the caller is requesting out-of-band progress notifications for this request (as represented by notifications/progress). The value of this parameter is an opaque token that will be attached to any subsequent notifications. The receiver is not obligated to provide these notifications.\n */\n progressToken: ProgressTokenSchema.optional(),\n /**\n * If specified, this request is related to the provided task.\n */\n [RELATED_TASK_META_KEY]: RelatedTaskMetadataSchema.optional()\n});\n\n/**\n * Common params for any request.\n */\nconst BaseRequestParamsSchema = z.object({\n /**\n * See [General fields: `_meta`](/specification/draft/basic/index#meta) for notes on `_meta` usage.\n */\n _meta: RequestMetaSchema.optional()\n});\n\n/**\n * Common params for any task-augmented request.\n */\nexport const TaskAugmentedRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * If specified, the caller is requesting task-augmented execution for this request.\n * The request will return a {@linkcode CreateTaskResult} immediately, and the actual result can be\n * retrieved later via {@linkcode GetTaskPayloadRequest | tasks/result}.\n *\n * Task augmentation is subject to capability negotiation - receivers MUST declare support\n * for task augmentation of specific request types in their capabilities.\n */\n task: TaskMetadataSchema.optional()\n});\n\n/**\n * Checks if a value is a valid {@linkcode TaskAugmentedRequestParams}.\n * @param value - The value to check.\n *\n * @returns True if the value is a valid {@linkcode TaskAugmentedRequestParams}, false otherwise.\n */\nexport const isTaskAugmentedRequestParams = (value: unknown): value is TaskAugmentedRequestParams =>\n TaskAugmentedRequestParamsSchema.safeParse(value).success;\n\nexport const RequestSchema = z.object({\n method: z.string(),\n params: BaseRequestParamsSchema.loose().optional()\n});\n\nconst NotificationsParamsSchema = z.object({\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: RequestMetaSchema.optional()\n});\n\nexport const NotificationSchema = z.object({\n method: z.string(),\n params: NotificationsParamsSchema.loose().optional()\n});\n\nexport const ResultSchema = z.looseObject({\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: RequestMetaSchema.optional()\n});\n\n/**\n * A uniquely identifying ID for a request in JSON-RPC.\n */\nexport const RequestIdSchema = z.union([z.string(), z.number().int()]);\n\n/**\n * A request that expects a response.\n */\nexport const JSONRPCRequestSchema = z\n .object({\n jsonrpc: z.literal(JSONRPC_VERSION),\n id: RequestIdSchema,\n ...RequestSchema.shape\n })\n .strict();\n\nexport const isJSONRPCRequest = (value: unknown): value is JSONRPCRequest => JSONRPCRequestSchema.safeParse(value).success;\n\n/**\n * A notification which does not expect a response.\n */\nexport const JSONRPCNotificationSchema = z\n .object({\n jsonrpc: z.literal(JSONRPC_VERSION),\n ...NotificationSchema.shape\n })\n .strict();\n\nexport const isJSONRPCNotification = (value: unknown): value is JSONRPCNotification => JSONRPCNotificationSchema.safeParse(value).success;\n\n/**\n * A successful (non-error) response to a request.\n */\nexport const JSONRPCResultResponseSchema = z\n .object({\n jsonrpc: z.literal(JSONRPC_VERSION),\n id: RequestIdSchema,\n result: ResultSchema\n })\n .strict();\n\n/**\n * Checks if a value is a valid {@linkcode JSONRPCResultResponse}.\n * @param value - The value to check.\n *\n * @returns True if the value is a valid {@linkcode JSONRPCResultResponse}, false otherwise.\n */\nexport const isJSONRPCResultResponse = (value: unknown): value is JSONRPCResultResponse =>\n JSONRPCResultResponseSchema.safeParse(value).success;\n\n/**\n * Error codes for protocol errors that cross the wire as JSON-RPC error responses.\n * These follow the JSON-RPC specification and MCP-specific extensions.\n */\nexport enum ProtocolErrorCode {\n // Standard JSON-RPC error codes\n ParseError = -32_700,\n InvalidRequest = -32_600,\n MethodNotFound = -32_601,\n InvalidParams = -32_602,\n InternalError = -32_603,\n\n // MCP-specific error codes\n ResourceNotFound = -32_002,\n UrlElicitationRequired = -32_042\n}\n\n/* Standard JSON-RPC error code constants */\nexport const PARSE_ERROR = -32_700;\nexport const INVALID_REQUEST = -32_600;\nexport const METHOD_NOT_FOUND = -32_601;\nexport const INVALID_PARAMS = -32_602;\nexport const INTERNAL_ERROR = -32_603;\n\ntype JSONRPCErrorObject = { code: number; message: string; data?: unknown };\n\nexport interface ParseError extends JSONRPCErrorObject {\n code: typeof PARSE_ERROR;\n}\nexport interface InvalidRequestError extends JSONRPCErrorObject {\n code: typeof INVALID_REQUEST;\n}\nexport interface MethodNotFoundError extends JSONRPCErrorObject {\n code: typeof METHOD_NOT_FOUND;\n}\nexport interface InvalidParamsError extends JSONRPCErrorObject {\n code: typeof INVALID_PARAMS;\n}\nexport interface InternalError extends JSONRPCErrorObject {\n code: typeof INTERNAL_ERROR;\n}\n\n/**\n * A response to a request that indicates an error occurred.\n */\nexport const JSONRPCErrorResponseSchema = z\n .object({\n jsonrpc: z.literal(JSONRPC_VERSION),\n id: RequestIdSchema.optional(),\n error: z.object({\n /**\n * The error type that occurred.\n */\n code: z.number().int(),\n /**\n * A short description of the error. The message SHOULD be limited to a concise single sentence.\n */\n message: z.string(),\n /**\n * Additional information about the error. The value of this member is defined by the sender (e.g. detailed error information, nested errors etc.).\n */\n data: z.unknown().optional()\n })\n })\n .strict();\n\n/**\n * Checks if a value is a valid {@linkcode JSONRPCErrorResponse}.\n * @param value - The value to check.\n *\n * @returns True if the value is a valid {@linkcode JSONRPCErrorResponse}, false otherwise.\n */\nexport const isJSONRPCErrorResponse = (value: unknown): value is JSONRPCErrorResponse =>\n JSONRPCErrorResponseSchema.safeParse(value).success;\n\nexport const JSONRPCMessageSchema = z.union([\n JSONRPCRequestSchema,\n JSONRPCNotificationSchema,\n JSONRPCResultResponseSchema,\n JSONRPCErrorResponseSchema\n]);\n\nexport const JSONRPCResponseSchema = z.union([JSONRPCResultResponseSchema, JSONRPCErrorResponseSchema]);\n\n/* Empty result */\n/**\n * A response that indicates success but carries no data.\n */\nexport const EmptyResultSchema = ResultSchema.strict();\n\nexport const CancelledNotificationParamsSchema = NotificationsParamsSchema.extend({\n /**\n * The ID of the request to cancel.\n *\n * This MUST correspond to the ID of a request previously issued in the same direction.\n */\n requestId: RequestIdSchema.optional(),\n /**\n * An optional string describing the reason for the cancellation. This MAY be logged or presented to the user.\n */\n reason: z.string().optional()\n});\n/* Cancellation */\n/**\n * This notification can be sent by either side to indicate that it is cancelling a previously-issued request.\n *\n * The request SHOULD still be in-flight, but due to communication latency, it is always possible that this notification MAY arrive after the request has already finished.\n *\n * This notification indicates that the result will be unused, so any associated processing SHOULD cease.\n *\n * A client MUST NOT attempt to cancel its {@linkcode InitializeRequest | initialize} request.\n */\nexport const CancelledNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/cancelled'),\n params: CancelledNotificationParamsSchema\n});\n\n/* Base Metadata */\n/**\n * Icon schema for use in {@link Tool | tools}, {@link Prompt | prompts}, {@link Resource | resources}, and {@link Implementation | implementations}.\n */\nexport const IconSchema = z.object({\n /**\n * URL or data URI for the icon.\n */\n src: z.string(),\n /**\n * Optional MIME type for the icon.\n */\n mimeType: z.string().optional(),\n /**\n * Optional array of strings that specify sizes at which the icon can be used.\n * Each string should be in WxH format (e.g., `\"48x48\"`, `\"96x96\"`) or `\"any\"` for scalable formats like SVG.\n *\n * If not provided, the client should assume that the icon can be used at any size.\n */\n sizes: z.array(z.string()).optional(),\n /**\n * Optional specifier for the theme this icon is designed for. `light` indicates\n * the icon is designed to be used with a light background, and `dark` indicates\n * the icon is designed to be used with a dark background.\n *\n * If not provided, the client should assume the icon can be used with any theme.\n */\n theme: z.enum(['light', 'dark']).optional()\n});\n\n/**\n * Base schema to add `icons` property.\n *\n */\nexport const IconsSchema = z.object({\n /**\n * Optional set of sized icons that the client can display in a user interface.\n *\n * Clients that support rendering icons MUST support at least the following MIME types:\n * - `image/png` - PNG images (safe, universal compatibility)\n * - `image/jpeg` (and `image/jpg`) - JPEG images (safe, universal compatibility)\n *\n * Clients that support rendering icons SHOULD also support:\n * - `image/svg+xml` - SVG images (scalable but requires security precautions)\n * - `image/webp` - WebP images (modern, efficient format)\n */\n icons: z.array(IconSchema).optional()\n});\n\n/**\n * Base metadata interface for common properties across {@link Resource | resources}, {@link Tool | tools}, {@link Prompt | prompts}, and {@link Implementation | implementations}.\n */\nexport const BaseMetadataSchema = z.object({\n /** Intended for programmatic or logical use, but used as a display name in past specs or fallback */\n name: z.string(),\n /**\n * Intended for UI and end-user contexts — optimized to be human-readable and easily understood,\n * even by those unfamiliar with domain-specific terminology.\n *\n * If not provided, the `name` should be used for display (except for {@linkcode Tool},\n * where `annotations.title` should be given precedence over using `name`,\n * if present).\n */\n title: z.string().optional()\n});\n\n/* Initialization */\n/**\n * Describes the name and version of an MCP implementation.\n */\nexport const ImplementationSchema = BaseMetadataSchema.extend({\n ...BaseMetadataSchema.shape,\n ...IconsSchema.shape,\n version: z.string(),\n /**\n * An optional URL of the website for this implementation.\n */\n websiteUrl: z.string().optional(),\n\n /**\n * An optional human-readable description of what this implementation does.\n *\n * This can be used by clients or servers to provide context about their purpose\n * and capabilities. For example, a server might describe the types of resources\n * or tools it provides, while a client might describe its intended use case.\n */\n description: z.string().optional()\n});\n\nconst FormElicitationCapabilitySchema = z.intersection(\n z.object({\n applyDefaults: z.boolean().optional()\n }),\n JSONObjectSchema\n);\n\nconst ElicitationCapabilitySchema = z.preprocess(\n value => {\n if (value && typeof value === 'object' && !Array.isArray(value) && Object.keys(value as Record).length === 0) {\n return { form: {} };\n }\n return value;\n },\n z.intersection(\n z.object({\n form: FormElicitationCapabilitySchema.optional(),\n url: JSONObjectSchema.optional()\n }),\n JSONObjectSchema.optional()\n )\n);\n\n/**\n * Task capabilities for clients, indicating which request types support task creation.\n */\nexport const ClientTasksCapabilitySchema = z.looseObject({\n /**\n * Present if the client supports listing tasks.\n */\n list: JSONObjectSchema.optional(),\n /**\n * Present if the client supports cancelling tasks.\n */\n cancel: JSONObjectSchema.optional(),\n /**\n * Capabilities for task creation on specific request types.\n */\n requests: z\n .looseObject({\n /**\n * Task support for sampling requests.\n */\n sampling: z\n .looseObject({\n createMessage: JSONObjectSchema.optional()\n })\n .optional(),\n /**\n * Task support for elicitation requests.\n */\n elicitation: z\n .looseObject({\n create: JSONObjectSchema.optional()\n })\n .optional()\n })\n .optional()\n});\n\n/**\n * Task capabilities for servers, indicating which request types support task creation.\n */\nexport const ServerTasksCapabilitySchema = z.looseObject({\n /**\n * Present if the server supports listing tasks.\n */\n list: JSONObjectSchema.optional(),\n /**\n * Present if the server supports cancelling tasks.\n */\n cancel: JSONObjectSchema.optional(),\n /**\n * Capabilities for task creation on specific request types.\n */\n requests: z\n .looseObject({\n /**\n * Task support for tool requests.\n */\n tools: z\n .looseObject({\n call: JSONObjectSchema.optional()\n })\n .optional()\n })\n .optional()\n});\n\n/**\n * Capabilities a client may support. Known capabilities are defined here, in this schema, but this is not a closed set: any client can define its own, additional capabilities.\n */\nexport const ClientCapabilitiesSchema = z.object({\n /**\n * Experimental, non-standard capabilities that the client supports.\n */\n experimental: z.record(z.string(), JSONObjectSchema).optional(),\n /**\n * Present if the client supports sampling from an LLM.\n */\n sampling: z\n .object({\n /**\n * Present if the client supports context inclusion via `includeContext` parameter.\n * If not declared, servers SHOULD only use `includeContext: \"none\"` (or omit it).\n */\n context: JSONObjectSchema.optional(),\n /**\n * Present if the client supports tool use via `tools` and `toolChoice` parameters.\n */\n tools: JSONObjectSchema.optional()\n })\n .optional(),\n /**\n * Present if the client supports eliciting user input.\n */\n elicitation: ElicitationCapabilitySchema.optional(),\n /**\n * Present if the client supports listing roots.\n */\n roots: z\n .object({\n /**\n * Whether the client supports issuing notifications for changes to the roots list.\n */\n listChanged: z.boolean().optional()\n })\n .optional(),\n /**\n * Present if the client supports task creation.\n */\n tasks: ClientTasksCapabilitySchema.optional()\n});\n\nexport const InitializeRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * The latest version of the Model Context Protocol that the client supports. The client MAY decide to support older versions as well.\n */\n protocolVersion: z.string(),\n capabilities: ClientCapabilitiesSchema,\n clientInfo: ImplementationSchema\n});\n/**\n * This request is sent from the client to the server when it first connects, asking it to begin initialization.\n */\nexport const InitializeRequestSchema = RequestSchema.extend({\n method: z.literal('initialize'),\n params: InitializeRequestParamsSchema\n});\n\nexport const isInitializeRequest = (value: unknown): value is InitializeRequest => InitializeRequestSchema.safeParse(value).success;\n\n/**\n * Capabilities that a server may support. Known capabilities are defined here, in this schema, but this is not a closed set: any server can define its own, additional capabilities.\n */\nexport const ServerCapabilitiesSchema = z.object({\n /**\n * Experimental, non-standard capabilities that the server supports.\n */\n experimental: z.record(z.string(), JSONObjectSchema).optional(),\n /**\n * Present if the server supports sending log messages to the client.\n */\n logging: JSONObjectSchema.optional(),\n /**\n * Present if the server supports sending completions to the client.\n */\n completions: JSONObjectSchema.optional(),\n /**\n * Present if the server offers any prompt templates.\n */\n prompts: z\n .object({\n /**\n * Whether this server supports issuing notifications for changes to the prompt list.\n */\n listChanged: z.boolean().optional()\n })\n .optional(),\n /**\n * Present if the server offers any resources to read.\n */\n resources: z\n .object({\n /**\n * Whether this server supports clients subscribing to resource updates.\n */\n subscribe: z.boolean().optional(),\n\n /**\n * Whether this server supports issuing notifications for changes to the resource list.\n */\n listChanged: z.boolean().optional()\n })\n .optional(),\n /**\n * Present if the server offers any tools to call.\n */\n tools: z\n .object({\n /**\n * Whether this server supports issuing notifications for changes to the tool list.\n */\n listChanged: z.boolean().optional()\n })\n .optional(),\n /**\n * Present if the server supports task creation.\n */\n tasks: ServerTasksCapabilitySchema.optional()\n});\n\n/**\n * After receiving an initialize request from the client, the server sends this response.\n */\nexport const InitializeResultSchema = ResultSchema.extend({\n /**\n * The version of the Model Context Protocol that the server wants to use. This may not match the version that the client requested. If the client cannot support this version, it MUST disconnect.\n */\n protocolVersion: z.string(),\n capabilities: ServerCapabilitiesSchema,\n serverInfo: ImplementationSchema,\n /**\n * Instructions describing how to use the server and its features.\n *\n * This can be used by clients to improve the LLM's understanding of available tools, resources, etc. It can be thought of like a \"hint\" to the model. For example, this information MAY be added to the system prompt.\n */\n instructions: z.string().optional()\n});\n\n/**\n * This notification is sent from the client to the server after initialization has finished.\n */\nexport const InitializedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/initialized'),\n params: NotificationsParamsSchema.optional()\n});\n\nexport const isInitializedNotification = (value: unknown): value is InitializedNotification =>\n InitializedNotificationSchema.safeParse(value).success;\n\n/* Ping */\n/**\n * A ping, issued by either the server or the client, to check that the other party is still alive. The receiver must promptly respond, or else may be disconnected.\n */\nexport const PingRequestSchema = RequestSchema.extend({\n method: z.literal('ping'),\n params: BaseRequestParamsSchema.optional()\n});\n\n/* Progress notifications */\nexport const ProgressSchema = z.object({\n /**\n * The progress thus far. This should increase every time progress is made, even if the total is unknown.\n */\n progress: z.number(),\n /**\n * Total number of items to process (or total progress required), if known.\n */\n total: z.optional(z.number()),\n /**\n * An optional message describing the current progress.\n */\n message: z.optional(z.string())\n});\n\nexport const ProgressNotificationParamsSchema = z.object({\n ...NotificationsParamsSchema.shape,\n ...ProgressSchema.shape,\n /**\n * The progress token which was given in the initial request, used to associate this notification with the request that is proceeding.\n */\n progressToken: ProgressTokenSchema\n});\n/**\n * An out-of-band notification used to inform the receiver of a progress update for a long-running request.\n *\n * @category notifications/progress\n */\nexport const ProgressNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/progress'),\n params: ProgressNotificationParamsSchema\n});\n\nexport const PaginatedRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * An opaque token representing the current pagination position.\n * If provided, the server should return results starting after this cursor.\n */\n cursor: CursorSchema.optional()\n});\n\n/* Pagination */\nexport const PaginatedRequestSchema = RequestSchema.extend({\n params: PaginatedRequestParamsSchema.optional()\n});\n\nexport const PaginatedResultSchema = ResultSchema.extend({\n /**\n * An opaque token representing the pagination position after the last returned result.\n * If present, there may be more results available.\n */\n nextCursor: CursorSchema.optional()\n});\n\n/**\n * The status of a task.\n * */\nexport const TaskStatusSchema = z.enum(['working', 'input_required', 'completed', 'failed', 'cancelled']);\n\n/* Tasks */\n/**\n * A pollable state object associated with a request.\n */\nexport const TaskSchema = z.object({\n taskId: z.string(),\n status: TaskStatusSchema,\n /**\n * Time in milliseconds to keep task results available after completion.\n * If `null`, the task has unlimited lifetime until manually cleaned up.\n */\n ttl: z.union([z.number(), z.null()]),\n /**\n * ISO 8601 timestamp when the task was created.\n */\n createdAt: z.string(),\n /**\n * ISO 8601 timestamp when the task was last updated.\n */\n lastUpdatedAt: z.string(),\n pollInterval: z.optional(z.number()),\n /**\n * Optional diagnostic message for failed tasks or other status information.\n */\n statusMessage: z.optional(z.string())\n});\n\n/**\n * Result returned when a task is created, containing the task data wrapped in a `task` field.\n */\nexport const CreateTaskResultSchema = ResultSchema.extend({\n task: TaskSchema\n});\n\n/**\n * Parameters for task status notification.\n */\nexport const TaskStatusNotificationParamsSchema = NotificationsParamsSchema.merge(TaskSchema);\n\n/**\n * A notification sent when a task's status changes.\n */\nexport const TaskStatusNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/tasks/status'),\n params: TaskStatusNotificationParamsSchema\n});\n\n/**\n * A request to get the state of a specific task.\n */\nexport const GetTaskRequestSchema = RequestSchema.extend({\n method: z.literal('tasks/get'),\n params: BaseRequestParamsSchema.extend({\n taskId: z.string()\n })\n});\n\n/**\n * The response to a {@linkcode GetTaskRequest | tasks/get} request.\n */\nexport const GetTaskResultSchema = ResultSchema.merge(TaskSchema);\n\n/**\n * A request to get the result of a specific task.\n */\nexport const GetTaskPayloadRequestSchema = RequestSchema.extend({\n method: z.literal('tasks/result'),\n params: BaseRequestParamsSchema.extend({\n taskId: z.string()\n })\n});\n\n/**\n * The response to a {@linkcode GetTaskPayloadRequest | tasks/result} request.\n * The structure matches the result type of the original request.\n * For example, a {@linkcode CallToolRequest | tools/call} task would return the {@linkcode CallToolResult} structure.\n *\n */\nexport const GetTaskPayloadResultSchema = ResultSchema.loose();\n\n/**\n * A request to list tasks.\n */\nexport const ListTasksRequestSchema = PaginatedRequestSchema.extend({\n method: z.literal('tasks/list')\n});\n\n/**\n * The response to a {@linkcode ListTasksRequest | tasks/list} request.\n */\nexport const ListTasksResultSchema = PaginatedResultSchema.extend({\n tasks: z.array(TaskSchema)\n});\n\n/**\n * A request to cancel a specific task.\n */\nexport const CancelTaskRequestSchema = RequestSchema.extend({\n method: z.literal('tasks/cancel'),\n params: BaseRequestParamsSchema.extend({\n taskId: z.string()\n })\n});\n\n/**\n * The response to a {@linkcode CancelTaskRequest | tasks/cancel} request.\n */\nexport const CancelTaskResultSchema = ResultSchema.merge(TaskSchema);\n\n/* Resources */\n/**\n * The contents of a specific resource or sub-resource.\n */\nexport const ResourceContentsSchema = z.object({\n /**\n * The URI of this resource.\n */\n uri: z.string(),\n /**\n * The MIME type of this resource, if known.\n */\n mimeType: z.optional(z.string()),\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\nexport const TextResourceContentsSchema = ResourceContentsSchema.extend({\n /**\n * The text of the item. This must only be set if the item can actually be represented as text (not binary data).\n */\n text: z.string()\n});\n\n/**\n * A Zod schema for validating Base64 strings that is more performant and\n * robust for very large inputs than the default regex-based check. It avoids\n * stack overflows by using the native `atob` function for validation.\n */\nconst Base64Schema = z.string().refine(\n val => {\n try {\n // atob throws a DOMException if the string contains characters\n // that are not part of the Base64 character set.\n atob(val);\n return true;\n } catch {\n return false;\n }\n },\n { message: 'Invalid Base64 string' }\n);\n\nexport const BlobResourceContentsSchema = ResourceContentsSchema.extend({\n /**\n * A base64-encoded string representing the binary data of the item.\n */\n blob: Base64Schema\n});\n\n/**\n * The sender or recipient of messages and data in a conversation.\n */\nexport const RoleSchema = z.enum(['user', 'assistant']);\n\n/**\n * Optional annotations providing clients additional context about a resource.\n */\nexport const AnnotationsSchema = z.object({\n /**\n * Intended audience(s) for the resource.\n */\n audience: z.array(RoleSchema).optional(),\n\n /**\n * Importance hint for the resource, from 0 (least) to 1 (most).\n */\n priority: z.number().min(0).max(1).optional(),\n\n /**\n * ISO 8601 timestamp for the most recent modification.\n */\n lastModified: z.iso.datetime({ offset: true }).optional()\n});\n\n/**\n * A known resource that the server is capable of reading.\n */\nexport const ResourceSchema = z.object({\n ...BaseMetadataSchema.shape,\n ...IconsSchema.shape,\n /**\n * The URI of this resource.\n */\n uri: z.string(),\n\n /**\n * A description of what this resource represents.\n *\n * This can be used by clients to improve the LLM's understanding of available resources. It can be thought of like a \"hint\" to the model.\n */\n description: z.optional(z.string()),\n\n /**\n * The MIME type of this resource, if known.\n */\n mimeType: z.optional(z.string()),\n\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.optional(z.looseObject({}))\n});\n\n/**\n * A template description for resources available on the server.\n */\nexport const ResourceTemplateSchema = z.object({\n ...BaseMetadataSchema.shape,\n ...IconsSchema.shape,\n /**\n * A URI template (according to RFC 6570) that can be used to construct resource URIs.\n */\n uriTemplate: z.string(),\n\n /**\n * A description of what this template is for.\n *\n * This can be used by clients to improve the LLM's understanding of available resources. It can be thought of like a \"hint\" to the model.\n */\n description: z.optional(z.string()),\n\n /**\n * The MIME type for all resources that match this template. This should only be included if all resources matching this template have the same type.\n */\n mimeType: z.optional(z.string()),\n\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.optional(z.looseObject({}))\n});\n\n/**\n * Sent from the client to request a list of resources the server has.\n */\nexport const ListResourcesRequestSchema = PaginatedRequestSchema.extend({\n method: z.literal('resources/list')\n});\n\n/**\n * The server's response to a {@linkcode ListResourcesRequest | resources/list} request from the client.\n */\nexport const ListResourcesResultSchema = PaginatedResultSchema.extend({\n resources: z.array(ResourceSchema)\n});\n\n/**\n * Sent from the client to request a list of resource templates the server has.\n */\nexport const ListResourceTemplatesRequestSchema = PaginatedRequestSchema.extend({\n method: z.literal('resources/templates/list')\n});\n\n/**\n * The server's response to a {@linkcode ListResourceTemplatesRequest | resources/templates/list} request from the client.\n */\nexport const ListResourceTemplatesResultSchema = PaginatedResultSchema.extend({\n resourceTemplates: z.array(ResourceTemplateSchema)\n});\n\nexport const ResourceRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * The URI of the resource to read. The URI can use any protocol; it is up to the server how to interpret it.\n *\n * @format uri\n */\n uri: z.string()\n});\n\n/**\n * Parameters for a {@linkcode ReadResourceRequest | resources/read} request.\n */\nexport const ReadResourceRequestParamsSchema = ResourceRequestParamsSchema;\n\n/**\n * Sent from the client to the server, to read a specific resource URI.\n */\nexport const ReadResourceRequestSchema = RequestSchema.extend({\n method: z.literal('resources/read'),\n params: ReadResourceRequestParamsSchema\n});\n\n/**\n * The server's response to a {@linkcode ReadResourceRequest | resources/read} request from the client.\n */\nexport const ReadResourceResultSchema = ResultSchema.extend({\n contents: z.array(z.union([TextResourceContentsSchema, BlobResourceContentsSchema]))\n});\n\n/**\n * An optional notification from the server to the client, informing it that the list of resources it can read from has changed. This may be issued by servers without any previous subscription from the client.\n */\nexport const ResourceListChangedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/resources/list_changed'),\n params: NotificationsParamsSchema.optional()\n});\n\nexport const SubscribeRequestParamsSchema = ResourceRequestParamsSchema;\n/**\n * Sent from the client to request `resources/updated` notifications from the server whenever a particular resource changes.\n */\nexport const SubscribeRequestSchema = RequestSchema.extend({\n method: z.literal('resources/subscribe'),\n params: SubscribeRequestParamsSchema\n});\n\nexport const UnsubscribeRequestParamsSchema = ResourceRequestParamsSchema;\n/**\n * Sent from the client to request cancellation of {@linkcode ResourceUpdatedNotification | resources/updated} notifications from the server. This should follow a previous {@linkcode SubscribeRequest | resources/subscribe} request.\n */\nexport const UnsubscribeRequestSchema = RequestSchema.extend({\n method: z.literal('resources/unsubscribe'),\n params: UnsubscribeRequestParamsSchema\n});\n\n/**\n * Parameters for a {@linkcode ResourceUpdatedNotification | notifications/resources/updated} notification.\n */\nexport const ResourceUpdatedNotificationParamsSchema = NotificationsParamsSchema.extend({\n /**\n * The URI of the resource that has been updated. This might be a sub-resource of the one that the client actually subscribed to.\n */\n uri: z.string()\n});\n\n/**\n * A notification from the server to the client, informing it that a resource has changed and may need to be read again. This should only be sent if the client previously sent a {@linkcode SubscribeRequest | resources/subscribe} request.\n */\nexport const ResourceUpdatedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/resources/updated'),\n params: ResourceUpdatedNotificationParamsSchema\n});\n\n/* Prompts */\n/**\n * Describes an argument that a prompt can accept.\n */\nexport const PromptArgumentSchema = z.object({\n /**\n * The name of the argument.\n */\n name: z.string(),\n /**\n * A human-readable description of the argument.\n */\n description: z.optional(z.string()),\n /**\n * Whether this argument must be provided.\n */\n required: z.optional(z.boolean())\n});\n\n/**\n * A prompt or prompt template that the server offers.\n */\nexport const PromptSchema = z.object({\n ...BaseMetadataSchema.shape,\n ...IconsSchema.shape,\n /**\n * An optional description of what this prompt provides\n */\n description: z.optional(z.string()),\n /**\n * A list of arguments to use for templating the prompt.\n */\n arguments: z.optional(z.array(PromptArgumentSchema)),\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.optional(z.looseObject({}))\n});\n\n/**\n * Sent from the client to request a list of prompts and prompt templates the server has.\n */\nexport const ListPromptsRequestSchema = PaginatedRequestSchema.extend({\n method: z.literal('prompts/list')\n});\n\n/**\n * The server's response to a {@linkcode ListPromptsRequest | prompts/list} request from the client.\n */\nexport const ListPromptsResultSchema = PaginatedResultSchema.extend({\n prompts: z.array(PromptSchema)\n});\n\n/**\n * Parameters for a {@linkcode GetPromptRequest | prompts/get} request.\n */\nexport const GetPromptRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * The name of the prompt or prompt template.\n */\n name: z.string(),\n /**\n * Arguments to use for templating the prompt.\n */\n arguments: z.record(z.string(), z.string()).optional()\n});\n/**\n * Used by the client to get a prompt provided by the server.\n */\nexport const GetPromptRequestSchema = RequestSchema.extend({\n method: z.literal('prompts/get'),\n params: GetPromptRequestParamsSchema\n});\n\n/**\n * Text provided to or from an LLM.\n */\nexport const TextContentSchema = z.object({\n type: z.literal('text'),\n /**\n * The text content of the message.\n */\n text: z.string(),\n\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * An image provided to or from an LLM.\n */\nexport const ImageContentSchema = z.object({\n type: z.literal('image'),\n /**\n * The base64-encoded image data.\n */\n data: Base64Schema,\n /**\n * The MIME type of the image. Different providers may support different image types.\n */\n mimeType: z.string(),\n\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Audio content provided to or from an LLM.\n */\nexport const AudioContentSchema = z.object({\n type: z.literal('audio'),\n /**\n * The base64-encoded audio data.\n */\n data: Base64Schema,\n /**\n * The MIME type of the audio. Different providers may support different audio types.\n */\n mimeType: z.string(),\n\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * A tool call request from an assistant (LLM).\n * Represents the assistant's request to use a tool.\n */\nexport const ToolUseContentSchema = z.object({\n type: z.literal('tool_use'),\n /**\n * The name of the tool to invoke.\n * Must match a tool name from the request's tools array.\n */\n name: z.string(),\n /**\n * Unique identifier for this tool call.\n * Used to correlate with {@linkcode ToolResultContent} in subsequent messages.\n */\n id: z.string(),\n /**\n * Arguments to pass to the tool.\n * Must conform to the tool's `inputSchema`.\n */\n input: z.record(z.string(), z.unknown()),\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * The contents of a resource, embedded into a prompt or tool call result.\n */\nexport const EmbeddedResourceSchema = z.object({\n type: z.literal('resource'),\n resource: z.union([TextResourceContentsSchema, BlobResourceContentsSchema]),\n /**\n * Optional annotations for the client.\n */\n annotations: AnnotationsSchema.optional(),\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * A resource that the server is capable of reading, included in a prompt or tool call result.\n *\n * Note: resource links returned by tools are not guaranteed to appear in the results of {@linkcode ListResourcesRequest | resources/list} requests.\n */\nexport const ResourceLinkSchema = ResourceSchema.extend({\n type: z.literal('resource_link')\n});\n\n/**\n * A content block that can be used in prompts and tool results.\n */\nexport const ContentBlockSchema = z.union([\n TextContentSchema,\n ImageContentSchema,\n AudioContentSchema,\n ResourceLinkSchema,\n EmbeddedResourceSchema\n]);\n\n/**\n * Describes a message returned as part of a prompt.\n */\nexport const PromptMessageSchema = z.object({\n role: RoleSchema,\n content: ContentBlockSchema\n});\n\n/**\n * The server's response to a {@linkcode GetPromptRequest | prompts/get} request from the client.\n */\nexport const GetPromptResultSchema = ResultSchema.extend({\n /**\n * An optional description for the prompt.\n */\n description: z.string().optional(),\n messages: z.array(PromptMessageSchema)\n});\n\n/**\n * An optional notification from the server to the client, informing it that the list of prompts it offers has changed. This may be issued by servers without any previous subscription from the client.\n */\nexport const PromptListChangedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/prompts/list_changed'),\n params: NotificationsParamsSchema.optional()\n});\n\n/* Tools */\n/**\n * Additional properties describing a {@linkcode Tool} to clients.\n *\n * NOTE: all properties in {@linkcode ToolAnnotations} are **hints**.\n * They are not guaranteed to provide a faithful description of\n * tool behavior (including descriptive properties like `title`).\n *\n * Clients should never make tool use decisions based on {@linkcode ToolAnnotations}\n * received from untrusted servers.\n */\nexport const ToolAnnotationsSchema = z.object({\n /**\n * A human-readable title for the tool.\n */\n title: z.string().optional(),\n\n /**\n * If `true`, the tool does not modify its environment.\n *\n * Default: `false`\n */\n readOnlyHint: z.boolean().optional(),\n\n /**\n * If `true`, the tool may perform destructive updates to its environment.\n * If `false`, the tool performs only additive updates.\n *\n * (This property is meaningful only when `readOnlyHint == false`)\n *\n * Default: `true`\n */\n destructiveHint: z.boolean().optional(),\n\n /**\n * If `true`, calling the tool repeatedly with the same arguments\n * will have no additional effect on its environment.\n *\n * (This property is meaningful only when `readOnlyHint == false`)\n *\n * Default: `false`\n */\n idempotentHint: z.boolean().optional(),\n\n /**\n * If `true`, this tool may interact with an \"open world\" of external\n * entities. If `false`, the tool's domain of interaction is closed.\n * For example, the world of a web search tool is open, whereas that\n * of a memory tool is not.\n *\n * Default: `true`\n */\n openWorldHint: z.boolean().optional()\n});\n\n/**\n * Execution-related properties for a tool.\n */\nexport const ToolExecutionSchema = z.object({\n /**\n * Indicates the tool's preference for task-augmented execution.\n * - `\"required\"`: Clients MUST invoke the tool as a task\n * - `\"optional\"`: Clients MAY invoke the tool as a task or normal request\n * - `\"forbidden\"`: Clients MUST NOT attempt to invoke the tool as a task\n *\n * If not present, defaults to `\"forbidden\"`.\n */\n taskSupport: z.enum(['required', 'optional', 'forbidden']).optional()\n});\n\n/**\n * Definition for a tool the client can call.\n */\nexport const ToolSchema = z.object({\n ...BaseMetadataSchema.shape,\n ...IconsSchema.shape,\n /**\n * A human-readable description of the tool.\n */\n description: z.string().optional(),\n /**\n * A JSON Schema 2020-12 object defining the expected parameters for the tool.\n * Must have `type: 'object'` at the root level per MCP spec.\n */\n inputSchema: z\n .object({\n type: z.literal('object'),\n properties: z.record(z.string(), JSONValueSchema).optional(),\n required: z.array(z.string()).optional()\n })\n .catchall(z.unknown()),\n /**\n * An optional JSON Schema 2020-12 object defining the structure of the tool's output\n * returned in the `structuredContent` field of a {@linkcode CallToolResult}.\n * Must have `type: 'object'` at the root level per MCP spec.\n */\n outputSchema: z\n .object({\n type: z.literal('object'),\n properties: z.record(z.string(), JSONValueSchema).optional(),\n required: z.array(z.string()).optional()\n })\n .catchall(z.unknown())\n .optional(),\n /**\n * Optional additional tool information.\n */\n annotations: ToolAnnotationsSchema.optional(),\n /**\n * Execution-related properties for this tool.\n */\n execution: ToolExecutionSchema.optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Sent from the client to request a list of tools the server has.\n */\nexport const ListToolsRequestSchema = PaginatedRequestSchema.extend({\n method: z.literal('tools/list')\n});\n\n/**\n * The server's response to a {@linkcode ListToolsRequest | tools/list} request from the client.\n */\nexport const ListToolsResultSchema = PaginatedResultSchema.extend({\n tools: z.array(ToolSchema)\n});\n\n/**\n * The server's response to a tool call.\n */\nexport const CallToolResultSchema = ResultSchema.extend({\n /**\n * A list of content objects that represent the result of the tool call.\n *\n * If the {@linkcode Tool} does not define an outputSchema, this field MUST be present in the result.\n * For backwards compatibility, this field is always present, but it may be empty.\n */\n content: z.array(ContentBlockSchema).default([]),\n\n /**\n * An object containing structured tool output.\n *\n * If the {@linkcode Tool} defines an outputSchema, this field MUST be present in the result, and contain a JSON object that matches the schema.\n */\n structuredContent: z.record(z.string(), z.unknown()).optional(),\n\n /**\n * Whether the tool call ended in an error.\n *\n * If not set, this is assumed to be `false` (the call was successful).\n *\n * Any errors that originate from the tool SHOULD be reported inside the result\n * object, with `isError` set to `true`, _not_ as an MCP protocol-level error\n * response. Otherwise, the LLM would not be able to see that an error occurred\n * and self-correct.\n *\n * However, any errors in _finding_ the tool, an error indicating that the\n * server does not support tool calls, or any other exceptional conditions,\n * should be reported as an MCP error response.\n */\n isError: z.boolean().optional()\n});\n\n/**\n * {@linkcode CallToolResultSchema} extended with backwards compatibility to protocol version 2024-10-07.\n */\nexport const CompatibilityCallToolResultSchema = CallToolResultSchema.or(\n ResultSchema.extend({\n toolResult: z.unknown()\n })\n);\n\n/**\n * Parameters for a `tools/call` request.\n */\nexport const CallToolRequestParamsSchema = TaskAugmentedRequestParamsSchema.extend({\n /**\n * The name of the tool to call.\n */\n name: z.string(),\n /**\n * Arguments to pass to the tool.\n */\n arguments: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Used by the client to invoke a tool provided by the server.\n */\nexport const CallToolRequestSchema = RequestSchema.extend({\n method: z.literal('tools/call'),\n params: CallToolRequestParamsSchema\n});\n\n/**\n * An optional notification from the server to the client, informing it that the list of tools it offers has changed. This may be issued by servers without any previous subscription from the client.\n */\nexport const ToolListChangedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/tools/list_changed'),\n params: NotificationsParamsSchema.optional()\n});\n\n/**\n * Callback type for list changed notifications.\n */\nexport type ListChangedCallback = (error: Error | null, items: T[] | null) => void;\n\n/**\n * Base schema for list changed subscription options (without callback).\n * Used internally for Zod validation of `autoRefresh` and `debounceMs`.\n */\nexport const ListChangedOptionsBaseSchema = z.object({\n /**\n * If `true`, the list will be refreshed automatically when a list changed notification is received.\n * The callback will be called with the updated list.\n *\n * If `false`, the callback will be called with `null` items, allowing manual refresh.\n *\n * @default true\n */\n autoRefresh: z.boolean().default(true),\n /**\n * Debounce time in milliseconds for list changed notification processing.\n *\n * Multiple notifications received within this timeframe will only trigger one refresh.\n * Set to `0` to disable debouncing.\n *\n * @default 300\n */\n debounceMs: z.number().int().nonnegative().default(300)\n});\n\n/**\n * Options for subscribing to list changed notifications.\n *\n * @typeParam T - The type of items in the list ({@linkcode Tool}, {@linkcode Prompt}, or {@linkcode Resource})\n */\nexport type ListChangedOptions = {\n /**\n * If `true`, the list will be refreshed automatically when a list changed notification is received.\n * @default true\n */\n autoRefresh?: boolean;\n /**\n * Debounce time in milliseconds. Set to `0` to disable.\n * @default 300\n */\n debounceMs?: number;\n /**\n * Callback invoked when the list changes.\n *\n * If `autoRefresh` is `true`, `items` contains the updated list.\n * If `autoRefresh` is `false`, `items` is `null` (caller should refresh manually).\n */\n onChanged: ListChangedCallback;\n};\n\n/**\n * Configuration for list changed notification handlers.\n *\n * Use this to configure handlers for tools, prompts, and resources list changes\n * when creating a client.\n *\n * Note: Handlers are only activated if the server advertises the corresponding\n * `listChanged` capability (e.g., `tools.listChanged: true`). If the server\n * doesn't advertise this capability, the handler will not be set up.\n */\nexport type ListChangedHandlers = {\n /**\n * Handler for tool list changes.\n */\n tools?: ListChangedOptions;\n /**\n * Handler for prompt list changes.\n */\n prompts?: ListChangedOptions;\n /**\n * Handler for resource list changes.\n */\n resources?: ListChangedOptions;\n};\n\n/* Logging */\n/**\n * The severity of a log message.\n */\nexport const LoggingLevelSchema = z.enum(['debug', 'info', 'notice', 'warning', 'error', 'critical', 'alert', 'emergency']);\n\n/**\n * Parameters for a `logging/setLevel` request.\n */\nexport const SetLevelRequestParamsSchema = BaseRequestParamsSchema.extend({\n /**\n * The level of logging that the client wants to receive from the server. The server should send all logs at this level and higher (i.e., more severe) to the client as `notifications/logging/message`.\n */\n level: LoggingLevelSchema\n});\n/**\n * A request from the client to the server, to enable or adjust logging.\n */\nexport const SetLevelRequestSchema = RequestSchema.extend({\n method: z.literal('logging/setLevel'),\n params: SetLevelRequestParamsSchema\n});\n\n/**\n * Parameters for a `notifications/message` notification.\n */\nexport const LoggingMessageNotificationParamsSchema = NotificationsParamsSchema.extend({\n /**\n * The severity of this log message.\n */\n level: LoggingLevelSchema,\n /**\n * An optional name of the logger issuing this message.\n */\n logger: z.string().optional(),\n /**\n * The data to be logged, such as a string message or an object. Any JSON serializable type is allowed here.\n */\n data: z.unknown()\n});\n/**\n * Notification of a log message passed from server to client. If no `logging/setLevel` request has been sent from the client, the server MAY decide which messages to send automatically.\n */\nexport const LoggingMessageNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/message'),\n params: LoggingMessageNotificationParamsSchema\n});\n\n/* Sampling */\n/**\n * Hints to use for model selection.\n */\nexport const ModelHintSchema = z.object({\n /**\n * A hint for a model name.\n */\n name: z.string().optional()\n});\n\n/**\n * The server's preferences for model selection, requested of the client during sampling.\n */\nexport const ModelPreferencesSchema = z.object({\n /**\n * Optional hints to use for model selection.\n */\n hints: z.array(ModelHintSchema).optional(),\n /**\n * How much to prioritize cost when selecting a model.\n */\n costPriority: z.number().min(0).max(1).optional(),\n /**\n * How much to prioritize sampling speed (latency) when selecting a model.\n */\n speedPriority: z.number().min(0).max(1).optional(),\n /**\n * How much to prioritize intelligence and capabilities when selecting a model.\n */\n intelligencePriority: z.number().min(0).max(1).optional()\n});\n\n/**\n * Controls tool usage behavior in sampling requests.\n */\nexport const ToolChoiceSchema = z.object({\n /**\n * Controls when tools are used:\n * - `\"auto\"`: Model decides whether to use tools (default)\n * - `\"required\"`: Model MUST use at least one tool before completing\n * - `\"none\"`: Model MUST NOT use any tools\n */\n mode: z.enum(['auto', 'required', 'none']).optional()\n});\n\n/**\n * The result of a tool execution, provided by the user (server).\n * Represents the outcome of invoking a tool requested via {@linkcode ToolUseContent}.\n */\nexport const ToolResultContentSchema = z.object({\n type: z.literal('tool_result'),\n toolUseId: z.string().describe('The unique identifier for the corresponding tool call.'),\n content: z.array(ContentBlockSchema).default([]),\n structuredContent: z.object({}).loose().optional(),\n isError: z.boolean().optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Basic content types for sampling responses (without tool use).\n * Used for backwards-compatible {@linkcode CreateMessageResult} when tools are not used.\n */\nexport const SamplingContentSchema = z.discriminatedUnion('type', [TextContentSchema, ImageContentSchema, AudioContentSchema]);\n\n/**\n * Content block types allowed in sampling messages.\n * This includes text, image, audio, tool use requests, and tool results.\n */\nexport const SamplingMessageContentBlockSchema = z.discriminatedUnion('type', [\n TextContentSchema,\n ImageContentSchema,\n AudioContentSchema,\n ToolUseContentSchema,\n ToolResultContentSchema\n]);\n\n/**\n * Describes a message issued to or received from an LLM API.\n */\nexport const SamplingMessageSchema = z.object({\n role: RoleSchema,\n content: z.union([SamplingMessageContentBlockSchema, z.array(SamplingMessageContentBlockSchema)]),\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Parameters for a `sampling/createMessage` request.\n */\nexport const CreateMessageRequestParamsSchema = TaskAugmentedRequestParamsSchema.extend({\n messages: z.array(SamplingMessageSchema),\n /**\n * The server's preferences for which model to select. The client MAY modify or omit this request.\n */\n modelPreferences: ModelPreferencesSchema.optional(),\n /**\n * An optional system prompt the server wants to use for sampling. The client MAY modify or omit this prompt.\n */\n systemPrompt: z.string().optional(),\n /**\n * A request to include context from one or more MCP servers (including the caller), to be attached to the prompt.\n * The client MAY ignore this request.\n *\n * Default is `\"none\"`. Values `\"thisServer\"` and `\"allServers\"` are soft-deprecated. Servers SHOULD only use these values if the client\n * declares {@linkcode ClientCapabilities}.`sampling.context`. These values may be removed in future spec releases.\n */\n includeContext: z.enum(['none', 'thisServer', 'allServers']).optional(),\n temperature: z.number().optional(),\n /**\n * The requested maximum number of tokens to sample (to prevent runaway completions).\n *\n * The client MAY choose to sample fewer tokens than the requested maximum.\n */\n maxTokens: z.number().int(),\n stopSequences: z.array(z.string()).optional(),\n /**\n * Optional metadata to pass through to the LLM provider. The format of this metadata is provider-specific.\n */\n metadata: JSONObjectSchema.optional(),\n /**\n * Tools that the model may use during generation.\n * The client MUST return an error if this field is provided but {@linkcode ClientCapabilities}.`sampling.tools` is not declared.\n */\n tools: z.array(ToolSchema).optional(),\n /**\n * Controls how the model uses tools.\n * The client MUST return an error if this field is provided but {@linkcode ClientCapabilities}.`sampling.tools` is not declared.\n * Default is `{ mode: \"auto\" }`.\n */\n toolChoice: ToolChoiceSchema.optional()\n});\n/**\n * A request from the server to sample an LLM via the client. The client has full discretion over which model to select. The client should also inform the user before beginning sampling, to allow them to inspect the request (human in the loop) and decide whether to approve it.\n */\nexport const CreateMessageRequestSchema = RequestSchema.extend({\n method: z.literal('sampling/createMessage'),\n params: CreateMessageRequestParamsSchema\n});\n\n/**\n * The client's response to a `sampling/create_message` request from the server.\n * This is the backwards-compatible version that returns single content (no arrays).\n * Used when the request does not include tools.\n */\nexport const CreateMessageResultSchema = ResultSchema.extend({\n /**\n * The name of the model that generated the message.\n */\n model: z.string(),\n /**\n * The reason why sampling stopped, if known.\n *\n * Standard values:\n * - `\"endTurn\"`: Natural end of the assistant's turn\n * - `\"stopSequence\"`: A stop sequence was encountered\n * - `\"maxTokens\"`: Maximum token limit was reached\n *\n * This field is an open string to allow for provider-specific stop reasons.\n */\n stopReason: z.optional(z.enum(['endTurn', 'stopSequence', 'maxTokens']).or(z.string())),\n role: RoleSchema,\n /**\n * Response content. Single content block (text, image, or audio).\n */\n content: SamplingContentSchema\n});\n\n/**\n * The client's response to a `sampling/create_message` request when tools were provided.\n * This version supports array content for tool use flows.\n */\nexport const CreateMessageResultWithToolsSchema = ResultSchema.extend({\n /**\n * The name of the model that generated the message.\n */\n model: z.string(),\n /**\n * The reason why sampling stopped, if known.\n *\n * Standard values:\n * - `\"endTurn\"`: Natural end of the assistant's turn\n * - `\"stopSequence\"`: A stop sequence was encountered\n * - `\"maxTokens\"`: Maximum token limit was reached\n * - `\"toolUse\"`: The model wants to use one or more tools\n *\n * This field is an open string to allow for provider-specific stop reasons.\n */\n stopReason: z.optional(z.enum(['endTurn', 'stopSequence', 'maxTokens', 'toolUse']).or(z.string())),\n role: RoleSchema,\n /**\n * Response content. May be a single block or array. May include {@linkcode ToolUseContent} if `stopReason` is `\"toolUse\"`.\n */\n content: z.union([SamplingMessageContentBlockSchema, z.array(SamplingMessageContentBlockSchema)])\n});\n\n/* Elicitation */\n/**\n * Primitive schema definition for boolean fields.\n */\nexport const BooleanSchemaSchema = z.object({\n type: z.literal('boolean'),\n title: z.string().optional(),\n description: z.string().optional(),\n default: z.boolean().optional()\n});\n\n/**\n * Primitive schema definition for string fields.\n */\nexport const StringSchemaSchema = z.object({\n type: z.literal('string'),\n title: z.string().optional(),\n description: z.string().optional(),\n minLength: z.number().optional(),\n maxLength: z.number().optional(),\n format: z.enum(['email', 'uri', 'date', 'date-time']).optional(),\n default: z.string().optional()\n});\n\n/**\n * Primitive schema definition for number fields.\n */\nexport const NumberSchemaSchema = z.object({\n type: z.enum(['number', 'integer']),\n title: z.string().optional(),\n description: z.string().optional(),\n minimum: z.number().optional(),\n maximum: z.number().optional(),\n default: z.number().optional()\n});\n\n/**\n * Schema for single-selection enumeration without display titles for options.\n */\nexport const UntitledSingleSelectEnumSchemaSchema = z.object({\n type: z.literal('string'),\n title: z.string().optional(),\n description: z.string().optional(),\n enum: z.array(z.string()),\n default: z.string().optional()\n});\n\n/**\n * Schema for single-selection enumeration with display titles for each option.\n */\nexport const TitledSingleSelectEnumSchemaSchema = z.object({\n type: z.literal('string'),\n title: z.string().optional(),\n description: z.string().optional(),\n oneOf: z.array(\n z.object({\n const: z.string(),\n title: z.string()\n })\n ),\n default: z.string().optional()\n});\n\n/**\n * Use {@linkcode TitledSingleSelectEnumSchema} instead.\n * This interface will be removed in a future version.\n */\nexport const LegacyTitledEnumSchemaSchema = z.object({\n type: z.literal('string'),\n title: z.string().optional(),\n description: z.string().optional(),\n enum: z.array(z.string()),\n enumNames: z.array(z.string()).optional(),\n default: z.string().optional()\n});\n\n// Combined single selection enumeration\nexport const SingleSelectEnumSchemaSchema = z.union([UntitledSingleSelectEnumSchemaSchema, TitledSingleSelectEnumSchemaSchema]);\n\n/**\n * Schema for multiple-selection enumeration without display titles for options.\n */\nexport const UntitledMultiSelectEnumSchemaSchema = z.object({\n type: z.literal('array'),\n title: z.string().optional(),\n description: z.string().optional(),\n minItems: z.number().optional(),\n maxItems: z.number().optional(),\n items: z.object({\n type: z.literal('string'),\n enum: z.array(z.string())\n }),\n default: z.array(z.string()).optional()\n});\n\n/**\n * Schema for multiple-selection enumeration with display titles for each option.\n */\nexport const TitledMultiSelectEnumSchemaSchema = z.object({\n type: z.literal('array'),\n title: z.string().optional(),\n description: z.string().optional(),\n minItems: z.number().optional(),\n maxItems: z.number().optional(),\n items: z.object({\n anyOf: z.array(\n z.object({\n const: z.string(),\n title: z.string()\n })\n )\n }),\n default: z.array(z.string()).optional()\n});\n\n/**\n * Combined schema for multiple-selection enumeration\n */\nexport const MultiSelectEnumSchemaSchema = z.union([UntitledMultiSelectEnumSchemaSchema, TitledMultiSelectEnumSchemaSchema]);\n\n/**\n * Primitive schema definition for enum fields.\n */\nexport const EnumSchemaSchema = z.union([LegacyTitledEnumSchemaSchema, SingleSelectEnumSchemaSchema, MultiSelectEnumSchemaSchema]);\n\n/**\n * Union of all primitive schema definitions.\n */\nexport const PrimitiveSchemaDefinitionSchema = z.union([EnumSchemaSchema, BooleanSchemaSchema, StringSchemaSchema, NumberSchemaSchema]);\n\n/**\n * Parameters for an `elicitation/create` request for form-based elicitation.\n */\nexport const ElicitRequestFormParamsSchema = TaskAugmentedRequestParamsSchema.extend({\n /**\n * The elicitation mode.\n *\n * Optional for backward compatibility. Clients MUST treat missing `mode` as `\"form\"`.\n */\n mode: z.literal('form').optional(),\n /**\n * The message to present to the user describing what information is being requested.\n */\n message: z.string(),\n /**\n * A restricted subset of JSON Schema.\n * Only top-level properties are allowed, without nesting.\n */\n requestedSchema: z.object({\n type: z.literal('object'),\n properties: z.record(z.string(), PrimitiveSchemaDefinitionSchema),\n required: z.array(z.string()).optional()\n })\n});\n\n/**\n * Parameters for an {@linkcode ElicitRequest | elicitation/create} request for URL-based elicitation.\n */\nexport const ElicitRequestURLParamsSchema = TaskAugmentedRequestParamsSchema.extend({\n /**\n * The elicitation mode.\n */\n mode: z.literal('url'),\n /**\n * The message to present to the user explaining why the interaction is needed.\n */\n message: z.string(),\n /**\n * The ID of the elicitation, which must be unique within the context of the server.\n * The client MUST treat this ID as an opaque value.\n */\n elicitationId: z.string(),\n /**\n * The URL that the user should navigate to.\n */\n url: z.string().url()\n});\n\n/**\n * The parameters for a request to elicit additional information from the user via the client.\n */\nexport const ElicitRequestParamsSchema = z.union([ElicitRequestFormParamsSchema, ElicitRequestURLParamsSchema]);\n\n/**\n * A request from the server to elicit user input via the client.\n * The client should present the message and form fields to the user (form mode)\n * or navigate to a URL (URL mode).\n */\nexport const ElicitRequestSchema = RequestSchema.extend({\n method: z.literal('elicitation/create'),\n params: ElicitRequestParamsSchema\n});\n\n/**\n * Parameters for a {@linkcode ElicitationCompleteNotification | notifications/elicitation/complete} notification.\n *\n * @category notifications/elicitation/complete\n */\nexport const ElicitationCompleteNotificationParamsSchema = NotificationsParamsSchema.extend({\n /**\n * The ID of the elicitation that completed.\n */\n elicitationId: z.string()\n});\n\n/**\n * A notification from the server to the client, informing it of a completion of an out-of-band elicitation request.\n *\n * @category notifications/elicitation/complete\n */\nexport const ElicitationCompleteNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/elicitation/complete'),\n params: ElicitationCompleteNotificationParamsSchema\n});\n\n/**\n * The client's response to an {@linkcode ElicitRequest | elicitation/create} request from the server.\n */\nexport const ElicitResultSchema = ResultSchema.extend({\n /**\n * The user action in response to the elicitation.\n * - `\"accept\"`: User submitted the form/confirmed the action\n * - `\"decline\"`: User explicitly declined the action\n * - `\"cancel\"`: User dismissed without making an explicit choice\n */\n action: z.enum(['accept', 'decline', 'cancel']),\n /**\n * The submitted form data, only present when action is `\"accept\"`.\n * Contains values matching the requested schema.\n * Per MCP spec, content is \"typically omitted\" for decline/cancel actions.\n * We normalize `null` to `undefined` for leniency while maintaining type compatibility.\n */\n content: z.preprocess(\n val => (val === null ? undefined : val),\n z.record(z.string(), z.union([z.string(), z.number(), z.boolean(), z.array(z.string())])).optional()\n )\n});\n\n/* Autocomplete */\n/**\n * A reference to a resource or resource template definition.\n */\nexport const ResourceTemplateReferenceSchema = z.object({\n type: z.literal('ref/resource'),\n /**\n * The URI or URI template of the resource.\n */\n uri: z.string()\n});\n\n/**\n * Identifies a prompt.\n */\nexport const PromptReferenceSchema = z.object({\n type: z.literal('ref/prompt'),\n /**\n * The name of the prompt or prompt template\n */\n name: z.string()\n});\n\n/**\n * Parameters for a {@linkcode CompleteRequest | completion/complete} request.\n */\nexport const CompleteRequestParamsSchema = BaseRequestParamsSchema.extend({\n ref: z.union([PromptReferenceSchema, ResourceTemplateReferenceSchema]),\n /**\n * The argument's information\n */\n argument: z.object({\n /**\n * The name of the argument\n */\n name: z.string(),\n /**\n * The value of the argument to use for completion matching.\n */\n value: z.string()\n }),\n context: z\n .object({\n /**\n * Previously-resolved variables in a URI template or prompt.\n */\n arguments: z.record(z.string(), z.string()).optional()\n })\n .optional()\n});\n/**\n * A request from the client to the server, to ask for completion options.\n */\nexport const CompleteRequestSchema = RequestSchema.extend({\n method: z.literal('completion/complete'),\n params: CompleteRequestParamsSchema\n});\n\nexport function assertCompleteRequestPrompt(request: CompleteRequest): asserts request is CompleteRequestPrompt {\n if (request.params.ref.type !== 'ref/prompt') {\n throw new TypeError(`Expected CompleteRequestPrompt, but got ${request.params.ref.type}`);\n }\n void (request as CompleteRequestPrompt);\n}\n\nexport function assertCompleteRequestResourceTemplate(request: CompleteRequest): asserts request is CompleteRequestResourceTemplate {\n if (request.params.ref.type !== 'ref/resource') {\n throw new TypeError(`Expected CompleteRequestResourceTemplate, but got ${request.params.ref.type}`);\n }\n void (request as CompleteRequestResourceTemplate);\n}\n\n/**\n * The server's response to a {@linkcode CompleteRequest | completion/complete} request\n */\nexport const CompleteResultSchema = ResultSchema.extend({\n completion: z.looseObject({\n /**\n * An array of completion values. Must not exceed 100 items.\n */\n values: z.array(z.string()).max(100),\n /**\n * The total number of completion options available. This can exceed the number of values actually sent in the response.\n */\n total: z.optional(z.number().int()),\n /**\n * Indicates whether there are additional completion options beyond those provided in the current response, even if the exact total is unknown.\n */\n hasMore: z.optional(z.boolean())\n })\n});\n\n/* Roots */\n/**\n * Represents a root directory or file that the server can operate on.\n */\nexport const RootSchema = z.object({\n /**\n * The URI identifying the root. This *must* start with `file://` for now.\n */\n uri: z.string().startsWith('file://'),\n /**\n * An optional name for the root.\n */\n name: z.string().optional(),\n\n /**\n * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)\n * for notes on `_meta` usage.\n */\n _meta: z.record(z.string(), z.unknown()).optional()\n});\n\n/**\n * Sent from the server to request a list of root URIs from the client.\n */\nexport const ListRootsRequestSchema = RequestSchema.extend({\n method: z.literal('roots/list'),\n params: BaseRequestParamsSchema.optional()\n});\n\n/**\n * The client's response to a `roots/list` request from the server.\n */\nexport const ListRootsResultSchema = ResultSchema.extend({\n roots: z.array(RootSchema)\n});\n\n/**\n * A notification from the client to the server, informing it that the list of roots has changed.\n */\nexport const RootsListChangedNotificationSchema = NotificationSchema.extend({\n method: z.literal('notifications/roots/list_changed'),\n params: NotificationsParamsSchema.optional()\n});\n\n/* Client messages */\nexport const ClientRequestSchema = z.union([\n PingRequestSchema,\n InitializeRequestSchema,\n CompleteRequestSchema,\n SetLevelRequestSchema,\n GetPromptRequestSchema,\n ListPromptsRequestSchema,\n ListResourcesRequestSchema,\n ListResourceTemplatesRequestSchema,\n ReadResourceRequestSchema,\n SubscribeRequestSchema,\n UnsubscribeRequestSchema,\n CallToolRequestSchema,\n ListToolsRequestSchema,\n GetTaskRequestSchema,\n GetTaskPayloadRequestSchema,\n ListTasksRequestSchema,\n CancelTaskRequestSchema\n]);\n\nexport const ClientNotificationSchema = z.union([\n CancelledNotificationSchema,\n ProgressNotificationSchema,\n InitializedNotificationSchema,\n RootsListChangedNotificationSchema,\n TaskStatusNotificationSchema\n]);\n\nexport const ClientResultSchema = z.union([\n EmptyResultSchema,\n CreateMessageResultSchema,\n CreateMessageResultWithToolsSchema,\n ElicitResultSchema,\n ListRootsResultSchema,\n GetTaskResultSchema,\n ListTasksResultSchema,\n CreateTaskResultSchema\n]);\n\n/* Server messages */\nexport const ServerRequestSchema = z.union([\n PingRequestSchema,\n CreateMessageRequestSchema,\n ElicitRequestSchema,\n ListRootsRequestSchema,\n GetTaskRequestSchema,\n GetTaskPayloadRequestSchema,\n ListTasksRequestSchema,\n CancelTaskRequestSchema\n]);\n\nexport const ServerNotificationSchema = z.union([\n CancelledNotificationSchema,\n ProgressNotificationSchema,\n LoggingMessageNotificationSchema,\n ResourceUpdatedNotificationSchema,\n ResourceListChangedNotificationSchema,\n ToolListChangedNotificationSchema,\n PromptListChangedNotificationSchema,\n TaskStatusNotificationSchema,\n ElicitationCompleteNotificationSchema\n]);\n\nexport const ServerResultSchema = z.union([\n EmptyResultSchema,\n InitializeResultSchema,\n CompleteResultSchema,\n GetPromptResultSchema,\n ListPromptsResultSchema,\n ListResourcesResultSchema,\n ListResourceTemplatesResultSchema,\n ReadResourceResultSchema,\n CallToolResultSchema,\n ListToolsResultSchema,\n GetTaskResultSchema,\n ListTasksResultSchema,\n CreateTaskResultSchema\n]);\n\n/**\n * Protocol errors are JSON-RPC errors that cross the wire as error responses.\n * They use numeric error codes from the {@linkcode ProtocolErrorCode} enum.\n */\nexport class ProtocolError extends Error {\n constructor(\n public readonly code: number,\n message: string,\n public readonly data?: unknown\n ) {\n super(`MCP error ${code}: ${message}`);\n this.name = 'ProtocolError';\n }\n\n /**\n * Factory method to create the appropriate error type based on the error code and data\n */\n static fromError(code: number, message: string, data?: unknown): ProtocolError {\n // Check for specific error types\n if (code === ProtocolErrorCode.UrlElicitationRequired && data) {\n const errorData = data as { elicitations?: unknown[] };\n if (errorData.elicitations) {\n return new UrlElicitationRequiredError(errorData.elicitations as ElicitRequestURLParams[], message);\n }\n }\n\n // Default to generic ProtocolError\n return new ProtocolError(code, message, data);\n }\n}\n\n/**\n * Specialized error type when a tool requires a URL mode elicitation.\n * This makes it nicer for the client to handle since there is specific data to work with instead of just a code to check against.\n */\nexport class UrlElicitationRequiredError extends ProtocolError {\n constructor(elicitations: ElicitRequestURLParams[], message: string = `URL elicitation${elicitations.length > 1 ? 's' : ''} required`) {\n super(ProtocolErrorCode.UrlElicitationRequired, message, {\n elicitations: elicitations\n });\n }\n\n get elicitations(): ElicitRequestURLParams[] {\n return (this.data as { elicitations: ElicitRequestURLParams[] })?.elicitations ?? [];\n }\n}\n\ntype Primitive = string | number | boolean | bigint | null | undefined;\ntype Flatten = T extends Primitive\n ? T\n : T extends Array\n ? Array>\n : T extends Set\n ? Set>\n : T extends Map\n ? Map, Flatten>\n : T extends object\n ? { [K in keyof T]: Flatten }\n : T;\n\ntype Infer = Flatten>;\n\n/**\n * Information about the incoming request.\n */\nexport interface RequestInfo {\n /**\n * The headers of the request.\n */\n headers: Headers;\n}\n\n/**\n * Extra information about a message.\n */\nexport interface MessageExtraInfo {\n /**\n * The request information.\n */\n requestInfo?: RequestInfo;\n\n /**\n * The authentication information.\n */\n authInfo?: AuthInfo;\n\n /**\n * Callback to close the SSE stream for this request, triggering client reconnection.\n * Only available when using {@linkcode @modelcontextprotocol/node!streamableHttp.NodeStreamableHTTPServerTransport | NodeStreamableHTTPServerTransport} with eventStore configured.\n */\n closeSSEStream?: () => void;\n\n /**\n * Callback to close the standalone GET SSE stream, triggering client reconnection.\n * Only available when using {@linkcode @modelcontextprotocol/node!streamableHttp.NodeStreamableHTTPServerTransport | NodeStreamableHTTPServerTransport} with eventStore configured.\n */\n closeStandaloneSSEStream?: () => void;\n}\n\n/* JSON-RPC types */\nexport type ProgressToken = Infer;\nexport type Cursor = Infer;\nexport type Request = Infer;\nexport type TaskAugmentedRequestParams = Infer;\nexport type RequestMeta = Infer;\nexport type MetaObject = Record;\nexport type RequestMetaObject = RequestMeta;\nexport type Notification = Infer;\nexport type Result = Infer;\nexport type RequestId = Infer;\nexport type JSONRPCRequest = Infer;\nexport type JSONRPCNotification = Infer;\nexport type JSONRPCResponse = Infer;\nexport type JSONRPCErrorResponse = Infer;\nexport type JSONRPCResultResponse = Infer;\n\nexport type JSONRPCMessage = Infer;\nexport type RequestParams = Infer;\nexport type NotificationParams = Infer;\n\n/* Empty result */\nexport type EmptyResult = Infer;\n\n/* Cancellation */\nexport type CancelledNotificationParams = Infer;\nexport type CancelledNotification = Infer;\n\n/* Base Metadata */\nexport type Icon = Infer;\nexport type Icons = Infer;\nexport type BaseMetadata = Infer;\nexport type Annotations = Infer;\nexport type Role = Infer;\n\n/* Initialization */\nexport type Implementation = Infer;\nexport type ClientCapabilities = Infer;\nexport type InitializeRequestParams = Infer;\nexport type InitializeRequest = Infer;\nexport type ServerCapabilities = Infer;\nexport type InitializeResult = Infer;\nexport type InitializedNotification = Infer;\n\n/* Ping */\nexport type PingRequest = Infer;\n\n/* Progress notifications */\nexport type Progress = Infer;\nexport type ProgressNotificationParams = Infer;\nexport type ProgressNotification = Infer;\n\n/* Tasks */\nexport type Task = Infer;\nexport type TaskStatus = Infer;\nexport type TaskCreationParams = Infer;\nexport type TaskMetadata = Infer;\nexport type RelatedTaskMetadata = Infer;\nexport type CreateTaskResult = Infer;\nexport type TaskStatusNotificationParams = Infer;\nexport type TaskStatusNotification = Infer;\nexport type GetTaskRequest = Infer;\nexport type GetTaskResult = Infer;\nexport type GetTaskPayloadRequest = Infer;\nexport type ListTasksRequest = Infer;\nexport type ListTasksResult = Infer;\nexport type CancelTaskRequest = Infer;\nexport type CancelTaskResult = Infer;\nexport type GetTaskPayloadResult = Infer;\n\n/* Pagination */\nexport type PaginatedRequestParams = Infer;\nexport type PaginatedRequest = Infer;\nexport type PaginatedResult = Infer;\n\n/* Resources */\nexport type ResourceContents = Infer;\nexport type TextResourceContents = Infer;\nexport type BlobResourceContents = Infer;\nexport type Resource = Infer;\n// TODO: Overlaps with exported `ResourceTemplate` class from `server`.\nexport type ResourceTemplateType = Infer;\nexport type ListResourcesRequest = Infer;\nexport type ListResourcesResult = Infer;\nexport type ListResourceTemplatesRequest = Infer;\nexport type ListResourceTemplatesResult = Infer;\nexport type ResourceRequestParams = Infer;\nexport type ReadResourceRequestParams = Infer;\nexport type ReadResourceRequest = Infer;\nexport type ReadResourceResult = Infer;\nexport type ResourceListChangedNotification = Infer;\nexport type SubscribeRequestParams = Infer;\nexport type SubscribeRequest = Infer;\nexport type UnsubscribeRequestParams = Infer;\nexport type UnsubscribeRequest = Infer;\nexport type ResourceUpdatedNotificationParams = Infer;\nexport type ResourceUpdatedNotification = Infer;\n\n/* Prompts */\nexport type PromptArgument = Infer;\nexport type Prompt = Infer;\nexport type ListPromptsRequest = Infer;\nexport type ListPromptsResult = Infer;\nexport type GetPromptRequestParams = Infer;\nexport type GetPromptRequest = Infer;\nexport type TextContent = Infer;\nexport type ImageContent = Infer;\nexport type AudioContent = Infer;\nexport type ToolUseContent = Infer;\nexport type ToolResultContent = Infer;\nexport type EmbeddedResource = Infer;\nexport type ResourceLink = Infer;\nexport type ContentBlock = Infer;\nexport type PromptMessage = Infer;\nexport type GetPromptResult = Infer;\nexport type PromptListChangedNotification = Infer;\n\n/* Tools */\nexport type ToolAnnotations = Infer;\nexport type ToolExecution = Infer;\nexport type Tool = Infer;\nexport type ListToolsRequest = Infer;\nexport type ListToolsResult = Infer;\nexport type CallToolRequestParams = Infer;\nexport type CallToolResult = Infer;\nexport type CompatibilityCallToolResult = Infer;\nexport type CallToolRequest = Infer;\nexport type ToolListChangedNotification = Infer;\n\n/* Logging */\nexport type LoggingLevel = Infer;\nexport type SetLevelRequestParams = Infer;\nexport type SetLevelRequest = Infer;\nexport type LoggingMessageNotificationParams = Infer;\nexport type LoggingMessageNotification = Infer;\n\n/* Sampling */\nexport type ToolChoice = Infer;\nexport type ModelHint = Infer;\nexport type ModelPreferences = Infer;\nexport type SamplingContent = Infer;\nexport type SamplingMessageContentBlock = Infer;\nexport type SamplingMessage = Infer;\nexport type CreateMessageRequestParams = Infer;\nexport type CreateMessageRequest = Infer;\nexport type CreateMessageResult = Infer;\nexport type CreateMessageResultWithTools = Infer;\n\n/**\n * {@linkcode CreateMessageRequestParams} without tools - for backwards-compatible overload.\n * Excludes tools/toolChoice to indicate they should not be provided.\n */\nexport type CreateMessageRequestParamsBase = Omit;\n\n/**\n * {@linkcode CreateMessageRequestParams} with required tools - for tool-enabled overload.\n */\nexport interface CreateMessageRequestParamsWithTools extends CreateMessageRequestParams {\n tools: Tool[];\n}\n\n/* Elicitation */\nexport type BooleanSchema = Infer;\nexport type StringSchema = Infer;\nexport type NumberSchema = Infer;\n\nexport type EnumSchema = Infer;\nexport type UntitledSingleSelectEnumSchema = Infer;\nexport type TitledSingleSelectEnumSchema = Infer;\nexport type LegacyTitledEnumSchema = Infer;\nexport type UntitledMultiSelectEnumSchema = Infer;\nexport type TitledMultiSelectEnumSchema = Infer;\nexport type SingleSelectEnumSchema = Infer;\nexport type MultiSelectEnumSchema = Infer;\n\nexport type PrimitiveSchemaDefinition = Infer;\nexport type ElicitRequestParams = Infer;\nexport type ElicitRequestFormParams = Infer;\nexport type ElicitRequestURLParams = Infer;\nexport type ElicitRequest = Infer;\nexport type ElicitationCompleteNotificationParams = Infer;\nexport type ElicitationCompleteNotification = Infer;\nexport type ElicitResult = Infer;\n\n/* Autocomplete */\nexport type ResourceTemplateReference = Infer;\nexport type PromptReference = Infer;\nexport type CompleteRequestParams = Infer;\nexport type CompleteRequest = Infer;\nexport type CompleteRequestResourceTemplate = ExpandRecursively<\n CompleteRequest & { params: CompleteRequestParams & { ref: ResourceTemplateReference } }\n>;\nexport type CompleteRequestPrompt = ExpandRecursively;\nexport type CompleteResult = Infer;\n\n/* Roots */\nexport type Root = Infer;\nexport type ListRootsRequest = Infer;\nexport type ListRootsResult = Infer;\nexport type RootsListChangedNotification = Infer;\n\n/* Client messages */\nexport type ClientRequest = Infer;\nexport type ClientNotification = Infer;\nexport type ClientResult = Infer;\n\n/* Server messages */\nexport type ServerRequest = Infer;\nexport type ServerNotification = Infer;\nexport type ServerResult = Infer;\n\n/* Protocol type maps */\ntype MethodToTypeMap = {\n [T in U as T extends { method: infer M extends string } ? M : never]: T;\n};\nexport type RequestMethod = ClientRequest['method'] | ServerRequest['method'];\nexport type NotificationMethod = ClientNotification['method'] | ServerNotification['method'];\nexport type RequestTypeMap = MethodToTypeMap;\nexport type NotificationTypeMap = MethodToTypeMap;\nexport type ResultTypeMap = {\n ping: EmptyResult;\n initialize: InitializeResult;\n 'completion/complete': CompleteResult;\n 'logging/setLevel': EmptyResult;\n 'prompts/get': GetPromptResult;\n 'prompts/list': ListPromptsResult;\n 'resources/list': ListResourcesResult;\n 'resources/templates/list': ListResourceTemplatesResult;\n 'resources/read': ReadResourceResult;\n 'resources/subscribe': EmptyResult;\n 'resources/unsubscribe': EmptyResult;\n 'tools/call': CallToolResult | CreateTaskResult;\n 'tools/list': ListToolsResult;\n 'sampling/createMessage': CreateMessageResult | CreateMessageResultWithTools | CreateTaskResult;\n 'elicitation/create': ElicitResult | CreateTaskResult;\n 'roots/list': ListRootsResult;\n 'tasks/get': GetTaskResult;\n 'tasks/result': Result;\n 'tasks/list': ListTasksResult;\n 'tasks/cancel': CancelTaskResult;\n};\n\n/* Runtime schema lookup — result schemas by method */\nconst resultSchemas: Record = {\n ping: EmptyResultSchema,\n initialize: InitializeResultSchema,\n 'completion/complete': CompleteResultSchema,\n 'logging/setLevel': EmptyResultSchema,\n 'prompts/get': GetPromptResultSchema,\n 'prompts/list': ListPromptsResultSchema,\n 'resources/list': ListResourcesResultSchema,\n 'resources/templates/list': ListResourceTemplatesResultSchema,\n 'resources/read': ReadResourceResultSchema,\n 'resources/subscribe': EmptyResultSchema,\n 'resources/unsubscribe': EmptyResultSchema,\n 'tools/call': z.union([CallToolResultSchema, CreateTaskResultSchema]),\n 'tools/list': ListToolsResultSchema,\n 'sampling/createMessage': z.union([CreateMessageResultWithToolsSchema, CreateTaskResultSchema]),\n 'elicitation/create': z.union([ElicitResultSchema, CreateTaskResultSchema]),\n 'roots/list': ListRootsResultSchema,\n 'tasks/get': GetTaskResultSchema,\n 'tasks/result': ResultSchema,\n 'tasks/list': ListTasksResultSchema,\n 'tasks/cancel': CancelTaskResultSchema\n};\n\n/**\n * Gets the Zod schema for validating results of a given request method.\n * @see getRequestSchema for explanation of the internal type assertion.\n */\nexport function getResultSchema(method: M): z.ZodType {\n return resultSchemas[method] as unknown as z.ZodType;\n}\n\n/* Runtime schema lookup — request schemas by method */\ntype RequestSchemaType = (typeof ClientRequestSchema.options)[number] | (typeof ServerRequestSchema.options)[number];\ntype NotificationSchemaType = (typeof ClientNotificationSchema.options)[number] | (typeof ServerNotificationSchema.options)[number];\n\nfunction buildSchemaMap(schemas: readonly T[]): Record {\n const map: Record = {};\n for (const schema of schemas) {\n const method = schema.shape.method.value;\n map[method] = schema;\n }\n return map;\n}\n\nconst requestSchemas = buildSchemaMap([...ClientRequestSchema.options, ...ServerRequestSchema.options] as const) as Record<\n RequestMethod,\n RequestSchemaType\n>;\nconst notificationSchemas = buildSchemaMap([...ClientNotificationSchema.options, ...ServerNotificationSchema.options] as const) as Record<\n NotificationMethod,\n NotificationSchemaType\n>;\n\n/**\n * Gets the Zod schema for a given request method.\n * The return type is a ZodType that parses to RequestTypeMap[M], allowing callers\n * to use schema.parse() without needing additional type assertions.\n *\n * Note: The internal cast is necessary because TypeScript can't correlate the\n * Record-based schema lookup with the MethodToTypeMap-based RequestTypeMap\n * when M is a generic type parameter. Both compute to the same type at\n * instantiation, but TypeScript can't prove this statically.\n */\nexport function getRequestSchema(method: M): z.ZodType {\n return requestSchemas[method] as unknown as z.ZodType;\n}\n\n/**\n * Gets the Zod schema for a given notification method.\n * @see getRequestSchema for explanation of the internal type assertion.\n */\nexport function getNotificationSchema(method: M): z.ZodType {\n return notificationSchemas[method] as unknown as z.ZodType;\n}\n" }, { "path": "packages/core/src/util/inMemory.ts", "content": "import { SdkError, SdkErrorCode } from '../errors/sdkErrors.js';\nimport type { Transport } from '../shared/transport.js';\nimport type { AuthInfo, JSONRPCMessage, RequestId } from '../types/types.js';\n\ninterface QueuedMessage {\n message: JSONRPCMessage;\n extra?: { authInfo?: AuthInfo };\n}\n\n/**\n * In-memory transport for creating clients and servers that talk to each other within the same process.\n */\nexport class InMemoryTransport implements Transport {\n private _otherTransport?: InMemoryTransport;\n private _messageQueue: QueuedMessage[] = [];\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage, extra?: { authInfo?: AuthInfo }) => void;\n sessionId?: string;\n\n /**\n * Creates a pair of linked in-memory transports that can communicate with each other. One should be passed to a {@linkcode @modelcontextprotocol/client!client/client.Client | Client} and one to a {@linkcode @modelcontextprotocol/server!server/server.Server | Server}.\n */\n static createLinkedPair(): [InMemoryTransport, InMemoryTransport] {\n const clientTransport = new InMemoryTransport();\n const serverTransport = new InMemoryTransport();\n clientTransport._otherTransport = serverTransport;\n serverTransport._otherTransport = clientTransport;\n return [clientTransport, serverTransport];\n }\n\n async start(): Promise {\n // Process any messages that were queued before start was called\n while (this._messageQueue.length > 0) {\n const queuedMessage = this._messageQueue.shift()!;\n this.onmessage?.(queuedMessage.message, queuedMessage.extra);\n }\n }\n\n async close(): Promise {\n const other = this._otherTransport;\n this._otherTransport = undefined;\n await other?.close();\n this.onclose?.();\n }\n\n /**\n * Sends a message with optional auth info.\n * This is useful for testing authentication scenarios.\n */\n async send(message: JSONRPCMessage, options?: { relatedRequestId?: RequestId; authInfo?: AuthInfo }): Promise {\n if (!this._otherTransport) {\n throw new SdkError(SdkErrorCode.NotConnected, 'Not connected');\n }\n\n if (this._otherTransport.onmessage) {\n this._otherTransport.onmessage(message, { authInfo: options?.authInfo });\n } else {\n this._otherTransport._messageQueue.push({ message, extra: { authInfo: options?.authInfo } });\n }\n }\n}\n" }, { "path": "packages/core/src/util/schema.ts", "content": "import * as z from 'zod/v4';\n\n/**\n * Base type for any Zod schema.\n * This is the canonical type to use when accepting user-provided schemas.\n */\nexport type AnySchema = z.core.$ZodType;\n\n/**\n * A Zod schema for objects specifically (not unions).\n * Use this when you need to constrain to ZodObject schemas.\n */\nexport type AnyObjectSchema = z.core.$ZodObject;\n\n/**\n * Extracts the input type from a Zod schema.\n */\nexport type SchemaInput = z.input;\n\n/**\n * Extracts the output type from a Zod schema.\n */\nexport type SchemaOutput = z.output;\n\n/**\n * Converts a Zod schema to JSON Schema.\n */\nexport function schemaToJson(schema: AnySchema, options?: { io?: 'input' | 'output' }): Record {\n return z.toJSONSchema(schema, options) as Record;\n}\n\n/**\n * Parses data against a Zod schema (synchronous).\n * Returns a discriminated union with success/error.\n */\nexport function parseSchema(\n schema: T,\n data: unknown\n): { success: true; data: z.output } | { success: false; error: z.core.$ZodError } {\n return z.safeParse(schema, data);\n}\n\n/**\n * Parses data against a Zod schema (asynchronous).\n * Returns a discriminated union with success/error.\n */\nexport function parseSchemaAsync(\n schema: T,\n data: unknown\n): Promise<{ success: true; data: z.output } | { success: false; error: z.core.$ZodError }> {\n return z.safeParseAsync(schema, data);\n}\n\n/**\n * Gets the shape of an object schema.\n * Returns undefined if the schema is not an object schema.\n */\nexport function getSchemaShape(schema: AnySchema): Record | undefined {\n const candidate = schema as { shape?: unknown };\n if (candidate.shape && typeof candidate.shape === 'object') {\n return candidate.shape as Record;\n }\n return undefined;\n}\n\n/**\n * Gets the description from a schema if it has one.\n */\nexport function getSchemaDescription(schema: AnySchema): string | undefined {\n const candidate = schema as { description?: string };\n return candidate.description;\n}\n\n/**\n * Checks if a schema is optional (accepts undefined).\n * Uses the public .type property which works in both zod/v4 and zod/v4/mini.\n */\nexport function isOptionalSchema(schema: AnySchema): boolean {\n const candidate = schema as { type?: string };\n return candidate.type === 'optional';\n}\n\n/**\n * Unwraps an optional schema to get the inner schema.\n * If the schema is not optional, returns it unchanged.\n * Uses the public .def.innerType property which works in both zod/v4 and zod/v4/mini.\n */\nexport function unwrapOptionalSchema(schema: AnySchema): AnySchema {\n if (!isOptionalSchema(schema)) {\n return schema;\n }\n const candidate = schema as { def?: { innerType?: AnySchema } };\n return candidate.def?.innerType ?? schema;\n}\n" }, { "path": "packages/core/src/validators/ajvProvider.examples.ts", "content": "/**\n * Type-checked examples for `ajvProvider.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { Ajv } from 'ajv';\nimport _addFormats from 'ajv-formats';\n\nimport { AjvJsonSchemaValidator } from './ajvProvider.js';\n\nconst addFormats = _addFormats as unknown as typeof _addFormats.default;\n\n/**\n * Example: Default AJV instance.\n */\nfunction AjvJsonSchemaValidator_default() {\n //#region AjvJsonSchemaValidator_default\n const validator = new AjvJsonSchemaValidator();\n //#endregion AjvJsonSchemaValidator_default\n return validator;\n}\n\n/**\n * Example: Custom AJV instance.\n */\nfunction AjvJsonSchemaValidator_customInstance() {\n //#region AjvJsonSchemaValidator_customInstance\n const ajv = new Ajv({ strict: true, allErrors: true });\n const validator = new AjvJsonSchemaValidator(ajv);\n //#endregion AjvJsonSchemaValidator_customInstance\n return validator;\n}\n\n/**\n * Example: Constructor with advanced AJV configuration including formats.\n */\nfunction AjvJsonSchemaValidator_constructor_withFormats() {\n //#region AjvJsonSchemaValidator_constructor_withFormats\n const ajv = new Ajv({ validateFormats: true });\n addFormats(ajv);\n const validator = new AjvJsonSchemaValidator(ajv);\n //#endregion AjvJsonSchemaValidator_constructor_withFormats\n return validator;\n}\n" }, { "path": "packages/core/src/validators/ajvProvider.ts", "content": "/**\n * AJV-based JSON Schema validator provider\n */\n\nimport { Ajv } from 'ajv';\nimport _addFormats from 'ajv-formats';\n\nimport type { JsonSchemaType, JsonSchemaValidator, jsonSchemaValidator, JsonSchemaValidatorResult } from './types.js';\n\nfunction createDefaultAjvInstance(): Ajv {\n const ajv = new Ajv({\n strict: false,\n validateFormats: true,\n validateSchema: false,\n allErrors: true\n });\n\n const addFormats = _addFormats as unknown as typeof _addFormats.default;\n addFormats(ajv);\n\n return ajv;\n}\n\n/**\n * @example Use with default AJV instance (recommended)\n * ```ts source=\"./ajvProvider.examples.ts#AjvJsonSchemaValidator_default\"\n * const validator = new AjvJsonSchemaValidator();\n * ```\n *\n * @example Use with custom AJV instance\n * ```ts source=\"./ajvProvider.examples.ts#AjvJsonSchemaValidator_customInstance\"\n * const ajv = new Ajv({ strict: true, allErrors: true });\n * const validator = new AjvJsonSchemaValidator(ajv);\n * ```\n *\n * @see {@linkcode CfWorkerJsonSchemaValidator} for an edge-runtime-compatible alternative\n */\nexport class AjvJsonSchemaValidator implements jsonSchemaValidator {\n private _ajv: Ajv;\n\n /**\n * Create an AJV validator\n *\n * @param ajv - Optional pre-configured AJV instance. If not provided, a default instance will be created.\n *\n * @example Use default configuration (recommended for most cases)\n * ```ts source=\"./ajvProvider.examples.ts#AjvJsonSchemaValidator_default\"\n * const validator = new AjvJsonSchemaValidator();\n * ```\n *\n * @example Provide custom AJV instance for advanced configuration\n * ```ts source=\"./ajvProvider.examples.ts#AjvJsonSchemaValidator_constructor_withFormats\"\n * const ajv = new Ajv({ validateFormats: true });\n * addFormats(ajv);\n * const validator = new AjvJsonSchemaValidator(ajv);\n * ```\n */\n constructor(ajv?: Ajv) {\n this._ajv = ajv ?? createDefaultAjvInstance();\n }\n\n /**\n * Create a validator for the given JSON Schema\n *\n * The validator is compiled once and can be reused multiple times.\n * If the schema has an `$id`, it will be cached by AJV automatically.\n *\n * @param schema - Standard JSON Schema object\n * @returns A validator function that validates input data\n */\n getValidator(schema: JsonSchemaType): JsonSchemaValidator {\n // Check if schema has $id and is already compiled/cached\n const ajvValidator =\n '$id' in schema && typeof schema.$id === 'string'\n ? (this._ajv.getSchema(schema.$id) ?? this._ajv.compile(schema))\n : this._ajv.compile(schema);\n\n return (input: unknown): JsonSchemaValidatorResult => {\n const valid = ajvValidator(input);\n\n return valid\n ? {\n valid: true,\n data: input as T,\n errorMessage: undefined\n }\n : {\n valid: false,\n data: undefined,\n errorMessage: this._ajv.errorsText(ajvValidator.errors)\n };\n };\n }\n}\n" }, { "path": "packages/core/src/validators/cfWorkerProvider.examples.ts", "content": "/**\n * Type-checked examples for `cfWorkerProvider.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { CfWorkerJsonSchemaValidator } from './cfWorkerProvider.js';\n\n/**\n * Example: Default configuration.\n */\nfunction CfWorkerJsonSchemaValidator_default() {\n //#region CfWorkerJsonSchemaValidator_default\n const validator = new CfWorkerJsonSchemaValidator();\n //#endregion CfWorkerJsonSchemaValidator_default\n return validator;\n}\n\n/**\n * Example: Custom configuration with all errors reported.\n */\nfunction CfWorkerJsonSchemaValidator_customConfig() {\n //#region CfWorkerJsonSchemaValidator_customConfig\n const validator = new CfWorkerJsonSchemaValidator({\n draft: '2020-12',\n shortcircuit: false // Report all errors\n });\n //#endregion CfWorkerJsonSchemaValidator_customConfig\n return validator;\n}\n" }, { "path": "packages/core/src/validators/cfWorkerProvider.ts", "content": "/**\n * Cloudflare Worker-compatible JSON Schema validator provider\n *\n * This provider uses @cfworker/json-schema for validation without code generation,\n * making it compatible with edge runtimes like Cloudflare Workers that restrict\n * eval and new Function.\n *\n * @see {@linkcode AjvJsonSchemaValidator} for the Node.js alternative\n */\n\nimport { Validator } from '@cfworker/json-schema';\n\nimport type { JsonSchemaType, JsonSchemaValidator, jsonSchemaValidator, JsonSchemaValidatorResult } from './types.js';\n\n/**\n * JSON Schema draft version supported by @cfworker/json-schema\n */\nexport type CfWorkerSchemaDraft = '4' | '7' | '2019-09' | '2020-12';\n\n/**\n *\n * @example Use with default configuration (2020-12, shortcircuit)\n * ```ts source=\"./cfWorkerProvider.examples.ts#CfWorkerJsonSchemaValidator_default\"\n * const validator = new CfWorkerJsonSchemaValidator();\n * ```\n *\n * @example Use with custom configuration\n * ```ts source=\"./cfWorkerProvider.examples.ts#CfWorkerJsonSchemaValidator_customConfig\"\n * const validator = new CfWorkerJsonSchemaValidator({\n * draft: '2020-12',\n * shortcircuit: false // Report all errors\n * });\n * ```\n */\nexport class CfWorkerJsonSchemaValidator implements jsonSchemaValidator {\n private shortcircuit: boolean;\n private draft: CfWorkerSchemaDraft;\n\n /**\n * Create a validator\n *\n * @param options - Configuration options\n * @param options.shortcircuit - If `true`, stop validation after first error (default: `true`)\n * @param options.draft - JSON Schema draft version to use (default: `'2020-12'`)\n */\n constructor(options?: { shortcircuit?: boolean; draft?: CfWorkerSchemaDraft }) {\n this.shortcircuit = options?.shortcircuit ?? true;\n this.draft = options?.draft ?? '2020-12';\n }\n\n /**\n * Create a validator for the given JSON Schema\n *\n * Unlike AJV, this validator is not cached internally\n *\n * @param schema - Standard JSON Schema object\n * @returns A validator function that validates input data\n */\n getValidator(schema: JsonSchemaType): JsonSchemaValidator {\n // Cast to the cfworker Schema type - our JsonSchemaType is structurally compatible\n const validator = new Validator(schema as ConstructorParameters[0], this.draft, this.shortcircuit);\n\n return (input: unknown): JsonSchemaValidatorResult => {\n const result = validator.validate(input);\n\n return result.valid\n ? {\n valid: true,\n data: input as T,\n errorMessage: undefined\n }\n : {\n valid: false,\n data: undefined,\n errorMessage: result.errors.map(err => `${err.instanceLocation}: ${err.error}`).join('; ')\n };\n };\n }\n}\n" }, { "path": "packages/core/src/validators/types.examples.ts", "content": "/**\n * Type-checked examples for `types.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { JsonSchemaType, JsonSchemaValidator, jsonSchemaValidator } from './types.js';\n\n// Stub for hypothetical schema validation function\ndeclare function isValid(schema: JsonSchemaType, input: unknown): boolean;\n\n/**\n * Example: Implementing the jsonSchemaValidator interface.\n */\nfunction jsonSchemaValidator_implementation() {\n //#region jsonSchemaValidator_implementation\n class MyValidatorProvider implements jsonSchemaValidator {\n getValidator(schema: JsonSchemaType): JsonSchemaValidator {\n // Compile/cache validator from schema\n return (input: unknown) =>\n isValid(schema, input)\n ? { valid: true, data: input as T, errorMessage: undefined }\n : { valid: false, data: undefined, errorMessage: 'Error details' };\n }\n }\n //#endregion jsonSchemaValidator_implementation\n return MyValidatorProvider;\n}\n" }, { "path": "packages/core/src/validators/types.ts", "content": "// Using the main export which points to draft-2020-12 by default\nimport type { JSONSchema } from 'json-schema-typed';\n\n/**\n * JSON Schema type definition (JSON Schema Draft 2020-12)\n *\n * This uses the object form of JSON Schema (excluding boolean schemas).\n * While `true` and `false` are valid JSON Schemas, this SDK uses the\n * object form for practical type safety.\n *\n * Re-exported from json-schema-typed for convenience.\n * @see https://json-schema.org/draft/2020-12/json-schema-core.html\n */\nexport type JsonSchemaType = JSONSchema.Interface;\n\n/**\n * Result of a JSON Schema validation operation\n */\nexport type JsonSchemaValidatorResult =\n | { valid: true; data: T; errorMessage: undefined }\n | { valid: false; data: undefined; errorMessage: string };\n\n/**\n * A validator function that validates data against a JSON Schema\n */\nexport type JsonSchemaValidator = (input: unknown) => JsonSchemaValidatorResult;\n\n/**\n * Provider interface for creating validators from JSON Schemas\n *\n * This is the main extension point for custom validator implementations.\n * Implementations should:\n * - Support JSON Schema Draft 2020-12 (or be compatible with it)\n * - Return validator functions that can be called multiple times\n * - Handle schema compilation/caching internally\n * - Provide clear error messages on validation failure\n *\n * @example\n * ```ts source=\"./types.examples.ts#jsonSchemaValidator_implementation\"\n * class MyValidatorProvider implements jsonSchemaValidator {\n * getValidator(schema: JsonSchemaType): JsonSchemaValidator {\n * // Compile/cache validator from schema\n * return (input: unknown) =>\n * isValid(schema, input)\n * ? { valid: true, data: input as T, errorMessage: undefined }\n * : { valid: false, data: undefined, errorMessage: 'Error details' };\n * }\n * }\n * ```\n */\nexport interface jsonSchemaValidator {\n /**\n * Create a validator for the given JSON Schema\n *\n * @param schema - Standard JSON Schema object\n * @returns A validator function that can be called multiple times\n */\n getValidator(schema: JsonSchemaType): JsonSchemaValidator;\n}\n" }, { "path": "packages/core/test/experimental/inMemory.test.ts", "content": "import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';\n\nimport type { QueuedMessage } from '../../src/experimental/tasks/interfaces.js';\nimport { InMemoryTaskMessageQueue, InMemoryTaskStore } from '../../src/experimental/tasks/stores/inMemory.js';\nimport type { Request, TaskCreationParams } from '../../src/types/types.js';\n\ndescribe('InMemoryTaskStore', () => {\n let store: InMemoryTaskStore;\n\n beforeEach(() => {\n store = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n store.cleanup();\n });\n\n describe('createTask', () => {\n it('should create a new task with working status', async () => {\n const taskParams: TaskCreationParams = {\n ttl: 60_000\n };\n const request: Request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const task = await store.createTask(taskParams, 123, request);\n\n expect(task).toBeDefined();\n expect(task.taskId).toBeDefined();\n expect(typeof task.taskId).toBe('string');\n expect(task.taskId.length).toBeGreaterThan(0);\n expect(task.status).toBe('working');\n expect(task.ttl).toBe(60_000);\n expect(task.pollInterval).toBeDefined();\n expect(task.createdAt).toBeDefined();\n expect(new Date(task.createdAt).getTime()).toBeGreaterThan(0);\n });\n\n it('should create task without ttl', async () => {\n const taskParams: TaskCreationParams = {};\n const request: Request = {\n method: 'tools/call',\n params: {}\n };\n\n const task = await store.createTask(taskParams, 456, request);\n\n expect(task).toBeDefined();\n expect(task.ttl).toBeNull();\n });\n\n it('should generate unique taskIds', async () => {\n const taskParams: TaskCreationParams = {};\n const request: Request = {\n method: 'tools/call',\n params: {}\n };\n\n const task1 = await store.createTask(taskParams, 789, request);\n const task2 = await store.createTask(taskParams, 790, request);\n\n expect(task1.taskId).not.toBe(task2.taskId);\n });\n });\n\n describe('getTask', () => {\n it('should return null for non-existent task', async () => {\n const task = await store.getTask('non-existent');\n expect(task).toBeNull();\n });\n\n it('should return task state', async () => {\n const taskParams: TaskCreationParams = {};\n const request: Request = {\n method: 'tools/call',\n params: {}\n };\n\n const createdTask = await store.createTask(taskParams, 111, request);\n await store.updateTaskStatus(createdTask.taskId, 'working');\n\n const task = await store.getTask(createdTask.taskId);\n expect(task).toBeDefined();\n expect(task?.status).toBe('working');\n });\n });\n\n describe('updateTaskStatus', () => {\n let taskId: string;\n\n beforeEach(async () => {\n const taskParams: TaskCreationParams = {};\n const createdTask = await store.createTask(taskParams, 222, {\n method: 'tools/call',\n params: {}\n });\n taskId = createdTask.taskId;\n });\n\n it('should keep task status as working', async () => {\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('working');\n });\n\n it('should update task status to input_required', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('input_required');\n });\n\n it('should update task status to completed', async () => {\n await store.updateTaskStatus(taskId, 'completed');\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('completed');\n });\n\n it('should update task status to failed with error', async () => {\n await store.updateTaskStatus(taskId, 'failed', 'Something went wrong');\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('failed');\n expect(task?.statusMessage).toBe('Something went wrong');\n });\n\n it('should update task status to cancelled', async () => {\n await store.updateTaskStatus(taskId, 'cancelled');\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('cancelled');\n });\n\n it('should throw if task not found', async () => {\n await expect(store.updateTaskStatus('non-existent', 'working')).rejects.toThrow('Task with ID non-existent not found');\n });\n\n describe('status lifecycle validation', () => {\n it('should allow transition from working to input_required', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('input_required');\n });\n\n it('should allow transition from working to completed', async () => {\n await store.updateTaskStatus(taskId, 'completed');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('completed');\n });\n\n it('should allow transition from working to failed', async () => {\n await store.updateTaskStatus(taskId, 'failed');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('failed');\n });\n\n it('should allow transition from working to cancelled', async () => {\n await store.updateTaskStatus(taskId, 'cancelled');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('cancelled');\n });\n\n it('should allow transition from input_required to working', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n await store.updateTaskStatus(taskId, 'working');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('working');\n });\n\n it('should allow transition from input_required to completed', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n await store.updateTaskStatus(taskId, 'completed');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('completed');\n });\n\n it('should allow transition from input_required to failed', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n await store.updateTaskStatus(taskId, 'failed');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('failed');\n });\n\n it('should allow transition from input_required to cancelled', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n await store.updateTaskStatus(taskId, 'cancelled');\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('cancelled');\n });\n\n it('should reject transition from completed to any other status', async () => {\n await store.updateTaskStatus(taskId, 'completed');\n await expect(store.updateTaskStatus(taskId, 'working')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'input_required')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'failed')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'cancelled')).rejects.toThrow('Cannot update task');\n });\n\n it('should reject transition from failed to any other status', async () => {\n await store.updateTaskStatus(taskId, 'failed');\n await expect(store.updateTaskStatus(taskId, 'working')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'input_required')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'completed')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'cancelled')).rejects.toThrow('Cannot update task');\n });\n\n it('should reject transition from cancelled to any other status', async () => {\n await store.updateTaskStatus(taskId, 'cancelled');\n await expect(store.updateTaskStatus(taskId, 'working')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'input_required')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'completed')).rejects.toThrow('Cannot update task');\n await expect(store.updateTaskStatus(taskId, 'failed')).rejects.toThrow('Cannot update task');\n });\n });\n });\n\n describe('storeTaskResult', () => {\n let taskId: string;\n\n beforeEach(async () => {\n const taskParams: TaskCreationParams = {\n ttl: 60_000\n };\n const createdTask = await store.createTask(taskParams, 333, {\n method: 'tools/call',\n params: {}\n });\n taskId = createdTask.taskId;\n });\n\n it('should store task result and set status to completed', async () => {\n const result = {\n content: [{ type: 'text' as const, text: 'Success!' }]\n };\n\n await store.storeTaskResult(taskId, 'completed', result);\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('completed');\n\n const storedResult = await store.getTaskResult(taskId);\n expect(storedResult).toStrictEqual(result);\n });\n\n it('should throw if task not found', async () => {\n await expect(store.storeTaskResult('non-existent', 'completed', {})).rejects.toThrow('Task with ID non-existent not found');\n });\n\n it('should reject storing result for task already in completed status', async () => {\n // First complete the task\n const firstResult = {\n content: [{ type: 'text' as const, text: 'First result' }]\n };\n await store.storeTaskResult(taskId, 'completed', firstResult);\n\n // Try to store result again (should fail)\n const secondResult = {\n content: [{ type: 'text' as const, text: 'Second result' }]\n };\n\n await expect(store.storeTaskResult(taskId, 'completed', secondResult)).rejects.toThrow('Cannot store result for task');\n });\n\n it('should store result with failed status', async () => {\n const result = {\n content: [{ type: 'text' as const, text: 'Error details' }],\n isError: true\n };\n\n await store.storeTaskResult(taskId, 'failed', result);\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('failed');\n\n const storedResult = await store.getTaskResult(taskId);\n expect(storedResult).toStrictEqual(result);\n });\n\n it('should reject storing result for task already in failed status', async () => {\n // First fail the task\n const firstResult = {\n content: [{ type: 'text' as const, text: 'First error' }],\n isError: true\n };\n await store.storeTaskResult(taskId, 'failed', firstResult);\n\n // Try to store result again (should fail)\n const secondResult = {\n content: [{ type: 'text' as const, text: 'Second error' }],\n isError: true\n };\n\n await expect(store.storeTaskResult(taskId, 'failed', secondResult)).rejects.toThrow('Cannot store result for task');\n });\n\n it('should reject storing result for cancelled task', async () => {\n // Mark task as cancelled\n await store.updateTaskStatus(taskId, 'cancelled');\n\n // Try to store result (should fail)\n const result = {\n content: [{ type: 'text' as const, text: 'Cancellation result' }]\n };\n\n await expect(store.storeTaskResult(taskId, 'completed', result)).rejects.toThrow('Cannot store result for task');\n });\n\n it('should allow storing result from input_required status', async () => {\n await store.updateTaskStatus(taskId, 'input_required');\n\n const result = {\n content: [{ type: 'text' as const, text: 'Success!' }]\n };\n\n await store.storeTaskResult(taskId, 'completed', result);\n\n const task = await store.getTask(taskId);\n expect(task?.status).toBe('completed');\n });\n });\n\n describe('getTaskResult', () => {\n it('should throw if task not found', async () => {\n await expect(store.getTaskResult('non-existent')).rejects.toThrow('Task with ID non-existent not found');\n });\n\n it('should throw if task has no result stored', async () => {\n const taskParams: TaskCreationParams = {};\n const createdTask = await store.createTask(taskParams, 444, {\n method: 'tools/call',\n params: {}\n });\n\n await expect(store.getTaskResult(createdTask.taskId)).rejects.toThrow(`Task ${createdTask.taskId} has no result stored`);\n });\n\n it('should return stored result', async () => {\n const taskParams: TaskCreationParams = {};\n const createdTask = await store.createTask(taskParams, 555, {\n method: 'tools/call',\n params: {}\n });\n\n const result = {\n content: [{ type: 'text' as const, text: 'Result data' }]\n };\n await store.storeTaskResult(createdTask.taskId, 'completed', result);\n\n const retrieved = await store.getTaskResult(createdTask.taskId);\n expect(retrieved).toStrictEqual(result);\n });\n });\n\n describe('ttl cleanup', () => {\n beforeEach(() => {\n vi.useFakeTimers();\n });\n\n afterEach(() => {\n vi.useRealTimers();\n });\n\n it('should cleanup task after ttl duration', async () => {\n const taskParams: TaskCreationParams = {\n ttl: 1000\n };\n const createdTask = await store.createTask(taskParams, 666, {\n method: 'tools/call',\n params: {}\n });\n\n // Task should exist initially\n let task = await store.getTask(createdTask.taskId);\n expect(task).toBeDefined();\n\n // Fast-forward past ttl\n vi.advanceTimersByTime(1001);\n\n // Task should be cleaned up\n task = await store.getTask(createdTask.taskId);\n expect(task).toBeNull();\n });\n\n it('should reset cleanup timer when result is stored', async () => {\n const taskParams: TaskCreationParams = {\n ttl: 1000\n };\n const createdTask = await store.createTask(taskParams, 777, {\n method: 'tools/call',\n params: {}\n });\n\n // Fast-forward 500ms\n vi.advanceTimersByTime(500);\n\n // Store result (should reset timer)\n await store.storeTaskResult(createdTask.taskId, 'completed', {\n content: [{ type: 'text' as const, text: 'Done' }]\n });\n\n // Fast-forward another 500ms (total 1000ms since creation, but timer was reset)\n vi.advanceTimersByTime(500);\n\n // Task should still exist\n const task = await store.getTask(createdTask.taskId);\n expect(task).toBeDefined();\n\n // Fast-forward remaining time\n vi.advanceTimersByTime(501);\n\n // Now task should be cleaned up\n const cleanedTask = await store.getTask(createdTask.taskId);\n expect(cleanedTask).toBeNull();\n });\n\n it('should not cleanup tasks without ttl', async () => {\n const taskParams: TaskCreationParams = {};\n const createdTask = await store.createTask(taskParams, 888, {\n method: 'tools/call',\n params: {}\n });\n\n // Fast-forward a long time\n vi.advanceTimersByTime(100_000);\n\n // Task should still exist\n const task = await store.getTask(createdTask.taskId);\n expect(task).toBeDefined();\n });\n\n it('should start cleanup timer when task reaches terminal state', async () => {\n const taskParams: TaskCreationParams = {\n ttl: 1000\n };\n const createdTask = await store.createTask(taskParams, 999, {\n method: 'tools/call',\n params: {}\n });\n\n // Task in non-terminal state, fast-forward\n vi.advanceTimersByTime(1001);\n\n // Task should be cleaned up\n let task = await store.getTask(createdTask.taskId);\n expect(task).toBeNull();\n\n // Create another task\n const taskParams2: TaskCreationParams = {\n ttl: 2000\n };\n const createdTask2 = await store.createTask(taskParams2, 1000, {\n method: 'tools/call',\n params: {}\n });\n\n // Update to terminal state\n await store.updateTaskStatus(createdTask2.taskId, 'completed');\n\n // Fast-forward past original ttl\n vi.advanceTimersByTime(2001);\n\n // Task should be cleaned up\n task = await store.getTask(createdTask2.taskId);\n expect(task).toBeNull();\n });\n\n it('should return actual TTL in task response', async () => {\n // Test that the TaskStore returns the actual TTL it will use\n // This implementation uses the requested TTL as-is, but implementations\n // MAY override it (e.g., enforce maximum TTL limits)\n const requestedTtl = 5000;\n const taskParams: TaskCreationParams = {\n ttl: requestedTtl\n };\n const createdTask = await store.createTask(taskParams, 1111, {\n method: 'tools/call',\n params: {}\n });\n\n // The returned task should include the actual TTL that will be used\n expect(createdTask.ttl).toBe(requestedTtl);\n\n // Verify the task is cleaned up after the actual TTL\n vi.advanceTimersByTime(requestedTtl + 1);\n const task = await store.getTask(createdTask.taskId);\n expect(task).toBeNull();\n });\n\n it('should support null TTL for unlimited lifetime', async () => {\n // Test that null TTL means unlimited lifetime\n const taskParams: TaskCreationParams = {\n ttl: null\n };\n const createdTask = await store.createTask(taskParams, 2222, {\n method: 'tools/call',\n params: {}\n });\n\n // The returned task should have null TTL\n expect(createdTask.ttl).toBeNull();\n\n // Task should not be cleaned up even after a long time\n vi.advanceTimersByTime(100_000);\n const task = await store.getTask(createdTask.taskId);\n expect(task).toBeDefined();\n expect(task?.taskId).toBe(createdTask.taskId);\n });\n\n it('should cleanup tasks regardless of status', async () => {\n // Test that TTL cleanup happens regardless of task status\n const taskParams: TaskCreationParams = {\n ttl: 1000\n };\n\n // Create tasks in different statuses\n const workingTask = await store.createTask(taskParams, 3333, {\n method: 'tools/call',\n params: {}\n });\n\n const completedTask = await store.createTask(taskParams, 4444, {\n method: 'tools/call',\n params: {}\n });\n await store.storeTaskResult(completedTask.taskId, 'completed', {\n content: [{ type: 'text' as const, text: 'Done' }]\n });\n\n const failedTask = await store.createTask(taskParams, 5555, {\n method: 'tools/call',\n params: {}\n });\n await store.storeTaskResult(failedTask.taskId, 'failed', {\n content: [{ type: 'text' as const, text: 'Error' }]\n });\n\n // Fast-forward past TTL\n vi.advanceTimersByTime(1001);\n\n // All tasks should be cleaned up regardless of status\n expect(await store.getTask(workingTask.taskId)).toBeNull();\n expect(await store.getTask(completedTask.taskId)).toBeNull();\n expect(await store.getTask(failedTask.taskId)).toBeNull();\n });\n });\n\n describe('getAllTasks', () => {\n it('should return all tasks', async () => {\n await store.createTask({}, 1, {\n method: 'tools/call',\n params: {}\n });\n await store.createTask({}, 2, {\n method: 'tools/call',\n params: {}\n });\n await store.createTask({}, 3, {\n method: 'tools/call',\n params: {}\n });\n\n const tasks = store.getAllTasks();\n expect(tasks).toHaveLength(3);\n // Verify all tasks have unique IDs\n const taskIds = tasks.map(t => t.taskId);\n expect(new Set(taskIds).size).toBe(3);\n });\n\n it('should return empty array when no tasks', () => {\n const tasks = store.getAllTasks();\n expect(tasks).toStrictEqual([]);\n });\n });\n\n describe('listTasks', () => {\n it('should return empty list when no tasks', async () => {\n const result = await store.listTasks();\n expect(result.tasks).toStrictEqual([]);\n expect(result.nextCursor).toBeUndefined();\n });\n\n it('should return all tasks when less than page size', async () => {\n await store.createTask({}, 1, {\n method: 'tools/call',\n params: {}\n });\n await store.createTask({}, 2, {\n method: 'tools/call',\n params: {}\n });\n await store.createTask({}, 3, {\n method: 'tools/call',\n params: {}\n });\n\n const result = await store.listTasks();\n expect(result.tasks).toHaveLength(3);\n expect(result.nextCursor).toBeUndefined();\n });\n\n it('should paginate when more than page size', async () => {\n // Create 15 tasks (page size is 10)\n for (let i = 1; i <= 15; i++) {\n await store.createTask({}, i, {\n method: 'tools/call',\n params: {}\n });\n }\n\n // Get first page\n const page1 = await store.listTasks();\n expect(page1.tasks).toHaveLength(10);\n expect(page1.nextCursor).toBeDefined();\n\n // Get second page using cursor\n const page2 = await store.listTasks(page1.nextCursor);\n expect(page2.tasks).toHaveLength(5);\n expect(page2.nextCursor).toBeUndefined();\n });\n\n it('should throw error for invalid cursor', async () => {\n await store.createTask({}, 1, {\n method: 'tools/call',\n params: {}\n });\n\n await expect(store.listTasks('non-existent-cursor')).rejects.toThrow('Invalid cursor: non-existent-cursor');\n });\n\n it('should continue from cursor correctly', async () => {\n // Create 5 tasks\n for (let i = 1; i <= 5; i++) {\n await store.createTask({}, i, {\n method: 'tools/call',\n params: {}\n });\n }\n\n // Get first 3 tasks\n const allTaskIds = store.getAllTasks().map(t => t.taskId);\n const result = await store.listTasks(allTaskIds[2]);\n\n // Should get tasks after the third task\n expect(result.tasks).toHaveLength(2);\n });\n });\n\n describe('session isolation', () => {\n const baseRequest: Request = { method: 'tools/call', params: { name: 'demo' } };\n\n it('should not allow session-b to list tasks created by session-a', async () => {\n await store.createTask({}, 1, baseRequest, 'session-a');\n await store.createTask({}, 2, baseRequest, 'session-a');\n\n const result = await store.listTasks(undefined, 'session-b');\n expect(result.tasks).toHaveLength(0);\n });\n\n it('should not allow session-b to read a task created by session-a', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n\n const result = await store.getTask(task.taskId, 'session-b');\n expect(result).toBeNull();\n });\n\n it('should not allow session-b to update a task created by session-a', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n\n await expect(store.updateTaskStatus(task.taskId, 'cancelled', undefined, 'session-b')).rejects.toThrow('not found');\n });\n\n it('should not allow session-b to store a result on session-a task', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n\n await expect(store.storeTaskResult(task.taskId, 'completed', { content: [] }, 'session-b')).rejects.toThrow('not found');\n });\n\n it('should not allow session-b to get the result of session-a task', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n await store.storeTaskResult(task.taskId, 'completed', { content: [{ type: 'text', text: 'secret' }] }, 'session-a');\n\n await expect(store.getTaskResult(task.taskId, 'session-b')).rejects.toThrow('not found');\n });\n\n it('should allow the owning session to access its own tasks', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n\n const retrieved = await store.getTask(task.taskId, 'session-a');\n expect(retrieved).toBeDefined();\n expect(retrieved?.taskId).toBe(task.taskId);\n });\n\n it('should list only tasks belonging to the requesting session', async () => {\n await store.createTask({}, 1, baseRequest, 'session-a');\n await store.createTask({}, 2, baseRequest, 'session-b');\n await store.createTask({}, 3, baseRequest, 'session-a');\n\n const resultA = await store.listTasks(undefined, 'session-a');\n expect(resultA.tasks).toHaveLength(2);\n\n const resultB = await store.listTasks(undefined, 'session-b');\n expect(resultB.tasks).toHaveLength(1);\n });\n\n it('should allow access when no sessionId is provided (backward compatibility)', async () => {\n const task = await store.createTask({}, 1, baseRequest, 'session-a');\n\n // No sessionId on read = no filtering\n const retrieved = await store.getTask(task.taskId);\n expect(retrieved).toBeDefined();\n });\n\n it('should allow access when task was created without sessionId', async () => {\n const task = await store.createTask({}, 1, baseRequest);\n\n // Any sessionId on read should still see the task\n const retrieved = await store.getTask(task.taskId, 'session-b');\n expect(retrieved).toBeDefined();\n });\n\n it('should paginate correctly within a session', async () => {\n // Create 15 tasks for session-a, 5 for session-b\n for (let i = 1; i <= 15; i++) {\n await store.createTask({}, i, baseRequest, 'session-a');\n }\n for (let i = 16; i <= 20; i++) {\n await store.createTask({}, i, baseRequest, 'session-b');\n }\n\n // First page for session-a should have 10\n const page1 = await store.listTasks(undefined, 'session-a');\n expect(page1.tasks).toHaveLength(10);\n expect(page1.nextCursor).toBeDefined();\n\n // Second page for session-a should have 5\n const page2 = await store.listTasks(page1.nextCursor, 'session-a');\n expect(page2.tasks).toHaveLength(5);\n expect(page2.nextCursor).toBeUndefined();\n\n // session-b should only see its 5\n const resultB = await store.listTasks(undefined, 'session-b');\n expect(resultB.tasks).toHaveLength(5);\n expect(resultB.nextCursor).toBeUndefined();\n });\n });\n\n describe('cleanup', () => {\n it('should clear all timers and tasks', async () => {\n await store.createTask({ ttl: 1000 }, 1, {\n method: 'tools/call',\n params: {}\n });\n await store.createTask({ ttl: 2000 }, 2, {\n method: 'tools/call',\n params: {}\n });\n\n expect(store.getAllTasks()).toHaveLength(2);\n\n store.cleanup();\n\n expect(store.getAllTasks()).toHaveLength(0);\n });\n });\n});\n\ndescribe('InMemoryTaskMessageQueue', () => {\n let queue: InMemoryTaskMessageQueue;\n\n beforeEach(() => {\n queue = new InMemoryTaskMessageQueue();\n });\n\n describe('enqueue and dequeue', () => {\n it('should enqueue and dequeue request messages', async () => {\n const requestMessage: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-1', requestMessage);\n const dequeued = await queue.dequeue('task-1');\n\n expect(dequeued).toStrictEqual(requestMessage);\n });\n\n it('should enqueue and dequeue notification messages', async () => {\n const notificationMessage: QueuedMessage = {\n type: 'notification',\n message: {\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: { progress: 50, total: 100 }\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-2', notificationMessage);\n const dequeued = await queue.dequeue('task-2');\n\n expect(dequeued).toStrictEqual(notificationMessage);\n });\n\n it('should enqueue and dequeue response messages', async () => {\n const responseMessage: QueuedMessage = {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 42,\n result: { content: [{ type: 'text', text: 'Success' }] }\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-3', responseMessage);\n const dequeued = await queue.dequeue('task-3');\n\n expect(dequeued).toStrictEqual(responseMessage);\n });\n\n it('should return undefined when dequeuing from empty queue', async () => {\n const dequeued = await queue.dequeue('task-empty');\n expect(dequeued).toBeUndefined();\n });\n\n it('should maintain FIFO order for mixed message types', async () => {\n const request: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'tools/call',\n params: {}\n },\n timestamp: 1000\n };\n\n const notification: QueuedMessage = {\n type: 'notification',\n message: {\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {}\n },\n timestamp: 2000\n };\n\n const response: QueuedMessage = {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 1,\n result: {}\n },\n timestamp: 3000\n };\n\n await queue.enqueue('task-fifo', request);\n await queue.enqueue('task-fifo', notification);\n await queue.enqueue('task-fifo', response);\n\n expect(await queue.dequeue('task-fifo')).toStrictEqual(request);\n expect(await queue.dequeue('task-fifo')).toStrictEqual(notification);\n expect(await queue.dequeue('task-fifo')).toStrictEqual(response);\n expect(await queue.dequeue('task-fifo')).toBeUndefined();\n });\n });\n\n describe('dequeueAll', () => {\n it('should dequeue all messages including responses', async () => {\n const request: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'tools/call',\n params: {}\n },\n timestamp: 1000\n };\n\n const response: QueuedMessage = {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 1,\n result: {}\n },\n timestamp: 2000\n };\n\n const notification: QueuedMessage = {\n type: 'notification',\n message: {\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {}\n },\n timestamp: 3000\n };\n\n await queue.enqueue('task-all', request);\n await queue.enqueue('task-all', response);\n await queue.enqueue('task-all', notification);\n\n const all = await queue.dequeueAll('task-all');\n\n expect(all).toHaveLength(3);\n expect(all[0]).toStrictEqual(request);\n expect(all[1]).toStrictEqual(response);\n expect(all[2]).toStrictEqual(notification);\n });\n\n it('should return empty array for non-existent task', async () => {\n const all = await queue.dequeueAll('non-existent');\n expect(all).toStrictEqual([]);\n });\n\n it('should clear the queue after dequeueAll', async () => {\n const message: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'test',\n params: {}\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-clear', message);\n await queue.dequeueAll('task-clear');\n\n const dequeued = await queue.dequeue('task-clear');\n expect(dequeued).toBeUndefined();\n });\n });\n\n describe('queue size limits', () => {\n it('should throw when maxSize is exceeded', async () => {\n const message: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'test',\n params: {}\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-limit', message, undefined, 2);\n await queue.enqueue('task-limit', message, undefined, 2);\n\n await expect(queue.enqueue('task-limit', message, undefined, 2)).rejects.toThrow('Task message queue overflow');\n });\n\n it('should allow enqueue when under maxSize', async () => {\n const message: QueuedMessage = {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 1,\n result: {}\n },\n timestamp: Date.now()\n };\n\n await expect(queue.enqueue('task-ok', message, undefined, 5)).resolves.toBeUndefined();\n });\n });\n\n describe('task isolation', () => {\n it('should isolate messages between different tasks', async () => {\n const message1: QueuedMessage = {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 1,\n method: 'test1',\n params: {}\n },\n timestamp: 1000\n };\n\n const message2: QueuedMessage = {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 2,\n result: {}\n },\n timestamp: 2000\n };\n\n await queue.enqueue('task-a', message1);\n await queue.enqueue('task-b', message2);\n\n expect(await queue.dequeue('task-a')).toStrictEqual(message1);\n expect(await queue.dequeue('task-b')).toStrictEqual(message2);\n expect(await queue.dequeue('task-a')).toBeUndefined();\n expect(await queue.dequeue('task-b')).toBeUndefined();\n });\n });\n\n describe('response message error handling', () => {\n it('should handle response messages with errors', async () => {\n const errorResponse: QueuedMessage = {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: 1,\n error: {\n code: -32_600,\n message: 'Invalid Request'\n }\n },\n timestamp: Date.now()\n };\n\n await queue.enqueue('task-error', errorResponse);\n const dequeued = await queue.dequeue('task-error');\n\n expect(dequeued).toStrictEqual(errorResponse);\n expect(dequeued?.type).toBe('error');\n });\n });\n});\n" }, { "path": "packages/core/test/inMemory.test.ts", "content": "import type { AuthInfo, JSONRPCMessage } from '../src/types/types.js';\nimport { InMemoryTransport } from '../src/util/inMemory.js';\n\ndescribe('InMemoryTransport', () => {\n let clientTransport: InMemoryTransport;\n let serverTransport: InMemoryTransport;\n\n beforeEach(() => {\n [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n });\n\n test('should create linked pair', () => {\n expect(clientTransport).toBeDefined();\n expect(serverTransport).toBeDefined();\n });\n\n test('should start without error', async () => {\n await expect(clientTransport.start()).resolves.not.toThrow();\n await expect(serverTransport.start()).resolves.not.toThrow();\n });\n\n test('should send message from client to server', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n id: 1\n };\n\n let receivedMessage: JSONRPCMessage | undefined;\n serverTransport.onmessage = msg => {\n receivedMessage = msg;\n };\n\n await clientTransport.send(message);\n expect(receivedMessage).toEqual(message);\n });\n\n test('should send message with auth info from client to server', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n id: 1\n };\n\n const authInfo: AuthInfo = {\n token: 'test-token',\n clientId: 'test-client',\n scopes: ['read', 'write'],\n expiresAt: Date.now() / 1000 + 3600\n };\n\n let receivedMessage: JSONRPCMessage | undefined;\n let receivedAuthInfo: AuthInfo | undefined;\n serverTransport.onmessage = (msg, extra) => {\n receivedMessage = msg;\n receivedAuthInfo = extra?.authInfo;\n };\n\n await clientTransport.send(message, { authInfo });\n expect(receivedMessage).toEqual(message);\n expect(receivedAuthInfo).toEqual(authInfo);\n });\n\n test('should send message from server to client', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n id: 1\n };\n\n let receivedMessage: JSONRPCMessage | undefined;\n clientTransport.onmessage = msg => {\n receivedMessage = msg;\n };\n\n await serverTransport.send(message);\n expect(receivedMessage).toEqual(message);\n });\n\n test('should handle close', async () => {\n let clientClosed = false;\n let serverClosed = false;\n\n clientTransport.onclose = () => {\n clientClosed = true;\n };\n\n serverTransport.onclose = () => {\n serverClosed = true;\n };\n\n await clientTransport.close();\n expect(clientClosed).toBe(true);\n expect(serverClosed).toBe(true);\n });\n\n test('should throw error when sending after close', async () => {\n await clientTransport.close();\n await expect(clientTransport.send({ jsonrpc: '2.0', method: 'test', id: 1 })).rejects.toThrow('Not connected');\n });\n\n test('should queue messages sent before start', async () => {\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'test',\n id: 1\n };\n\n let receivedMessage: JSONRPCMessage | undefined;\n serverTransport.onmessage = msg => {\n receivedMessage = msg;\n };\n\n await clientTransport.send(message);\n await serverTransport.start();\n expect(receivedMessage).toEqual(message);\n });\n});\n" }, { "path": "packages/core/test/shared/auth.test.ts", "content": "import {\n OAuthClientMetadataSchema,\n OAuthMetadataSchema,\n OpenIdProviderMetadataSchema,\n OptionalSafeUrlSchema,\n SafeUrlSchema\n} from '../../src/shared/auth.js';\n\ndescribe('SafeUrlSchema', () => {\n it('accepts valid HTTPS URLs', () => {\n expect(SafeUrlSchema.parse('https://example.com')).toBe('https://example.com');\n expect(SafeUrlSchema.parse('https://auth.example.com/oauth/authorize')).toBe('https://auth.example.com/oauth/authorize');\n });\n\n it('accepts valid HTTP URLs', () => {\n expect(SafeUrlSchema.parse('http://localhost:3000')).toBe('http://localhost:3000');\n });\n\n it('rejects javascript: scheme URLs', () => {\n expect(() => SafeUrlSchema.parse('javascript:alert(1)')).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');\n expect(() => SafeUrlSchema.parse('JAVASCRIPT:alert(1)')).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');\n });\n\n it('rejects invalid URLs', () => {\n expect(() => SafeUrlSchema.parse('not-a-url')).toThrow();\n expect(() => SafeUrlSchema.parse('')).toThrow();\n });\n\n it('works with safeParse', () => {\n expect(() => SafeUrlSchema.safeParse('not-a-url')).not.toThrow();\n });\n});\n\ndescribe('OptionalSafeUrlSchema', () => {\n it('accepts empty string and transforms it to undefined', () => {\n expect(OptionalSafeUrlSchema.parse('')).toBe(undefined);\n });\n});\n\ndescribe('OAuthMetadataSchema', () => {\n it('validates complete OAuth metadata', () => {\n const metadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/oauth/authorize',\n token_endpoint: 'https://auth.example.com/oauth/token',\n response_types_supported: ['code'],\n scopes_supported: ['read', 'write']\n };\n\n expect(() => OAuthMetadataSchema.parse(metadata)).not.toThrow();\n });\n\n it('rejects metadata with javascript: URLs', () => {\n const metadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'javascript:alert(1)',\n token_endpoint: 'https://auth.example.com/oauth/token',\n response_types_supported: ['code']\n };\n\n expect(() => OAuthMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');\n });\n\n it('requires mandatory fields', () => {\n const incompleteMetadata = {\n issuer: 'https://auth.example.com'\n };\n\n expect(() => OAuthMetadataSchema.parse(incompleteMetadata)).toThrow();\n });\n});\n\ndescribe('OpenIdProviderMetadataSchema', () => {\n it('validates complete OpenID Provider metadata', () => {\n const metadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/oauth/authorize',\n token_endpoint: 'https://auth.example.com/oauth/token',\n jwks_uri: 'https://auth.example.com/.well-known/jwks.json',\n response_types_supported: ['code'],\n subject_types_supported: ['public'],\n id_token_signing_alg_values_supported: ['RS256']\n };\n\n expect(() => OpenIdProviderMetadataSchema.parse(metadata)).not.toThrow();\n });\n\n it('rejects metadata with javascript: in jwks_uri', () => {\n const metadata = {\n issuer: 'https://auth.example.com',\n authorization_endpoint: 'https://auth.example.com/oauth/authorize',\n token_endpoint: 'https://auth.example.com/oauth/token',\n jwks_uri: 'javascript:alert(1)',\n response_types_supported: ['code'],\n subject_types_supported: ['public'],\n id_token_signing_alg_values_supported: ['RS256']\n };\n\n expect(() => OpenIdProviderMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');\n });\n});\n\ndescribe('OAuthClientMetadataSchema', () => {\n it('validates client metadata with safe URLs', () => {\n const metadata = {\n redirect_uris: ['https://app.example.com/callback'],\n client_name: 'Test App',\n client_uri: 'https://app.example.com'\n };\n\n expect(() => OAuthClientMetadataSchema.parse(metadata)).not.toThrow();\n });\n\n it('rejects client metadata with javascript: redirect URIs', () => {\n const metadata = {\n redirect_uris: ['javascript:alert(1)'],\n client_name: 'Test App'\n };\n\n expect(() => OAuthClientMetadataSchema.parse(metadata)).toThrow('URL cannot use javascript:, data:, or vbscript: scheme');\n });\n});\n" }, { "path": "packages/core/test/shared/authUtils.test.ts", "content": "import { checkResourceAllowed, resourceUrlFromServerUrl } from '../../src/shared/authUtils.js';\n\ndescribe('auth-utils', () => {\n describe('resourceUrlFromServerUrl', () => {\n it('should remove fragments', () => {\n expect(resourceUrlFromServerUrl(new URL('https://example.com/path#fragment')).href).toBe('https://example.com/path');\n expect(resourceUrlFromServerUrl(new URL('https://example.com#fragment')).href).toBe('https://example.com/');\n expect(resourceUrlFromServerUrl(new URL('https://example.com/path?query=1#fragment')).href).toBe(\n 'https://example.com/path?query=1'\n );\n });\n\n it('should return URL unchanged if no fragment', () => {\n expect(resourceUrlFromServerUrl(new URL('https://example.com')).href).toBe('https://example.com/');\n expect(resourceUrlFromServerUrl(new URL('https://example.com/path')).href).toBe('https://example.com/path');\n expect(resourceUrlFromServerUrl(new URL('https://example.com/path?query=1')).href).toBe('https://example.com/path?query=1');\n });\n\n it('should keep everything else unchanged', () => {\n // Case sensitivity preserved\n expect(resourceUrlFromServerUrl(new URL('https://EXAMPLE.COM/PATH')).href).toBe('https://example.com/PATH');\n // Ports preserved\n expect(resourceUrlFromServerUrl(new URL('https://example.com:443/path')).href).toBe('https://example.com/path');\n expect(resourceUrlFromServerUrl(new URL('https://example.com:8080/path')).href).toBe('https://example.com:8080/path');\n // Query parameters preserved\n expect(resourceUrlFromServerUrl(new URL('https://example.com?foo=bar&baz=qux')).href).toBe(\n 'https://example.com/?foo=bar&baz=qux'\n );\n // Trailing slashes preserved\n expect(resourceUrlFromServerUrl(new URL('https://example.com/')).href).toBe('https://example.com/');\n expect(resourceUrlFromServerUrl(new URL('https://example.com/path/')).href).toBe('https://example.com/path/');\n });\n });\n\n describe('resourceMatches', () => {\n it('should match identical URLs', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/path', configuredResource: 'https://example.com/path' })\n ).toBe(true);\n expect(checkResourceAllowed({ requestedResource: 'https://example.com/', configuredResource: 'https://example.com/' })).toBe(\n true\n );\n });\n\n it('should not match URLs with different paths', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/path1', configuredResource: 'https://example.com/path2' })\n ).toBe(false);\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/', configuredResource: 'https://example.com/path' })\n ).toBe(false);\n });\n\n it('should not match URLs with different domains', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/path', configuredResource: 'https://example.org/path' })\n ).toBe(false);\n });\n\n it('should not match URLs with different ports', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com:8080/path', configuredResource: 'https://example.com/path' })\n ).toBe(false);\n });\n\n it('should not match URLs where one path is a sub-path of another', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/mcpxxxx', configuredResource: 'https://example.com/mcp' })\n ).toBe(false);\n expect(\n checkResourceAllowed({\n requestedResource: 'https://example.com/folder',\n configuredResource: 'https://example.com/folder/subfolder'\n })\n ).toBe(false);\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/api/v1', configuredResource: 'https://example.com/api' })\n ).toBe(true);\n });\n\n it('should handle trailing slashes vs no trailing slashes', () => {\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/mcp/', configuredResource: 'https://example.com/mcp' })\n ).toBe(true);\n expect(\n checkResourceAllowed({ requestedResource: 'https://example.com/folder', configuredResource: 'https://example.com/folder/' })\n ).toBe(false);\n });\n });\n});\n" }, { "path": "packages/core/test/shared/protocol.test.ts", "content": "import type { MockInstance } from 'vitest';\nimport { vi } from 'vitest';\nimport * as z from 'zod/v4';\nimport type { ZodType } from 'zod/v4';\n\nimport type {\n QueuedMessage,\n QueuedNotification,\n QueuedRequest,\n TaskMessageQueue,\n TaskStore\n} from '../../src/experimental/tasks/interfaces.js';\nimport { InMemoryTaskMessageQueue } from '../../src/experimental/tasks/stores/inMemory.js';\nimport type { BaseContext } from '../../src/shared/protocol.js';\nimport { mergeCapabilities, Protocol } from '../../src/shared/protocol.js';\nimport type { ErrorMessage, ResponseMessage } from '../../src/shared/responseMessage.js';\nimport { toArrayAsync } from '../../src/shared/responseMessage.js';\nimport type { Transport, TransportSendOptions } from '../../src/shared/transport.js';\nimport type {\n ClientCapabilities,\n JSONRPCErrorResponse,\n JSONRPCMessage,\n JSONRPCRequest,\n JSONRPCResultResponse,\n Notification,\n Request,\n RequestId,\n Result,\n ServerCapabilities,\n Task,\n TaskCreationParams\n} from '../../src/types/types.js';\nimport { ProtocolError, ProtocolErrorCode, RELATED_TASK_META_KEY } from '../../src/types/types.js';\nimport { SdkError, SdkErrorCode } from '../../src/errors/sdkErrors.js';\n\n// Type helper for accessing private/protected Protocol properties in tests\ninterface TestProtocol {\n _taskMessageQueue?: TaskMessageQueue;\n _requestResolvers: Map void>;\n _responseHandlers: Map void>;\n _taskProgressTokens: Map;\n _clearTaskQueue: (taskId: string, sessionId?: string) => Promise;\n requestTaskStore: (request: Request, authInfo: unknown) => TaskStore;\n // Protected methods (exposed for testing)\n _requestWithSchema: (request: Request, resultSchema: T, options?: unknown) => Promise>;\n listTasks: (params?: { cursor?: string }) => Promise<{ tasks: Task[]; nextCursor?: string }>;\n cancelTask: (params: { taskId: string }) => Promise;\n _requestStreamWithSchema: (\n request: Request,\n schema: ZodType,\n options?: unknown\n ) => AsyncGenerator>;\n}\n\n// Mock Transport class\nclass MockTransport implements Transport {\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: unknown) => void;\n\n async start(): Promise {}\n async close(): Promise {\n this.onclose?.();\n }\n async send(_message: JSONRPCMessage, _options?: TransportSendOptions): Promise {}\n}\n\nfunction createMockTaskStore(options?: {\n onStatus?: (status: Task['status']) => void;\n onList?: () => void;\n}): TaskStore & { [K in keyof TaskStore]: MockInstance } {\n const tasks: Record = {};\n return {\n createTask: vi.fn((taskParams: TaskCreationParams, _1: RequestId, _2: Request) => {\n // Generate a unique task ID\n const taskId = `test-task-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;\n const createdAt = new Date().toISOString();\n const task = (tasks[taskId] = {\n taskId,\n status: 'working',\n ttl: taskParams.ttl ?? null,\n createdAt,\n lastUpdatedAt: createdAt,\n pollInterval: taskParams.pollInterval ?? 1000\n });\n options?.onStatus?.('working');\n return Promise.resolve(task);\n }),\n getTask: vi.fn((taskId: string) => {\n return Promise.resolve(tasks[taskId] ?? null);\n }),\n updateTaskStatus: vi.fn((taskId, status, statusMessage) => {\n const task = tasks[taskId];\n if (task) {\n task.status = status;\n task.statusMessage = statusMessage;\n options?.onStatus?.(task.status);\n }\n return Promise.resolve();\n }),\n storeTaskResult: vi.fn((taskId: string, status: 'completed' | 'failed', result: Result) => {\n const task = tasks[taskId];\n if (task) {\n task.status = status;\n task.result = result;\n options?.onStatus?.(status);\n }\n return Promise.resolve();\n }),\n getTaskResult: vi.fn((taskId: string) => {\n const task = tasks[taskId];\n if (task?.result) {\n return Promise.resolve(task.result);\n }\n throw new Error('Task result not found');\n }),\n listTasks: vi.fn(() => {\n const result = {\n tasks: Object.values(tasks)\n };\n options?.onList?.();\n return Promise.resolve(result);\n })\n };\n}\n\nfunction createLatch() {\n let latch = false;\n const waitForLatch = async () => {\n while (!latch) {\n await new Promise(resolve => setTimeout(resolve, 0));\n }\n };\n\n return {\n releaseLatch: () => {\n latch = true;\n },\n waitForLatch\n };\n}\n\nfunction assertErrorResponse(o: ResponseMessage): asserts o is ErrorMessage {\n expect(o.type).toBe('error');\n}\n\nfunction assertQueuedNotification(o?: QueuedMessage): asserts o is QueuedNotification {\n expect(o).toBeDefined();\n expect(o?.type).toBe('notification');\n}\n\nfunction assertQueuedRequest(o?: QueuedMessage): asserts o is QueuedRequest {\n expect(o).toBeDefined();\n expect(o?.type).toBe('request');\n}\n\n/**\n * Helper to call the protected _requestWithSchema method from tests that\n * use custom method names not present in RequestMethod.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction testRequest(proto: Protocol, request: Request, resultSchema: ZodType, options?: any) {\n return (proto as unknown as TestProtocol)._requestWithSchema(request, resultSchema, options);\n}\n\ndescribe('protocol tests', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let sendSpy: MockInstance;\n\n beforeEach(() => {\n transport = new MockTransport();\n sendSpy = vi.spyOn(transport, 'send');\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n });\n\n test('should throw a timeout error if the request exceeds the timeout', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n try {\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n await testRequest(protocol, request, mockSchema, {\n timeout: 0\n });\n } catch (error) {\n expect(error).toBeInstanceOf(SdkError);\n if (error instanceof SdkError) {\n expect(error.code).toBe(SdkErrorCode.RequestTimeout);\n }\n }\n });\n\n test('should invoke onclose when the connection is closed', async () => {\n const oncloseMock = vi.fn();\n protocol.onclose = oncloseMock;\n await protocol.connect(transport);\n await transport.close();\n expect(oncloseMock).toHaveBeenCalled();\n });\n\n test('should not overwrite existing hooks when connecting transports', async () => {\n const oncloseMock = vi.fn();\n const onerrorMock = vi.fn();\n const onmessageMock = vi.fn();\n transport.onclose = oncloseMock;\n transport.onerror = onerrorMock;\n transport.onmessage = onmessageMock;\n await protocol.connect(transport);\n transport.onclose();\n transport.onerror(new Error());\n transport.onmessage('');\n expect(oncloseMock).toHaveBeenCalled();\n expect(onerrorMock).toHaveBeenCalled();\n expect(onmessageMock).toHaveBeenCalled();\n });\n\n describe('_meta preservation with onprogress', () => {\n test('should preserve existing _meta when adding progressToken', async () => {\n await protocol.connect(transport);\n const request = {\n method: 'example',\n params: {\n data: 'test',\n _meta: {\n customField: 'customValue',\n anotherField: 123\n }\n }\n };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n\n // Start request but don't await - we're testing the sent message\n void testRequest(protocol, request, mockSchema, {\n onprogress: onProgressMock\n }).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'example',\n params: {\n data: 'test',\n _meta: {\n customField: 'customValue',\n anotherField: 123,\n progressToken: expect.any(Number)\n }\n },\n jsonrpc: '2.0',\n id: expect.any(Number)\n }),\n expect.any(Object)\n );\n });\n\n test('should create _meta with progressToken when no _meta exists', async () => {\n await protocol.connect(transport);\n const request = {\n method: 'example',\n params: {\n data: 'test'\n }\n };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n\n // Start request but don't await - we're testing the sent message\n void testRequest(protocol, request, mockSchema, {\n onprogress: onProgressMock\n }).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'example',\n params: {\n data: 'test',\n _meta: {\n progressToken: expect.any(Number)\n }\n },\n jsonrpc: '2.0',\n id: expect.any(Number)\n }),\n expect.any(Object)\n );\n });\n\n test('should not modify _meta when onprogress is not provided', async () => {\n await protocol.connect(transport);\n const request = {\n method: 'example',\n params: {\n data: 'test',\n _meta: {\n customField: 'customValue'\n }\n }\n };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n\n // Start request but don't await - we're testing the sent message\n void testRequest(protocol, request, mockSchema).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'example',\n params: {\n data: 'test',\n _meta: {\n customField: 'customValue'\n }\n },\n jsonrpc: '2.0',\n id: expect.any(Number)\n }),\n expect.any(Object)\n );\n });\n\n test('should handle params being undefined with onprogress', async () => {\n await protocol.connect(transport);\n const request = {\n method: 'example'\n };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n\n // Start request but don't await - we're testing the sent message\n void testRequest(protocol, request, mockSchema, {\n onprogress: onProgressMock\n }).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'example',\n params: {\n _meta: {\n progressToken: expect.any(Number)\n }\n },\n jsonrpc: '2.0',\n id: expect.any(Number)\n }),\n expect.any(Object)\n );\n });\n });\n\n describe('progress notification timeout behavior', () => {\n beforeEach(() => {\n vi.useFakeTimers();\n });\n afterEach(() => {\n vi.useRealTimers();\n });\n\n test('should not reset timeout when resetTimeoutOnProgress is false', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 1000,\n resetTimeoutOnProgress: false,\n onprogress: onProgressMock\n });\n\n vi.advanceTimersByTime(800);\n\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 50,\n total: 100\n }\n });\n }\n await Promise.resolve();\n\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 50,\n total: 100\n });\n\n vi.advanceTimersByTime(201);\n\n await expect(requestPromise).rejects.toThrow('Request timed out');\n });\n\n test('should reset timeout when progress notification is received', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 1000,\n resetTimeoutOnProgress: true,\n onprogress: onProgressMock\n });\n vi.advanceTimersByTime(800);\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 50,\n total: 100\n }\n });\n }\n await Promise.resolve();\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 50,\n total: 100\n });\n vi.advanceTimersByTime(800);\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 0,\n result: { result: 'success' }\n });\n }\n await Promise.resolve();\n await expect(requestPromise).resolves.toEqual({ result: 'success' });\n });\n\n test('should respect maxTotalTimeout', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 1000,\n maxTotalTimeout: 150,\n resetTimeoutOnProgress: true,\n onprogress: onProgressMock\n });\n\n // First progress notification should work\n vi.advanceTimersByTime(80);\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 50,\n total: 100\n }\n });\n }\n await Promise.resolve();\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 50,\n total: 100\n });\n vi.advanceTimersByTime(80);\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 75,\n total: 100\n }\n });\n }\n await expect(requestPromise).rejects.toThrow('Maximum total timeout exceeded');\n expect(onProgressMock).toHaveBeenCalledTimes(1);\n });\n\n test('should timeout if no progress received within timeout period', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 100,\n resetTimeoutOnProgress: true\n });\n vi.advanceTimersByTime(101);\n await expect(requestPromise).rejects.toThrow('Request timed out');\n });\n\n test('should handle multiple progress notifications correctly', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 1000,\n resetTimeoutOnProgress: true,\n onprogress: onProgressMock\n });\n\n // Simulate multiple progress updates\n for (let i = 1; i <= 3; i++) {\n vi.advanceTimersByTime(800);\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: i * 25,\n total: 100\n }\n });\n }\n await Promise.resolve();\n expect(onProgressMock).toHaveBeenNthCalledWith(i, {\n progress: i * 25,\n total: 100\n });\n }\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 0,\n result: { result: 'success' }\n });\n }\n await Promise.resolve();\n await expect(requestPromise).resolves.toEqual({ result: 'success' });\n });\n\n test('should handle progress notifications with message field', async () => {\n await protocol.connect(transport);\n const request = { method: 'example', params: {} };\n const mockSchema: ZodType<{ result: string }> = z.object({\n result: z.string()\n });\n const onProgressMock = vi.fn();\n\n const requestPromise = testRequest(protocol, request, mockSchema, {\n timeout: 1000,\n onprogress: onProgressMock\n });\n\n vi.advanceTimersByTime(200);\n\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 25,\n total: 100,\n message: 'Initializing process...'\n }\n });\n }\n await Promise.resolve();\n\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 25,\n total: 100,\n message: 'Initializing process...'\n });\n\n vi.advanceTimersByTime(200);\n\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken: 0,\n progress: 75,\n total: 100,\n message: 'Processing data...'\n }\n });\n }\n await Promise.resolve();\n\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 75,\n total: 100,\n message: 'Processing data...'\n });\n\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 0,\n result: { result: 'success' }\n });\n }\n await Promise.resolve();\n await expect(requestPromise).resolves.toEqual({ result: 'success' });\n });\n });\n\n describe('Debounced Notifications', () => {\n // We need to flush the microtask queue to test the debouncing logic.\n // This helper function does that.\n const flushMicrotasks = () => new Promise(resolve => setImmediate(resolve));\n\n it('should NOT debounce a notification that has parameters', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced_with_params'] });\n await protocol.connect(transport);\n\n // ACT\n // These notifications are configured for debouncing but contain params, so they should be sent immediately.\n await protocol.notification({ method: 'test/debounced_with_params', params: { data: 1 } });\n await protocol.notification({ method: 'test/debounced_with_params', params: { data: 2 } });\n\n // ASSERT\n // Both should have been sent immediately to avoid data loss.\n expect(sendSpy).toHaveBeenCalledTimes(2);\n expect(sendSpy).toHaveBeenCalledWith(expect.objectContaining({ params: { data: 1 } }), undefined);\n expect(sendSpy).toHaveBeenCalledWith(expect.objectContaining({ params: { data: 2 } }), undefined);\n });\n\n it('should NOT debounce a notification that has a relatedRequestId', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced_with_options'] });\n await protocol.connect(transport);\n\n // ACT\n await protocol.notification({ method: 'test/debounced_with_options' }, { relatedRequestId: 'req-1' });\n await protocol.notification({ method: 'test/debounced_with_options' }, { relatedRequestId: 'req-2' });\n\n // ASSERT\n expect(sendSpy).toHaveBeenCalledTimes(2);\n expect(sendSpy).toHaveBeenCalledWith(expect.any(Object), { relatedRequestId: 'req-1' });\n expect(sendSpy).toHaveBeenCalledWith(expect.any(Object), { relatedRequestId: 'req-2' });\n });\n\n it('should clear pending debounced notifications on connection close', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced'] });\n await protocol.connect(transport);\n\n // ACT\n // Schedule a notification but don't flush the microtask queue.\n protocol.notification({ method: 'test/debounced' });\n\n // Close the connection. This should clear the pending set.\n await protocol.close();\n\n // Now, flush the microtask queue.\n await flushMicrotasks();\n\n // ASSERT\n // The send should never have happened because the transport was cleared.\n expect(sendSpy).not.toHaveBeenCalled();\n });\n\n it('should debounce multiple synchronous calls when params property is omitted', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced'] });\n await protocol.connect(transport);\n\n // ACT\n // This is the more idiomatic way to write a notification with no params.\n protocol.notification({ method: 'test/debounced' });\n protocol.notification({ method: 'test/debounced' });\n protocol.notification({ method: 'test/debounced' });\n\n expect(sendSpy).not.toHaveBeenCalled();\n await flushMicrotasks();\n\n // ASSERT\n expect(sendSpy).toHaveBeenCalledTimes(1);\n // The final sent object might not even have the `params` key, which is fine.\n // We can check that it was called and that the params are \"falsy\".\n const sentNotification = sendSpy.mock.calls[0]![0];\n expect(sentNotification.method).toBe('test/debounced');\n expect(sentNotification.params).toBeUndefined();\n });\n\n it('should debounce calls when params is explicitly undefined', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced'] });\n await protocol.connect(transport);\n\n // ACT\n protocol.notification({ method: 'test/debounced', params: undefined });\n protocol.notification({ method: 'test/debounced', params: undefined });\n await flushMicrotasks();\n\n // ASSERT\n expect(sendSpy).toHaveBeenCalledTimes(1);\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'test/debounced',\n params: undefined\n }),\n undefined\n );\n });\n\n it('should send non-debounced notifications immediately and multiple times', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced'] }); // Configure for a different method\n await protocol.connect(transport);\n\n // ACT\n // Call a non-debounced notification method multiple times.\n await protocol.notification({ method: 'test/immediate' });\n await protocol.notification({ method: 'test/immediate' });\n\n // ASSERT\n // Since this method is not in the debounce list, it should be sent every time.\n expect(sendSpy).toHaveBeenCalledTimes(2);\n });\n\n it('should not debounce any notifications if the option is not provided', async () => {\n // ARRANGE\n // Use the default protocol from beforeEach, which has no debounce options.\n await protocol.connect(transport);\n\n // ACT\n await protocol.notification({ method: 'any/method' });\n await protocol.notification({ method: 'any/method' });\n\n // ASSERT\n // Without the config, behavior should be immediate sending.\n expect(sendSpy).toHaveBeenCalledTimes(2);\n });\n\n it('should handle sequential batches of debounced notifications correctly', async () => {\n // ARRANGE\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ debouncedNotificationMethods: ['test/debounced'] });\n await protocol.connect(transport);\n\n // ACT (Batch 1)\n protocol.notification({ method: 'test/debounced' });\n protocol.notification({ method: 'test/debounced' });\n await flushMicrotasks();\n\n // ASSERT (Batch 1)\n expect(sendSpy).toHaveBeenCalledTimes(1);\n\n // ACT (Batch 2)\n // After the first batch has been sent, a new batch should be possible.\n protocol.notification({ method: 'test/debounced' });\n protocol.notification({ method: 'test/debounced' });\n await flushMicrotasks();\n\n // ASSERT (Batch 2)\n // The total number of sends should now be 2.\n expect(sendSpy).toHaveBeenCalledTimes(2);\n });\n });\n});\n\ndescribe('InMemoryTaskMessageQueue', () => {\n let queue: TaskMessageQueue;\n const taskId = 'test-task-id';\n\n beforeEach(() => {\n queue = new InMemoryTaskMessageQueue();\n });\n\n describe('enqueue/dequeue maintains FIFO order', () => {\n it('should maintain FIFO order for multiple messages', async () => {\n const msg1 = {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test1' },\n timestamp: 1\n };\n const msg2 = {\n type: 'request' as const,\n message: { jsonrpc: '2.0' as const, id: 1, method: 'test2' },\n timestamp: 2\n };\n const msg3 = {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test3' },\n timestamp: 3\n };\n\n await queue.enqueue(taskId, msg1);\n await queue.enqueue(taskId, msg2);\n await queue.enqueue(taskId, msg3);\n\n expect(await queue.dequeue(taskId)).toEqual(msg1);\n expect(await queue.dequeue(taskId)).toEqual(msg2);\n expect(await queue.dequeue(taskId)).toEqual(msg3);\n });\n\n it('should return undefined when dequeuing from empty queue', async () => {\n expect(await queue.dequeue(taskId)).toBeUndefined();\n });\n });\n\n describe('dequeueAll operation', () => {\n it('should return all messages in FIFO order', async () => {\n const msg1 = {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test1' },\n timestamp: 1\n };\n const msg2 = {\n type: 'request' as const,\n message: { jsonrpc: '2.0' as const, id: 1, method: 'test2' },\n timestamp: 2\n };\n const msg3 = {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test3' },\n timestamp: 3\n };\n\n await queue.enqueue(taskId, msg1);\n await queue.enqueue(taskId, msg2);\n await queue.enqueue(taskId, msg3);\n\n const allMessages = await queue.dequeueAll(taskId);\n\n expect(allMessages).toEqual([msg1, msg2, msg3]);\n });\n\n it('should return empty array for empty queue', async () => {\n const allMessages = await queue.dequeueAll(taskId);\n expect(allMessages).toEqual([]);\n });\n\n it('should clear queue after dequeueAll', async () => {\n await queue.enqueue(taskId, {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test1' },\n timestamp: 1\n });\n await queue.enqueue(taskId, {\n type: 'notification' as const,\n message: { jsonrpc: '2.0' as const, method: 'test2' },\n timestamp: 2\n });\n\n await queue.dequeueAll(taskId);\n\n expect(await queue.dequeue(taskId)).toBeUndefined();\n });\n });\n});\n\ndescribe('mergeCapabilities', () => {\n it('should merge client capabilities', () => {\n const base: ClientCapabilities = {\n sampling: {},\n roots: {\n listChanged: true\n }\n };\n\n const additional: ClientCapabilities = {\n experimental: {\n feature: {\n featureFlag: true\n }\n },\n elicitation: {},\n roots: {\n listChanged: true\n }\n };\n\n const merged = mergeCapabilities(base, additional);\n expect(merged).toEqual({\n sampling: {},\n elicitation: {},\n roots: {\n listChanged: true\n },\n experimental: {\n feature: {\n featureFlag: true\n }\n }\n });\n });\n\n it('should merge server capabilities', () => {\n const base: ServerCapabilities = {\n logging: {},\n prompts: {\n listChanged: true\n }\n };\n\n const additional: ServerCapabilities = {\n resources: {\n subscribe: true\n },\n prompts: {\n listChanged: true\n }\n };\n\n const merged = mergeCapabilities(base, additional);\n expect(merged).toEqual({\n logging: {},\n prompts: {\n listChanged: true\n },\n resources: {\n subscribe: true\n }\n });\n });\n\n it('should override existing values with additional values', () => {\n const base: ServerCapabilities = {\n prompts: {\n listChanged: false\n }\n };\n\n const additional: ServerCapabilities = {\n prompts: {\n listChanged: true\n }\n };\n\n const merged = mergeCapabilities(base, additional);\n expect(merged.prompts!.listChanged).toBe(true);\n });\n\n it('should handle empty objects', () => {\n const base = {};\n const additional = {};\n const merged = mergeCapabilities(base, additional);\n expect(merged).toEqual({});\n });\n});\n\ndescribe('Task-based execution', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let sendSpy: MockInstance;\n\n beforeEach(() => {\n transport = new MockTransport();\n sendSpy = vi.spyOn(transport, 'send');\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: createMockTaskStore(), taskMessageQueue: new InMemoryTaskMessageQueue() });\n });\n\n describe('request with task metadata', () => {\n it('should include task parameters at top level', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 30000,\n pollInterval: 1000\n }\n }).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'tools/call',\n params: {\n name: 'test-tool',\n task: {\n ttl: 30000,\n pollInterval: 1000\n }\n }\n }),\n expect.any(Object)\n );\n });\n\n it('should preserve existing _meta and add task parameters at top level', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: {\n name: 'test-tool',\n _meta: {\n customField: 'customValue'\n }\n }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 60000\n }\n }).catch(() => {\n // May not complete, ignore error\n });\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n params: {\n name: 'test-tool',\n _meta: {\n customField: 'customValue'\n },\n task: {\n ttl: 60000\n }\n }\n }),\n expect.any(Object)\n );\n });\n\n it('should return Promise for task-augmented request', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n const resultPromise = testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 30000\n }\n });\n\n expect(resultPromise).toBeDefined();\n expect(resultPromise).toBeInstanceOf(Promise);\n });\n });\n\n describe('relatedTask metadata', () => {\n it('should inject relatedTask metadata into _meta field', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'notifications/message',\n params: { data: 'test' }\n };\n\n const resultSchema = z.object({});\n\n // Start the request (don't await completion, just let it send)\n void testRequest(protocol, request, resultSchema, {\n relatedTask: {\n taskId: 'parent-task-123'\n }\n }).catch(() => {\n // May not complete, ignore error\n });\n\n // Wait a bit for the request to be queued\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Requests with relatedTask should be queued, not sent via transport\n // This prevents duplicate delivery for bidirectional transports\n expect(sendSpy).not.toHaveBeenCalled();\n\n // Verify the message was queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n });\n\n it('should work with notification method', async () => {\n await protocol.connect(transport);\n\n await protocol.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n },\n {\n relatedTask: {\n taskId: 'parent-task-456'\n }\n }\n );\n\n // Notifications with relatedTask should be queued, not sent via transport\n // This prevents duplicate delivery for bidirectional transports\n expect(sendSpy).not.toHaveBeenCalled();\n\n // Verify the message was queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue('parent-task-456');\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.method).toBe('notifications/message');\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual({ taskId: 'parent-task-456' });\n });\n });\n\n describe('task metadata combination', () => {\n it('should combine task, relatedTask, and progress metadata', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n // Start the request (don't await completion, just let it send)\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 60000,\n pollInterval: 1000\n },\n relatedTask: {\n taskId: 'parent-task'\n },\n onprogress: vi.fn()\n }).catch(() => {\n // May not complete, ignore error\n });\n\n // Wait a bit for the request to be queued\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Requests with relatedTask should be queued, not sent via transport\n // This prevents duplicate delivery for bidirectional transports\n expect(sendSpy).not.toHaveBeenCalled();\n\n // Verify the message was queued with all metadata combined\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue('parent-task');\n assertQueuedRequest(queuedMessage);\n expect(queuedMessage.message.params).toMatchObject({\n name: 'test-tool',\n task: {\n ttl: 60000,\n pollInterval: 1000\n },\n _meta: {\n [RELATED_TASK_META_KEY]: {\n taskId: 'parent-task'\n },\n progressToken: expect.any(Number)\n }\n });\n });\n });\n\n describe('task status transitions', () => {\n it('should be handled by tool implementors, not protocol layer', () => {\n // Task status management is now the responsibility of tool implementors\n expect(true).toBe(true);\n });\n\n it('should handle requests with task creation parameters in top-level task field', async () => {\n // This test documents that task creation parameters are now in the top-level task field\n // rather than in _meta, and that task management is handled by tool implementors\n const mockTaskStore = createMockTaskStore();\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n\n await protocol.connect(transport);\n\n protocol.setRequestHandler('tools/call', async request => {\n // Tool implementor can access task creation parameters from request.params.task\n expect(request.params.task).toEqual({\n ttl: 60000,\n pollInterval: 1000\n });\n return { content: [{ type: 'text', text: 'success' }] };\n });\n\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 1,\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {},\n task: {\n ttl: 60000,\n pollInterval: 1000\n }\n }\n });\n\n // Wait for the request to be processed\n await new Promise(resolve => setTimeout(resolve, 10));\n });\n });\n\n describe('listTasks', () => {\n it('should handle tasks/list requests and return tasks from TaskStore', async () => {\n const listedTasks = createLatch();\n const mockTaskStore = createMockTaskStore({\n onList: () => listedTasks.releaseLatch()\n });\n const task1 = await mockTaskStore.createTask(\n {\n pollInterval: 500\n },\n 1,\n {\n method: 'test/method',\n params: {}\n }\n );\n // Manually set status to completed for this test\n await mockTaskStore.updateTaskStatus(task1.taskId, 'completed');\n\n const task2 = await mockTaskStore.createTask(\n {\n ttl: 60000,\n pollInterval: 1000\n },\n 2,\n {\n method: 'test/method',\n params: {}\n }\n );\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n\n await protocol.connect(transport);\n\n // Simulate receiving a tasks/list request\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 3,\n method: 'tasks/list',\n params: {}\n });\n\n await listedTasks.waitForLatch();\n\n expect(mockTaskStore.listTasks).toHaveBeenCalledWith(undefined, undefined);\n const sentMessage = sendSpy.mock.calls[0]![0];\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(3);\n expect(sentMessage.result.tasks).toEqual([\n {\n taskId: task1.taskId,\n status: 'completed',\n ttl: null,\n createdAt: expect.any(String),\n lastUpdatedAt: expect.any(String),\n pollInterval: 500\n },\n {\n taskId: task2.taskId,\n status: 'working',\n ttl: 60000,\n createdAt: expect.any(String),\n lastUpdatedAt: expect.any(String),\n pollInterval: 1000\n }\n ]);\n expect(sentMessage.result._meta).toEqual({});\n });\n\n it('should handle tasks/list requests with cursor for pagination', async () => {\n const listedTasks = createLatch();\n const mockTaskStore = createMockTaskStore({\n onList: () => listedTasks.releaseLatch()\n });\n const task3 = await mockTaskStore.createTask(\n {\n pollInterval: 500\n },\n 1,\n {\n method: 'test/method',\n params: {}\n }\n );\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n\n await protocol.connect(transport);\n\n // Simulate receiving a tasks/list request with cursor\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/list',\n params: {\n cursor: 'task-2'\n }\n });\n\n await listedTasks.waitForLatch();\n\n expect(mockTaskStore.listTasks).toHaveBeenCalledWith('task-2', undefined);\n const sentMessage = sendSpy.mock.calls[0]![0];\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(2);\n expect(sentMessage.result.tasks).toEqual([\n {\n taskId: task3.taskId,\n status: 'working',\n ttl: null,\n createdAt: expect.any(String),\n lastUpdatedAt: expect.any(String),\n pollInterval: 500\n }\n ]);\n expect(sentMessage.result.nextCursor).toBeUndefined();\n expect(sentMessage.result._meta).toEqual({});\n });\n\n it('should handle tasks/list requests with empty results', async () => {\n const listedTasks = createLatch();\n const mockTaskStore = createMockTaskStore({\n onList: () => listedTasks.releaseLatch()\n });\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n\n await protocol.connect(transport);\n\n // Simulate receiving a tasks/list request\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 3,\n method: 'tasks/list',\n params: {}\n });\n\n await listedTasks.waitForLatch();\n\n expect(mockTaskStore.listTasks).toHaveBeenCalledWith(undefined, undefined);\n const sentMessage = sendSpy.mock.calls[0]![0];\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(3);\n expect(sentMessage.result.tasks).toEqual([]);\n expect(sentMessage.result.nextCursor).toBeUndefined();\n expect(sentMessage.result._meta).toEqual({});\n });\n\n it('should return error for invalid cursor', async () => {\n const mockTaskStore = createMockTaskStore();\n mockTaskStore.listTasks.mockRejectedValue(new Error('Invalid cursor: bad-cursor'));\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n\n await protocol.connect(transport);\n\n // Simulate receiving a tasks/list request with invalid cursor\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 4,\n method: 'tasks/list',\n params: {\n cursor: 'bad-cursor'\n }\n });\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n expect(mockTaskStore.listTasks).toHaveBeenCalledWith('bad-cursor', undefined);\n const sentMessage = sendSpy.mock.calls[0]![0];\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(4);\n expect(sentMessage.error).toBeDefined();\n expect(sentMessage.error.code).toBe(-32602); // InvalidParams error code\n expect(sentMessage.error.message).toContain('Failed to list tasks');\n expect(sentMessage.error.message).toContain('Invalid cursor');\n });\n\n it('should call listTasks method from client side', async () => {\n await protocol.connect(transport);\n\n const listTasksPromise = (protocol as unknown as TestProtocol).listTasks();\n\n // Simulate server response\n setTimeout(() => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: sendSpy.mock.calls[0]![0].id,\n result: {\n tasks: [\n {\n taskId: 'task-1',\n status: 'completed',\n ttl: null,\n createdAt: '2024-01-01T00:00:00Z',\n lastUpdatedAt: '2024-01-01T00:00:00Z',\n pollInterval: 500\n }\n ],\n nextCursor: undefined,\n _meta: {}\n }\n });\n }, 10);\n\n const result = await listTasksPromise;\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'tasks/list',\n params: undefined\n }),\n expect.any(Object)\n );\n expect(result.tasks).toHaveLength(1);\n expect(result.tasks[0]?.taskId).toBe('task-1');\n });\n\n it('should call listTasks with cursor from client side', async () => {\n await protocol.connect(transport);\n\n const listTasksPromise = (protocol as unknown as TestProtocol).listTasks({ cursor: 'task-10' });\n\n // Simulate server response\n setTimeout(() => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: sendSpy.mock.calls[0]![0].id,\n result: {\n tasks: [\n {\n taskId: 'task-11',\n status: 'working',\n ttl: 30000,\n createdAt: '2024-01-01T00:00:00Z',\n lastUpdatedAt: '2024-01-01T00:00:00Z',\n pollInterval: 1000\n }\n ],\n nextCursor: 'task-11',\n _meta: {}\n }\n });\n }, 10);\n\n const result = await listTasksPromise;\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'tasks/list',\n params: {\n cursor: 'task-10'\n }\n }),\n expect.any(Object)\n );\n expect(result.tasks).toHaveLength(1);\n expect(result.tasks[0]?.taskId).toBe('task-11');\n expect(result.nextCursor).toBe('task-11');\n });\n });\n\n describe('cancelTask', () => {\n it('should handle tasks/cancel requests and update task status to cancelled', async () => {\n const taskDeleted = createLatch();\n const mockTaskStore = createMockTaskStore();\n const task = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n mockTaskStore.getTask.mockResolvedValue(task);\n mockTaskStore.updateTaskStatus.mockImplementation(async (taskId: string, status: string) => {\n if (taskId === task.taskId && status === 'cancelled') {\n taskDeleted.releaseLatch();\n return;\n }\n throw new Error('Task not found');\n });\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 5,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n\n await taskDeleted.waitForLatch();\n\n expect(mockTaskStore.getTask).toHaveBeenCalledWith(task.taskId, undefined);\n expect(mockTaskStore.updateTaskStatus).toHaveBeenCalledWith(\n task.taskId,\n 'cancelled',\n 'Client cancelled task execution.',\n undefined\n );\n const sentMessage = sendSpy.mock.calls[0]![0] as unknown as JSONRPCResultResponse;\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(5);\n expect(sentMessage.result._meta).toBeDefined();\n });\n\n it('should return error with code -32602 when task does not exist', async () => {\n const taskDeleted = createLatch();\n const mockTaskStore = createMockTaskStore();\n\n mockTaskStore.getTask.mockResolvedValue(null);\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 6,\n method: 'tasks/cancel',\n params: {\n taskId: 'non-existent'\n }\n });\n\n // Wait a bit for the async handler to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n taskDeleted.releaseLatch();\n\n expect(mockTaskStore.getTask).toHaveBeenCalledWith('non-existent', undefined);\n const sentMessage = sendSpy.mock.calls[0]![0] as unknown as JSONRPCErrorResponse;\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(6);\n expect(sentMessage.error).toBeDefined();\n expect(sentMessage.error.code).toBe(-32602); // InvalidParams error code\n expect(sentMessage.error.message).toContain('Task not found');\n });\n\n it('should return error with code -32602 when trying to cancel a task in terminal status', async () => {\n const mockTaskStore = createMockTaskStore();\n const completedTask = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n // Set task to completed status\n await mockTaskStore.updateTaskStatus(completedTask.taskId, 'completed');\n completedTask.status = 'completed';\n\n // Reset the mock so we can check it's not called during cancellation\n mockTaskStore.updateTaskStatus.mockClear();\n mockTaskStore.getTask.mockResolvedValue(completedTask);\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 7,\n method: 'tasks/cancel',\n params: {\n taskId: completedTask.taskId\n }\n });\n\n // Wait a bit for the async handler to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n\n expect(mockTaskStore.getTask).toHaveBeenCalledWith(completedTask.taskId, undefined);\n expect(mockTaskStore.updateTaskStatus).not.toHaveBeenCalled();\n const sentMessage = sendSpy.mock.calls[0]![0] as unknown as JSONRPCErrorResponse;\n expect(sentMessage.jsonrpc).toBe('2.0');\n expect(sentMessage.id).toBe(7);\n expect(sentMessage.error).toBeDefined();\n expect(sentMessage.error.code).toBe(-32602); // InvalidParams error code\n expect(sentMessage.error.message).toContain('Cannot cancel task in terminal status');\n });\n\n it('should call cancelTask method from client side', async () => {\n await protocol.connect(transport);\n\n const deleteTaskPromise = (protocol as unknown as TestProtocol).cancelTask({ taskId: 'task-to-delete' });\n\n // Simulate server response - per MCP spec, CancelTaskResult is Result & Task\n setTimeout(() => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: sendSpy.mock.calls[0]![0].id,\n result: {\n _meta: {},\n taskId: 'task-to-delete',\n status: 'cancelled',\n ttl: 60000,\n createdAt: new Date().toISOString(),\n lastUpdatedAt: new Date().toISOString()\n }\n });\n }, 0);\n\n const result = await deleteTaskPromise;\n\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'tasks/cancel',\n params: {\n taskId: 'task-to-delete'\n }\n }),\n expect.any(Object)\n );\n expect(result._meta).toBeDefined();\n expect(result.taskId).toBe('task-to-delete');\n expect(result.status).toBe('cancelled');\n });\n });\n\n describe('task status notifications', () => {\n it('should call getTask after updateTaskStatus to enable notification sending', async () => {\n const mockTaskStore = createMockTaskStore();\n\n // Create a task first\n const task = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n\n await serverProtocol.connect(serverTransport);\n\n // Simulate cancelling the task\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n\n // Wait for async processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify that updateTaskStatus was called\n expect(mockTaskStore.updateTaskStatus).toHaveBeenCalledWith(\n task.taskId,\n 'cancelled',\n 'Client cancelled task execution.',\n undefined\n );\n\n // Verify that getTask was called after updateTaskStatus\n // This is done by the RequestTaskStore wrapper to get the updated task for the notification\n const getTaskCalls = mockTaskStore.getTask.mock.calls;\n const lastGetTaskCall = getTaskCalls[getTaskCalls.length - 1];\n expect(lastGetTaskCall?.[0]).toBe(task.taskId);\n });\n });\n\n describe('task metadata handling', () => {\n it('should NOT include related-task metadata in tasks/get response', async () => {\n const mockTaskStore = createMockTaskStore();\n\n // Create a task first\n const task = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n // Request task status\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/get',\n params: {\n taskId: task.taskId\n }\n });\n\n // Wait for async processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify response does NOT include related-task metadata\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n result: expect.objectContaining({\n taskId: task.taskId,\n status: 'working'\n })\n })\n );\n\n // Verify _meta is not present or doesn't contain RELATED_TASK_META_KEY\n const response = sendSpy.mock.calls[0]![0] as { result?: { _meta?: Record } };\n expect(response.result?._meta?.[RELATED_TASK_META_KEY]).toBeUndefined();\n });\n\n it('should NOT include related-task metadata in tasks/list response', async () => {\n const mockTaskStore = createMockTaskStore();\n\n // Create a task first\n await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n // Request task list\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/list',\n params: {}\n });\n\n // Wait for async processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify response does NOT include related-task metadata\n const response = sendSpy.mock.calls[0]![0] as { result?: { _meta?: Record } };\n expect(response.result?._meta).toEqual({});\n });\n\n it('should NOT include related-task metadata in tasks/cancel response', async () => {\n const mockTaskStore = createMockTaskStore();\n\n // Create a task first\n const task = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n // Cancel the task\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n\n // Wait for async processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify response does NOT include related-task metadata\n const response = sendSpy.mock.calls[0]![0] as { result?: { _meta?: Record } };\n expect(response.result?._meta).toEqual({});\n });\n\n it('should include related-task metadata in tasks/result response', async () => {\n const mockTaskStore = createMockTaskStore();\n\n // Create a task and complete it\n const task = await mockTaskStore.createTask({}, 1, {\n method: 'test/method',\n params: {}\n });\n\n const testResult = {\n content: [{ type: 'text', text: 'test result' }]\n };\n\n await mockTaskStore.storeTaskResult(task.taskId, 'completed', testResult);\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n // Request task result\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 2,\n method: 'tasks/result',\n params: {\n taskId: task.taskId\n }\n });\n\n // Wait for async processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify response DOES include related-task metadata\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n result: expect.objectContaining({\n content: testResult.content,\n _meta: expect.objectContaining({\n [RELATED_TASK_META_KEY]: {\n taskId: task.taskId\n }\n })\n })\n })\n );\n });\n\n it('should propagate related-task metadata to handler sendRequest and sendNotification', async () => {\n const mockTaskStore = createMockTaskStore();\n\n const serverProtocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n const serverTransport = new MockTransport();\n const sendSpy = vi.spyOn(serverTransport, 'send');\n\n await serverProtocol.connect(serverTransport);\n\n // Set up a handler that uses sendRequest and sendNotification\n serverProtocol.setRequestHandler('tools/call', async (_request, ctx) => {\n // Send a notification using the ctx.mcpReq.notify\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: { level: 'info', data: 'test' }\n });\n\n return {\n content: [{ type: 'text', text: 'done' }]\n };\n });\n\n // Send a request with related-task metadata\n let handlerPromise: Promise | undefined;\n const originalOnMessage = serverTransport.onmessage;\n\n serverTransport.onmessage = message => {\n handlerPromise = Promise.resolve(originalOnMessage?.(message));\n return handlerPromise;\n };\n\n serverTransport.onmessage({\n jsonrpc: '2.0',\n id: 1,\n method: 'tools/call',\n params: {\n name: 'test-tool',\n _meta: {\n [RELATED_TASK_META_KEY]: {\n taskId: 'parent-task-123'\n }\n }\n }\n });\n\n // Wait for handler to complete\n if (handlerPromise) {\n await handlerPromise;\n }\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Verify the notification was QUEUED (not sent via transport)\n // Messages with relatedTask metadata should be queued for delivery via tasks/result\n // to prevent duplicate delivery for bidirectional transports\n const queue = (serverProtocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue('parent-task-123');\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.method).toBe('notifications/message');\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual({\n taskId: 'parent-task-123'\n });\n\n // Verify the notification was NOT sent via transport (should be queued instead)\n const notificationCalls = sendSpy.mock.calls.filter(call => 'method' in call[0] && call[0].method === 'notifications/message');\n expect(notificationCalls).toHaveLength(0);\n });\n });\n});\n\ndescribe('Request Cancellation vs Task Cancellation', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let taskStore: TaskStore;\n\n beforeEach(() => {\n transport = new MockTransport();\n taskStore = createMockTaskStore();\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n });\n\n describe('notifications/cancelled behavior', () => {\n test('should abort request handler when notifications/cancelled is received', async () => {\n await protocol.connect(transport);\n\n // Set up a request handler that checks if it was aborted\n let wasAborted = false;\n protocol.setRequestHandler('ping', async (_request, ctx) => {\n // Simulate a long-running operation\n await new Promise(resolve => setTimeout(resolve, 100));\n wasAborted = ctx.mcpReq.signal.aborted;\n return {};\n });\n\n // Simulate an incoming request\n const requestId = 123;\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: requestId,\n method: 'ping',\n params: {}\n });\n }\n\n // Wait a bit for the handler to start\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Send cancellation notification\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/cancelled',\n params: {\n requestId: requestId,\n reason: 'User cancelled'\n }\n });\n }\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 150));\n\n // Verify the request was aborted\n expect(wasAborted).toBe(true);\n });\n\n test('should NOT automatically cancel associated tasks when notifications/cancelled is received', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'req-1', {\n method: 'test/method',\n params: {}\n });\n\n // Send cancellation notification for the request\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/cancelled',\n params: {\n requestId: 'req-1',\n reason: 'User cancelled'\n }\n });\n }\n\n // Wait a bit\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify the task status was NOT changed to cancelled\n const updatedTask = await taskStore.getTask(task.taskId);\n expect(updatedTask?.status).toBe('working');\n expect(taskStore.updateTaskStatus).not.toHaveBeenCalledWith(task.taskId, 'cancelled', expect.any(String));\n });\n });\n\n describe('tasks/cancel behavior', () => {\n test('should cancel task independently of request cancellation', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'req-1', {\n method: 'test/method',\n params: {}\n });\n\n // Cancel the task using tasks/cancel\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 999,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n }\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify the task was cancelled\n expect(taskStore.updateTaskStatus).toHaveBeenCalledWith(\n task.taskId,\n 'cancelled',\n 'Client cancelled task execution.',\n undefined\n );\n });\n\n test('should reject cancellation of terminal tasks', async () => {\n await protocol.connect(transport);\n const sendSpy = vi.spyOn(transport, 'send');\n\n // Create a task and mark it as completed\n const task = await taskStore.createTask({ ttl: 60000 }, 'req-1', {\n method: 'test/method',\n params: {}\n });\n await taskStore.updateTaskStatus(task.taskId, 'completed');\n\n // Try to cancel the completed task\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 999,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n }\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify an error was sent\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n jsonrpc: '2.0',\n id: 999,\n error: expect.objectContaining({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('Cannot cancel task in terminal status')\n })\n })\n );\n });\n\n test('should return error when task not found', async () => {\n await protocol.connect(transport);\n const sendSpy = vi.spyOn(transport, 'send');\n\n // Try to cancel a non-existent task\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 999,\n method: 'tasks/cancel',\n params: {\n taskId: 'non-existent-task'\n }\n });\n }\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify an error was sent\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n jsonrpc: '2.0',\n id: 999,\n error: expect.objectContaining({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('Task not found')\n })\n })\n );\n });\n });\n\n describe('separation of concerns', () => {\n test('should allow request cancellation without affecting task', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'req-1', {\n method: 'test/method',\n params: {}\n });\n\n // Cancel the request (not the task)\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/cancelled',\n params: {\n requestId: 'req-1',\n reason: 'User cancelled request'\n }\n });\n }\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify task is still working\n const updatedTask = await taskStore.getTask(task.taskId);\n expect(updatedTask?.status).toBe('working');\n });\n\n test('should allow task cancellation without affecting request', async () => {\n await protocol.connect(transport);\n\n // Set up a request handler\n let requestCompleted = false;\n protocol.setRequestHandler('ping', async () => {\n await new Promise(resolve => setTimeout(resolve, 50));\n requestCompleted = true;\n return {};\n });\n\n // Create a task (simulating a long-running tools/call)\n const task = await taskStore.createTask({ ttl: 60000 }, 'req-1', {\n method: 'tools/call',\n params: { name: 'long-running-tool', arguments: {} }\n });\n\n // Start an unrelated ping request\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 123,\n method: 'ping',\n params: {}\n });\n }\n\n // Cancel the task (not the request)\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: 999,\n method: 'tasks/cancel',\n params: {\n taskId: task.taskId\n }\n });\n }\n\n // Wait for request to complete\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Verify request completed normally\n expect(requestCompleted).toBe(true);\n\n // Verify task was cancelled\n expect(taskStore.updateTaskStatus).toHaveBeenCalledWith(\n task.taskId,\n 'cancelled',\n 'Client cancelled task execution.',\n undefined\n );\n });\n });\n});\n\ndescribe('Progress notification support for tasks', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let sendSpy: MockInstance;\n\n beforeEach(() => {\n transport = new MockTransport();\n sendSpy = vi.spyOn(transport, 'send');\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n });\n\n it('should maintain progress token association after CreateTaskResult is returned', async () => {\n const taskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n\n const transport = new MockTransport();\n const sendSpy = vi.spyOn(transport, 'send');\n await protocol.connect(transport);\n\n const progressCallback = vi.fn();\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n // Start a task-augmented request with progress callback\n void testRequest(protocol, request, resultSchema, {\n task: { ttl: 60000 },\n onprogress: progressCallback\n }).catch(() => {\n // May not complete, ignore error\n });\n\n // Wait a bit for the request to be sent\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Get the message ID from the sent request\n const sentRequest = sendSpy.mock.calls[0]![0] as { id: number; params: { _meta: { progressToken: number } } };\n const messageId = sentRequest.id;\n const progressToken = sentRequest.params._meta.progressToken;\n\n expect(progressToken).toBe(messageId);\n\n // Simulate CreateTaskResult response\n const taskId = 'test-task-123';\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n task: {\n taskId,\n status: 'working',\n ttl: 60000,\n createdAt: new Date().toISOString()\n }\n }\n });\n }\n\n // Wait for response to be processed\n await Promise.resolve();\n await Promise.resolve();\n\n // Send a progress notification - should still work after CreateTaskResult\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 50,\n total: 100\n }\n });\n }\n\n // Wait for notification to be processed\n await Promise.resolve();\n\n // Verify progress callback was invoked\n expect(progressCallback).toHaveBeenCalledWith({\n progress: 50,\n total: 100\n });\n });\n\n it('should stop progress notifications when task reaches terminal status (completed)', async () => {\n const taskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n\n const transport = new MockTransport();\n const sendSpy = vi.spyOn(transport, 'send');\n await protocol.connect(transport);\n\n // Set up a request handler that will complete the task\n protocol.setRequestHandler('tools/call', async (_request, ctx) => {\n if (ctx.task?.store) {\n const task = await ctx.task.store.createTask({ ttl: 60000 });\n\n // Simulate async work then complete the task\n const taskStore = ctx.task.store;\n setTimeout(async () => {\n await taskStore.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: 'Done' }]\n });\n }, 50);\n\n return { task };\n }\n return { content: [] };\n });\n\n const progressCallback = vi.fn();\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n // Start a task-augmented request with progress callback\n void testRequest(protocol, request, resultSchema, {\n task: { ttl: 60000 },\n onprogress: progressCallback\n }).catch(() => {\n // May not complete, ignore error\n });\n\n // Wait a bit for the request to be sent\n await new Promise(resolve => setTimeout(resolve, 10));\n\n const sentRequest = sendSpy.mock.calls[0]![0] as { id: number; params: { _meta: { progressToken: number } } };\n const messageId = sentRequest.id;\n const progressToken = sentRequest.params._meta.progressToken;\n\n // Create a task in the mock store first so it exists when we try to get it later\n const createdTask = await taskStore.createTask({ ttl: 60000 }, messageId, request);\n const taskId = createdTask.taskId;\n\n // Simulate CreateTaskResult response\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n task: createdTask\n }\n });\n }\n\n await Promise.resolve();\n await Promise.resolve();\n\n // Progress notification should work while task is working\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 50,\n total: 100\n }\n });\n }\n\n await Promise.resolve();\n\n expect(progressCallback).toHaveBeenCalledTimes(1);\n\n // Verify the task-progress association was created\n const taskProgressTokens = (protocol as unknown as TestProtocol)._taskProgressTokens as Map;\n expect(taskProgressTokens.has(taskId)).toBe(true);\n expect(taskProgressTokens.get(taskId)).toBe(progressToken);\n\n // Simulate task completion by calling through the protocol's task store\n // This will trigger the cleanup logic\n const mockRequest = { jsonrpc: '2.0' as const, id: 999, method: 'test', params: {} };\n const requestTaskStore = (protocol as unknown as TestProtocol).requestTaskStore(mockRequest, undefined);\n await requestTaskStore.storeTaskResult(taskId, 'completed', { content: [] });\n\n // Wait for all async operations including notification sending to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the association was cleaned up\n expect(taskProgressTokens.has(taskId)).toBe(false);\n\n // Try to send progress notification after task completion - should be ignored\n progressCallback.mockClear();\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 100,\n total: 100\n }\n });\n }\n\n await Promise.resolve();\n\n // Progress callback should NOT be invoked after task completion\n expect(progressCallback).not.toHaveBeenCalled();\n });\n\n it('should stop progress notifications when task reaches terminal status (failed)', async () => {\n const taskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n\n const transport = new MockTransport();\n const sendSpy = vi.spyOn(transport, 'send');\n await protocol.connect(transport);\n\n const progressCallback = vi.fn();\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n void testRequest(protocol, request, resultSchema, {\n task: { ttl: 60000 },\n onprogress: progressCallback\n });\n\n const sentRequest = sendSpy.mock.calls[0]![0] as { id: number; params: { _meta: { progressToken: number } } };\n const messageId = sentRequest.id;\n const progressToken = sentRequest.params._meta.progressToken;\n\n // Simulate CreateTaskResult response\n const taskId = 'test-task-456';\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n task: {\n taskId,\n status: 'working',\n ttl: 60000,\n createdAt: new Date().toISOString()\n }\n }\n });\n }\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Simulate task failure via storeTaskResult\n await taskStore.storeTaskResult(taskId, 'failed', {\n content: [],\n isError: true\n });\n\n // Manually trigger the status notification\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/tasks/status',\n params: {\n taskId,\n status: 'failed',\n ttl: 60000,\n createdAt: new Date().toISOString(),\n lastUpdatedAt: new Date().toISOString(),\n statusMessage: 'Task failed'\n }\n });\n }\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Try to send progress notification after task failure - should be ignored\n progressCallback.mockClear();\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 75,\n total: 100\n }\n });\n }\n\n expect(progressCallback).not.toHaveBeenCalled();\n });\n\n it('should stop progress notifications when task is cancelled', async () => {\n const taskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n\n const transport = new MockTransport();\n const sendSpy = vi.spyOn(transport, 'send');\n await protocol.connect(transport);\n\n const progressCallback = vi.fn();\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n void testRequest(protocol, request, resultSchema, {\n task: { ttl: 60000 },\n onprogress: progressCallback\n });\n\n const sentRequest = sendSpy.mock.calls[0]![0] as { id: number; params: { _meta: { progressToken: number } } };\n const messageId = sentRequest.id;\n const progressToken = sentRequest.params._meta.progressToken;\n\n // Simulate CreateTaskResult response\n const taskId = 'test-task-789';\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n task: {\n taskId,\n status: 'working',\n ttl: 60000,\n createdAt: new Date().toISOString()\n }\n }\n });\n }\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Simulate task cancellation via updateTaskStatus\n await taskStore.updateTaskStatus(taskId, 'cancelled', 'User cancelled');\n\n // Manually trigger the status notification\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/tasks/status',\n params: {\n taskId,\n status: 'cancelled',\n ttl: 60000,\n createdAt: new Date().toISOString(),\n lastUpdatedAt: new Date().toISOString(),\n statusMessage: 'User cancelled'\n }\n });\n }\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Try to send progress notification after cancellation - should be ignored\n progressCallback.mockClear();\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 25,\n total: 100\n }\n });\n }\n\n expect(progressCallback).not.toHaveBeenCalled();\n });\n\n it('should use the same progressToken throughout task lifetime', async () => {\n const taskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore });\n\n const transport = new MockTransport();\n const sendSpy = vi.spyOn(transport, 'send');\n await protocol.connect(transport);\n\n const progressCallback = vi.fn();\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n void testRequest(protocol, request, resultSchema, {\n task: { ttl: 60000 },\n onprogress: progressCallback\n });\n\n const sentRequest = sendSpy.mock.calls[0]![0] as { id: number; params: { _meta: { progressToken: number } } };\n const messageId = sentRequest.id;\n const progressToken = sentRequest.params._meta.progressToken;\n\n // Simulate CreateTaskResult response\n const taskId = 'test-task-consistency';\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n task: {\n taskId,\n status: 'working',\n ttl: 60000,\n createdAt: new Date().toISOString()\n }\n }\n });\n }\n\n await Promise.resolve();\n await Promise.resolve();\n\n // Send multiple progress notifications with the same token\n const progressUpdates = [\n { progress: 25, total: 100 },\n { progress: 50, total: 100 },\n { progress: 75, total: 100 }\n ];\n\n for (const update of progressUpdates) {\n if (transport.onmessage) {\n transport.onmessage({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken, // Same token for all notifications\n ...update\n }\n });\n }\n await Promise.resolve();\n }\n\n // Verify all progress notifications were received with the same token\n expect(progressCallback).toHaveBeenCalledTimes(3);\n expect(progressCallback).toHaveBeenNthCalledWith(1, { progress: 25, total: 100 });\n expect(progressCallback).toHaveBeenNthCalledWith(2, { progress: 50, total: 100 });\n expect(progressCallback).toHaveBeenNthCalledWith(3, { progress: 75, total: 100 });\n });\n\n it('should maintain progressToken throughout task lifetime', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'long-running-tool' }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n const onProgressMock = vi.fn();\n\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 60000\n },\n onprogress: onProgressMock\n });\n\n const sentMessage = sendSpy.mock.calls[0]![0];\n expect(sentMessage.params._meta.progressToken).toBeDefined();\n });\n\n it('should support progress notifications with task-augmented requests', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n content: z.array(z.object({ type: z.literal('text'), text: z.string() }))\n });\n\n const onProgressMock = vi.fn();\n\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 30000\n },\n onprogress: onProgressMock\n });\n\n const sentMessage = sendSpy.mock.calls[0]![0];\n const progressToken = sentMessage.params._meta.progressToken;\n\n // Simulate progress notification\n transport.onmessage?.({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 50,\n total: 100,\n message: 'Processing...'\n }\n });\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 50,\n total: 100,\n message: 'Processing...'\n });\n });\n\n it('should continue progress notifications after CreateTaskResult', async () => {\n await protocol.connect(transport);\n\n const request = {\n method: 'tools/call',\n params: { name: 'test-tool' }\n };\n\n const resultSchema = z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.number().nullable(),\n createdAt: z.string()\n })\n });\n\n const onProgressMock = vi.fn();\n\n void testRequest(protocol, request, resultSchema, {\n task: {\n ttl: 30000\n },\n onprogress: onProgressMock\n });\n\n const sentMessage = sendSpy.mock.calls[0]![0];\n const progressToken = sentMessage.params._meta.progressToken;\n\n // Simulate CreateTaskResult response\n setTimeout(() => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: sentMessage.id,\n result: {\n task: {\n taskId: 'task-123',\n status: 'working',\n ttl: 30000,\n createdAt: new Date().toISOString()\n }\n }\n });\n }, 5);\n\n // Progress notifications should still work\n setTimeout(() => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 75,\n total: 100\n }\n });\n }, 10);\n\n await new Promise(resolve => setTimeout(resolve, 20));\n\n expect(onProgressMock).toHaveBeenCalledWith({\n progress: 75,\n total: 100\n });\n });\n});\n\ndescribe('Capability negotiation for tasks', () => {\n it('should use empty objects for capability fields', () => {\n const serverCapabilities = {\n tasks: {\n list: {},\n cancel: {},\n requests: {\n tools: {\n call: {}\n }\n }\n }\n };\n\n expect(serverCapabilities.tasks.list).toEqual({});\n expect(serverCapabilities.tasks.cancel).toEqual({});\n expect(serverCapabilities.tasks.requests.tools.call).toEqual({});\n });\n\n it('should include list and cancel in server capabilities', () => {\n const serverCapabilities = {\n tasks: {\n list: {},\n cancel: {}\n }\n };\n\n expect('list' in serverCapabilities.tasks).toBe(true);\n expect('cancel' in serverCapabilities.tasks).toBe(true);\n });\n\n it('should include list and cancel in client capabilities', () => {\n const clientCapabilities = {\n tasks: {\n list: {},\n cancel: {}\n }\n };\n\n expect('list' in clientCapabilities.tasks).toBe(true);\n expect('cancel' in clientCapabilities.tasks).toBe(true);\n });\n});\n\ndescribe('Message interception for task-related notifications', () => {\n it('should queue notifications with io.modelcontextprotocol/related-task metadata', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Create a task first\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send a notification with related task metadata\n await server.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n },\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n\n // Access the private queue to verify the message was queued\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue(task.taskId);\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.method).toBe('notifications/message');\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual({ taskId: task.taskId });\n });\n\n it('should not queue notifications without related-task metadata', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Send a notification without related task metadata\n await server.notification({\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n });\n\n // Verify message was not queued (notification without metadata goes through transport)\n // We can't directly check the queue, but we know it wasn't queued because\n // notifications without relatedTask metadata are sent via transport, not queued\n });\n\n // Test removed: _taskResultWaiters was removed in favor of polling-based task updates\n // The functionality is still tested through integration tests that verify message queuing works\n\n it('should propagate queue overflow errors without failing the task', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue(), maxTaskQueueSize: 100 });\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Fill the queue to max capacity (100 messages)\n for (let i = 0; i < 100; i++) {\n await server.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: `message ${i}` }\n },\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n }\n\n // Try to add one more message - should throw an error\n await expect(\n server.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: 'overflow message' }\n },\n {\n relatedTask: { taskId: task.taskId }\n }\n )\n ).rejects.toThrow('overflow');\n\n // Verify the task was NOT automatically failed by the Protocol\n // (implementations can choose to fail tasks on overflow if they want)\n expect(taskStore.updateTaskStatus).not.toHaveBeenCalledWith(task.taskId, 'failed', expect.anything(), expect.anything());\n });\n\n it('should extract task ID correctly from metadata', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n const taskId = 'custom-task-id-123';\n\n // Send a notification with custom task ID\n await server.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n },\n {\n relatedTask: { taskId }\n }\n );\n\n // Verify the message was queued under the correct task ID\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n const queuedMessage = await queue!.dequeue(taskId);\n expect(queuedMessage).toBeDefined();\n });\n\n it('should preserve message order when queuing multiple notifications', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send multiple notifications\n for (let i = 0; i < 5; i++) {\n await server.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: `message ${i}` }\n },\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n }\n\n // Verify messages are in FIFO order\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n for (let i = 0; i < 5; i++) {\n const queuedMessage = await queue!.dequeue(task.taskId);\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.params!.data).toBe(`message ${i}`);\n }\n });\n});\n\ndescribe('Message interception for task-related requests', () => {\n it('should queue requests with io.modelcontextprotocol/related-task metadata', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Create a task first\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send a request with related task metadata (don't await - we're testing queuing)\n const requestPromise = testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({}),\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n\n // Access the private queue to verify the message was queued\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue(task.taskId);\n assertQueuedRequest(queuedMessage);\n expect(queuedMessage.message.method).toBe('ping');\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual({ taskId: task.taskId });\n\n // Verify resolver is stored in _requestResolvers map (not in the message)\n const requestId = (queuedMessage!.message as JSONRPCRequest).id as RequestId;\n const resolvers = (server as unknown as TestProtocol)._requestResolvers;\n expect(resolvers.has(requestId)).toBe(true);\n\n // Clean up - send a response to prevent hanging promise\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n result: {}\n });\n\n await requestPromise;\n });\n\n it('should not queue requests without related-task metadata', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Send a request without related task metadata\n const requestPromise = testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({})\n );\n\n // Verify queue exists (but we don't track size in the new API)\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Clean up - send a response\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n result: {}\n });\n\n await requestPromise;\n });\n\n // Test removed: _taskResultWaiters was removed in favor of polling-based task updates\n // The functionality is still tested through integration tests that verify message queuing works\n\n it('should store request resolver for response routing', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send a request with related task metadata\n const requestPromise = testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({}),\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n\n // Verify the resolver was stored\n const resolvers = (server as unknown as TestProtocol)._requestResolvers;\n expect(resolvers.size).toBe(1);\n\n // Get the request ID from the queue\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n const queuedMessage = await queue!.dequeue(task.taskId);\n const requestId = (queuedMessage!.message as JSONRPCRequest).id as RequestId;\n\n expect(resolvers.has(requestId)).toBe(true);\n\n // Send a response to trigger resolver\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n result: {}\n });\n\n await requestPromise;\n\n // Verify resolver was cleaned up after response\n expect(resolvers.has(requestId)).toBe(false);\n });\n\n it('should route responses to side-channeled requests', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const queue = new InMemoryTaskMessageQueue();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: queue });\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send a request with related task metadata\n const requestPromise = testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({ message: z.string() }),\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n\n // Get the request ID from the queue\n const queuedMessage = await queue.dequeue(task.taskId);\n const requestId = (queuedMessage!.message as JSONRPCRequest).id as RequestId;\n\n // Enqueue a response message to the queue (simulating client sending response back)\n await queue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: requestId,\n result: { message: 'pong' }\n },\n timestamp: Date.now()\n });\n\n // Simulate a client calling tasks/result which will process the response\n // This is done by creating a mock request handler that will trigger the GetTaskPayloadRequest handler\n const mockRequestId = 999;\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: mockRequestId,\n method: 'tasks/result',\n params: { taskId: task.taskId }\n });\n\n // Wait for the response to be processed\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Mark task as completed\n await taskStore.updateTaskStatus(task.taskId, 'completed');\n await taskStore.storeTaskResult(task.taskId, 'completed', { _meta: {} });\n\n // Verify the response was routed correctly\n const result = await requestPromise;\n expect(result).toEqual({ message: 'pong' });\n });\n\n it('should log error when resolver is missing for side-channeled request', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n\n const errors: Error[] = [];\n server.onerror = (error: Error) => {\n errors.push(error);\n };\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Send a request with related task metadata\n void testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({ message: z.string() }),\n {\n relatedTask: { taskId: task.taskId }\n }\n );\n\n // Get the request ID from the queue\n const queue = (server as unknown as TestProtocol)._taskMessageQueue;\n const queuedMessage = await queue!.dequeue(task.taskId);\n const requestId = (queuedMessage!.message as JSONRPCRequest).id as RequestId;\n\n // Manually delete the resolver to simulate missing resolver\n (server as unknown as TestProtocol)._requestResolvers.delete(requestId);\n\n // Enqueue a response message - this should trigger the error logging when processed\n await queue!.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: requestId,\n result: { message: 'pong' }\n },\n timestamp: Date.now()\n });\n\n // Simulate a client calling tasks/result which will process the response\n const mockRequestId = 888;\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: mockRequestId,\n method: 'tasks/result',\n params: { taskId: task.taskId }\n });\n\n // Wait for the response to be processed\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Mark task as completed\n await taskStore.updateTaskStatus(task.taskId, 'completed');\n await taskStore.storeTaskResult(task.taskId, 'completed', { _meta: {} });\n\n // Wait a bit more for error to be logged\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify error was logged\n expect(errors.length).toBeGreaterThanOrEqual(1);\n expect(errors.some(e => e.message.includes('Response handler missing for request'))).toBe(true);\n });\n\n it('should propagate queue overflow errors for requests without failing the task', async () => {\n const taskStore = createMockTaskStore();\n const transport = new MockTransport();\n const server = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({ taskStore, taskMessageQueue: new InMemoryTaskMessageQueue(), maxTaskQueueSize: 100 });\n\n await server.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 'test-request-1', { method: 'tools/call', params: {} });\n\n // Fill the queue to max capacity (100 messages)\n const promises: Promise[] = [];\n for (let i = 0; i < 100; i++) {\n const promise = testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({}),\n {\n relatedTask: { taskId: task.taskId }\n }\n ).catch(() => {\n // Requests will remain pending until task completes or fails\n });\n promises.push(promise);\n }\n\n // Try to add one more request - should throw an error\n await expect(\n testRequest(\n server,\n {\n method: 'ping',\n params: {}\n },\n z.object({}),\n {\n relatedTask: { taskId: task.taskId }\n }\n )\n ).rejects.toThrow('overflow');\n\n // Verify the task was NOT automatically failed by the Protocol\n // (implementations can choose to fail tasks on overflow if they want)\n expect(taskStore.updateTaskStatus).not.toHaveBeenCalledWith(task.taskId, 'failed', expect.anything(), expect.anything());\n });\n});\n\ndescribe('Message Interception', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let mockTaskStore: TaskStore & { [K in keyof TaskStore]: MockInstance };\n\n beforeEach(() => {\n transport = new MockTransport();\n mockTaskStore = createMockTaskStore();\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n });\n\n describe('messages with relatedTask metadata are queued', () => {\n it('should queue notifications with relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n // Send a notification with relatedTask metadata\n await protocol.notification(\n {\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n },\n {\n relatedTask: {\n taskId: 'task-123'\n }\n }\n );\n\n // Access the private _taskMessageQueue to verify the message was queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue('task-123');\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage!.message.method).toBe('notifications/message');\n });\n\n it('should queue requests with relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n const mockSchema = z.object({ result: z.string() });\n\n // Send a request with relatedTask metadata\n const requestPromise = testRequest(\n protocol,\n {\n method: 'test/request',\n params: { data: 'test' }\n },\n mockSchema,\n {\n relatedTask: {\n taskId: 'task-456'\n }\n }\n );\n\n // Access the private _taskMessageQueue to verify the message was queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue('task-456');\n assertQueuedRequest(queuedMessage);\n expect(queuedMessage.message.method).toBe('test/request');\n\n // Verify resolver is stored in _requestResolvers map (not in the message)\n const requestId = queuedMessage.message.id as RequestId;\n const resolvers = (protocol as unknown as TestProtocol)._requestResolvers;\n expect(resolvers.has(requestId)).toBe(true);\n\n // Clean up the pending request\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n result: { result: 'success' }\n });\n await requestPromise;\n });\n });\n\n describe('server queues responses/errors for task-related requests', () => {\n it('should queue response when handling a request with relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n // Set up a request handler that returns a result\n protocol.setRequestHandler('ping', async () => {\n return {};\n });\n\n // Simulate an incoming request with relatedTask metadata\n const requestId = 456;\n const taskId = 'task-response-test';\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n method: 'ping',\n params: {\n _meta: {\n 'io.modelcontextprotocol/related-task': { taskId }\n }\n }\n });\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the response was queued instead of sent directly\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue(taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage!.type).toBe('response');\n if (queuedMessage!.type === 'response') {\n expect(queuedMessage!.message.id).toBe(requestId);\n expect(queuedMessage!.message.result).toEqual({});\n }\n });\n\n it('should queue error when handling a request with relatedTask metadata that throws', async () => {\n await protocol.connect(transport);\n\n // Set up a request handler that throws an error\n protocol.setRequestHandler('ping', async () => {\n throw new ProtocolError(ProtocolErrorCode.InternalError, 'Test error message');\n });\n\n // Simulate an incoming request with relatedTask metadata\n const requestId = 789;\n const taskId = 'task-error-test';\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n method: 'ping',\n params: {\n _meta: {\n 'io.modelcontextprotocol/related-task': { taskId }\n }\n }\n });\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the error was queued instead of sent directly\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue(taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage!.type).toBe('error');\n if (queuedMessage!.type === 'error') {\n expect(queuedMessage!.message.id).toBe(requestId);\n expect(queuedMessage!.message.error.code).toBe(ProtocolErrorCode.InternalError);\n expect(queuedMessage!.message.error.message).toContain('Test error message');\n }\n });\n\n it('should queue MethodNotFound error for unknown method with relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n // Simulate an incoming request for unknown method with relatedTask metadata\n const requestId = 101;\n const taskId = 'task-not-found-test';\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n method: 'unknown/method',\n params: {\n _meta: {\n 'io.modelcontextprotocol/related-task': { taskId }\n }\n }\n });\n\n // Wait for processing\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the error was queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n const queuedMessage = await queue!.dequeue(taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage!.type).toBe('error');\n if (queuedMessage!.type === 'error') {\n expect(queuedMessage!.message.id).toBe(requestId);\n expect(queuedMessage!.message.error.code).toBe(ProtocolErrorCode.MethodNotFound);\n }\n });\n\n it('should send response normally when request has no relatedTask metadata', async () => {\n await protocol.connect(transport);\n const sendSpy = vi.spyOn(transport, 'send');\n\n // Set up a request handler\n protocol.setRequestHandler('tools/call', async () => {\n return { content: [{ type: 'text', text: 'done' }] };\n });\n\n // Simulate an incoming request WITHOUT relatedTask metadata\n const requestId = 202;\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n\n // Wait for the handler to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the response was sent through transport, not queued\n expect(sendSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n jsonrpc: '2.0',\n id: requestId,\n result: { content: [{ type: 'text', text: 'done' }] }\n })\n );\n });\n });\n\n describe('messages without metadata bypass the queue', () => {\n it('should not queue notifications without relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n // Send a notification without relatedTask metadata\n await protocol.notification({\n method: 'notifications/message',\n params: { level: 'info', data: 'test message' }\n });\n\n // Access the private _taskMessageQueue to verify no messages were queued\n // Since we can't check if queues exist without messages, we verify that\n // attempting to dequeue returns undefined (no messages queued)\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n });\n\n it('should not queue requests without relatedTask metadata', async () => {\n await protocol.connect(transport);\n\n const mockSchema = z.object({ result: z.string() });\n const sendSpy = vi.spyOn(transport, 'send');\n\n // Send a request without relatedTask metadata\n const requestPromise = testRequest(\n protocol,\n {\n method: 'test/request',\n params: { data: 'test' }\n },\n mockSchema\n );\n\n // Access the private _taskMessageQueue to verify no messages were queued\n // Since we can't check if queues exist without messages, we verify that\n // attempting to dequeue returns undefined (no messages queued)\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Clean up the pending request\n const requestId = (sendSpy.mock.calls[0]![0] as JSONRPCResultResponse).id;\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: requestId,\n result: { result: 'success' }\n });\n await requestPromise;\n });\n });\n\n describe('task ID extraction from metadata', () => {\n it('should extract correct task ID from relatedTask metadata for notifications', async () => {\n await protocol.connect(transport);\n\n const taskId = 'extracted-task-789';\n\n // Send a notification with relatedTask metadata\n await protocol.notification(\n {\n method: 'notifications/message',\n params: { data: 'test' }\n },\n {\n relatedTask: {\n taskId: taskId\n }\n }\n );\n\n // Verify the message was queued under the correct task ID\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Verify a message was queued for this task\n const queuedMessage = await queue!.dequeue(taskId);\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.method).toBe('notifications/message');\n });\n\n it('should extract correct task ID from relatedTask metadata for requests', async () => {\n await protocol.connect(transport);\n\n const taskId = 'extracted-task-999';\n const mockSchema = z.object({ result: z.string() });\n\n // Send a request with relatedTask metadata\n const requestPromise = testRequest(\n protocol,\n {\n method: 'test/request',\n params: { data: 'test' }\n },\n mockSchema,\n {\n relatedTask: {\n taskId: taskId\n }\n }\n );\n\n // Verify the message was queued under the correct task ID\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Clean up the pending request\n const queuedMessage = await queue!.dequeue(taskId);\n assertQueuedRequest(queuedMessage);\n expect(queuedMessage.message.method).toBe('test/request');\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: queuedMessage.message.id,\n result: { result: 'success' }\n });\n await requestPromise;\n });\n\n it('should handle multiple messages for different task IDs', async () => {\n await protocol.connect(transport);\n\n // Send messages for different tasks\n await protocol.notification({ method: 'test1', params: {} }, { relatedTask: { taskId: 'task-A' } });\n await protocol.notification({ method: 'test2', params: {} }, { relatedTask: { taskId: 'task-B' } });\n await protocol.notification({ method: 'test3', params: {} }, { relatedTask: { taskId: 'task-A' } });\n\n // Verify messages are queued under correct task IDs\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Verify two messages for task-A\n const msg1A = await queue!.dequeue('task-A');\n const msg2A = await queue!.dequeue('task-A');\n const msg3A = await queue!.dequeue('task-A'); // Should be undefined\n expect(msg1A).toBeDefined();\n expect(msg2A).toBeDefined();\n expect(msg3A).toBeUndefined();\n\n // Verify one message for task-B\n const msg1B = await queue!.dequeue('task-B');\n const msg2B = await queue!.dequeue('task-B'); // Should be undefined\n expect(msg1B).toBeDefined();\n expect(msg2B).toBeUndefined();\n });\n });\n\n describe('queue creation on first message', () => {\n it('should queue messages for a task', async () => {\n await protocol.connect(transport);\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Send first message for a task\n await protocol.notification({ method: 'test', params: {} }, { relatedTask: { taskId: 'new-task' } });\n\n // Verify message was queued\n const msg = await queue!.dequeue('new-task');\n assertQueuedNotification(msg);\n expect(msg.message.method).toBe('test');\n });\n\n it('should queue multiple messages for the same task', async () => {\n await protocol.connect(transport);\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Send first message\n await protocol.notification({ method: 'test1', params: {} }, { relatedTask: { taskId: 'reuse-task' } });\n\n // Send second message\n await protocol.notification({ method: 'test2', params: {} }, { relatedTask: { taskId: 'reuse-task' } });\n\n // Verify both messages were queued in order\n const msg1 = await queue!.dequeue('reuse-task');\n const msg2 = await queue!.dequeue('reuse-task');\n assertQueuedNotification(msg1);\n expect(msg1.message.method).toBe('test1');\n assertQueuedNotification(msg2);\n expect(msg2.message.method).toBe('test2');\n });\n\n it('should queue messages for different tasks separately', async () => {\n await protocol.connect(transport);\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Send messages for different tasks\n await protocol.notification({ method: 'test1', params: {} }, { relatedTask: { taskId: 'task-1' } });\n await protocol.notification({ method: 'test2', params: {} }, { relatedTask: { taskId: 'task-2' } });\n\n // Verify messages are queued separately\n const msg1 = await queue!.dequeue('task-1');\n const msg2 = await queue!.dequeue('task-2');\n assertQueuedNotification(msg1);\n expect(msg1?.message.method).toBe('test1');\n assertQueuedNotification(msg2);\n expect(msg2?.message.method).toBe('test2');\n });\n });\n\n describe('metadata preservation in queued messages', () => {\n it('should preserve relatedTask metadata in queued notification', async () => {\n await protocol.connect(transport);\n\n const relatedTask = { taskId: 'task-meta-123' };\n\n await protocol.notification(\n {\n method: 'test/notification',\n params: { data: 'test' }\n },\n { relatedTask }\n );\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n const queuedMessage = await queue!.dequeue('task-meta-123');\n\n // Verify the metadata is preserved in the queued message\n expect(queuedMessage).toBeDefined();\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.params!._meta).toBeDefined();\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual(relatedTask);\n });\n\n it('should preserve relatedTask metadata in queued request', async () => {\n await protocol.connect(transport);\n\n const relatedTask = { taskId: 'task-meta-456' };\n const mockSchema = z.object({ result: z.string() });\n\n const requestPromise = testRequest(\n protocol,\n {\n method: 'test/request',\n params: { data: 'test' }\n },\n mockSchema,\n { relatedTask }\n );\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n const queuedMessage = await queue!.dequeue('task-meta-456');\n\n // Verify the metadata is preserved in the queued message\n expect(queuedMessage).toBeDefined();\n assertQueuedRequest(queuedMessage);\n expect(queuedMessage.message.params!._meta).toBeDefined();\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual(relatedTask);\n\n // Clean up\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: (queuedMessage!.message as JSONRPCRequest).id,\n result: { result: 'success' }\n });\n await requestPromise;\n });\n\n it('should preserve existing _meta fields when adding relatedTask', async () => {\n await protocol.connect(transport);\n\n await protocol.notification(\n {\n method: 'test/notification',\n params: {\n data: 'test',\n _meta: {\n customField: 'customValue',\n anotherField: 123\n }\n }\n },\n {\n relatedTask: { taskId: 'task-preserve-meta' }\n }\n );\n\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n const queuedMessage = await queue!.dequeue('task-preserve-meta');\n\n // Verify both existing and new metadata are preserved\n expect(queuedMessage).toBeDefined();\n assertQueuedNotification(queuedMessage);\n expect(queuedMessage.message.params!._meta!.customField).toBe('customValue');\n expect(queuedMessage.message.params!._meta!.anotherField).toBe(123);\n expect(queuedMessage.message.params!._meta![RELATED_TASK_META_KEY]).toEqual({\n taskId: 'task-preserve-meta'\n });\n });\n });\n});\n\ndescribe('Queue lifecycle management', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let mockTaskStore: TaskStore & { [K in keyof TaskStore]: MockInstance };\n\n beforeEach(() => {\n transport = new MockTransport();\n mockTaskStore = createMockTaskStore();\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore, taskMessageQueue: new InMemoryTaskMessageQueue() });\n });\n\n describe('queue cleanup on task completion', () => {\n it('should clear queue when task reaches completed status', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue some messages for the task\n await protocol.notification({ method: 'test/notification', params: { data: 'test1' } }, { relatedTask: { taskId } });\n await protocol.notification({ method: 'test/notification', params: { data: 'test2' } }, { relatedTask: { taskId } });\n\n // Verify messages are queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Verify messages can be dequeued\n const msg1 = await queue!.dequeue(taskId);\n const msg2 = await queue!.dequeue(taskId);\n expect(msg1).toBeDefined();\n expect(msg2).toBeDefined();\n\n // Directly call the cleanup method (simulating what happens when task reaches terminal status)\n (protocol as unknown as TestProtocol)._clearTaskQueue(taskId);\n\n // After cleanup, no more messages should be available\n const msg3 = await queue!.dequeue(taskId);\n expect(msg3).toBeUndefined();\n });\n\n it('should clear queue after delivering messages on tasks/result for completed task', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue a message\n await protocol.notification({ method: 'test/notification', params: { data: 'test' } }, { relatedTask: { taskId } });\n\n // Mark task as completed\n const completedTask = { ...task, status: 'completed' as const };\n mockTaskStore.getTask.mockResolvedValue(completedTask);\n mockTaskStore.getTaskResult.mockResolvedValue({ content: [{ type: 'text', text: 'done' }] });\n\n // Simulate tasks/result request\n const resultPromise = new Promise(resolve => {\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 100,\n method: 'tasks/result',\n params: { taskId }\n });\n setTimeout(resolve, 50);\n });\n\n await resultPromise;\n\n // Verify queue is cleared after delivery (no messages available)\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n const msg = await queue!.dequeue(taskId);\n expect(msg).toBeUndefined();\n });\n });\n\n describe('queue cleanup on task cancellation', () => {\n it('should clear queue when task is cancelled', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue some messages\n await protocol.notification({ method: 'test/notification', params: { data: 'test1' } }, { relatedTask: { taskId } });\n\n // Verify message is queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n const msg1 = await queue!.dequeue(taskId);\n expect(msg1).toBeDefined();\n\n // Re-queue the message for cancellation test\n await protocol.notification({ method: 'test/notification', params: { data: 'test1' } }, { relatedTask: { taskId } });\n\n // Mock task as non-terminal\n mockTaskStore.getTask.mockResolvedValue(task);\n\n // Cancel the task\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 200,\n method: 'tasks/cancel',\n params: { taskId }\n });\n\n // Wait for cancellation to process\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify queue is cleared (no messages available)\n const msg2 = await queue!.dequeue(taskId);\n expect(msg2).toBeUndefined();\n });\n\n it('should reject pending request resolvers when task is cancelled', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue a request (catch rejection to avoid unhandled promise rejection)\n const requestPromise = testRequest(\n protocol,\n { method: 'test/request', params: { data: 'test' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n // Verify request is queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Mock task as non-terminal\n mockTaskStore.getTask.mockResolvedValue(task);\n\n // Cancel the task\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 201,\n method: 'tasks/cancel',\n params: { taskId }\n });\n\n // Wait for cancellation to process\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the request promise is rejected\n const result = (await requestPromise) as Error;\n expect(result).toBeInstanceOf(ProtocolError);\n expect(result.message).toContain('Task cancelled or completed');\n\n // Verify queue is cleared (no messages available)\n const msg = await queue!.dequeue(taskId);\n expect(msg).toBeUndefined();\n });\n });\n\n describe('queue cleanup on task failure', () => {\n it('should clear queue when task reaches failed status', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue some messages\n await protocol.notification({ method: 'test/notification', params: { data: 'test1' } }, { relatedTask: { taskId } });\n await protocol.notification({ method: 'test/notification', params: { data: 'test2' } }, { relatedTask: { taskId } });\n\n // Verify messages are queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Verify messages can be dequeued\n const msg1 = await queue!.dequeue(taskId);\n const msg2 = await queue!.dequeue(taskId);\n expect(msg1).toBeDefined();\n expect(msg2).toBeDefined();\n\n // Directly call the cleanup method (simulating what happens when task reaches terminal status)\n (protocol as unknown as TestProtocol)._clearTaskQueue(taskId);\n\n // After cleanup, no more messages should be available\n const msg3 = await queue!.dequeue(taskId);\n expect(msg3).toBeUndefined();\n });\n\n it('should reject pending request resolvers when task fails', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue a request (catch the rejection to avoid unhandled promise rejection)\n const requestPromise = testRequest(\n protocol,\n { method: 'test/request', params: { data: 'test' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n // Verify request is queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Directly call the cleanup method (simulating what happens when task reaches terminal status)\n (protocol as unknown as TestProtocol)._clearTaskQueue(taskId);\n\n // Verify the request promise is rejected\n const result = (await requestPromise) as Error;\n expect(result).toBeInstanceOf(ProtocolError);\n expect(result.message).toContain('Task cancelled or completed');\n\n // Verify queue is cleared (no messages available)\n const msg = await queue!.dequeue(taskId);\n expect(msg).toBeUndefined();\n });\n });\n\n describe('resolver rejection on cleanup', () => {\n it('should reject all pending request resolvers when queue is cleared', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue multiple requests (catch rejections to avoid unhandled promise rejections)\n const request1Promise = testRequest(\n protocol,\n { method: 'test/request1', params: { data: 'test1' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n const request2Promise = testRequest(\n protocol,\n { method: 'test/request2', params: { data: 'test2' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n const request3Promise = testRequest(\n protocol,\n { method: 'test/request3', params: { data: 'test3' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n // Verify requests are queued\n const queue = (protocol as unknown as TestProtocol)._taskMessageQueue;\n expect(queue).toBeDefined();\n\n // Directly call the cleanup method (simulating what happens when task reaches terminal status)\n (protocol as unknown as TestProtocol)._clearTaskQueue(taskId);\n\n // Verify all request promises are rejected\n const result1 = (await request1Promise) as Error;\n const result2 = (await request2Promise) as Error;\n const result3 = (await request3Promise) as Error;\n\n expect(result1).toBeInstanceOf(ProtocolError);\n expect(result1.message).toContain('Task cancelled or completed');\n expect(result2).toBeInstanceOf(ProtocolError);\n expect(result2.message).toContain('Task cancelled or completed');\n expect(result3).toBeInstanceOf(ProtocolError);\n expect(result3.message).toContain('Task cancelled or completed');\n\n // Verify queue is cleared (no messages available)\n const msg = await queue!.dequeue(taskId);\n expect(msg).toBeUndefined();\n });\n\n it('should clean up resolver mappings when rejecting requests', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await mockTaskStore.createTask({}, 1, { method: 'test', params: {} });\n const taskId = task.taskId;\n\n // Queue a request (catch rejection to avoid unhandled promise rejection)\n const requestPromise = testRequest(\n protocol,\n { method: 'test/request', params: { data: 'test' } },\n z.object({ result: z.string() }),\n {\n relatedTask: { taskId }\n }\n ).catch(err => err);\n\n // Get the request ID that was sent\n const requestResolvers = (protocol as unknown as TestProtocol)._requestResolvers;\n const initialResolverCount = requestResolvers.size;\n expect(initialResolverCount).toBeGreaterThan(0);\n\n // Complete the task (triggers cleanup)\n const completedTask = { ...task, status: 'completed' as const };\n mockTaskStore.getTask.mockResolvedValue(completedTask);\n\n // Directly call the cleanup method (simulating what happens when task reaches terminal status)\n (protocol as unknown as TestProtocol)._clearTaskQueue(taskId);\n\n // Verify request promise is rejected\n const result = (await requestPromise) as Error;\n expect(result).toBeInstanceOf(ProtocolError);\n expect(result.message).toContain('Task cancelled or completed');\n\n // Verify resolver mapping is cleaned up\n // The resolver should be removed from the map\n expect(requestResolvers.size).toBeLessThan(initialResolverCount);\n });\n });\n});\n\ndescribe('requestStream() method', () => {\n const CallToolResultSchema = z.object({\n content: z.array(z.object({ type: z.string(), text: z.string() })),\n _meta: z.object({}).optional()\n });\n\n test('should yield result immediately for non-task requests', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n // Start the request stream\n const streamPromise = (async () => {\n const messages = [];\n const stream = (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n );\n for await (const message of stream) {\n messages.push(message);\n }\n return messages;\n })();\n\n // Simulate server response\n await new Promise(resolve => setTimeout(resolve, 10));\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n result: {\n content: [{ type: 'text', text: 'test result' }],\n _meta: {}\n }\n });\n\n const messages = await streamPromise;\n\n // Should yield exactly one result message\n expect(messages).toHaveLength(1);\n expect(messages[0]?.type).toBe('result');\n expect(messages[0]).toHaveProperty('result');\n });\n\n test('should yield error message on request failure', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n // Start the request stream\n const streamPromise = (async () => {\n const messages = [];\n const stream = (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n );\n for await (const message of stream) {\n messages.push(message);\n }\n return messages;\n })();\n\n // Simulate server error response\n await new Promise(resolve => setTimeout(resolve, 10));\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Test error'\n }\n });\n\n const messages = await streamPromise;\n\n // Should yield exactly one error message\n expect(messages).toHaveLength(1);\n expect(messages[0]?.type).toBe('error');\n expect(messages[0]).toHaveProperty('error');\n if (messages[0]?.type === 'error') {\n expect(messages[0]?.error?.message).toContain('Test error');\n }\n });\n\n test('should handle cancellation via AbortSignal', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const abortController = new AbortController();\n\n // Abort immediately before starting the stream\n abortController.abort('User cancelled');\n\n // Start the request stream with already-aborted signal\n const messages = [];\n const stream = (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema,\n {\n signal: abortController.signal\n }\n );\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Should yield error message about cancellation\n expect(messages).toHaveLength(1);\n expect(messages[0]?.type).toBe('error');\n if (messages[0]?.type === 'error') {\n expect(messages[0]?.error?.message).toContain('cancelled');\n }\n });\n\n describe('Error responses', () => {\n test('should yield error as terminal message for server error response', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const messagesPromise = toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n )\n );\n\n // Simulate server error response\n await new Promise(resolve => setTimeout(resolve, 10));\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Server error'\n }\n });\n\n // Collect messages\n const messages = await messagesPromise;\n\n // Verify error is terminal and last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n assertErrorResponse(lastMessage!);\n expect(lastMessage.error).toBeDefined();\n expect(lastMessage.error.message).toContain('Server error');\n });\n\n test('should yield error as terminal message for timeout', async () => {\n vi.useFakeTimers();\n try {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const messagesPromise = toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema,\n {\n timeout: 100\n }\n )\n );\n\n // Advance time to trigger timeout\n await vi.advanceTimersByTimeAsync(101);\n\n // Collect messages\n const messages = await messagesPromise;\n\n // Verify error is terminal and last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n assertErrorResponse(lastMessage!);\n expect(lastMessage.error).toBeDefined();\n expect(lastMessage.error).toBeInstanceOf(SdkError);\n expect((lastMessage.error as SdkError).code).toBe(SdkErrorCode.RequestTimeout);\n } finally {\n vi.useRealTimers();\n }\n });\n\n test('should yield error as terminal message for cancellation', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const abortController = new AbortController();\n abortController.abort('User cancelled');\n\n // Collect messages\n const messages = await toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema,\n {\n signal: abortController.signal\n }\n )\n );\n\n // Verify error is terminal and last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n assertErrorResponse(lastMessage!);\n expect(lastMessage.error).toBeDefined();\n expect(lastMessage.error.message).toContain('cancelled');\n });\n\n test('should not yield any messages after error message', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const messagesPromise = toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n )\n );\n\n // Simulate server error response\n await new Promise(resolve => setTimeout(resolve, 10));\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Test error'\n }\n });\n\n // Collect messages\n const messages = await messagesPromise;\n\n // Verify only one message (the error) was yielded\n expect(messages).toHaveLength(1);\n expect(messages[0]?.type).toBe('error');\n\n // Try to send another message (should be ignored)\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n result: {\n content: [{ type: 'text', text: 'should not appear' }]\n }\n });\n\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Verify no additional messages were yielded\n expect(messages).toHaveLength(1);\n });\n\n test('should yield error as terminal message for task failure', async () => {\n const transport = new MockTransport();\n const mockTaskStore = createMockTaskStore();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })({ taskStore: mockTaskStore });\n await protocol.connect(transport);\n\n const messagesPromise = toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n )\n );\n\n // Simulate task creation response\n await new Promise(resolve => setTimeout(resolve, 10));\n const taskId = 'test-task-123';\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n result: {\n _meta: {\n task: {\n taskId,\n status: 'working',\n createdAt: new Date().toISOString(),\n pollInterval: 100\n }\n }\n }\n });\n\n // Wait for task creation to be processed\n await new Promise(resolve => setTimeout(resolve, 20));\n\n // Update task to failed status\n const failedTask = {\n taskId,\n status: 'failed' as const,\n createdAt: new Date().toISOString(),\n pollInterval: 100,\n ttl: null,\n statusMessage: 'Task failed'\n };\n mockTaskStore.getTask.mockResolvedValue(failedTask);\n\n // Collect messages\n const messages = await messagesPromise;\n\n // Verify error is terminal and last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n assertErrorResponse(lastMessage!);\n expect(lastMessage.error).toBeDefined();\n });\n\n test('should yield error as terminal message for network error', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n // Override send to simulate network error\n transport.send = vi.fn().mockRejectedValue(new Error('Network error'));\n\n const messages = await toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n )\n );\n\n // Verify error is terminal and last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n assertErrorResponse(lastMessage!);\n expect(lastMessage.error).toBeDefined();\n });\n\n test('should ensure error is always the final message', async () => {\n const transport = new MockTransport();\n const protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n await protocol.connect(transport);\n\n const messagesPromise = toArrayAsync(\n (protocol as unknown as TestProtocol)._requestStreamWithSchema(\n { method: 'tools/call', params: { name: 'test', arguments: {} } },\n CallToolResultSchema\n )\n );\n\n // Simulate server error response\n await new Promise(resolve => setTimeout(resolve, 10));\n transport.onmessage?.({\n jsonrpc: '2.0',\n id: 0,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Test error'\n }\n });\n\n // Collect messages\n const messages = await messagesPromise;\n\n // Verify error is the last message\n expect(messages.length).toBeGreaterThan(0);\n const lastMessage = messages[messages.length - 1];\n expect(lastMessage?.type).toBe('error');\n\n // Verify all messages before the last are not terminal\n for (let i = 0; i < messages.length - 1; i++) {\n expect(messages[i]?.type).not.toBe('error');\n expect(messages[i]?.type).not.toBe('result');\n }\n });\n });\n});\n\ndescribe('Error handling for missing resolvers', () => {\n let protocol: Protocol;\n let transport: MockTransport;\n let taskStore: TaskStore & { [K in keyof TaskStore]: MockInstance };\n let taskMessageQueue: TaskMessageQueue;\n let errorHandler: MockInstance;\n\n beforeEach(() => {\n taskStore = createMockTaskStore();\n taskMessageQueue = new InMemoryTaskMessageQueue();\n errorHandler = vi.fn();\n\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(_method: string): void {}\n protected assertNotificationCapability(_method: string): void {}\n protected assertRequestHandlerCapability(_method: string): void {}\n protected assertTaskCapability(_method: string): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(_method: string): void {}\n })({\n taskStore,\n taskMessageQueue,\n defaultTaskPollInterval: 100\n });\n\n // @ts-expect-error deliberately overriding error handler with mock\n protocol.onerror = errorHandler;\n transport = new MockTransport();\n });\n\n describe('Response routing with missing resolvers', () => {\n it('should log error for unknown request ID without throwing', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n // Enqueue a response message without a corresponding resolver\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 999, // Non-existent request ID\n result: { content: [] }\n },\n timestamp: Date.now()\n });\n\n // Set up the GetTaskPayloadRequest handler to process the message\n const testProtocol = protocol as unknown as TestProtocol;\n\n // Simulate dequeuing and processing the response\n const queuedMessage = await taskMessageQueue.dequeue(task.taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage?.type).toBe('response');\n\n // Manually trigger the response handling logic\n if (queuedMessage && queuedMessage.type === 'response') {\n const responseMessage = queuedMessage.message as JSONRPCResultResponse;\n const requestId = responseMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n\n if (!resolver) {\n // This simulates what happens in the actual handler\n protocol.onerror?.(new Error(`Response handler missing for request ${requestId}`));\n }\n }\n\n // Verify error was logged\n expect(errorHandler).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('Response handler missing for request 999')\n })\n );\n });\n\n it('should continue processing after missing resolver error', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n // Enqueue a response with missing resolver, then a valid notification\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 999,\n result: { content: [] }\n },\n timestamp: Date.now()\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'notification',\n message: {\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: { progress: 50, total: 100 }\n },\n timestamp: Date.now()\n });\n\n // Process first message (response with missing resolver)\n const msg1 = await taskMessageQueue.dequeue(task.taskId);\n expect(msg1?.type).toBe('response');\n\n // Process second message (should work fine)\n const msg2 = await taskMessageQueue.dequeue(task.taskId);\n expect(msg2?.type).toBe('notification');\n expect(msg2?.message).toMatchObject({\n method: 'notifications/progress'\n });\n });\n });\n\n describe('Task cancellation with missing resolvers', () => {\n it('should log error when resolver is missing during cleanup', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n // Enqueue a request without storing a resolver\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 42,\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n });\n\n // Clear the task queue (simulating cancellation)\n const testProtocol = protocol as unknown as TestProtocol;\n await testProtocol._clearTaskQueue(task.taskId);\n\n // Verify error was logged for missing resolver\n expect(errorHandler).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('Resolver missing for request 42')\n })\n );\n });\n\n it('should handle cleanup gracefully when resolver exists', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n const requestId = 42;\n const resolverMock = vi.fn();\n\n // Store a resolver\n const testProtocol = protocol as unknown as TestProtocol;\n testProtocol._requestResolvers.set(requestId, resolverMock);\n\n // Enqueue a request\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: requestId,\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n });\n\n // Clear the task queue\n await testProtocol._clearTaskQueue(task.taskId);\n\n // Verify resolver was called with cancellation error\n expect(resolverMock).toHaveBeenCalledWith(expect.any(ProtocolError));\n\n // Verify the error has the correct properties\n const calledError = resolverMock.mock.calls[0]![0];\n expect(calledError.code).toBe(ProtocolErrorCode.InternalError);\n expect(calledError.message).toContain('Task cancelled or completed');\n\n // Verify resolver was removed\n expect(testProtocol._requestResolvers.has(requestId)).toBe(false);\n });\n\n it('should handle mixed messages during cleanup', async () => {\n await protocol.connect(transport);\n\n // Create a task\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n const testProtocol = protocol as unknown as TestProtocol;\n\n // Enqueue multiple messages: request with resolver, request without, notification\n const requestId1 = 42;\n const resolverMock = vi.fn();\n testProtocol._requestResolvers.set(requestId1, resolverMock);\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: requestId1,\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 43, // No resolver for this one\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'notification',\n message: {\n jsonrpc: '2.0',\n method: 'notifications/progress',\n params: { progress: 50, total: 100 }\n },\n timestamp: Date.now()\n });\n\n // Clear the task queue\n await testProtocol._clearTaskQueue(task.taskId);\n\n // Verify resolver was called for first request\n expect(resolverMock).toHaveBeenCalledWith(expect.any(ProtocolError));\n\n // Verify the error has the correct properties\n const calledError = resolverMock.mock.calls[0]![0];\n expect(calledError.code).toBe(ProtocolErrorCode.InternalError);\n expect(calledError.message).toContain('Task cancelled or completed');\n\n // Verify error was logged for second request\n expect(errorHandler).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('Resolver missing for request 43')\n })\n );\n\n // Verify queue is empty\n const remaining = await taskMessageQueue.dequeue(task.taskId);\n expect(remaining).toBeUndefined();\n });\n });\n\n describe('Side-channeled request error handling', () => {\n it('should log error when response handler is missing for side-channeled request', async () => {\n await protocol.connect(transport);\n\n const testProtocol = protocol as unknown as TestProtocol;\n const messageId = 123;\n\n // Create a response resolver without a corresponding response handler\n const responseResolver = (response: JSONRPCResultResponse | Error) => {\n const handler = testProtocol._responseHandlers.get(messageId);\n if (handler) {\n handler(response);\n } else {\n protocol.onerror?.(new Error(`Response handler missing for side-channeled request ${messageId}`));\n }\n };\n\n // Simulate the resolver being called without a handler\n const mockResponse: JSONRPCResultResponse = {\n jsonrpc: '2.0',\n id: messageId,\n result: { content: [] }\n };\n\n responseResolver(mockResponse);\n\n // Verify error was logged\n expect(errorHandler).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('Response handler missing for side-channeled request 123')\n })\n );\n });\n });\n\n describe('Error handling does not throw exceptions', () => {\n it('should not throw when processing response with missing resolver', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 999,\n result: { content: [] }\n },\n timestamp: Date.now()\n });\n\n // This should not throw\n const processMessage = async () => {\n const msg = await taskMessageQueue.dequeue(task.taskId);\n if (msg && msg.type === 'response') {\n const testProtocol = protocol as unknown as TestProtocol;\n const responseMessage = msg.message as JSONRPCResultResponse;\n const requestId = responseMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (!resolver) {\n protocol.onerror?.(new Error(`Response handler missing for request ${requestId}`));\n }\n }\n };\n\n await expect(processMessage()).resolves.not.toThrow();\n });\n\n it('should not throw during task cleanup with missing resolvers', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'request',\n message: {\n jsonrpc: '2.0',\n id: 42,\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n },\n timestamp: Date.now()\n });\n\n const testProtocol = protocol as unknown as TestProtocol;\n\n // This should not throw\n await expect(testProtocol._clearTaskQueue(task.taskId)).resolves.not.toThrow();\n });\n });\n\n describe('Error message routing', () => {\n it('should route error messages to resolvers correctly', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n const requestId = 42;\n const resolverMock = vi.fn();\n\n // Store a resolver\n const testProtocol = protocol as unknown as TestProtocol;\n testProtocol._requestResolvers.set(requestId, resolverMock);\n\n // Enqueue an error message\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: requestId,\n error: {\n code: ProtocolErrorCode.InvalidRequest,\n message: 'Invalid request parameters'\n }\n },\n timestamp: Date.now()\n });\n\n // Simulate dequeuing and processing the error\n const queuedMessage = await taskMessageQueue.dequeue(task.taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage?.type).toBe('error');\n\n // Manually trigger the error handling logic\n if (queuedMessage && queuedMessage.type === 'error') {\n const errorMessage = queuedMessage.message as JSONRPCErrorResponse;\n const reqId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(reqId);\n\n if (resolver) {\n testProtocol._requestResolvers.delete(reqId);\n const error = new ProtocolError(errorMessage.error.code, errorMessage.error.message, errorMessage.error.data);\n resolver(error);\n }\n }\n\n // Verify resolver was called with ProtocolError\n expect(resolverMock).toHaveBeenCalledWith(expect.any(ProtocolError));\n const calledError = resolverMock.mock.calls[0]![0];\n expect(calledError.code).toBe(ProtocolErrorCode.InvalidRequest);\n expect(calledError.message).toContain('Invalid request parameters');\n\n // Verify resolver was removed from map\n expect(testProtocol._requestResolvers.has(requestId)).toBe(false);\n });\n\n it('should log error for unknown request ID in error messages', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n // Enqueue an error message without a corresponding resolver\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: 999,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Something went wrong'\n }\n },\n timestamp: Date.now()\n });\n\n // Simulate dequeuing and processing the error\n const queuedMessage = await taskMessageQueue.dequeue(task.taskId);\n expect(queuedMessage).toBeDefined();\n expect(queuedMessage?.type).toBe('error');\n\n // Manually trigger the error handling logic\n if (queuedMessage && queuedMessage.type === 'error') {\n const testProtocol = protocol as unknown as TestProtocol;\n const errorMessage = queuedMessage.message as JSONRPCErrorResponse;\n const requestId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n\n if (!resolver) {\n protocol.onerror?.(new Error(`Error handler missing for request ${requestId}`));\n }\n }\n\n // Verify error was logged\n expect(errorHandler).toHaveBeenCalledWith(\n expect.objectContaining({\n message: expect.stringContaining('Error handler missing for request 999')\n })\n );\n });\n\n it('should handle error messages with data field', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n const requestId = 42;\n const resolverMock = vi.fn();\n\n // Store a resolver\n const testProtocol = protocol as unknown as TestProtocol;\n testProtocol._requestResolvers.set(requestId, resolverMock);\n\n // Enqueue an error message with data field\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: requestId,\n error: {\n code: ProtocolErrorCode.InvalidParams,\n message: 'Validation failed',\n data: { field: 'userName', reason: 'required' }\n }\n },\n timestamp: Date.now()\n });\n\n // Simulate dequeuing and processing the error\n const queuedMessage = await taskMessageQueue.dequeue(task.taskId);\n\n if (queuedMessage && queuedMessage.type === 'error') {\n const errorMessage = queuedMessage.message as JSONRPCErrorResponse;\n const reqId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(reqId);\n\n if (resolver) {\n testProtocol._requestResolvers.delete(reqId);\n const error = new ProtocolError(errorMessage.error.code, errorMessage.error.message, errorMessage.error.data);\n resolver(error);\n }\n }\n\n // Verify resolver was called with ProtocolError including data\n expect(resolverMock).toHaveBeenCalledWith(expect.any(ProtocolError));\n const calledError = resolverMock.mock.calls[0]![0];\n expect(calledError.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(calledError.message).toContain('Validation failed');\n expect(calledError.data).toEqual({ field: 'userName', reason: 'required' });\n });\n\n it('should not throw when processing error with missing resolver', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: 999,\n error: {\n code: ProtocolErrorCode.InternalError,\n message: 'Error occurred'\n }\n },\n timestamp: Date.now()\n });\n\n // This should not throw\n const processMessage = async () => {\n const msg = await taskMessageQueue.dequeue(task.taskId);\n if (msg && msg.type === 'error') {\n const testProtocol = protocol as unknown as TestProtocol;\n const errorMessage = msg.message as JSONRPCErrorResponse;\n const requestId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (!resolver) {\n protocol.onerror?.(new Error(`Error handler missing for request ${requestId}`));\n }\n }\n };\n\n await expect(processMessage()).resolves.not.toThrow();\n });\n });\n\n describe('Response and error message routing integration', () => {\n it('should handle mixed response and error messages in queue', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n const testProtocol = protocol as unknown as TestProtocol;\n\n // Set up resolvers for multiple requests\n const resolver1 = vi.fn();\n const resolver2 = vi.fn();\n const resolver3 = vi.fn();\n\n testProtocol._requestResolvers.set(1, resolver1);\n testProtocol._requestResolvers.set(2, resolver2);\n testProtocol._requestResolvers.set(3, resolver3);\n\n // Enqueue mixed messages: response, error, response\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 1,\n result: { content: [{ type: 'text', text: 'Success' }] }\n },\n timestamp: Date.now()\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: 2,\n error: {\n code: ProtocolErrorCode.InvalidRequest,\n message: 'Request failed'\n }\n },\n timestamp: Date.now()\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: {\n jsonrpc: '2.0',\n id: 3,\n result: { content: [{ type: 'text', text: 'Another success' }] }\n },\n timestamp: Date.now()\n });\n\n // Process all messages\n let msg;\n while ((msg = await taskMessageQueue.dequeue(task.taskId))) {\n if (msg.type === 'response') {\n const responseMessage = msg.message as JSONRPCResultResponse;\n const requestId = responseMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (resolver) {\n testProtocol._requestResolvers.delete(requestId);\n resolver(responseMessage);\n }\n } else if (msg.type === 'error') {\n const errorMessage = msg.message as JSONRPCErrorResponse;\n const requestId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (resolver) {\n testProtocol._requestResolvers.delete(requestId);\n const error = new ProtocolError(errorMessage.error.code, errorMessage.error.message, errorMessage.error.data);\n resolver(error);\n }\n }\n }\n\n // Verify all resolvers were called correctly\n expect(resolver1).toHaveBeenCalledWith(expect.objectContaining({ id: 1 }));\n expect(resolver2).toHaveBeenCalledWith(expect.any(ProtocolError));\n expect(resolver3).toHaveBeenCalledWith(expect.objectContaining({ id: 3 }));\n\n // Verify error has correct properties\n const error = resolver2.mock.calls[0]![0];\n expect(error.code).toBe(ProtocolErrorCode.InvalidRequest);\n expect(error.message).toContain('Request failed');\n\n // Verify all resolvers were removed\n expect(testProtocol._requestResolvers.size).toBe(0);\n });\n\n it('should maintain FIFO order when processing responses and errors', async () => {\n await protocol.connect(transport);\n\n const task = await taskStore.createTask({ ttl: 60000 }, 1, { method: 'test', params: {} });\n const testProtocol = protocol as unknown as TestProtocol;\n\n const callOrder: number[] = [];\n const resolver1 = vi.fn(() => callOrder.push(1));\n const resolver2 = vi.fn(() => callOrder.push(2));\n const resolver3 = vi.fn(() => callOrder.push(3));\n\n testProtocol._requestResolvers.set(1, resolver1);\n testProtocol._requestResolvers.set(2, resolver2);\n testProtocol._requestResolvers.set(3, resolver3);\n\n // Enqueue in specific order\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: { jsonrpc: '2.0', id: 1, result: {} },\n timestamp: 1000\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'error',\n message: {\n jsonrpc: '2.0',\n id: 2,\n error: { code: -32600, message: 'Error' }\n },\n timestamp: 2000\n });\n\n await taskMessageQueue.enqueue(task.taskId, {\n type: 'response',\n message: { jsonrpc: '2.0', id: 3, result: {} },\n timestamp: 3000\n });\n\n // Process all messages\n let msg;\n while ((msg = await taskMessageQueue.dequeue(task.taskId))) {\n if (msg.type === 'response') {\n const responseMessage = msg.message as JSONRPCResultResponse;\n const requestId = responseMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (resolver) {\n testProtocol._requestResolvers.delete(requestId);\n resolver(responseMessage);\n }\n } else if (msg.type === 'error') {\n const errorMessage = msg.message as JSONRPCErrorResponse;\n const requestId = errorMessage.id as RequestId;\n const resolver = testProtocol._requestResolvers.get(requestId);\n if (resolver) {\n testProtocol._requestResolvers.delete(requestId);\n const error = new ProtocolError(errorMessage.error.code, errorMessage.error.message, errorMessage.error.data);\n resolver(error);\n }\n }\n }\n\n // Verify FIFO order was maintained\n expect(callOrder).toEqual([1, 2, 3]);\n });\n });\n});\n" }, { "path": "packages/core/test/shared/protocolTransportHandling.test.ts", "content": "import { beforeEach, describe, expect, test } from 'vitest';\n\nimport type { BaseContext } from '../../src/shared/protocol.js';\nimport { Protocol } from '../../src/shared/protocol.js';\nimport type { Transport } from '../../src/shared/transport.js';\nimport type { EmptyResult, JSONRPCMessage, Notification, Request, Result } from '../../src/types/types.js';\n\n// Mock Transport class\nclass MockTransport implements Transport {\n id: string;\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: unknown) => void;\n sentMessages: JSONRPCMessage[] = [];\n\n constructor(id: string) {\n this.id = id;\n }\n\n async start(): Promise {}\n\n async close(): Promise {\n this.onclose?.();\n }\n\n async send(message: JSONRPCMessage): Promise {\n this.sentMessages.push(message);\n }\n}\n\ndescribe('Protocol transport handling bug', () => {\n let protocol: Protocol;\n let transportA: MockTransport;\n let transportB: MockTransport;\n\n beforeEach(() => {\n protocol = new (class extends Protocol {\n protected assertCapabilityForMethod(): void {}\n protected assertNotificationCapability(): void {}\n protected assertRequestHandlerCapability(): void {}\n protected assertTaskCapability(): void {}\n protected buildContext(ctx: BaseContext): BaseContext {\n return ctx;\n }\n protected assertTaskHandlerCapability(): void {}\n })();\n\n transportA = new MockTransport('A');\n transportB = new MockTransport('B');\n });\n\n test('should send response to the correct transport when multiple clients are connected', async () => {\n // Set up a request handler that simulates processing time\n let resolveHandler: (value: EmptyResult) => void;\n const handlerPromise = new Promise(resolve => {\n resolveHandler = resolve;\n });\n\n protocol.setRequestHandler('ping', async () => handlerPromise);\n\n // Client A connects and sends a request\n await protocol.connect(transportA);\n transportA.onmessage?.({ jsonrpc: '2.0', method: 'ping', id: 1 });\n\n // While A's request is being processed, client B connects\n // This overwrites the transport reference in the protocol\n await protocol.connect(transportB);\n transportB.onmessage?.({ jsonrpc: '2.0', method: 'ping', id: 2 });\n\n // Now complete A's request\n resolveHandler!({});\n\n // Wait for async operations to complete\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Check where the responses went\n console.log('Transport A received:', transportA.sentMessages);\n console.log('Transport B received:', transportB.sentMessages);\n\n // Transport A should receive response for request ID 1\n expect(transportA.sentMessages).toHaveLength(1);\n expect(transportA.sentMessages[0]).toMatchObject({ jsonrpc: '2.0', id: 1, result: {} });\n\n // Transport B should receive response for request ID 2\n expect(transportB.sentMessages).toHaveLength(1);\n expect(transportB.sentMessages[0]).toMatchObject({ jsonrpc: '2.0', id: 2, result: {} });\n });\n\n test('demonstrates the timing issue with multiple rapid connections', async () => {\n const results: { transport: string; response: JSONRPCMessage[] }[] = [];\n\n // Set up handler with variable delay based on request id\n protocol.setRequestHandler('ping', async (_request, ctx) => {\n const delay = ctx.mcpReq.id === 1 ? 50 : 10;\n await new Promise(resolve => setTimeout(resolve, delay));\n return {};\n });\n\n // Rapid succession of connections and requests\n await protocol.connect(transportA);\n transportA.onmessage?.({ jsonrpc: '2.0', method: 'ping', id: 1 });\n\n // Connect B while A is processing\n setTimeout(async () => {\n await protocol.connect(transportB);\n transportB.onmessage?.({ jsonrpc: '2.0', method: 'ping', id: 2 });\n }, 10);\n\n // Wait for all processing\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Collect results\n if (transportA.sentMessages.length > 0) {\n results.push({ transport: 'A', response: transportA.sentMessages });\n }\n if (transportB.sentMessages.length > 0) {\n results.push({ transport: 'B', response: transportB.sentMessages });\n }\n\n console.log('Timing test results:', results);\n\n expect(transportA.sentMessages).toHaveLength(1);\n expect(transportB.sentMessages).toHaveLength(1);\n });\n});\n" }, { "path": "packages/core/test/shared/stdio.test.ts", "content": "import { ReadBuffer } from '../../src/shared/stdio.js';\nimport type { JSONRPCMessage } from '../../src/types/types.js';\n\nconst testMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'foobar'\n};\n\ntest('should have no messages after initialization', () => {\n const readBuffer = new ReadBuffer();\n expect(readBuffer.readMessage()).toBeNull();\n});\n\ntest('should only yield a message after a newline', () => {\n const readBuffer = new ReadBuffer();\n\n readBuffer.append(Buffer.from(JSON.stringify(testMessage)));\n expect(readBuffer.readMessage()).toBeNull();\n\n readBuffer.append(Buffer.from('\\n'));\n expect(readBuffer.readMessage()).toEqual(testMessage);\n expect(readBuffer.readMessage()).toBeNull();\n});\n\ntest('should be reusable after clearing', () => {\n const readBuffer = new ReadBuffer();\n\n readBuffer.append(Buffer.from('foobar'));\n readBuffer.clear();\n expect(readBuffer.readMessage()).toBeNull();\n\n readBuffer.append(Buffer.from(JSON.stringify(testMessage)));\n readBuffer.append(Buffer.from('\\n'));\n expect(readBuffer.readMessage()).toEqual(testMessage);\n});\n" }, { "path": "packages/core/test/shared/toolNameValidation.test.ts", "content": "import type { MockInstance } from 'vitest';\nimport { vi } from 'vitest';\n\nimport { issueToolNameWarning, validateAndWarnToolName, validateToolName } from '../../src/shared/toolNameValidation.js';\n\n// Spy on console.warn to capture output\nlet warnSpy: MockInstance;\n\nbeforeEach(() => {\n warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});\n});\n\nafterEach(() => {\n vi.restoreAllMocks();\n});\n\ndescribe('validateToolName', () => {\n describe('valid tool names', () => {\n test.each`\n description | toolName\n ${'simple alphanumeric names'} | ${'getUser'}\n ${'names with underscores'} | ${'get_user_profile'}\n ${'names with dashes'} | ${'user-profile-update'}\n ${'names with dots'} | ${'admin.tools.list'}\n ${'mixed character names'} | ${'DATA_EXPORT_v2.1'}\n ${'single character names'} | ${'a'}\n ${'128 character names'} | ${'a'.repeat(128)}\n `('should accept $description', ({ toolName }) => {\n const result = validateToolName(toolName);\n expect(result.isValid).toBe(true);\n expect(result.warnings).toHaveLength(0);\n });\n });\n\n describe('invalid tool names', () => {\n test.each`\n description | toolName | expectedWarning\n ${'empty names'} | ${''} | ${'Tool name cannot be empty'}\n ${'names longer than 128 characters'} | ${'a'.repeat(129)} | ${'Tool name exceeds maximum length of 128 characters (current: 129)'}\n ${'names with spaces'} | ${'get user profile'} | ${'Tool name contains invalid characters: \" \"'}\n ${'names with commas'} | ${'get,user,profile'} | ${'Tool name contains invalid characters: \",\"'}\n ${'names with forward slashes'} | ${'user/profile/update'} | ${'Tool name contains invalid characters: \"/\"'}\n ${'names with other special chars'} | ${'user@domain.com'} | ${'Tool name contains invalid characters: \"@\"'}\n ${'names with multiple invalid chars'} | ${'user name@domain,com'} | ${'Tool name contains invalid characters: \" \", \"@\", \",\"'}\n ${'names with unicode characters'} | ${'user-ñame'} | ${'Tool name contains invalid characters: \"ñ\"'}\n `('should reject $description', ({ toolName, expectedWarning }) => {\n const result = validateToolName(toolName);\n expect(result.isValid).toBe(false);\n expect(result.warnings).toContain(expectedWarning);\n });\n });\n\n describe('warnings for potentially problematic patterns', () => {\n test.each`\n description | toolName | expectedWarning | shouldBeValid\n ${'names with spaces'} | ${'get user profile'} | ${'Tool name contains spaces, which may cause parsing issues'} | ${false}\n ${'names with commas'} | ${'get,user,profile'} | ${'Tool name contains commas, which may cause parsing issues'} | ${false}\n ${'names starting with dash'} | ${'-get-user'} | ${'Tool name starts or ends with a dash, which may cause parsing issues in some contexts'} | ${true}\n ${'names ending with dash'} | ${'get-user-'} | ${'Tool name starts or ends with a dash, which may cause parsing issues in some contexts'} | ${true}\n ${'names starting with dot'} | ${'.get.user'} | ${'Tool name starts or ends with a dot, which may cause parsing issues in some contexts'} | ${true}\n ${'names ending with dot'} | ${'get.user.'} | ${'Tool name starts or ends with a dot, which may cause parsing issues in some contexts'} | ${true}\n ${'names with leading and trailing dots'} | ${'.get.user.'} | ${'Tool name starts or ends with a dot, which may cause parsing issues in some contexts'} | ${true}\n `('should warn about $description', ({ toolName, expectedWarning, shouldBeValid }) => {\n const result = validateToolName(toolName);\n expect(result.isValid).toBe(shouldBeValid);\n expect(result.warnings).toContain(expectedWarning);\n });\n });\n});\n\ndescribe('issueToolNameWarning', () => {\n test('should output warnings to console.warn', () => {\n const warnings = ['Warning 1', 'Warning 2'];\n issueToolNameWarning('test-tool', warnings);\n\n expect(warnSpy).toHaveBeenCalledTimes(6); // Header + 2 warnings + 3 guidance lines\n const calls = warnSpy.mock.calls.map(call => call.join(' '));\n expect(calls[0]).toContain('Tool name validation warning for \"test-tool\"');\n expect(calls[1]).toContain('- Warning 1');\n expect(calls[2]).toContain('- Warning 2');\n expect(calls[3]).toContain('Tool registration will proceed, but this may cause compatibility issues.');\n expect(calls[4]).toContain('Consider updating the tool name');\n expect(calls[5]).toContain('See SEP: Specify Format for Tool Names');\n });\n\n test('should handle empty warnings array', () => {\n issueToolNameWarning('test-tool', []);\n expect(warnSpy).toHaveBeenCalledTimes(0);\n });\n});\n\ndescribe('validateAndWarnToolName', () => {\n test.each`\n description | toolName | expectedResult | shouldWarn\n ${'valid names with warnings'} | ${'-get-user-'} | ${true} | ${true}\n ${'completely valid names'} | ${'get-user-profile'} | ${true} | ${false}\n ${'invalid names with spaces'} | ${'get user profile'} | ${false} | ${true}\n ${'empty names'} | ${''} | ${false} | ${true}\n ${'names exceeding length limit'} | ${'a'.repeat(129)} | ${false} | ${true}\n `('should handle $description', ({ toolName, expectedResult, shouldWarn }) => {\n const result = validateAndWarnToolName(toolName);\n expect(result).toBe(expectedResult);\n\n if (shouldWarn) {\n expect(warnSpy).toHaveBeenCalled();\n } else {\n expect(warnSpy).not.toHaveBeenCalled();\n }\n });\n\n test('should include space warning for invalid names with spaces', () => {\n validateAndWarnToolName('get user profile');\n const warningCalls = warnSpy.mock.calls.map(call => call.join(' '));\n expect(warningCalls.some(call => call.includes('Tool name contains spaces'))).toBe(true);\n });\n});\n\ndescribe('edge cases and robustness', () => {\n test.each`\n description | toolName | shouldBeValid | expectedWarning\n ${'names with only dots'} | ${'...'} | ${true} | ${'Tool name starts or ends with a dot, which may cause parsing issues in some contexts'}\n ${'names with only dashes'} | ${'---'} | ${true} | ${'Tool name starts or ends with a dash, which may cause parsing issues in some contexts'}\n ${'names with only forward slashes'} | ${'///'} | ${false} | ${'Tool name contains invalid characters: \"/\"'}\n ${'names with mixed valid/invalid chars'} | ${'user@name123'} | ${false} | ${'Tool name contains invalid characters: \"@\"'}\n `('should handle $description', ({ toolName, shouldBeValid, expectedWarning }) => {\n const result = validateToolName(toolName);\n expect(result.isValid).toBe(shouldBeValid);\n expect(result.warnings).toContain(expectedWarning);\n });\n});\n" }, { "path": "packages/core/test/shared/uriTemplate.test.ts", "content": "import { UriTemplate } from '../../src/shared/uriTemplate.js';\n\ndescribe('UriTemplate', () => {\n describe('isTemplate', () => {\n it('should return true for strings containing template expressions', () => {\n expect(UriTemplate.isTemplate('{foo}')).toBe(true);\n expect(UriTemplate.isTemplate('/users/{id}')).toBe(true);\n expect(UriTemplate.isTemplate('http://example.com/{path}/{file}')).toBe(true);\n expect(UriTemplate.isTemplate('/search{?q,limit}')).toBe(true);\n });\n\n it('should return false for strings without template expressions', () => {\n expect(UriTemplate.isTemplate('')).toBe(false);\n expect(UriTemplate.isTemplate('plain string')).toBe(false);\n expect(UriTemplate.isTemplate('http://example.com/foo/bar')).toBe(false);\n expect(UriTemplate.isTemplate('{}')).toBe(false); // Empty braces don't count\n expect(UriTemplate.isTemplate('{ }')).toBe(false); // Just whitespace doesn't count\n });\n });\n\n describe('simple string expansion', () => {\n it('should expand simple string variables', () => {\n const template = new UriTemplate('http://example.com/users/{username}');\n expect(template.expand({ username: 'fred' })).toBe('http://example.com/users/fred');\n expect(template.variableNames).toEqual(['username']);\n });\n\n it('should handle multiple variables', () => {\n const template = new UriTemplate('{x,y}');\n expect(template.expand({ x: '1024', y: '768' })).toBe('1024,768');\n expect(template.variableNames).toEqual(['x', 'y']);\n });\n\n it('should encode reserved characters', () => {\n const template = new UriTemplate('{var}');\n expect(template.expand({ var: 'value with spaces' })).toBe('value%20with%20spaces');\n });\n });\n\n describe('reserved expansion', () => {\n it('should not encode reserved characters with + operator', () => {\n const template = new UriTemplate('{+path}/here');\n expect(template.expand({ path: '/foo/bar' })).toBe('/foo/bar/here');\n expect(template.variableNames).toEqual(['path']);\n });\n });\n\n describe('fragment expansion', () => {\n it('should add # prefix and not encode reserved chars', () => {\n const template = new UriTemplate('X{#var}');\n expect(template.expand({ var: '/test' })).toBe('X#/test');\n expect(template.variableNames).toEqual(['var']);\n });\n });\n\n describe('label expansion', () => {\n it('should add . prefix', () => {\n const template = new UriTemplate('X{.var}');\n expect(template.expand({ var: 'test' })).toBe('X.test');\n expect(template.variableNames).toEqual(['var']);\n });\n });\n\n describe('path expansion', () => {\n it('should add / prefix', () => {\n const template = new UriTemplate('X{/var}');\n expect(template.expand({ var: 'test' })).toBe('X/test');\n expect(template.variableNames).toEqual(['var']);\n });\n });\n\n describe('query expansion', () => {\n it('should add ? prefix and name=value format', () => {\n const template = new UriTemplate('X{?var}');\n expect(template.expand({ var: 'test' })).toBe('X?var=test');\n expect(template.variableNames).toEqual(['var']);\n });\n });\n\n describe('form continuation expansion', () => {\n it('should add & prefix and name=value format', () => {\n const template = new UriTemplate('X{&var}');\n expect(template.expand({ var: 'test' })).toBe('X&var=test');\n expect(template.variableNames).toEqual(['var']);\n });\n });\n\n describe('matching', () => {\n it('should match simple strings and extract variables', () => {\n const template = new UriTemplate('http://example.com/users/{username}');\n const match = template.match('http://example.com/users/fred');\n expect(match).toEqual({ username: 'fred' });\n });\n\n it('should match multiple variables', () => {\n const template = new UriTemplate('/users/{username}/posts/{postId}');\n const match = template.match('/users/fred/posts/123');\n expect(match).toEqual({ username: 'fred', postId: '123' });\n });\n\n it('should return null for non-matching URIs', () => {\n const template = new UriTemplate('/users/{username}');\n const match = template.match('/posts/123');\n expect(match).toBeNull();\n });\n\n it('should handle exploded arrays', () => {\n const template = new UriTemplate('{/list*}');\n const match = template.match('/red,green,blue');\n expect(match).toEqual({ list: ['red', 'green', 'blue'] });\n });\n });\n\n describe('edge cases', () => {\n it('should handle empty variables', () => {\n const template = new UriTemplate('{empty}');\n expect(template.expand({})).toBe('');\n expect(template.expand({ empty: '' })).toBe('');\n });\n\n it('should handle undefined variables', () => {\n const template = new UriTemplate('{a}{b}{c}');\n expect(template.expand({ b: '2' })).toBe('2');\n });\n\n it('should handle special characters in variable names', () => {\n const template = new UriTemplate('{$var_name}');\n expect(template.expand({ $var_name: 'value' })).toBe('value');\n });\n });\n\n describe('complex patterns', () => {\n it('should handle nested path segments', () => {\n const template = new UriTemplate('/api/{version}/{resource}/{id}');\n expect(\n template.expand({\n version: 'v1',\n resource: 'users',\n id: '123'\n })\n ).toBe('/api/v1/users/123');\n expect(template.variableNames).toEqual(['version', 'resource', 'id']);\n });\n\n it('should handle query parameters with arrays', () => {\n const template = new UriTemplate('/search{?tags*}');\n expect(\n template.expand({\n tags: ['nodejs', 'typescript', 'testing']\n })\n ).toBe('/search?tags=nodejs,typescript,testing');\n expect(template.variableNames).toEqual(['tags']);\n });\n\n it('should handle multiple query parameters', () => {\n const template = new UriTemplate('/search{?q,page,limit}');\n expect(\n template.expand({\n q: 'test',\n page: '1',\n limit: '10'\n })\n ).toBe('/search?q=test&page=1&limit=10');\n expect(template.variableNames).toEqual(['q', 'page', 'limit']);\n });\n });\n\n describe('matching complex patterns', () => {\n it('should match nested path segments', () => {\n const template = new UriTemplate('/api/{version}/{resource}/{id}');\n const match = template.match('/api/v1/users/123');\n expect(match).toEqual({\n version: 'v1',\n resource: 'users',\n id: '123'\n });\n expect(template.variableNames).toEqual(['version', 'resource', 'id']);\n });\n\n it('should match query parameters', () => {\n const template = new UriTemplate('/search{?q}');\n const match = template.match('/search?q=test');\n expect(match).toEqual({ q: 'test' });\n expect(template.variableNames).toEqual(['q']);\n });\n\n it('should match multiple query parameters', () => {\n const template = new UriTemplate('/search{?q,page}');\n const match = template.match('/search?q=test&page=1');\n expect(match).toEqual({ q: 'test', page: '1' });\n expect(template.variableNames).toEqual(['q', 'page']);\n });\n\n it('should handle partial matches correctly', () => {\n const template = new UriTemplate('/users/{id}');\n expect(template.match('/users/123/extra')).toBeNull();\n expect(template.match('/users')).toBeNull();\n });\n });\n\n describe('security and edge cases', () => {\n it('should handle extremely long input strings', () => {\n const longString = 'x'.repeat(100_000);\n const template = new UriTemplate(`/api/{param}`);\n expect(template.expand({ param: longString })).toBe(`/api/${longString}`);\n expect(template.match(`/api/${longString}`)).toEqual({ param: longString });\n });\n\n it('should handle deeply nested template expressions', () => {\n const template = new UriTemplate('{a}{b}{c}{d}{e}{f}{g}{h}{i}{j}'.repeat(1000));\n expect(() =>\n template.expand({\n a: '1',\n b: '2',\n c: '3',\n d: '4',\n e: '5',\n f: '6',\n g: '7',\n h: '8',\n i: '9',\n j: '0'\n })\n ).not.toThrow();\n });\n\n it('should handle malformed template expressions', () => {\n expect(() => new UriTemplate('{unclosed')).toThrow();\n expect(() => new UriTemplate('{}')).not.toThrow();\n expect(() => new UriTemplate('{,}')).not.toThrow();\n expect(() => new UriTemplate('{a}{')).toThrow();\n });\n\n it('should handle pathological regex patterns', () => {\n const template = new UriTemplate('/api/{param}');\n // Create a string that could cause catastrophic backtracking\n const input = '/api/' + 'a'.repeat(100_000);\n expect(() => template.match(input)).not.toThrow();\n });\n\n it('should handle invalid UTF-8 sequences', () => {\n const template = new UriTemplate('/api/{param}');\n const invalidUtf8 = '���';\n expect(() => template.expand({ param: invalidUtf8 })).not.toThrow();\n expect(() => template.match(`/api/${invalidUtf8}`)).not.toThrow();\n });\n\n it('should handle template/URI length mismatches', () => {\n const template = new UriTemplate('/api/{param}');\n expect(template.match('/api/')).toBeNull();\n expect(template.match('/api')).toBeNull();\n expect(template.match('/api/value/extra')).toBeNull();\n });\n\n it('should handle repeated operators', () => {\n const template = new UriTemplate('{?a}{?b}{?c}');\n expect(template.expand({ a: '1', b: '2', c: '3' })).toBe('?a=1&b=2&c=3');\n expect(template.variableNames).toEqual(['a', 'b', 'c']);\n });\n\n it('should handle overlapping variable names', () => {\n const template = new UriTemplate('{var}{vara}');\n expect(template.expand({ var: '1', vara: '2' })).toBe('12');\n expect(template.variableNames).toEqual(['var', 'vara']);\n });\n\n it('should handle empty segments', () => {\n const template = new UriTemplate('///{a}////{b}////');\n expect(template.expand({ a: '1', b: '2' })).toBe('///1////2////');\n expect(template.match('///1////2////')).toEqual({ a: '1', b: '2' });\n expect(template.variableNames).toEqual(['a', 'b']);\n });\n\n it('should handle maximum template expression limit', () => {\n // Create a template with many expressions\n const expressions = Array.from({ length: 10_000 }).fill('{param}').join('');\n expect(() => new UriTemplate(expressions)).not.toThrow();\n });\n\n it('should handle maximum variable name length', () => {\n const longName = 'a'.repeat(10_000);\n const template = new UriTemplate(`{${longName}}`);\n const vars: Record = { [longName]: 'value' };\n expect(() => template.expand(vars)).not.toThrow();\n });\n\n it('should not be vulnerable to ReDoS with exploded path patterns', () => {\n // Test for ReDoS vulnerability (CVE-2026-0621)\n // See: https://github.com/modelcontextprotocol/typescript-sdk/issues/965\n const template = new UriTemplate('{/id*}');\n const maliciousPayload = '/' + ','.repeat(50);\n\n const startTime = Date.now();\n template.match(maliciousPayload);\n const elapsed = Date.now() - startTime;\n\n // Should complete in under 100ms, not hang for seconds\n expect(elapsed).toBeLessThan(100);\n });\n\n it('should not be vulnerable to ReDoS with exploded simple patterns', () => {\n // Test for ReDoS vulnerability with simple exploded operator\n const template = new UriTemplate('{id*}');\n const maliciousPayload = ','.repeat(50);\n\n const startTime = Date.now();\n template.match(maliciousPayload);\n const elapsed = Date.now() - startTime;\n\n // Should complete in under 100ms, not hang for seconds\n expect(elapsed).toBeLessThan(100);\n });\n });\n});\n" }, { "path": "packages/core/test/spec.types.test.ts", "content": "/**\n * This contains:\n * - Static type checks to verify the Spec's types are compatible with the SDK's types\n * (mutually assignable — no type-level workarounds should be needed)\n * - Runtime checks to verify each Spec type has a static check\n * (note: a few don't have SDK types, see MISSING_SDK_TYPES below)\n */\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport type * as SpecTypes from '../src/types/spec.types.js';\nimport type * as SDKTypes from '../src/types/types.js';\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\n\n// Adds the `jsonrpc` property to a type, to match the on-wire format of notifications.\ntype WithJSONRPC = T & { jsonrpc: '2.0' };\n\n// Adds the `jsonrpc` and `id` properties to a type, to match the on-wire format of requests.\ntype WithJSONRPCRequest = T & { jsonrpc: '2.0'; id: SDKTypes.RequestId };\n\n// The spec defines typed *ResultResponse interfaces (e.g. InitializeResultResponse) that pair a\n// JSONRPCResultResponse envelope with a specific result type. The SDK doesn't export these because\n// nothing in the SDK needs the combined type — Protocol._onresponse() unwraps the envelope and\n// validates the inner result separately. We define this locally to verify the composition still\n// type-checks against the spec without polluting the SDK's public API.\ntype TypedResultResponse = SDKTypes.JSONRPCResultResponse & { result: R };\n\nconst sdkTypeChecks = {\n RequestParams: (sdk: SDKTypes.RequestParams, spec: SpecTypes.RequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n NotificationParams: (sdk: SDKTypes.NotificationParams, spec: SpecTypes.NotificationParams) => {\n sdk = spec;\n spec = sdk;\n },\n CancelledNotificationParams: (sdk: SDKTypes.CancelledNotificationParams, spec: SpecTypes.CancelledNotificationParams) => {\n sdk = spec;\n spec = sdk;\n },\n InitializeRequestParams: (sdk: SDKTypes.InitializeRequestParams, spec: SpecTypes.InitializeRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ProgressNotificationParams: (sdk: SDKTypes.ProgressNotificationParams, spec: SpecTypes.ProgressNotificationParams) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceRequestParams: (sdk: SDKTypes.ResourceRequestParams, spec: SpecTypes.ResourceRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ReadResourceRequestParams: (sdk: SDKTypes.ReadResourceRequestParams, spec: SpecTypes.ReadResourceRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n SubscribeRequestParams: (sdk: SDKTypes.SubscribeRequestParams, spec: SpecTypes.SubscribeRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n UnsubscribeRequestParams: (sdk: SDKTypes.UnsubscribeRequestParams, spec: SpecTypes.UnsubscribeRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceUpdatedNotificationParams: (\n sdk: SDKTypes.ResourceUpdatedNotificationParams,\n spec: SpecTypes.ResourceUpdatedNotificationParams\n ) => {\n sdk = spec;\n spec = sdk;\n },\n GetPromptRequestParams: (sdk: SDKTypes.GetPromptRequestParams, spec: SpecTypes.GetPromptRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n CallToolRequestParams: (sdk: SDKTypes.CallToolRequestParams, spec: SpecTypes.CallToolRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n SetLevelRequestParams: (sdk: SDKTypes.SetLevelRequestParams, spec: SpecTypes.SetLevelRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n LoggingMessageNotificationParams: (\n sdk: SDKTypes.LoggingMessageNotificationParams,\n spec: SpecTypes.LoggingMessageNotificationParams\n ) => {\n sdk = spec;\n spec = sdk;\n },\n CreateMessageRequestParams: (sdk: SDKTypes.CreateMessageRequestParams, spec: SpecTypes.CreateMessageRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n CompleteRequestParams: (sdk: SDKTypes.CompleteRequestParams, spec: SpecTypes.CompleteRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitRequestParams: (sdk: SDKTypes.ElicitRequestParams, spec: SpecTypes.ElicitRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitRequestFormParams: (sdk: SDKTypes.ElicitRequestFormParams, spec: SpecTypes.ElicitRequestFormParams) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitRequestURLParams: (sdk: SDKTypes.ElicitRequestURLParams, spec: SpecTypes.ElicitRequestURLParams) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitationCompleteNotification: (\n sdk: WithJSONRPC,\n spec: SpecTypes.ElicitationCompleteNotification\n ) => {\n sdk = spec;\n spec = sdk;\n },\n PaginatedRequestParams: (sdk: SDKTypes.PaginatedRequestParams, spec: SpecTypes.PaginatedRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n CancelledNotification: (sdk: WithJSONRPC, spec: SpecTypes.CancelledNotification) => {\n sdk = spec;\n spec = sdk;\n },\n BaseMetadata: (sdk: SDKTypes.BaseMetadata, spec: SpecTypes.BaseMetadata) => {\n sdk = spec;\n spec = sdk;\n },\n Implementation: (sdk: SDKTypes.Implementation, spec: SpecTypes.Implementation) => {\n sdk = spec;\n spec = sdk;\n },\n ProgressNotification: (sdk: WithJSONRPC, spec: SpecTypes.ProgressNotification) => {\n sdk = spec;\n spec = sdk;\n },\n SubscribeRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.SubscribeRequest) => {\n sdk = spec;\n spec = sdk;\n },\n UnsubscribeRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.UnsubscribeRequest) => {\n sdk = spec;\n spec = sdk;\n },\n PaginatedRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.PaginatedRequest) => {\n sdk = spec;\n spec = sdk;\n },\n PaginatedResult: (sdk: SDKTypes.PaginatedResult, spec: SpecTypes.PaginatedResult) => {\n sdk = spec;\n spec = sdk;\n },\n ListRootsRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ListRootsRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListRootsResult: (sdk: SDKTypes.ListRootsResult, spec: SpecTypes.ListRootsResult) => {\n sdk = spec;\n spec = sdk;\n },\n Root: (sdk: SDKTypes.Root, spec: SpecTypes.Root) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ElicitRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitResult: (sdk: SDKTypes.ElicitResult, spec: SpecTypes.ElicitResult) => {\n sdk = spec;\n spec = sdk;\n },\n CompleteRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.CompleteRequest) => {\n sdk = spec;\n spec = sdk;\n },\n CompleteResult: (sdk: SDKTypes.CompleteResult, spec: SpecTypes.CompleteResult) => {\n sdk = spec;\n spec = sdk;\n },\n ProgressToken: (sdk: SDKTypes.ProgressToken, spec: SpecTypes.ProgressToken) => {\n sdk = spec;\n spec = sdk;\n },\n Cursor: (sdk: SDKTypes.Cursor, spec: SpecTypes.Cursor) => {\n sdk = spec;\n spec = sdk;\n },\n Request: (sdk: SDKTypes.Request, spec: SpecTypes.Request) => {\n sdk = spec;\n spec = sdk;\n },\n Result: (sdk: SDKTypes.Result, spec: SpecTypes.Result) => {\n sdk = spec;\n spec = sdk;\n },\n RequestId: (sdk: SDKTypes.RequestId, spec: SpecTypes.RequestId) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCRequest: (sdk: SDKTypes.JSONRPCRequest, spec: SpecTypes.JSONRPCRequest) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCNotification: (sdk: SDKTypes.JSONRPCNotification, spec: SpecTypes.JSONRPCNotification) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCResponse: (sdk: SDKTypes.JSONRPCResponse, spec: SpecTypes.JSONRPCResponse) => {\n sdk = spec;\n spec = sdk;\n },\n EmptyResult: (sdk: SDKTypes.EmptyResult, spec: SpecTypes.EmptyResult) => {\n sdk = spec;\n spec = sdk;\n },\n Notification: (sdk: SDKTypes.Notification, spec: SpecTypes.Notification) => {\n sdk = spec;\n spec = sdk;\n },\n ClientResult: (sdk: SDKTypes.ClientResult, spec: SpecTypes.ClientResult) => {\n sdk = spec;\n spec = sdk;\n },\n ClientNotification: (sdk: WithJSONRPC, spec: SpecTypes.ClientNotification) => {\n sdk = spec;\n spec = sdk;\n },\n ServerResult: (sdk: SDKTypes.ServerResult, spec: SpecTypes.ServerResult) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceTemplateReference: (sdk: SDKTypes.ResourceTemplateReference, spec: SpecTypes.ResourceTemplateReference) => {\n sdk = spec;\n spec = sdk;\n },\n PromptReference: (sdk: SDKTypes.PromptReference, spec: SpecTypes.PromptReference) => {\n sdk = spec;\n spec = sdk;\n },\n ToolAnnotations: (sdk: SDKTypes.ToolAnnotations, spec: SpecTypes.ToolAnnotations) => {\n sdk = spec;\n spec = sdk;\n },\n Tool: (sdk: SDKTypes.Tool, spec: SpecTypes.Tool) => {\n sdk = spec;\n spec = sdk;\n },\n ListToolsRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ListToolsRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListToolsResult: (sdk: SDKTypes.ListToolsResult, spec: SpecTypes.ListToolsResult) => {\n sdk = spec;\n spec = sdk;\n },\n CallToolResult: (sdk: SDKTypes.CallToolResult, spec: SpecTypes.CallToolResult) => {\n sdk = spec;\n spec = sdk;\n },\n CallToolRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.CallToolRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ToolListChangedNotification: (sdk: WithJSONRPC, spec: SpecTypes.ToolListChangedNotification) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceListChangedNotification: (\n sdk: WithJSONRPC,\n spec: SpecTypes.ResourceListChangedNotification\n ) => {\n sdk = spec;\n spec = sdk;\n },\n PromptListChangedNotification: (\n sdk: WithJSONRPC,\n spec: SpecTypes.PromptListChangedNotification\n ) => {\n sdk = spec;\n spec = sdk;\n },\n RootsListChangedNotification: (\n sdk: WithJSONRPC,\n spec: SpecTypes.RootsListChangedNotification\n ) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceUpdatedNotification: (sdk: WithJSONRPC, spec: SpecTypes.ResourceUpdatedNotification) => {\n sdk = spec;\n spec = sdk;\n },\n SamplingMessage: (sdk: SDKTypes.SamplingMessage, spec: SpecTypes.SamplingMessage) => {\n sdk = spec;\n spec = sdk;\n },\n CreateMessageResult: (sdk: SDKTypes.CreateMessageResultWithTools, spec: SpecTypes.CreateMessageResult) => {\n sdk = spec;\n spec = sdk;\n },\n SetLevelRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.SetLevelRequest) => {\n sdk = spec;\n spec = sdk;\n },\n PingRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.PingRequest) => {\n sdk = spec;\n spec = sdk;\n },\n InitializedNotification: (sdk: WithJSONRPC, spec: SpecTypes.InitializedNotification) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourcesRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ListResourcesRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourcesResult: (sdk: SDKTypes.ListResourcesResult, spec: SpecTypes.ListResourcesResult) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourceTemplatesRequest: (\n sdk: WithJSONRPCRequest,\n spec: SpecTypes.ListResourceTemplatesRequest\n ) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourceTemplatesResult: (sdk: SDKTypes.ListResourceTemplatesResult, spec: SpecTypes.ListResourceTemplatesResult) => {\n sdk = spec;\n spec = sdk;\n },\n ReadResourceRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ReadResourceRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ReadResourceResult: (sdk: SDKTypes.ReadResourceResult, spec: SpecTypes.ReadResourceResult) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceContents: (sdk: SDKTypes.ResourceContents, spec: SpecTypes.ResourceContents) => {\n sdk = spec;\n spec = sdk;\n },\n TextResourceContents: (sdk: SDKTypes.TextResourceContents, spec: SpecTypes.TextResourceContents) => {\n sdk = spec;\n spec = sdk;\n },\n BlobResourceContents: (sdk: SDKTypes.BlobResourceContents, spec: SpecTypes.BlobResourceContents) => {\n sdk = spec;\n spec = sdk;\n },\n Resource: (sdk: SDKTypes.Resource, spec: SpecTypes.Resource) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceTemplate: (sdk: SDKTypes.ResourceTemplateType, spec: SpecTypes.ResourceTemplate) => {\n sdk = spec;\n spec = sdk;\n },\n PromptArgument: (sdk: SDKTypes.PromptArgument, spec: SpecTypes.PromptArgument) => {\n sdk = spec;\n spec = sdk;\n },\n Prompt: (sdk: SDKTypes.Prompt, spec: SpecTypes.Prompt) => {\n sdk = spec;\n spec = sdk;\n },\n ListPromptsRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ListPromptsRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListPromptsResult: (sdk: SDKTypes.ListPromptsResult, spec: SpecTypes.ListPromptsResult) => {\n sdk = spec;\n spec = sdk;\n },\n GetPromptRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.GetPromptRequest) => {\n sdk = spec;\n spec = sdk;\n },\n TextContent: (sdk: SDKTypes.TextContent, spec: SpecTypes.TextContent) => {\n sdk = spec;\n spec = sdk;\n },\n ImageContent: (sdk: SDKTypes.ImageContent, spec: SpecTypes.ImageContent) => {\n sdk = spec;\n spec = sdk;\n },\n AudioContent: (sdk: SDKTypes.AudioContent, spec: SpecTypes.AudioContent) => {\n sdk = spec;\n spec = sdk;\n },\n EmbeddedResource: (sdk: SDKTypes.EmbeddedResource, spec: SpecTypes.EmbeddedResource) => {\n sdk = spec;\n spec = sdk;\n },\n ResourceLink: (sdk: SDKTypes.ResourceLink, spec: SpecTypes.ResourceLink) => {\n sdk = spec;\n spec = sdk;\n },\n ContentBlock: (sdk: SDKTypes.ContentBlock, spec: SpecTypes.ContentBlock) => {\n sdk = spec;\n spec = sdk;\n },\n PromptMessage: (sdk: SDKTypes.PromptMessage, spec: SpecTypes.PromptMessage) => {\n sdk = spec;\n spec = sdk;\n },\n GetPromptResult: (sdk: SDKTypes.GetPromptResult, spec: SpecTypes.GetPromptResult) => {\n sdk = spec;\n spec = sdk;\n },\n BooleanSchema: (sdk: SDKTypes.BooleanSchema, spec: SpecTypes.BooleanSchema) => {\n sdk = spec;\n spec = sdk;\n },\n StringSchema: (sdk: SDKTypes.StringSchema, spec: SpecTypes.StringSchema) => {\n sdk = spec;\n spec = sdk;\n },\n NumberSchema: (sdk: SDKTypes.NumberSchema, spec: SpecTypes.NumberSchema) => {\n sdk = spec;\n spec = sdk;\n },\n EnumSchema: (sdk: SDKTypes.EnumSchema, spec: SpecTypes.EnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n UntitledSingleSelectEnumSchema: (sdk: SDKTypes.UntitledSingleSelectEnumSchema, spec: SpecTypes.UntitledSingleSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n TitledSingleSelectEnumSchema: (sdk: SDKTypes.TitledSingleSelectEnumSchema, spec: SpecTypes.TitledSingleSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n SingleSelectEnumSchema: (sdk: SDKTypes.SingleSelectEnumSchema, spec: SpecTypes.SingleSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n UntitledMultiSelectEnumSchema: (sdk: SDKTypes.UntitledMultiSelectEnumSchema, spec: SpecTypes.UntitledMultiSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n TitledMultiSelectEnumSchema: (sdk: SDKTypes.TitledMultiSelectEnumSchema, spec: SpecTypes.TitledMultiSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n MultiSelectEnumSchema: (sdk: SDKTypes.MultiSelectEnumSchema, spec: SpecTypes.MultiSelectEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n LegacyTitledEnumSchema: (sdk: SDKTypes.LegacyTitledEnumSchema, spec: SpecTypes.LegacyTitledEnumSchema) => {\n sdk = spec;\n spec = sdk;\n },\n PrimitiveSchemaDefinition: (sdk: SDKTypes.PrimitiveSchemaDefinition, spec: SpecTypes.PrimitiveSchemaDefinition) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCErrorResponse: (sdk: SDKTypes.JSONRPCErrorResponse, spec: SpecTypes.JSONRPCErrorResponse) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCResultResponse: (sdk: SDKTypes.JSONRPCResultResponse, spec: SpecTypes.JSONRPCResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n JSONRPCMessage: (sdk: SDKTypes.JSONRPCMessage, spec: SpecTypes.JSONRPCMessage) => {\n sdk = spec;\n spec = sdk;\n },\n CreateMessageRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.CreateMessageRequest) => {\n sdk = spec;\n spec = sdk;\n },\n InitializeRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.InitializeRequest) => {\n sdk = spec;\n spec = sdk;\n },\n InitializeResult: (sdk: SDKTypes.InitializeResult, spec: SpecTypes.InitializeResult) => {\n sdk = spec;\n spec = sdk;\n },\n ClientCapabilities: (sdk: SDKTypes.ClientCapabilities, spec: SpecTypes.ClientCapabilities) => {\n sdk = spec;\n spec = sdk;\n },\n ServerCapabilities: (sdk: SDKTypes.ServerCapabilities, spec: SpecTypes.ServerCapabilities) => {\n sdk = spec;\n spec = sdk;\n },\n ClientRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ClientRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ServerRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ServerRequest) => {\n sdk = spec;\n spec = sdk;\n },\n LoggingMessageNotification: (sdk: WithJSONRPC, spec: SpecTypes.LoggingMessageNotification) => {\n sdk = spec;\n spec = sdk;\n },\n ServerNotification: (sdk: WithJSONRPC, spec: SpecTypes.ServerNotification) => {\n sdk = spec;\n spec = sdk;\n },\n LoggingLevel: (sdk: SDKTypes.LoggingLevel, spec: SpecTypes.LoggingLevel) => {\n sdk = spec;\n spec = sdk;\n },\n Icon: (sdk: SDKTypes.Icon, spec: SpecTypes.Icon) => {\n sdk = spec;\n spec = sdk;\n },\n Icons: (sdk: SDKTypes.Icons, spec: SpecTypes.Icons) => {\n sdk = spec;\n spec = sdk;\n },\n ModelHint: (sdk: SDKTypes.ModelHint, spec: SpecTypes.ModelHint) => {\n sdk = spec;\n spec = sdk;\n },\n ModelPreferences: (sdk: SDKTypes.ModelPreferences, spec: SpecTypes.ModelPreferences) => {\n sdk = spec;\n spec = sdk;\n },\n ToolChoice: (sdk: SDKTypes.ToolChoice, spec: SpecTypes.ToolChoice) => {\n sdk = spec;\n spec = sdk;\n },\n ToolUseContent: (sdk: SDKTypes.ToolUseContent, spec: SpecTypes.ToolUseContent) => {\n sdk = spec;\n spec = sdk;\n },\n ToolResultContent: (sdk: SDKTypes.ToolResultContent, spec: SpecTypes.ToolResultContent) => {\n sdk = spec;\n spec = sdk;\n },\n SamplingMessageContentBlock: (sdk: SDKTypes.SamplingMessageContentBlock, spec: SpecTypes.SamplingMessageContentBlock) => {\n sdk = spec;\n spec = sdk;\n },\n Annotations: (sdk: SDKTypes.Annotations, spec: SpecTypes.Annotations) => {\n sdk = spec;\n spec = sdk;\n },\n Role: (sdk: SDKTypes.Role, spec: SpecTypes.Role) => {\n sdk = spec;\n spec = sdk;\n },\n TaskAugmentedRequestParams: (sdk: SDKTypes.TaskAugmentedRequestParams, spec: SpecTypes.TaskAugmentedRequestParams) => {\n sdk = spec;\n spec = sdk;\n },\n ToolExecution: (sdk: SDKTypes.ToolExecution, spec: SpecTypes.ToolExecution) => {\n sdk = spec;\n spec = sdk;\n },\n TaskStatus: (sdk: SDKTypes.TaskStatus, spec: SpecTypes.TaskStatus) => {\n sdk = spec;\n spec = sdk;\n },\n TaskMetadata: (sdk: SDKTypes.TaskMetadata, spec: SpecTypes.TaskMetadata) => {\n sdk = spec;\n spec = sdk;\n },\n RelatedTaskMetadata: (sdk: SDKTypes.RelatedTaskMetadata, spec: SpecTypes.RelatedTaskMetadata) => {\n sdk = spec;\n spec = sdk;\n },\n Task: (sdk: SDKTypes.Task, spec: SpecTypes.Task) => {\n sdk = spec;\n spec = sdk;\n },\n CreateTaskResult: (sdk: SDKTypes.CreateTaskResult, spec: SpecTypes.CreateTaskResult) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskResult: (sdk: SDKTypes.GetTaskResult, spec: SpecTypes.GetTaskResult) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskPayloadRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.GetTaskPayloadRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListTasksRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.ListTasksRequest) => {\n sdk = spec;\n spec = sdk;\n },\n ListTasksResult: (sdk: SDKTypes.ListTasksResult, spec: SpecTypes.ListTasksResult) => {\n sdk = spec;\n spec = sdk;\n },\n CancelTaskRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.CancelTaskRequest) => {\n sdk = spec;\n spec = sdk;\n },\n CancelTaskResult: (sdk: SDKTypes.CancelTaskResult, spec: SpecTypes.CancelTaskResult) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskRequest: (sdk: WithJSONRPCRequest, spec: SpecTypes.GetTaskRequest) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskPayloadResult: (sdk: SDKTypes.GetTaskPayloadResult, spec: SpecTypes.GetTaskPayloadResult) => {\n sdk = spec;\n spec = sdk;\n },\n TaskStatusNotificationParams: (sdk: SDKTypes.TaskStatusNotificationParams, spec: SpecTypes.TaskStatusNotificationParams) => {\n sdk = spec;\n spec = sdk;\n },\n TaskStatusNotification: (sdk: WithJSONRPC, spec: SpecTypes.TaskStatusNotification) => {\n sdk = spec;\n spec = sdk;\n },\n\n /* JSON primitives */\n JSONValue: (sdk: SDKTypes.JSONValue, spec: SpecTypes.JSONValue) => {\n sdk = spec;\n spec = sdk;\n },\n JSONObject: (sdk: SDKTypes.JSONObject, spec: SpecTypes.JSONObject) => {\n sdk = spec;\n spec = sdk;\n },\n JSONArray: (sdk: SDKTypes.JSONArray, spec: SpecTypes.JSONArray) => {\n sdk = spec;\n spec = sdk;\n },\n\n /* Meta types */\n MetaObject: (sdk: SDKTypes.MetaObject, spec: SpecTypes.MetaObject) => {\n sdk = spec;\n spec = sdk;\n },\n RequestMetaObject: (sdk: SDKTypes.RequestMetaObject, spec: SpecTypes.RequestMetaObject) => {\n sdk = spec;\n spec = sdk;\n },\n\n /* Error types */\n ParseError: (sdk: SDKTypes.ParseError, spec: SpecTypes.ParseError) => {\n sdk = spec;\n spec = sdk;\n },\n InvalidRequestError: (sdk: SDKTypes.InvalidRequestError, spec: SpecTypes.InvalidRequestError) => {\n sdk = spec;\n spec = sdk;\n },\n MethodNotFoundError: (sdk: SDKTypes.MethodNotFoundError, spec: SpecTypes.MethodNotFoundError) => {\n sdk = spec;\n spec = sdk;\n },\n InvalidParamsError: (sdk: SDKTypes.InvalidParamsError, spec: SpecTypes.InvalidParamsError) => {\n sdk = spec;\n spec = sdk;\n },\n InternalError: (sdk: SDKTypes.InternalError, spec: SpecTypes.InternalError) => {\n sdk = spec;\n spec = sdk;\n },\n\n /* ResultResponse types — see TypedResultResponse comment above */\n InitializeResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.InitializeResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n PingResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.PingResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourcesResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ListResourcesResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListResourceTemplatesResultResponse: (\n sdk: TypedResultResponse,\n spec: SpecTypes.ListResourceTemplatesResultResponse\n ) => {\n sdk = spec;\n spec = sdk;\n },\n ReadResourceResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ReadResourceResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n SubscribeResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.SubscribeResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n UnsubscribeResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.UnsubscribeResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListPromptsResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ListPromptsResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n GetPromptResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.GetPromptResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListToolsResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ListToolsResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n CallToolResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.CallToolResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n CreateTaskResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.CreateTaskResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.GetTaskResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n GetTaskPayloadResultResponse: (\n sdk: TypedResultResponse,\n spec: SpecTypes.GetTaskPayloadResultResponse\n ) => {\n sdk = spec;\n spec = sdk;\n },\n CancelTaskResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.CancelTaskResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListTasksResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ListTasksResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n SetLevelResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.SetLevelResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n CreateMessageResultResponse: (\n sdk: TypedResultResponse,\n spec: SpecTypes.CreateMessageResultResponse\n ) => {\n sdk = spec;\n spec = sdk;\n },\n CompleteResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.CompleteResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ListRootsResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ListRootsResultResponse) => {\n sdk = spec;\n spec = sdk;\n },\n ElicitResultResponse: (sdk: TypedResultResponse, spec: SpecTypes.ElicitResultResponse) => {\n sdk = spec;\n spec = sdk;\n }\n};\n\n// This file is .gitignore'd, and fetched by `npm run fetch:spec-types` (called by `npm run test`)\nconst SPEC_TYPES_FILE = path.resolve(__dirname, '../src/types/spec.types.ts');\nconst SDK_TYPES_FILE = path.resolve(__dirname, '../src/types/types.ts');\n\nconst MISSING_SDK_TYPES = [\n // These are inlined in the SDK:\n 'Error', // The inner error object of a JSONRPCError\n 'URLElicitationRequiredError' // In the SDK, but with a custom definition\n];\n\nfunction extractExportedTypes(source: string): string[] {\n const matches = [...source.matchAll(/export\\s+(?:interface|class|type)\\s+(\\w+)\\b/g)];\n return matches.map(m => m[1]!);\n}\n\ndescribe('Spec Types', () => {\n const specTypes = extractExportedTypes(fs.readFileSync(SPEC_TYPES_FILE, 'utf8'));\n const sdkTypes = extractExportedTypes(fs.readFileSync(SDK_TYPES_FILE, 'utf8'));\n const typesToCheck = specTypes.filter(type => !MISSING_SDK_TYPES.includes(type));\n\n it('should define some expected types', () => {\n expect(specTypes).toContain('JSONRPCNotification');\n expect(specTypes).toContain('ElicitResult');\n expect(specTypes).toHaveLength(176);\n });\n\n it('should have up to date list of missing sdk types', () => {\n for (const typeName of MISSING_SDK_TYPES) {\n expect(sdkTypes).not.toContain(typeName);\n }\n });\n\n it('should have comprehensive compatibility tests', () => {\n const missingTests = [];\n\n for (const typeName of typesToCheck) {\n if (!sdkTypeChecks[typeName as keyof typeof sdkTypeChecks]) {\n missingTests.push(typeName);\n }\n }\n\n expect(missingTests).toHaveLength(0);\n });\n\n describe('Missing SDK Types', () => {\n it.each(MISSING_SDK_TYPES)('%s should not be present in MISSING_SDK_TYPES if it has a compatibility test', type => {\n expect(sdkTypeChecks[type as keyof typeof sdkTypeChecks]).toBeUndefined();\n });\n });\n});\n" }, { "path": "packages/core/test/types.capabilities.test.ts", "content": "import { ClientCapabilitiesSchema, InitializeRequestParamsSchema } from '../src/types/types.js';\n\ndescribe('ClientCapabilitiesSchema backwards compatibility', () => {\n describe('ElicitationCapabilitySchema preprocessing', () => {\n it('should inject form capability when elicitation is an empty object', () => {\n const capabilities = {\n elicitation: {}\n };\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n expect(result.elicitation).toBeDefined();\n expect(result.elicitation?.form).toBeDefined();\n expect(result.elicitation?.form).toEqual({});\n expect(result.elicitation?.url).toBeUndefined();\n });\n\n it('should preserve form capability configuration including applyDefaults', () => {\n const capabilities = {\n elicitation: {\n form: {\n applyDefaults: true\n }\n }\n };\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n expect(result.elicitation).toBeDefined();\n expect(result.elicitation?.form).toBeDefined();\n expect(result.elicitation?.form).toEqual({ applyDefaults: true });\n expect(result.elicitation?.url).toBeUndefined();\n });\n\n it('should not inject form capability when form is explicitly declared', () => {\n const capabilities = {\n elicitation: {\n form: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n expect(result.elicitation).toBeDefined();\n expect(result.elicitation?.form).toBeDefined();\n expect(result.elicitation?.form).toEqual({});\n expect(result.elicitation?.url).toBeUndefined();\n });\n\n it('should not inject form capability when url is explicitly declared', () => {\n const capabilities = {\n elicitation: {\n url: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n expect(result.elicitation).toBeDefined();\n expect(result.elicitation?.url).toBeDefined();\n expect(result.elicitation?.url).toEqual({});\n expect(result.elicitation?.form).toBeUndefined();\n });\n\n it('should not inject form capability when both form and url are explicitly declared', () => {\n const capabilities = {\n elicitation: {\n form: {},\n url: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n expect(result.elicitation).toBeDefined();\n expect(result.elicitation?.form).toBeDefined();\n expect(result.elicitation?.url).toBeDefined();\n expect(result.elicitation?.form).toEqual({});\n expect(result.elicitation?.url).toEqual({});\n });\n\n it('should not inject form capability when elicitation is undefined', () => {\n const capabilities = {};\n\n const result = ClientCapabilitiesSchema.parse(capabilities);\n // When elicitation is not provided, it should remain undefined\n expect(result.elicitation).toBeUndefined();\n });\n\n it('should work within InitializeRequestParamsSchema context', () => {\n const initializeParams = {\n protocolVersion: '2025-11-25',\n capabilities: {\n elicitation: {}\n },\n clientInfo: {\n name: 'test client',\n version: '1.0'\n }\n };\n\n const result = InitializeRequestParamsSchema.parse(initializeParams);\n expect(result.capabilities.elicitation).toBeDefined();\n expect(result.capabilities.elicitation?.form).toBeDefined();\n expect(result.capabilities.elicitation?.form).toEqual({});\n });\n });\n});\n" }, { "path": "packages/core/test/types.test.ts", "content": "import {\n CallToolResultSchema,\n ClientCapabilitiesSchema,\n CompleteRequestSchema,\n ContentBlockSchema,\n CreateMessageRequestSchema,\n CreateMessageResultSchema,\n CreateMessageResultWithToolsSchema,\n LATEST_PROTOCOL_VERSION,\n PromptMessageSchema,\n ResourceLinkSchema,\n SamplingMessageSchema,\n SUPPORTED_PROTOCOL_VERSIONS,\n ToolChoiceSchema,\n ToolResultContentSchema,\n ToolSchema,\n ToolUseContentSchema\n} from '../src/types/types.js';\n\ndescribe('Types', () => {\n test('should have correct latest protocol version', () => {\n expect(LATEST_PROTOCOL_VERSION).toBeDefined();\n expect(LATEST_PROTOCOL_VERSION).toBe('2025-11-25');\n });\n test('should have correct supported protocol versions', () => {\n expect(SUPPORTED_PROTOCOL_VERSIONS).toBeDefined();\n expect(SUPPORTED_PROTOCOL_VERSIONS).toBeInstanceOf(Array);\n expect(SUPPORTED_PROTOCOL_VERSIONS).toContain(LATEST_PROTOCOL_VERSION);\n expect(SUPPORTED_PROTOCOL_VERSIONS).toContain('2025-06-18');\n expect(SUPPORTED_PROTOCOL_VERSIONS).toContain('2025-03-26');\n expect(SUPPORTED_PROTOCOL_VERSIONS).toContain('2024-11-05');\n expect(SUPPORTED_PROTOCOL_VERSIONS).toContain('2024-10-07');\n });\n\n describe('ResourceLink', () => {\n test('should validate a minimal ResourceLink', () => {\n const resourceLink = {\n type: 'resource_link',\n uri: 'file:///path/to/file.txt',\n name: 'file.txt'\n };\n\n const result = ResourceLinkSchema.safeParse(resourceLink);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('resource_link');\n expect(result.data.uri).toBe('file:///path/to/file.txt');\n expect(result.data.name).toBe('file.txt');\n }\n });\n\n test('should validate a ResourceLink with all optional fields', () => {\n const resourceLink = {\n type: 'resource_link',\n uri: 'https://example.com/resource',\n name: 'Example Resource',\n title: 'A comprehensive example resource',\n description: 'This resource demonstrates all fields',\n mimeType: 'text/plain',\n _meta: { custom: 'metadata' }\n };\n\n const result = ResourceLinkSchema.safeParse(resourceLink);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.title).toBe('A comprehensive example resource');\n expect(result.data.description).toBe('This resource demonstrates all fields');\n expect(result.data.mimeType).toBe('text/plain');\n expect(result.data._meta).toEqual({ custom: 'metadata' });\n }\n });\n\n test('should fail validation for invalid type', () => {\n const invalidResourceLink = {\n type: 'invalid_type',\n uri: 'file:///path/to/file.txt',\n name: 'file.txt'\n };\n\n const result = ResourceLinkSchema.safeParse(invalidResourceLink);\n expect(result.success).toBe(false);\n });\n\n test('should fail validation for missing required fields', () => {\n const invalidResourceLink = {\n type: 'resource_link',\n uri: 'file:///path/to/file.txt'\n // missing name\n };\n\n const result = ResourceLinkSchema.safeParse(invalidResourceLink);\n expect(result.success).toBe(false);\n });\n });\n\n describe('ContentBlock', () => {\n test('should validate text content', () => {\n const mockDate = new Date().toISOString();\n const textContent = {\n type: 'text',\n text: 'Hello, world!',\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n };\n\n const result = ContentBlockSchema.safeParse(textContent);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('text');\n expect(result.data.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n }\n });\n\n test('should validate image content', () => {\n const mockDate = new Date().toISOString();\n const imageContent = {\n type: 'image',\n data: 'aGVsbG8=', // base64 encoded \"hello\"\n mimeType: 'image/png',\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n };\n\n const result = ContentBlockSchema.safeParse(imageContent);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('image');\n expect(result.data.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n }\n });\n\n test('should validate audio content', () => {\n const mockDate = new Date().toISOString();\n const audioContent = {\n type: 'audio',\n data: 'aGVsbG8=', // base64 encoded \"hello\"\n mimeType: 'audio/mp3',\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n };\n\n const result = ContentBlockSchema.safeParse(audioContent);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('audio');\n expect(result.data.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n }\n });\n\n test('should validate resource link content', () => {\n const mockDate = new Date().toISOString();\n const resourceLink = {\n type: 'resource_link',\n uri: 'file:///path/to/file.txt',\n name: 'file.txt',\n mimeType: 'text/plain',\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n };\n\n const result = ContentBlockSchema.safeParse(resourceLink);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('resource_link');\n expect(result.data.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n }\n });\n\n test('should validate embedded resource content', () => {\n const mockDate = new Date().toISOString();\n const embeddedResource = {\n type: 'resource',\n resource: {\n uri: 'file:///path/to/file.txt',\n mimeType: 'text/plain',\n text: 'File contents'\n },\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n };\n\n const result = ContentBlockSchema.safeParse(embeddedResource);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('resource');\n expect(result.data.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n }\n });\n });\n\n describe('PromptMessage with ContentBlock', () => {\n test('should validate prompt message with resource link', () => {\n const promptMessage = {\n role: 'assistant',\n content: {\n type: 'resource_link',\n uri: 'file:///project/src/main.rs',\n name: 'main.rs',\n description: 'Primary application entry point',\n mimeType: 'text/x-rust'\n }\n };\n\n const result = PromptMessageSchema.safeParse(promptMessage);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.content.type).toBe('resource_link');\n }\n });\n });\n\n describe('CallToolResult with ContentBlock', () => {\n test('should validate tool result with resource links', () => {\n const toolResult = {\n content: [\n {\n type: 'text',\n text: 'Found the following files:'\n },\n {\n type: 'resource_link',\n uri: 'file:///project/src/main.rs',\n name: 'main.rs',\n description: 'Primary application entry point',\n mimeType: 'text/x-rust'\n },\n {\n type: 'resource_link',\n uri: 'file:///project/src/lib.rs',\n name: 'lib.rs',\n description: 'Library exports',\n mimeType: 'text/x-rust'\n }\n ]\n };\n\n const result = CallToolResultSchema.safeParse(toolResult);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.content).toHaveLength(3);\n expect(result.data.content[0]?.type).toBe('text');\n expect(result.data.content[1]?.type).toBe('resource_link');\n expect(result.data.content[2]?.type).toBe('resource_link');\n }\n });\n\n test('should validate empty content array with default', () => {\n const toolResult = {};\n\n const result = CallToolResultSchema.safeParse(toolResult);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.content).toEqual([]);\n }\n });\n });\n\n describe('CompleteRequest', () => {\n test('should validate a CompleteRequest without resolved field', () => {\n const request = {\n method: 'completion/complete',\n params: {\n ref: { type: 'ref/prompt', name: 'greeting' },\n argument: { name: 'name', value: 'A' }\n }\n };\n\n const result = CompleteRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.method).toBe('completion/complete');\n expect(result.data.params.ref.type).toBe('ref/prompt');\n expect(result.data.params.context).toBeUndefined();\n }\n });\n\n test('should validate a CompleteRequest with resolved field', () => {\n const request = {\n method: 'completion/complete',\n params: {\n ref: { type: 'ref/resource', uri: 'github://repos/{owner}/{repo}' },\n argument: { name: 'repo', value: 't' },\n context: {\n arguments: {\n '{owner}': 'microsoft'\n }\n }\n }\n };\n\n const result = CompleteRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.context?.arguments).toEqual({\n '{owner}': 'microsoft'\n });\n }\n });\n\n test('should validate a CompleteRequest with empty resolved field', () => {\n const request = {\n method: 'completion/complete',\n params: {\n ref: { type: 'ref/prompt', name: 'test' },\n argument: { name: 'arg', value: '' },\n context: {\n arguments: {}\n }\n }\n };\n\n const result = CompleteRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.context?.arguments).toEqual({});\n }\n });\n\n test('should validate a CompleteRequest with multiple resolved variables', () => {\n const request = {\n method: 'completion/complete',\n params: {\n ref: { type: 'ref/resource', uri: 'api://v1/{tenant}/{resource}/{id}' },\n argument: { name: 'id', value: '123' },\n context: {\n arguments: {\n '{tenant}': 'acme-corp',\n '{resource}': 'users'\n }\n }\n }\n };\n\n const result = CompleteRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.context?.arguments).toEqual({\n '{tenant}': 'acme-corp',\n '{resource}': 'users'\n });\n }\n });\n });\n\n describe('ToolSchema - JSON Schema 2020-12 support', () => {\n test('should accept inputSchema with $schema field', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n $schema: 'https://json-schema.org/draft/2020-12/schema',\n type: 'object',\n properties: { name: { type: 'string' } }\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should accept inputSchema with additionalProperties', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'object',\n properties: { name: { type: 'string' } },\n additionalProperties: false\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should accept inputSchema with composition keywords', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'object',\n allOf: [{ properties: { a: { type: 'string' } } }, { properties: { b: { type: 'number' } } }]\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should accept inputSchema with $ref and $defs', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'object',\n properties: { user: { $ref: '#/$defs/User' } },\n $defs: {\n User: { type: 'object', properties: { name: { type: 'string' } } }\n }\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should accept inputSchema with metadata keywords', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'object',\n title: 'User Input',\n description: 'Input parameters for user creation',\n deprecated: false,\n examples: [{ name: 'John' }],\n properties: { name: { type: 'string' } }\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should accept outputSchema with full JSON Schema features', () => {\n const tool = {\n name: 'test',\n inputSchema: { type: 'object' },\n outputSchema: {\n type: 'object',\n properties: {\n id: { type: 'string' },\n tags: { type: 'array' }\n },\n required: ['id'],\n additionalProperties: false,\n minProperties: 1\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n\n test('should still require type: object at root for inputSchema', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'string'\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(false);\n });\n\n test('should still require type: object at root for outputSchema', () => {\n const tool = {\n name: 'test',\n inputSchema: { type: 'object' },\n outputSchema: {\n type: 'array'\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(false);\n });\n\n test('should accept simple minimal schema (backward compatibility)', () => {\n const tool = {\n name: 'test',\n inputSchema: {\n type: 'object',\n properties: { name: { type: 'string' } },\n required: ['name']\n }\n };\n const result = ToolSchema.safeParse(tool);\n expect(result.success).toBe(true);\n });\n });\n\n describe('ToolUseContent', () => {\n test('should validate a tool call content', () => {\n const toolCall = {\n type: 'tool_use',\n id: 'call_123',\n name: 'get_weather',\n input: { city: 'San Francisco', units: 'celsius' }\n };\n\n const result = ToolUseContentSchema.safeParse(toolCall);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('tool_use');\n expect(result.data.id).toBe('call_123');\n expect(result.data.name).toBe('get_weather');\n expect(result.data.input).toEqual({ city: 'San Francisco', units: 'celsius' });\n }\n });\n\n test('should validate tool call with _meta', () => {\n const toolCall = {\n type: 'tool_use',\n id: 'call_456',\n name: 'search',\n input: { query: 'test' },\n _meta: { custom: 'data' }\n };\n\n const result = ToolUseContentSchema.safeParse(toolCall);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data._meta).toEqual({ custom: 'data' });\n }\n });\n\n test('should fail validation for missing required fields', () => {\n const invalidToolCall = {\n type: 'tool_use',\n name: 'test'\n // missing id and input\n };\n\n const result = ToolUseContentSchema.safeParse(invalidToolCall);\n expect(result.success).toBe(false);\n });\n });\n\n describe('ToolResultContent', () => {\n test('should validate a tool result content', () => {\n const toolResult = {\n type: 'tool_result',\n toolUseId: 'call_123',\n structuredContent: { temperature: 72, condition: 'sunny' }\n };\n\n const result = ToolResultContentSchema.safeParse(toolResult);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.type).toBe('tool_result');\n expect(result.data.toolUseId).toBe('call_123');\n expect(result.data.structuredContent).toEqual({ temperature: 72, condition: 'sunny' });\n }\n });\n\n test('should validate tool result with error in content', () => {\n const toolResult = {\n type: 'tool_result',\n toolUseId: 'call_456',\n structuredContent: { error: 'API_ERROR', message: 'Service unavailable' },\n isError: true\n };\n\n const result = ToolResultContentSchema.safeParse(toolResult);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.structuredContent).toEqual({ error: 'API_ERROR', message: 'Service unavailable' });\n expect(result.data.isError).toBe(true);\n }\n });\n\n test('should fail validation for missing required fields', () => {\n const invalidToolResult = {\n type: 'tool_result',\n content: { data: 'test' }\n // missing toolUseId\n };\n\n const result = ToolResultContentSchema.safeParse(invalidToolResult);\n expect(result.success).toBe(false);\n });\n });\n\n describe('ToolChoice', () => {\n test('should validate tool choice with mode auto', () => {\n const toolChoice = {\n mode: 'auto'\n };\n\n const result = ToolChoiceSchema.safeParse(toolChoice);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.mode).toBe('auto');\n }\n });\n\n test('should validate tool choice with mode required', () => {\n const toolChoice = {\n mode: 'required'\n };\n\n const result = ToolChoiceSchema.safeParse(toolChoice);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.mode).toBe('required');\n }\n });\n\n test('should validate empty tool choice', () => {\n const toolChoice = {};\n\n const result = ToolChoiceSchema.safeParse(toolChoice);\n expect(result.success).toBe(true);\n });\n\n test('should fail validation for invalid mode', () => {\n const invalidToolChoice = {\n mode: 'invalid'\n };\n\n const result = ToolChoiceSchema.safeParse(invalidToolChoice);\n expect(result.success).toBe(false);\n });\n });\n\n describe('SamplingMessage content types', () => {\n test('should validate user message with text', () => {\n const userMessage = {\n role: 'user',\n content: { type: 'text', text: \"What's the weather?\" }\n };\n\n const result = SamplingMessageSchema.safeParse(userMessage);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.role).toBe('user');\n if (!Array.isArray(result.data.content)) {\n expect(result.data.content.type).toBe('text');\n }\n }\n });\n\n test('should validate user message with tool result', () => {\n const userMessage = {\n role: 'user',\n content: {\n type: 'tool_result',\n toolUseId: 'call_123',\n content: []\n }\n };\n\n const result = SamplingMessageSchema.safeParse(userMessage);\n expect(result.success).toBe(true);\n if (result.success && !Array.isArray(result.data.content)) {\n expect(result.data.content.type).toBe('tool_result');\n }\n });\n\n test('should validate assistant message with text', () => {\n const assistantMessage = {\n role: 'assistant',\n content: { type: 'text', text: \"I'll check the weather for you.\" }\n };\n\n const result = SamplingMessageSchema.safeParse(assistantMessage);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.role).toBe('assistant');\n }\n });\n\n test('should validate assistant message with tool call', () => {\n const assistantMessage = {\n role: 'assistant',\n content: {\n type: 'tool_use',\n id: 'call_123',\n name: 'get_weather',\n input: { city: 'SF' }\n }\n };\n\n const result = SamplingMessageSchema.safeParse(assistantMessage);\n expect(result.success).toBe(true);\n if (result.success && !Array.isArray(result.data.content)) {\n expect(result.data.content.type).toBe('tool_use');\n }\n });\n\n test('should validate any content type for any role', () => {\n // The simplified schema allows any content type for any role\n const assistantWithToolResult = {\n role: 'assistant',\n content: {\n type: 'tool_result',\n toolUseId: 'call_123',\n content: []\n }\n };\n\n const result1 = SamplingMessageSchema.safeParse(assistantWithToolResult);\n expect(result1.success).toBe(true);\n\n const userWithToolUse = {\n role: 'user',\n content: {\n type: 'tool_use',\n id: 'call_123',\n name: 'test',\n input: {}\n }\n };\n\n const result2 = SamplingMessageSchema.safeParse(userWithToolUse);\n expect(result2.success).toBe(true);\n });\n });\n\n describe('SamplingMessage', () => {\n test('should validate user message via discriminated union', () => {\n const message = {\n role: 'user',\n content: { type: 'text', text: 'Hello' }\n };\n\n const result = SamplingMessageSchema.safeParse(message);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.role).toBe('user');\n }\n });\n\n test('should validate assistant message via discriminated union', () => {\n const message = {\n role: 'assistant',\n content: { type: 'text', text: 'Hi there!' }\n };\n\n const result = SamplingMessageSchema.safeParse(message);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.role).toBe('assistant');\n }\n });\n });\n\n describe('CreateMessageRequest', () => {\n test('should validate request without tools', () => {\n const request = {\n method: 'sampling/createMessage',\n params: {\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n maxTokens: 1000\n }\n };\n\n const result = CreateMessageRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.tools).toBeUndefined();\n }\n });\n\n test('should validate request with tools', () => {\n const request = {\n method: 'sampling/createMessage',\n params: {\n messages: [{ role: 'user', content: { type: 'text', text: \"What's the weather?\" } }],\n maxTokens: 1000,\n tools: [\n {\n name: 'get_weather',\n description: 'Get weather for a location',\n inputSchema: {\n type: 'object',\n properties: {\n location: { type: 'string' }\n },\n required: ['location']\n }\n }\n ],\n toolChoice: {\n mode: 'auto'\n }\n }\n };\n\n const result = CreateMessageRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.tools).toHaveLength(1);\n expect(result.data.params.toolChoice?.mode).toBe('auto');\n }\n });\n\n test('should validate request with includeContext (soft-deprecated)', () => {\n const request = {\n method: 'sampling/createMessage',\n params: {\n messages: [{ role: 'user', content: { type: 'text', text: 'Help' } }],\n maxTokens: 1000,\n includeContext: 'thisServer'\n }\n };\n\n const result = CreateMessageRequestSchema.safeParse(request);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.params.includeContext).toBe('thisServer');\n }\n });\n });\n\n describe('CreateMessageResult', () => {\n test('should validate result with text content', () => {\n const result = {\n model: 'claude-3-5-sonnet-20241022',\n role: 'assistant',\n content: { type: 'text', text: \"Here's the answer.\" },\n stopReason: 'endTurn'\n };\n\n const parseResult = CreateMessageResultSchema.safeParse(result);\n expect(parseResult.success).toBe(true);\n if (parseResult.success) {\n expect(parseResult.data.role).toBe('assistant');\n expect(parseResult.data.stopReason).toBe('endTurn');\n }\n });\n\n test('should validate result with tool call (using WithTools schema)', () => {\n const result = {\n model: 'claude-3-5-sonnet-20241022',\n role: 'assistant',\n content: {\n type: 'tool_use',\n id: 'call_123',\n name: 'get_weather',\n input: { city: 'SF' }\n },\n stopReason: 'toolUse'\n };\n\n // Tool call results use CreateMessageResultWithToolsSchema\n const parseResult = CreateMessageResultWithToolsSchema.safeParse(result);\n expect(parseResult.success).toBe(true);\n if (parseResult.success) {\n expect(parseResult.data.stopReason).toBe('toolUse');\n const content = parseResult.data.content;\n expect(Array.isArray(content)).toBe(false);\n if (!Array.isArray(content)) {\n expect(content.type).toBe('tool_use');\n }\n }\n\n // Basic CreateMessageResultSchema should NOT accept tool_use content\n const basicResult = CreateMessageResultSchema.safeParse(result);\n expect(basicResult.success).toBe(false);\n });\n\n test('should validate result with array content (using WithTools schema)', () => {\n const result = {\n model: 'claude-3-5-sonnet-20241022',\n role: 'assistant',\n content: [\n { type: 'text', text: 'Let me check the weather.' },\n {\n type: 'tool_use',\n id: 'call_123',\n name: 'get_weather',\n input: { city: 'SF' }\n }\n ],\n stopReason: 'toolUse'\n };\n\n // Array content uses CreateMessageResultWithToolsSchema\n const parseResult = CreateMessageResultWithToolsSchema.safeParse(result);\n expect(parseResult.success).toBe(true);\n if (parseResult.success) {\n expect(parseResult.data.stopReason).toBe('toolUse');\n const content = parseResult.data.content;\n expect(Array.isArray(content)).toBe(true);\n if (Array.isArray(content)) {\n expect(content).toHaveLength(2);\n expect(content[0]?.type).toBe('text');\n expect(content[1]?.type).toBe('tool_use');\n }\n }\n\n // Basic CreateMessageResultSchema should NOT accept array content\n const basicResult = CreateMessageResultSchema.safeParse(result);\n expect(basicResult.success).toBe(false);\n });\n\n test('should validate all new stop reasons', () => {\n const stopReasons = ['endTurn', 'stopSequence', 'maxTokens', 'toolUse', 'refusal', 'other'];\n\n for (const stopReason of stopReasons) {\n const result = {\n model: 'test',\n role: 'assistant',\n content: { type: 'text', text: 'test' },\n stopReason\n };\n\n const parseResult = CreateMessageResultSchema.safeParse(result);\n expect(parseResult.success).toBe(true);\n }\n });\n\n test('should allow custom stop reason string', () => {\n const result = {\n model: 'test',\n role: 'assistant',\n content: { type: 'text', text: 'test' },\n stopReason: 'custom_provider_reason'\n };\n\n const parseResult = CreateMessageResultSchema.safeParse(result);\n expect(parseResult.success).toBe(true);\n });\n });\n\n describe('ClientCapabilities with sampling', () => {\n test('should validate capabilities with sampling.tools', () => {\n const capabilities = {\n sampling: {\n tools: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.safeParse(capabilities);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.sampling?.tools).toBeDefined();\n }\n });\n\n test('should validate capabilities with sampling.context', () => {\n const capabilities = {\n sampling: {\n context: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.safeParse(capabilities);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.sampling?.context).toBeDefined();\n }\n });\n\n test('should validate capabilities with both', () => {\n const capabilities = {\n sampling: {\n context: {},\n tools: {}\n }\n };\n\n const result = ClientCapabilitiesSchema.safeParse(capabilities);\n expect(result.success).toBe(true);\n if (result.success) {\n expect(result.data.sampling?.context).toBeDefined();\n expect(result.data.sampling?.tools).toBeDefined();\n }\n });\n });\n});\n" }, { "path": "packages/core/test/validators/validators.test.ts", "content": "/**\n * Tests all validator providers with various JSON Schema 2020-12 features\n * Based on MCP specification for elicitation schemas:\n * https://modelcontextprotocol.io/specification/draft/client/elicitation.md\n */\n\nimport { readFileSync } from 'node:fs';\nimport path from 'node:path';\n\nimport { vi } from 'vitest';\n\nimport { AjvJsonSchemaValidator } from '../../src/validators/ajvProvider.js';\nimport { CfWorkerJsonSchemaValidator } from '../../src/validators/cfWorkerProvider.js';\nimport type { JsonSchemaType } from '../../src/validators/types.js';\n\n// Test with both AJV and CfWorker validators\n// AJV validator will use default configuration with format validation enabled\nconst validators = [\n { name: 'AJV', provider: new AjvJsonSchemaValidator() },\n { name: 'CfWorker', provider: new CfWorkerJsonSchemaValidator() }\n];\n\ndescribe('JSON Schema Validators', () => {\n describe.each(validators)('$name Validator', ({ provider }) => {\n describe('String schemas', () => {\n it('validates basic string', () => {\n const schema: JsonSchemaType = {\n type: 'string'\n };\n const validator = provider.getValidator(schema);\n\n const validResult = validator('hello');\n expect(validResult.valid).toBe(true);\n expect(validResult.data).toBe('hello');\n\n const invalidResult = validator(123);\n expect(invalidResult.valid).toBe(false);\n expect(invalidResult.errorMessage).toBeDefined();\n });\n\n it('validates string with title and description', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n title: 'Name',\n description: \"User's full name\"\n };\n const validator = provider.getValidator(schema);\n\n const result = validator('John Doe');\n expect(result.valid).toBe(true);\n expect(result.data).toBe('John Doe');\n });\n\n it('validates string with length constraints', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n minLength: 3,\n maxLength: 10\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('abc').valid).toBe(true);\n expect(validator('abcdefghij').valid).toBe(true);\n expect(validator('ab').valid).toBe(false);\n expect(validator('abcdefghijk').valid).toBe(false);\n });\n\n it('validates email format', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n format: 'email'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('user@example.com').valid).toBe(true);\n expect(validator('invalid-email').valid).toBe(false);\n });\n\n it('validates URI format', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n format: 'uri'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('https://example.com').valid).toBe(true);\n expect(validator('not-a-uri').valid).toBe(false);\n });\n\n it('validates date-time format', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n format: 'date-time'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('2025-10-17T12:00:00Z').valid).toBe(true);\n expect(validator('not-a-date').valid).toBe(false);\n });\n\n it('validates string pattern', () => {\n const schema: JsonSchemaType = {\n type: 'string',\n pattern: '^[A-Z]{3}$'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('ABC').valid).toBe(true);\n expect(validator('abc').valid).toBe(false);\n expect(validator('ABCD').valid).toBe(false);\n });\n });\n\n describe('Number schemas', () => {\n it('validates number type', () => {\n const schema: JsonSchemaType = {\n type: 'number'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(42).valid).toBe(true);\n expect(validator(3.14).valid).toBe(true);\n expect(validator('42').valid).toBe(false);\n });\n\n it('validates integer type', () => {\n const schema: JsonSchemaType = {\n type: 'integer'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(42).valid).toBe(true);\n expect(validator(3.14).valid).toBe(false);\n });\n\n it('validates number range', () => {\n const schema: JsonSchemaType = {\n type: 'number',\n minimum: 0,\n maximum: 100\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(0).valid).toBe(true);\n expect(validator(50).valid).toBe(true);\n expect(validator(100).valid).toBe(true);\n expect(validator(-1).valid).toBe(false);\n expect(validator(101).valid).toBe(false);\n });\n });\n\n describe('Boolean schemas', () => {\n it('validates boolean type', () => {\n const schema: JsonSchemaType = {\n type: 'boolean'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(true).valid).toBe(true);\n expect(validator(false).valid).toBe(true);\n expect(validator('true').valid).toBe(false);\n expect(validator(1).valid).toBe(false);\n });\n\n it('validates boolean with default', () => {\n const schema: JsonSchemaType = {\n type: 'boolean',\n default: false\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(true).valid).toBe(true);\n expect(validator(false).valid).toBe(true);\n });\n });\n\n describe('Enum schemas', () => {\n it('validates enum values', () => {\n const schema: JsonSchemaType = {\n enum: ['red', 'green', 'blue']\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('red').valid).toBe(true);\n expect(validator('green').valid).toBe(true);\n expect(validator('blue').valid).toBe(true);\n expect(validator('yellow').valid).toBe(false);\n });\n\n it('validates enum with mixed types', () => {\n const schema: JsonSchemaType = {\n enum: ['option1', 42, true, null]\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('option1').valid).toBe(true);\n expect(validator(42).valid).toBe(true);\n expect(validator(true).valid).toBe(true);\n expect(validator(null).valid).toBe(true);\n expect(validator('other').valid).toBe(false);\n });\n });\n\n describe('Object schemas', () => {\n it('validates simple object', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n name: { type: 'string' },\n age: { type: 'number' }\n },\n required: ['name']\n };\n const validator = provider.getValidator(schema);\n\n expect(validator({ name: 'John', age: 30 }).valid).toBe(true);\n expect(validator({ name: 'John' }).valid).toBe(true);\n expect(validator({ age: 30 }).valid).toBe(false);\n expect(validator({}).valid).toBe(false);\n });\n\n it('validates nested objects', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n user: {\n type: 'object',\n properties: {\n name: { type: 'string' },\n email: { type: 'string', format: 'email' }\n },\n required: ['name']\n }\n },\n required: ['user']\n };\n const validator = provider.getValidator(schema);\n\n expect(\n validator({\n user: { name: 'John', email: 'john@example.com' }\n }).valid\n ).toBe(true);\n\n expect(\n validator({\n user: { name: 'John' }\n }).valid\n ).toBe(true);\n\n expect(\n validator({\n user: { email: 'john@example.com' }\n }).valid\n ).toBe(false);\n });\n\n it('validates object with additionalProperties: false', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n additionalProperties: false\n };\n const validator = provider.getValidator(schema);\n\n expect(validator({ name: 'John' }).valid).toBe(true);\n expect(validator({ name: 'John', extra: 'field' }).valid).toBe(false);\n });\n });\n\n describe('Array schemas', () => {\n it('validates array of strings', () => {\n const schema: JsonSchemaType = {\n type: 'array',\n items: { type: 'string' }\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(['a', 'b', 'c']).valid).toBe(true);\n expect(validator([]).valid).toBe(true);\n expect(validator(['a', 1, 'c']).valid).toBe(false);\n });\n\n it('validates array length constraints', () => {\n const schema: JsonSchemaType = {\n type: 'array',\n items: { type: 'number' },\n minItems: 1,\n maxItems: 3\n };\n const validator = provider.getValidator(schema);\n\n expect(validator([1]).valid).toBe(true);\n expect(validator([1, 2, 3]).valid).toBe(true);\n expect(validator([]).valid).toBe(false);\n expect(validator([1, 2, 3, 4]).valid).toBe(false);\n });\n\n it('validates array with unique items', () => {\n const schema: JsonSchemaType = {\n type: 'array',\n items: { type: 'number' },\n uniqueItems: true\n };\n const validator = provider.getValidator(schema);\n\n expect(validator([1, 2, 3]).valid).toBe(true);\n expect(validator([1, 2, 2, 3]).valid).toBe(false);\n });\n });\n\n describe('JSON Schema 2020-12 features', () => {\n it('validates schema with $schema field', () => {\n const schema: JsonSchemaType = {\n $schema: 'https://json-schema.org/draft/2020-12/schema',\n type: 'string'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('test').valid).toBe(true);\n });\n\n it('validates schema with $id field', () => {\n const schema: JsonSchemaType = {\n $id: 'https://example.com/schemas/test',\n type: 'number'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator(42).valid).toBe(true);\n });\n\n it('validates with allOf', () => {\n const schema: JsonSchemaType = {\n allOf: [\n { type: 'object', properties: { name: { type: 'string' } } },\n { type: 'object', properties: { age: { type: 'number' } } }\n ]\n };\n const validator = provider.getValidator(schema);\n\n expect(validator({ name: 'John', age: 30 }).valid).toBe(true);\n expect(validator({ name: 'John' }).valid).toBe(true);\n expect(validator({ name: 123 }).valid).toBe(false);\n });\n\n it('validates with anyOf', () => {\n const schema: JsonSchemaType = {\n anyOf: [{ type: 'string' }, { type: 'number' }]\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('test').valid).toBe(true);\n expect(validator(42).valid).toBe(true);\n expect(validator(true).valid).toBe(false);\n });\n\n it('validates with oneOf', () => {\n const schema: JsonSchemaType = {\n oneOf: [\n { type: 'string', minLength: 5 },\n { type: 'string', maxLength: 3 }\n ]\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('ab').valid).toBe(true); // Matches second only\n expect(validator('hello').valid).toBe(true); // Matches first only\n expect(validator('abcd').valid).toBe(false); // Matches neither\n });\n\n it('validates with not', () => {\n const schema: JsonSchemaType = {\n not: { type: 'null' }\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('test').valid).toBe(true);\n expect(validator(42).valid).toBe(true);\n expect(validator(null).valid).toBe(false);\n });\n\n it('validates with const', () => {\n const schema: JsonSchemaType = {\n const: 'specific-value'\n };\n const validator = provider.getValidator(schema);\n\n expect(validator('specific-value').valid).toBe(true);\n expect(validator('other-value').valid).toBe(false);\n });\n });\n\n describe('Complex real-world schemas', () => {\n it('validates user registration form', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n username: {\n type: 'string',\n minLength: 3,\n maxLength: 20,\n pattern: '^[a-zA-Z0-9_]+$'\n },\n email: {\n type: 'string',\n format: 'email'\n },\n age: {\n type: 'integer',\n minimum: 18,\n maximum: 120\n },\n newsletter: {\n type: 'boolean',\n default: false\n }\n },\n required: ['username', 'email']\n };\n const validator = provider.getValidator(schema);\n\n expect(\n validator({\n username: 'john_doe',\n email: 'john@example.com',\n age: 25,\n newsletter: true\n }).valid\n ).toBe(true);\n\n expect(\n validator({\n username: 'john_doe',\n email: 'john@example.com'\n }).valid\n ).toBe(true);\n\n expect(\n validator({\n username: 'ab', // Too short\n email: 'john@example.com'\n }).valid\n ).toBe(false);\n\n expect(\n validator({\n username: 'john_doe',\n email: 'invalid-email'\n }).valid\n ).toBe(false);\n });\n\n it('validates API response with nested structure', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n status: {\n type: 'string',\n enum: ['success', 'error', 'pending']\n },\n data: {\n type: 'object',\n properties: {\n id: { type: 'string' },\n items: {\n type: 'array',\n items: {\n type: 'object',\n properties: {\n name: { type: 'string' },\n quantity: { type: 'integer', minimum: 1 }\n },\n required: ['name', 'quantity']\n }\n }\n },\n required: ['id', 'items']\n },\n timestamp: {\n type: 'string',\n format: 'date-time'\n }\n },\n required: ['status', 'data']\n };\n const validator = provider.getValidator(schema);\n\n expect(\n validator({\n status: 'success',\n data: {\n id: '123',\n items: [\n { name: 'Item 1', quantity: 5 },\n { name: 'Item 2', quantity: 3 }\n ]\n },\n timestamp: '2025-10-17T12:00:00Z'\n }).valid\n ).toBe(true);\n\n expect(\n validator({\n status: 'invalid-status',\n data: { id: '123', items: [] }\n }).valid\n ).toBe(false);\n });\n });\n\n describe('Error messages', () => {\n it('provides helpful error message on validation failure', () => {\n const schema: JsonSchemaType = {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n required: ['name']\n };\n const validator = provider.getValidator(schema);\n\n const result = validator({});\n expect(result.valid).toBe(false);\n expect(result.errorMessage).toBeDefined();\n expect(result.errorMessage).toBeTruthy();\n expect(typeof result.errorMessage).toBe('string');\n });\n });\n });\n});\n\ndescribe('Missing dependencies', () => {\n describe('AJV not installed but CfWorker is', () => {\n beforeEach(() => {\n vi.resetModules();\n });\n\n afterEach(() => {\n vi.doUnmock('ajv');\n vi.doUnmock('ajv-formats');\n });\n\n it('should throw error when trying to import ajv-provider without ajv', async () => {\n // Mock ajv as not installed\n vi.doMock('ajv', () => {\n throw new Error(\"Cannot find module 'ajv'\");\n });\n\n vi.doMock('ajv-formats', () => {\n throw new Error(\"Cannot find module 'ajv-formats'\");\n });\n\n // Attempting to import ajv-provider should fail\n await expect(import('../../src/validators/ajvProvider.js')).rejects.toThrow();\n });\n\n it('should be able to import cfWorkerProvider when ajv is missing', async () => {\n // Mock ajv as not installed\n vi.doMock('ajv', () => {\n throw new Error(\"Cannot find module 'ajv'\");\n });\n\n vi.doMock('ajv-formats', () => {\n throw new Error(\"Cannot find module 'ajv-formats'\");\n });\n\n // But cfWorkerProvider should import successfully\n const cfworkerModule = await import('../../src/validators/cfWorkerProvider.js');\n expect(cfworkerModule.CfWorkerJsonSchemaValidator).toBeDefined();\n\n // And should work correctly\n const validator = new cfworkerModule.CfWorkerJsonSchemaValidator();\n const schema: JsonSchemaType = { type: 'string' };\n const validatorFn = validator.getValidator(schema);\n expect(validatorFn('test').valid).toBe(true);\n });\n });\n\n describe('CfWorker not installed but AJV is', () => {\n beforeEach(() => {\n vi.resetModules();\n });\n\n afterEach(() => {\n vi.doUnmock('@cfworker/json-schema');\n });\n\n it('should throw error when trying to import cfWorkerProvider without @cfworker/json-schema', async () => {\n // Mock @cfworker/json-schema as not installed\n vi.doMock('@cfworker/json-schema', () => {\n throw new Error(\"Cannot find module '@cfworker/json-schema'\");\n });\n\n // Attempting to import cfWorkerProvider should fail\n await expect(import('../../src/validators/cfWorkerProvider.js')).rejects.toThrow();\n });\n\n it('should be able to import ajv-provider when @cfworker/json-schema is missing', async () => {\n // Mock @cfworker/json-schema as not installed\n vi.doMock('@cfworker/json-schema', () => {\n throw new Error(\"Cannot find module '@cfworker/json-schema'\");\n });\n\n // But ajv-provider should import successfully\n const ajvModule = await import('../../src/validators/ajvProvider.js');\n expect(ajvModule.AjvJsonSchemaValidator).toBeDefined();\n\n // And should work correctly\n const validator = new ajvModule.AjvJsonSchemaValidator();\n const schema: JsonSchemaType = { type: 'string' };\n const validatorFn = validator.getValidator(schema);\n expect(validatorFn('test').valid).toBe(true);\n });\n\n it('should document that @cfworker/json-schema is required', () => {\n const cfworkerProviderPath = path.join(__dirname, '../../src/validators/cfWorkerProvider.ts');\n const content = readFileSync(cfworkerProviderPath, 'utf8');\n\n expect(content).toContain('@cfworker/json-schema');\n });\n });\n});\n" }, { "path": "packages/core/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/eslint-config\": [\"./node_modules/@modelcontextprotocol/eslint-config/tsconfig.json\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"]\n }\n }\n}\n" }, { "path": "packages/core/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "packages/middleware/README.md", "content": "# Middleware packages\n\nThe packages in `packages/middleware/*` are **thin integration layers** that help you expose an MCP server in a specific runtime, platform, or web framework.\n\nThey intentionally **do not** add new MCP features or “business logic”. MCP functionality (tools, resources, prompts, transports, auth primitives, etc.) lives in `@modelcontextprotocol/server` (and other core packages). Middleware packages should primarily:\n\n- adapt request/response types to the SDK (e.g. Node.js `IncomingMessage`/`ServerResponse`)\n- provide small framework helpers (e.g. wiring, body parsing hooks)\n- supply safe defaults for common deployment pitfalls (e.g. localhost DNS rebinding protection)\n\n## Packages\n\n- `@modelcontextprotocol/express` — Express helpers (app defaults + Host header validation for DNS rebinding protection).\n- `@modelcontextprotocol/hono` — Hono helpers (app defaults + JSON body parsing hook + Host header validation).\n- `@modelcontextprotocol/node` — Node.js Streamable HTTP transport wrapper for `IncomingMessage`/`ServerResponse`.\n\n## Typical usage\n\nMost servers use:\n\n- `@modelcontextprotocol/server` for the MCP server implementation\n- one middleware package for framework/runtime integration (this folder)\n- (optionally) additional platform/framework dependencies (Express, Hono, etc.)\n" }, { "path": "packages/middleware/express/README.md", "content": "# `@modelcontextprotocol/express`\n\nExpress adapters for the MCP TypeScript server SDK.\n\nThis package is a thin Express integration layer for [`@modelcontextprotocol/server`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/packages/server).\n\nIt does **not** implement MCP itself. Instead, it helps you:\n\n- create an Express app with sensible defaults for MCP servers\n- add DNS rebinding protection via Host header validation (recommended for localhost servers)\n\n## Install\n\n```bash\nnpm install @modelcontextprotocol/server @modelcontextprotocol/express express\n\n# For MCP Streamable HTTP over Node.js (IncomingMessage/ServerResponse):\nnpm install @modelcontextprotocol/node\n```\n\n## Exports\n\n- `createMcpExpressApp(options?)`\n- `hostHeaderValidation(allowedHostnames)`\n- `localhostHostValidation()`\n\n## Usage\n\n### Create an Express app (localhost DNS rebinding protection by default)\n\n```ts\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\n\nconst app = createMcpExpressApp(); // default host is 127.0.0.1; protection enabled\n```\n\n### Streamable HTTP endpoint (Express)\n\n```ts\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport { McpServer } from '@modelcontextprotocol/server';\n\nconst app = createMcpExpressApp();\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\napp.post('/mcp', async (req, res) => {\n // Stateless example: create a transport per request.\n // For stateful mode (sessions), keep a transport instance around and reuse it.\n const transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: undefined });\n await server.connect(transport);\n await transport.handleRequest(req, res, req.body);\n});\n```\n\n### Host header validation (DNS rebinding protection)\n\n```ts\nimport { hostHeaderValidation } from '@modelcontextprotocol/express';\n\napp.use(hostHeaderValidation(['localhost', '127.0.0.1', '[::1]']));\n```\n" }, { "path": "packages/middleware/express/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n settings: {\n 'import/internal-regex': '^@modelcontextprotocol/(server|core)'\n }\n }\n];\n" }, { "path": "packages/middleware/express/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/express\",\n \"private\": false,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Express adapters for the Model Context Protocol TypeScript server SDK - Express middleware\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"express\",\n \"middleware\"\n ],\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.mts\",\n \"import\": \"./dist/index.mjs\"\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"npm run build\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\"\n },\n \"dependencies\": {},\n \"peerDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"express\": \"catalog:runtimeServerOnly\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@types/express\": \"catalog:devTools\",\n \"@types/express-serve-static-core\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/middleware/express/src/express.examples.ts", "content": "/**\n * Type-checked examples for `express.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { createMcpExpressApp } from './express.js';\n\n/**\n * Example: Basic usage with default DNS rebinding protection.\n */\nfunction createMcpExpressApp_default() {\n //#region createMcpExpressApp_default\n const app = createMcpExpressApp();\n //#endregion createMcpExpressApp_default\n return app;\n}\n\n/**\n * Example: Custom host binding with and without DNS rebinding protection.\n */\nfunction createMcpExpressApp_customHost() {\n //#region createMcpExpressApp_customHost\n const appOpen = createMcpExpressApp({ host: '0.0.0.0' }); // No automatic DNS rebinding protection\n const appLocal = createMcpExpressApp({ host: 'localhost' }); // DNS rebinding protection enabled\n //#endregion createMcpExpressApp_customHost\n return { appOpen, appLocal };\n}\n\n/**\n * Example: Custom allowed hosts for non-localhost binding.\n */\nfunction createMcpExpressApp_allowedHosts() {\n //#region createMcpExpressApp_allowedHosts\n const app = createMcpExpressApp({ host: '0.0.0.0', allowedHosts: ['myapp.local', 'localhost'] });\n //#endregion createMcpExpressApp_allowedHosts\n return app;\n}\n" }, { "path": "packages/middleware/express/src/express.ts", "content": "import type { Express } from 'express';\nimport express from 'express';\n\nimport { hostHeaderValidation, localhostHostValidation } from './middleware/hostHeaderValidation.js';\n\n/**\n * Options for creating an MCP Express application.\n */\nexport interface CreateMcpExpressAppOptions {\n /**\n * The hostname to bind to. Defaults to `'127.0.0.1'`.\n * When set to `'127.0.0.1'`, `'localhost'`, or `'::1'`, DNS rebinding protection is automatically enabled.\n */\n host?: string;\n\n /**\n * List of allowed hostnames for DNS rebinding protection.\n * If provided, host header validation will be applied using this list.\n * For IPv6, provide addresses with brackets (e.g., `'[::1]'`).\n *\n * This is useful when binding to `'0.0.0.0'` or `'::'` but still wanting\n * to restrict which hostnames are allowed.\n */\n allowedHosts?: string[];\n\n /**\n * Controls the maximum request body size for the JSON body parser.\n * Passed directly to Express's `express.json({ limit })` option.\n * Defaults to Express's built-in default of `'100kb'`.\n *\n * @example '1mb', '500kb', '10mb'\n */\n jsonLimit?: string;\n}\n\n/**\n * Creates an Express application pre-configured for MCP servers.\n *\n * When the host is `'127.0.0.1'`, `'localhost'`, or `'::1'` (the default is `'127.0.0.1'`),\n * DNS rebinding protection middleware is automatically applied to protect against\n * DNS rebinding attacks on localhost servers.\n *\n * @param options - Configuration options\n * @returns A configured Express application\n *\n * @example Basic usage - defaults to 127.0.0.1 with DNS rebinding protection\n * ```ts source=\"./express.examples.ts#createMcpExpressApp_default\"\n * const app = createMcpExpressApp();\n * ```\n *\n * @example Custom host - DNS rebinding protection only applied for localhost hosts\n * ```ts source=\"./express.examples.ts#createMcpExpressApp_customHost\"\n * const appOpen = createMcpExpressApp({ host: '0.0.0.0' }); // No automatic DNS rebinding protection\n * const appLocal = createMcpExpressApp({ host: 'localhost' }); // DNS rebinding protection enabled\n * ```\n *\n * @example Custom allowed hosts for non-localhost binding\n * ```ts source=\"./express.examples.ts#createMcpExpressApp_allowedHosts\"\n * const app = createMcpExpressApp({ host: '0.0.0.0', allowedHosts: ['myapp.local', 'localhost'] });\n * ```\n */\nexport function createMcpExpressApp(options: CreateMcpExpressAppOptions = {}): Express {\n const { host = '127.0.0.1', allowedHosts, jsonLimit } = options;\n\n const app = express();\n app.use(express.json(jsonLimit ? { limit: jsonLimit } : undefined));\n\n // If allowedHosts is explicitly provided, use that for validation\n if (allowedHosts) {\n app.use(hostHeaderValidation(allowedHosts));\n } else {\n // Apply DNS rebinding protection automatically for localhost hosts\n const localhostHosts = ['127.0.0.1', 'localhost', '::1'];\n if (localhostHosts.includes(host)) {\n app.use(localhostHostValidation());\n } else if (host === '0.0.0.0' || host === '::') {\n // Warn when binding to all interfaces without DNS rebinding protection\n // eslint-disable-next-line no-console\n console.warn(\n `Warning: Server is binding to ${host} without DNS rebinding protection. ` +\n 'Consider using the allowedHosts option to restrict allowed hosts, ' +\n 'or use authentication to protect your server.'\n );\n }\n }\n\n return app;\n}\n" }, { "path": "packages/middleware/express/src/index.ts", "content": "export * from './express.js';\nexport * from './middleware/hostHeaderValidation.js';\n" }, { "path": "packages/middleware/express/src/middleware/hostHeaderValidation.examples.ts", "content": "/**\n * Type-checked examples for `hostHeaderValidation.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { Express } from 'express';\n\nimport { hostHeaderValidation, localhostHostValidation } from './hostHeaderValidation.js';\n\n/**\n * Example: Using hostHeaderValidation middleware with custom allowed hosts.\n */\nfunction hostHeaderValidation_basicUsage(app: Express) {\n //#region hostHeaderValidation_basicUsage\n const middleware = hostHeaderValidation(['localhost', '127.0.0.1', '[::1]']);\n app.use(middleware);\n //#endregion hostHeaderValidation_basicUsage\n}\n\n/**\n * Example: Using localhostHostValidation convenience middleware.\n */\nfunction localhostHostValidation_basicUsage(app: Express) {\n //#region localhostHostValidation_basicUsage\n app.use(localhostHostValidation());\n //#endregion localhostHostValidation_basicUsage\n}\n" }, { "path": "packages/middleware/express/src/middleware/hostHeaderValidation.ts", "content": "import { localhostAllowedHostnames, validateHostHeader } from '@modelcontextprotocol/server';\nimport type { NextFunction, Request, RequestHandler, Response } from 'express';\n\n/**\n * Express middleware for DNS rebinding protection.\n * Validates `Host` header hostname (port-agnostic) against an allowed list.\n *\n * This is particularly important for servers without authorization or HTTPS,\n * such as localhost servers or development servers. DNS rebinding attacks can\n * bypass same-origin policy by manipulating DNS to point a domain to a\n * localhost address, allowing malicious websites to access your local server.\n *\n * @param allowedHostnames - List of allowed hostnames (without ports).\n * For IPv6, provide the address with brackets (e.g., `[::1]`).\n * @returns Express middleware function\n *\n * @example\n * ```ts source=\"./hostHeaderValidation.examples.ts#hostHeaderValidation_basicUsage\"\n * const middleware = hostHeaderValidation(['localhost', '127.0.0.1', '[::1]']);\n * app.use(middleware);\n * ```\n */\nexport function hostHeaderValidation(allowedHostnames: string[]): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n const result = validateHostHeader(req.headers.host, allowedHostnames);\n if (!result.ok) {\n res.status(403).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: result.message\n },\n id: null\n });\n return;\n }\n next();\n };\n}\n\n/**\n * Convenience middleware for localhost DNS rebinding protection.\n * Allows only `localhost`, `127.0.0.1`, and `[::1]` (IPv6 localhost) hostnames.\n *\n * @example\n * ```ts source=\"./hostHeaderValidation.examples.ts#localhostHostValidation_basicUsage\"\n * app.use(localhostHostValidation());\n * ```\n */\nexport function localhostHostValidation(): RequestHandler {\n return hostHeaderValidation(localhostAllowedHostnames());\n}\n" }, { "path": "packages/middleware/express/test/express.test.ts", "content": "import type { NextFunction, Request, Response } from 'express';\nimport { vi } from 'vitest';\n\nimport { createMcpExpressApp } from '../src/express.js';\nimport { hostHeaderValidation, localhostHostValidation } from '../src/middleware/hostHeaderValidation.js';\n\n// Helper to create mock Express request/response/next\nfunction createMockReqResNext(host?: string) {\n const req = {\n headers: {\n host\n }\n } as Request;\n\n const res = {\n status: vi.fn().mockReturnThis(),\n json: vi.fn().mockReturnThis()\n } as unknown as Response;\n\n const next = vi.fn() as NextFunction;\n\n return { req, res, next };\n}\n\ndescribe('@modelcontextprotocol/express', () => {\n describe('hostHeaderValidation', () => {\n test('should block invalid Host header', () => {\n const middleware = hostHeaderValidation(['localhost']);\n const { req, res, next } = createMockReqResNext('evil.com:3000');\n\n middleware(req, res, next);\n\n expect(res.status).toHaveBeenCalledWith(403);\n expect(res.json).toHaveBeenCalledWith(\n expect.objectContaining({\n jsonrpc: '2.0',\n error: expect.objectContaining({\n code: -32_000\n }),\n id: null\n })\n );\n expect(next).not.toHaveBeenCalled();\n });\n\n test('should allow valid Host header', () => {\n const middleware = hostHeaderValidation(['localhost']);\n const { req, res, next } = createMockReqResNext('localhost:3000');\n\n middleware(req, res, next);\n\n expect(res.status).not.toHaveBeenCalled();\n expect(res.json).not.toHaveBeenCalled();\n expect(next).toHaveBeenCalled();\n });\n\n test('should handle multiple allowed hostnames', () => {\n const middleware = hostHeaderValidation(['localhost', '127.0.0.1', 'myapp.local']);\n const { req: req1, res: res1, next: next1 } = createMockReqResNext('127.0.0.1:8080');\n const { req: req2, res: res2, next: next2 } = createMockReqResNext('myapp.local');\n\n middleware(req1, res1, next1);\n middleware(req2, res2, next2);\n\n expect(next1).toHaveBeenCalled();\n expect(next2).toHaveBeenCalled();\n });\n });\n\n describe('localhostHostValidation', () => {\n test('should allow localhost', () => {\n const middleware = localhostHostValidation();\n const { req, res, next } = createMockReqResNext('localhost:3000');\n\n middleware(req, res, next);\n\n expect(next).toHaveBeenCalled();\n });\n\n test('should allow 127.0.0.1', () => {\n const middleware = localhostHostValidation();\n const { req, res, next } = createMockReqResNext('127.0.0.1:3000');\n\n middleware(req, res, next);\n\n expect(next).toHaveBeenCalled();\n });\n\n test('should allow [::1] (IPv6 localhost)', () => {\n const middleware = localhostHostValidation();\n const { req, res, next } = createMockReqResNext('[::1]:3000');\n\n middleware(req, res, next);\n\n expect(next).toHaveBeenCalled();\n });\n\n test('should block non-localhost hosts', () => {\n const middleware = localhostHostValidation();\n const { req, res, next } = createMockReqResNext('evil.com:3000');\n\n middleware(req, res, next);\n\n expect(res.status).toHaveBeenCalledWith(403);\n expect(next).not.toHaveBeenCalled();\n });\n });\n\n describe('createMcpExpressApp', () => {\n test('should enable localhost DNS rebinding protection by default', () => {\n const app = createMcpExpressApp();\n\n // The app should be a valid Express application\n expect(app).toBeDefined();\n expect(typeof app.use).toBe('function');\n expect(typeof app.get).toBe('function');\n expect(typeof app.post).toBe('function');\n });\n\n test('should apply DNS rebinding protection for localhost host', () => {\n const app = createMcpExpressApp({ host: 'localhost' });\n expect(app).toBeDefined();\n });\n\n test('should apply DNS rebinding protection for ::1 host', () => {\n const app = createMcpExpressApp({ host: '::1' });\n expect(app).toBeDefined();\n });\n\n test('should use allowedHosts when provided', () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n const app = createMcpExpressApp({ host: '0.0.0.0', allowedHosts: ['myapp.local'] });\n warn.mockRestore();\n\n expect(app).toBeDefined();\n });\n\n test('should warn when binding to 0.0.0.0 without allowedHosts', () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n\n createMcpExpressApp({ host: '0.0.0.0' });\n\n expect(warn).toHaveBeenCalledWith(\n expect.stringContaining('Warning: Server is binding to 0.0.0.0 without DNS rebinding protection')\n );\n\n warn.mockRestore();\n });\n\n test('should warn when binding to :: without allowedHosts', () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n\n createMcpExpressApp({ host: '::' });\n\n expect(warn).toHaveBeenCalledWith(expect.stringContaining('Warning: Server is binding to :: without DNS rebinding protection'));\n\n warn.mockRestore();\n });\n\n test('should not warn for 0.0.0.0 when allowedHosts is provided', () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n\n createMcpExpressApp({ host: '0.0.0.0', allowedHosts: ['myapp.local'] });\n\n expect(warn).not.toHaveBeenCalled();\n\n warn.mockRestore();\n });\n\n test('should not apply host validation for non-localhost hosts without allowedHosts', () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n\n // For arbitrary hosts (not 0.0.0.0 or ::), no validation is applied and no warning\n const app = createMcpExpressApp({ host: '192.168.1.1' });\n\n expect(warn).not.toHaveBeenCalled();\n expect(app).toBeDefined();\n\n warn.mockRestore();\n });\n\n test('should accept jsonLimit option', () => {\n const app = createMcpExpressApp({ jsonLimit: '10mb' });\n expect(app).toBeDefined();\n });\n\n test('should work without jsonLimit option', () => {\n const app = createMcpExpressApp();\n expect(app).toBeDefined();\n });\n });\n});\n" }, { "path": "packages/middleware/express/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/server/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ]\n }\n }\n}\n" }, { "path": "packages/middleware/express/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n entry: ['src/index.ts'],\n format: ['esm'],\n outDir: 'dist',\n clean: true,\n sourcemap: true,\n target: 'esnext',\n platform: 'node',\n shims: true,\n dts: {\n resolver: 'tsc',\n compilerOptions: {\n baseUrl: '.',\n paths: {\n '@modelcontextprotocol/server': ['../server/src/index.ts']\n }\n }\n }\n});\n" }, { "path": "packages/middleware/express/typedoc.json", "content": "{\n \"$schema\": \"https://typedoc.org/schema.json\",\n \"entryPoints\": [\"src\"],\n \"entryPointStrategy\": \"expand\",\n \"exclude\": [\"**/*.test.ts\"],\n \"navigation\": {\n \"includeGroups\": true,\n \"includeCategories\": true\n }\n}\n" }, { "path": "packages/middleware/express/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "packages/middleware/hono/README.md", "content": "# `@modelcontextprotocol/hono`\n\nHono adapters for the MCP TypeScript server SDK.\n\nThis package is a thin Hono integration layer for [`@modelcontextprotocol/server`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/packages/server).\n\nIt does **not** implement MCP itself. Instead, it helps you:\n\n- create a Hono app with sensible defaults for MCP servers\n- parse JSON request bodies and expose them as `c.get('parsedBody')` for Streamable HTTP transports\n- add DNS rebinding protection via Host header validation (recommended for localhost servers)\n\n## Install\n\n```bash\nnpm install @modelcontextprotocol/server @modelcontextprotocol/hono hono\n```\n\n## Exports\n\n- `createMcpHonoApp(options?)`\n- `hostHeaderValidation(allowedHostnames)`\n- `localhostHostValidation()`\n\n## Usage\n\n### Streamable HTTP endpoint (Hono)\n\n```ts\nimport { McpServer, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\nimport { createMcpHonoApp } from '@modelcontextprotocol/hono';\n\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\nconst transport = new WebStandardStreamableHTTPServerTransport({ sessionIdGenerator: undefined });\nawait server.connect(transport);\n\nconst app = createMcpHonoApp();\napp.all('/mcp', c => transport.handleRequest(c.req.raw, { parsedBody: c.get('parsedBody') }));\n```\n\n### Host header validation (DNS rebinding protection)\n\n```ts\nimport { localhostHostValidation } from '@modelcontextprotocol/hono';\n\nconst app = createMcpHonoApp();\napp.use('*', localhostHostValidation());\n```\n" }, { "path": "packages/middleware/hono/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n settings: {\n 'import/internal-regex': '^@modelcontextprotocol/(server|core)'\n }\n }\n];\n" }, { "path": "packages/middleware/hono/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/hono\",\n \"private\": false,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Hono adapters for the Model Context Protocol TypeScript server SDK - Hono middleware\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"hono\",\n \"middleware\"\n ],\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.mts\",\n \"import\": \"./dist/index.mjs\"\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\"\n },\n \"dependencies\": {},\n \"peerDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"hono\": \"catalog:runtimeServerOnly\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/middleware/hono/src/hono.ts", "content": "import type { Context } from 'hono';\nimport { Hono } from 'hono';\n\nimport { hostHeaderValidation, localhostHostValidation } from './middleware/hostHeaderValidation.js';\n\n/**\n * Options for creating an MCP Hono application.\n */\nexport interface CreateMcpHonoAppOptions {\n /**\n * The hostname to bind to. Defaults to `'127.0.0.1'`.\n * When set to `'127.0.0.1'`, `'localhost'`, or `'::1'`, DNS rebinding protection is automatically enabled.\n */\n host?: string;\n\n /**\n * List of allowed hostnames for DNS rebinding protection.\n * If provided, host header validation will be applied using this list.\n * For IPv6, provide addresses with brackets (e.g., '[::1]').\n *\n * This is useful when binding to '0.0.0.0' or '::' but still wanting\n * to restrict which hostnames are allowed.\n */\n allowedHosts?: string[];\n}\n\n/**\n * Creates a Hono application pre-configured for MCP servers.\n *\n * When the host is `'127.0.0.1'`, `'localhost'`, or `'::1'` (the default is `'127.0.0.1'`),\n * DNS rebinding protection middleware is automatically applied to protect against\n * DNS rebinding attacks on localhost servers.\n *\n * This also installs a small JSON body parsing middleware (similar to `express.json()`)\n * that stashes the parsed body into `c.set('parsedBody', ...)` when `Content-Type` includes\n * `application/json`.\n *\n * @param options - Configuration options\n * @returns A configured Hono application\n */\nexport function createMcpHonoApp(options: CreateMcpHonoAppOptions = {}): Hono {\n const { host = '127.0.0.1', allowedHosts } = options;\n\n const app = new Hono();\n\n // Similar to `express.json()`: parse JSON bodies and make them available to MCP adapters via `parsedBody`.\n app.use('*', async (c: Context, next) => {\n // If an upstream middleware already set parsedBody, keep it.\n if (c.get('parsedBody') !== undefined) {\n return await next();\n }\n\n const ct = c.req.header('content-type') ?? '';\n if (!ct.includes('application/json')) {\n return await next();\n }\n\n try {\n // Parse from a clone so we don't consume the original request stream.\n const parsed = await c.req.raw.clone().json();\n c.set('parsedBody', parsed);\n } catch {\n // Mirror express.json() behavior loosely: reject invalid JSON.\n return c.text('Invalid JSON', 400);\n }\n\n return await next();\n });\n\n // If allowedHosts is explicitly provided, use that for validation.\n if (allowedHosts) {\n app.use('*', hostHeaderValidation(allowedHosts));\n } else {\n // Apply DNS rebinding protection automatically for localhost hosts.\n const localhostHosts = ['127.0.0.1', 'localhost', '::1'];\n if (localhostHosts.includes(host)) {\n app.use('*', localhostHostValidation());\n } else if (host === '0.0.0.0' || host === '::') {\n // Warn when binding to all interfaces without DNS rebinding protection.\n // eslint-disable-next-line no-console\n console.warn(\n `Warning: Server is binding to ${host} without DNS rebinding protection. ` +\n 'Consider using the allowedHosts option to restrict allowed hosts, ' +\n 'or use authentication to protect your server.'\n );\n }\n }\n\n return app;\n}\n" }, { "path": "packages/middleware/hono/src/index.ts", "content": "export * from './hono.js';\nexport * from './middleware/hostHeaderValidation.js';\n" }, { "path": "packages/middleware/hono/src/middleware/hostHeaderValidation.ts", "content": "import { localhostAllowedHostnames, validateHostHeader } from '@modelcontextprotocol/server';\nimport type { MiddlewareHandler } from 'hono';\n\n/**\n * Hono middleware for DNS rebinding protection.\n * Validates `Host` header hostname (port-agnostic) against an allowed list.\n */\nexport function hostHeaderValidation(allowedHostnames: string[]): MiddlewareHandler {\n return async (c, next) => {\n const result = validateHostHeader(c.req.header('host'), allowedHostnames);\n if (!result.ok) {\n return c.json(\n {\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: result.message\n },\n id: null\n },\n 403\n );\n }\n return await next();\n };\n}\n\n/**\n * Convenience middleware for `localhost` DNS rebinding protection.\n */\nexport function localhostHostValidation(): MiddlewareHandler {\n return hostHeaderValidation(localhostAllowedHostnames());\n}\n" }, { "path": "packages/middleware/hono/test/hono.test.ts", "content": "import type { Context } from 'hono';\nimport { Hono } from 'hono';\nimport { vi } from 'vitest';\n\nimport { createMcpHonoApp } from '../src/hono.js';\nimport { hostHeaderValidation } from '../src/middleware/hostHeaderValidation.js';\n\ndescribe('@modelcontextprotocol/hono', () => {\n test('hostHeaderValidation blocks invalid Host and allows valid Host', async () => {\n const app = new Hono();\n app.use('*', hostHeaderValidation(['localhost']));\n app.get('/health', c => c.text('ok'));\n\n const bad = await app.request('http://localhost/health', { headers: { Host: 'evil.com:3000' } });\n expect(bad.status).toBe(403);\n expect(await bad.json()).toEqual(\n expect.objectContaining({\n jsonrpc: '2.0',\n error: expect.objectContaining({\n code: -32_000\n }),\n id: null\n })\n );\n\n const good = await app.request('http://localhost/health', { headers: { Host: 'localhost:3000' } });\n expect(good.status).toBe(200);\n expect(await good.text()).toBe('ok');\n });\n\n test('createMcpHonoApp enables localhost DNS rebinding protection by default', async () => {\n const app = createMcpHonoApp();\n app.get('/health', c => c.text('ok'));\n\n const bad = await app.request('http://localhost/health', { headers: { Host: 'evil.com:3000' } });\n expect(bad.status).toBe(403);\n\n const good = await app.request('http://localhost/health', { headers: { Host: 'localhost:3000' } });\n expect(good.status).toBe(200);\n });\n\n test('createMcpHonoApp uses allowedHosts when provided (even when binding to 0.0.0.0)', async () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n const app = createMcpHonoApp({ host: '0.0.0.0', allowedHosts: ['myapp.local'] });\n warn.mockRestore();\n\n app.get('/health', c => c.text('ok'));\n\n const bad = await app.request('http://localhost/health', { headers: { Host: 'evil.com:3000' } });\n expect(bad.status).toBe(403);\n\n const good = await app.request('http://localhost/health', { headers: { Host: 'myapp.local:3000' } });\n expect(good.status).toBe(200);\n });\n\n test('createMcpHonoApp does not apply host validation for 0.0.0.0 without allowedHosts', async () => {\n const warn = vi.spyOn(console, 'warn').mockImplementation(() => {});\n const app = createMcpHonoApp({ host: '0.0.0.0' });\n warn.mockRestore();\n\n app.get('/health', c => c.text('ok'));\n\n const res = await app.request('http://localhost/health', { headers: { Host: 'evil.com:3000' } });\n expect(res.status).toBe(200);\n });\n\n test('createMcpHonoApp parses JSON bodies into parsedBody (express.json()-like)', async () => {\n const app = createMcpHonoApp();\n app.post('/echo', (c: Context) => c.json(c.get('parsedBody')));\n\n const res = await app.request('http://localhost/echo', {\n method: 'POST',\n headers: { Host: 'localhost:3000', 'content-type': 'application/json' },\n body: JSON.stringify({ a: 1 })\n });\n expect(res.status).toBe(200);\n expect(await res.json()).toEqual({ a: 1 });\n });\n\n test('createMcpHonoApp returns 400 on invalid JSON', async () => {\n const app = createMcpHonoApp();\n app.post('/echo', (c: Context) => c.text('ok'));\n\n const res = await app.request('http://localhost/echo', {\n method: 'POST',\n headers: { Host: 'localhost:3000', 'content-type': 'application/json' },\n body: '{\"a\":'\n });\n expect(res.status).toBe(400);\n expect(await res.text()).toBe('Invalid JSON');\n });\n\n test('createMcpHonoApp does not override parsedBody if upstream middleware set it', async () => {\n const app = createMcpHonoApp();\n app.use('/echo', async (c: Context, next) => {\n c.set('parsedBody', { preset: true });\n return await next();\n });\n app.post('/echo', (c: Context) => c.json(c.get('parsedBody')));\n\n const res = await app.request('http://localhost/echo', {\n method: 'POST',\n headers: { Host: 'localhost:3000', 'content-type': 'application/json' },\n body: JSON.stringify({ a: 1 })\n });\n expect(res.status).toBe(200);\n expect(await res.json()).toEqual({ preset: true });\n });\n});\n" }, { "path": "packages/middleware/hono/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\n \"./node_modules/@modelcontextprotocol/server/node_modules/@modelcontextprotocol/core/src/index.ts\"\n ]\n }\n }\n}\n" }, { "path": "packages/middleware/hono/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n entry: ['src/index.ts'],\n format: ['esm'],\n outDir: 'dist',\n clean: true,\n sourcemap: true,\n target: 'esnext',\n platform: 'node',\n shims: true,\n dts: {\n resolver: 'tsc',\n compilerOptions: {\n baseUrl: '.',\n paths: {\n '@modelcontextprotocol/server': ['../server/src/index.ts']\n }\n }\n }\n});\n" }, { "path": "packages/middleware/hono/typedoc.json", "content": "{\n \"$schema\": \"https://typedoc.org/schema.json\",\n \"entryPoints\": [\"src\"],\n \"entryPointStrategy\": \"expand\",\n \"exclude\": [\"**/*.test.ts\"],\n \"navigation\": {\n \"includeGroups\": true,\n \"includeCategories\": true\n }\n}\n" }, { "path": "packages/middleware/hono/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "packages/middleware/node/README.md", "content": "# `@modelcontextprotocol/node`\n\nNode.js adapters for the MCP TypeScript server SDK.\n\nThis package is a thin Node.js integration layer for [`@modelcontextprotocol/server`](https://github.com/modelcontextprotocol/typescript-sdk/tree/main/packages/server). It provides a Streamable HTTP transport that works with Node’s `IncomingMessage` / `ServerResponse`.\n\nFor web‑standard runtimes (Cloudflare Workers, Deno, Bun, etc.), use `WebStandardStreamableHTTPServerTransport` from `@modelcontextprotocol/server` directly.\n\n## Install\n\n```bash\nnpm install @modelcontextprotocol/server @modelcontextprotocol/node\n```\n\n## Exports\n\n- `NodeStreamableHTTPServerTransport`\n- `StreamableHTTPServerTransportOptions` (type alias for `WebStandardStreamableHTTPServerTransportOptions`)\n\n## Usage\n\n### Express + Streamable HTTP\n\n```ts\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport { McpServer } from '@modelcontextprotocol/server';\n\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\nconst app = createMcpExpressApp();\n\napp.post('/mcp', async (req, res) => {\n const transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: undefined });\n await server.connect(transport);\n\n // If you use Express JSON parsing, pass the pre-parsed body to avoid re-reading the stream.\n await transport.handleRequest(req, res, req.body);\n});\n```\n\n### Node.js `http` server\n\n```ts\nimport { createServer } from 'node:http';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport { McpServer } from '@modelcontextprotocol/server';\n\nconst server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\ncreateServer(async (req, res) => {\n const transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: undefined });\n await server.connect(transport);\n await transport.handleRequest(req, res);\n}).listen(3000);\n```\n" }, { "path": "packages/middleware/node/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n settings: {\n 'import/internal-regex': '^@modelcontextprotocol/core'\n }\n }\n];\n" }, { "path": "packages/middleware/node/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/node\",\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript - Node.js middleware\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"node.js\",\n \"middleware\"\n ],\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.mts\",\n \"import\": \"./dist/index.mjs\"\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"@hono/node-server\": \"catalog:runtimeServerOnly\"\n },\n \"peerDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"hono\": \"catalog:runtimeServerOnly\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\",\n \"tsx\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/middleware/node/src/index.ts", "content": "export * from './streamableHttp.js';\n" }, { "path": "packages/middleware/node/src/streamableHttp.examples.ts", "content": "/**\n * Type-checked examples for `streamableHttp.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { randomUUID } from 'node:crypto';\nimport type { IncomingMessage, ServerResponse } from 'node:http';\n\nimport { McpServer } from '@modelcontextprotocol/server';\n\nimport { NodeStreamableHTTPServerTransport } from './streamableHttp.js';\n\n/**\n * Example: Stateful Streamable HTTP transport (Node.js).\n */\nasync function NodeStreamableHTTPServerTransport_stateful() {\n //#region NodeStreamableHTTPServerTransport_stateful\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await server.connect(transport);\n //#endregion NodeStreamableHTTPServerTransport_stateful\n}\n\n/**\n * Example: Stateless Streamable HTTP transport (Node.js).\n */\nasync function NodeStreamableHTTPServerTransport_stateless() {\n //#region NodeStreamableHTTPServerTransport_stateless\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n });\n //#endregion NodeStreamableHTTPServerTransport_stateless\n return transport;\n}\n\n// Stubs for Express-style app\ndeclare const app: { post(path: string, handler: (req: IncomingMessage & { body?: unknown }, res: ServerResponse) => void): void };\n\n/**\n * Example: Using with a pre-parsed request body (e.g. Express).\n */\nfunction NodeStreamableHTTPServerTransport_express(transport: NodeStreamableHTTPServerTransport) {\n //#region NodeStreamableHTTPServerTransport_express\n app.post('/mcp', (req, res) => {\n transport.handleRequest(req, res, req.body);\n });\n //#endregion NodeStreamableHTTPServerTransport_express\n}\n" }, { "path": "packages/middleware/node/src/streamableHttp.ts", "content": "/**\n * Node.js Streamable HTTP Server Transport\n *\n * This is a thin wrapper around {@linkcode WebStandardStreamableHTTPServerTransport} that provides\n * compatibility with Node.js HTTP server (`IncomingMessage`/`ServerResponse`).\n *\n * For web-standard environments (Cloudflare Workers, Deno, Bun), use {@linkcode WebStandardStreamableHTTPServerTransport} directly.\n */\n\nimport type { IncomingMessage, ServerResponse } from 'node:http';\n\nimport { getRequestListener } from '@hono/node-server';\nimport type { AuthInfo, JSONRPCMessage, MessageExtraInfo, RequestId, Transport } from '@modelcontextprotocol/core';\nimport type { WebStandardStreamableHTTPServerTransportOptions } from '@modelcontextprotocol/server';\nimport { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\n\n/**\n * Configuration options for {@linkcode NodeStreamableHTTPServerTransport}\n *\n * This is an alias for {@linkcode WebStandardStreamableHTTPServerTransportOptions} for backward compatibility.\n */\nexport type StreamableHTTPServerTransportOptions = WebStandardStreamableHTTPServerTransportOptions;\n\n/**\n * Server transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.\n * It supports both SSE streaming and direct HTTP responses.\n *\n * This is a wrapper around {@linkcode WebStandardStreamableHTTPServerTransport} that provides Node.js HTTP compatibility.\n * It uses the `@hono/node-server` library to convert between Node.js HTTP and Web Standard APIs.\n *\n * In stateful mode:\n * - Session ID is generated and included in response headers\n * - Session ID is always included in initialization responses\n * - Requests with invalid session IDs are rejected with `404 Not Found`\n * - Non-initialization requests without a session ID are rejected with `400 Bad Request`\n * - State is maintained in-memory (connections, message history)\n *\n * In stateless mode:\n * - No Session ID is included in any responses\n * - No session validation is performed\n *\n * @example Stateful setup\n * ```ts source=\"./streamableHttp.examples.ts#NodeStreamableHTTPServerTransport_stateful\"\n * const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n *\n * const transport = new NodeStreamableHTTPServerTransport({\n * sessionIdGenerator: () => randomUUID()\n * });\n *\n * await server.connect(transport);\n * ```\n *\n * @example Stateless setup\n * ```ts source=\"./streamableHttp.examples.ts#NodeStreamableHTTPServerTransport_stateless\"\n * const transport = new NodeStreamableHTTPServerTransport({\n * sessionIdGenerator: undefined\n * });\n * ```\n *\n * @example Using with a pre-parsed request body (e.g. Express)\n * ```ts source=\"./streamableHttp.examples.ts#NodeStreamableHTTPServerTransport_express\"\n * app.post('/mcp', (req, res) => {\n * transport.handleRequest(req, res, req.body);\n * });\n * ```\n */\nexport class NodeStreamableHTTPServerTransport implements Transport {\n private _webStandardTransport: WebStandardStreamableHTTPServerTransport;\n private _requestListener: ReturnType;\n // Store auth and parsedBody per request for passing through to handleRequest\n private _requestContext: WeakMap = new WeakMap();\n\n constructor(options: StreamableHTTPServerTransportOptions = {}) {\n this._webStandardTransport = new WebStandardStreamableHTTPServerTransport(options);\n\n // Create a request listener that wraps the web standard transport\n // getRequestListener converts Node.js HTTP to Web Standard and properly handles SSE streaming\n // overrideGlobalObjects: false prevents Hono from overwriting global Response, which would\n // break frameworks like Next.js whose response classes extend the native Response\n this._requestListener = getRequestListener(\n async (webRequest: Request) => {\n // Get context if available (set during handleRequest)\n const context = this._requestContext.get(webRequest);\n return this._webStandardTransport.handleRequest(webRequest, {\n authInfo: context?.authInfo,\n parsedBody: context?.parsedBody\n });\n },\n { overrideGlobalObjects: false }\n );\n }\n\n /**\n * Gets the session ID for this transport instance.\n */\n get sessionId(): string | undefined {\n return this._webStandardTransport.sessionId;\n }\n\n /**\n * Sets callback for when the transport is closed.\n */\n set onclose(handler: (() => void) | undefined) {\n this._webStandardTransport.onclose = handler;\n }\n\n get onclose(): (() => void) | undefined {\n return this._webStandardTransport.onclose;\n }\n\n /**\n * Sets callback for transport errors.\n */\n set onerror(handler: ((error: Error) => void) | undefined) {\n this._webStandardTransport.onerror = handler;\n }\n\n get onerror(): ((error: Error) => void) | undefined {\n return this._webStandardTransport.onerror;\n }\n\n /**\n * Sets callback for incoming messages.\n */\n set onmessage(handler: ((message: JSONRPCMessage, extra?: MessageExtraInfo) => void) | undefined) {\n this._webStandardTransport.onmessage = handler;\n }\n\n get onmessage(): ((message: JSONRPCMessage, extra?: MessageExtraInfo) => void) | undefined {\n return this._webStandardTransport.onmessage;\n }\n\n /**\n * Starts the transport. This is required by the {@linkcode Transport} interface but is a no-op\n * for the Streamable HTTP transport as connections are managed per-request.\n */\n async start(): Promise {\n return this._webStandardTransport.start();\n }\n\n /**\n * Closes the transport and all active connections.\n */\n async close(): Promise {\n return this._webStandardTransport.close();\n }\n\n /**\n * Sends a JSON-RPC message through the transport.\n */\n async send(message: JSONRPCMessage, options?: { relatedRequestId?: RequestId }): Promise {\n return this._webStandardTransport.send(message, options);\n }\n\n /**\n * Handles an incoming HTTP request, whether `GET` or `POST`.\n *\n * This method converts Node.js HTTP objects to Web Standard Request/Response\n * and delegates to the underlying {@linkcode WebStandardStreamableHTTPServerTransport}.\n *\n * @param req - Node.js `IncomingMessage`, optionally with `auth` property from middleware\n * @param res - Node.js `ServerResponse`\n * @param parsedBody - Optional pre-parsed body from body-parser middleware\n */\n async handleRequest(req: IncomingMessage & { auth?: AuthInfo }, res: ServerResponse, parsedBody?: unknown): Promise {\n // Store context for this request to pass through auth and parsedBody\n // We need to intercept the request creation to attach this context\n const authInfo = req.auth;\n\n // Create a custom handler that includes our context\n // overrideGlobalObjects: false prevents Hono from overwriting global Response, which would\n // break frameworks like Next.js whose response classes extend the native Response\n const handler = getRequestListener(\n async (webRequest: Request) => {\n return this._webStandardTransport.handleRequest(webRequest, {\n authInfo,\n parsedBody\n });\n },\n { overrideGlobalObjects: false }\n );\n\n // Delegate to the request listener which handles all the Node.js <-> Web Standard conversion\n // including proper SSE streaming support\n await handler(req, res);\n }\n\n /**\n * Close an SSE stream for a specific request, triggering client reconnection.\n * Use this to implement polling behavior during long-running operations -\n * client will reconnect after the retry interval specified in the priming event.\n */\n closeSSEStream(requestId: RequestId): void {\n this._webStandardTransport.closeSSEStream(requestId);\n }\n\n /**\n * Close the standalone GET SSE stream, triggering client reconnection.\n * Use this to implement polling behavior for server-initiated notifications.\n */\n closeStandaloneSSEStream(): void {\n this._webStandardTransport.closeStandaloneSSEStream();\n }\n}\n" }, { "path": "packages/middleware/node/test/streamableHttp.test.ts", "content": "import { randomUUID } from 'node:crypto';\nimport type { IncomingMessage, Server, ServerResponse } from 'node:http';\nimport { createServer } from 'node:http';\nimport type { AddressInfo } from 'node:net';\nimport { createServer as netCreateServer } from 'node:net';\n\nimport type {\n AuthInfo,\n CallToolResult,\n JSONRPCErrorResponse,\n JSONRPCMessage,\n JSONRPCResultResponse,\n RequestId\n} from '@modelcontextprotocol/core';\nimport type { EventId, EventStore, StreamId } from '@modelcontextprotocol/server';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport { listenOnRandomPort } from '@modelcontextprotocol/test-helpers';\nimport * as z from 'zod/v4';\nimport { afterEach, beforeEach, describe, expect, it } from 'vitest';\n\nimport { NodeStreamableHTTPServerTransport } from '../src/streamableHttp.js';\n\nasync function getFreePort() {\n return new Promise(res => {\n const srv = netCreateServer();\n srv.listen(0, () => {\n const address = srv.address()!;\n if (typeof address === 'string') {\n throw new TypeError('Unexpected address type: ' + typeof address);\n }\n const port = (address as AddressInfo).port;\n srv.close(_err => res(port));\n });\n });\n}\n\n/**\n * Test server configuration for NodeStreamableHTTPServerTransport tests\n */\ninterface TestServerConfig {\n sessionIdGenerator: (() => string) | undefined;\n enableJsonResponse?: boolean;\n customRequestHandler?: (req: IncomingMessage, res: ServerResponse, parsedBody?: unknown) => Promise;\n eventStore?: EventStore;\n onsessioninitialized?: (sessionId: string) => void | Promise;\n onsessionclosed?: (sessionId: string) => void | Promise;\n retryInterval?: number;\n}\n\n/**\n * Helper to stop test server\n */\nasync function stopTestServer({ server, transport }: { server: Server; transport: NodeStreamableHTTPServerTransport }): Promise {\n // First close the transport to ensure all SSE streams are closed\n await transport.close();\n\n // Close the server without waiting indefinitely\n server.close();\n}\n\n/**\n * Common test messages\n */\nconst TEST_MESSAGES = {\n initialize: {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-11-25',\n capabilities: {}\n },\n id: 'init-1'\n } as JSONRPCMessage,\n\n // Initialize message with an older protocol version for backward compatibility tests\n initializeOldVersion: {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-06-18',\n capabilities: {}\n },\n id: 'init-1'\n } as JSONRPCMessage,\n\n toolsList: {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'tools-1'\n } as JSONRPCMessage\n};\n\n/**\n * Helper to extract text from SSE response\n * Note: Can only be called once per response stream. For multiple reads,\n * get the reader manually and read multiple times.\n */\nasync function readSSEEvent(response: Response): Promise {\n const reader = response.body?.getReader();\n const { value } = await reader!.read();\n return new TextDecoder().decode(value);\n}\n\n/**\n * Helper to send JSON-RPC request\n */\nasync function sendPostRequest(\n baseUrl: URL,\n message: JSONRPCMessage | JSONRPCMessage[],\n sessionId?: string,\n extraHeaders?: Record\n): Promise {\n const headers: Record = {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n ...extraHeaders\n };\n\n if (sessionId) {\n headers['mcp-session-id'] = sessionId;\n headers['mcp-protocol-version'] = '2025-11-25';\n }\n\n return fetch(baseUrl, {\n method: 'POST',\n headers,\n body: JSON.stringify(message)\n });\n}\n\nfunction expectErrorResponse(\n data: unknown,\n expectedCode: number,\n expectedMessagePattern: RegExp,\n options?: { expectData?: boolean }\n): void {\n expect(data).toMatchObject({\n jsonrpc: '2.0',\n error: expect.objectContaining({\n code: expectedCode,\n message: expect.stringMatching(expectedMessagePattern)\n })\n });\n if (options?.expectData) {\n expect((data as { error: { data?: string } }).error.data).toBeDefined();\n }\n}\ndescribe('Zod v4', () => {\n /**\n * Helper to create and start test HTTP server with MCP setup\n */\n async function createTestServer(config?: TestServerConfig): Promise<{\n server: Server;\n transport: NodeStreamableHTTPServerTransport;\n mcpServer: McpServer;\n baseUrl: URL;\n }> {\n config ??= { sessionIdGenerator: () => randomUUID() };\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'greet',\n {\n description: 'A simple greeting tool',\n inputSchema: z.object({ name: z.string().describe('Name to greet') })\n },\n async ({ name }): Promise => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n }\n );\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: config.sessionIdGenerator,\n enableJsonResponse: config.enableJsonResponse ?? false,\n eventStore: config.eventStore,\n onsessioninitialized: config.onsessioninitialized,\n onsessionclosed: config.onsessionclosed,\n retryInterval: config.retryInterval\n });\n\n await mcpServer.connect(transport);\n\n const server = createServer(async (req, res) => {\n try {\n await (config.customRequestHandler ? config.customRequestHandler(req, res) : transport.handleRequest(req, res));\n } catch (error) {\n console.error('Error handling request:', error);\n if (!res.headersSent) res.writeHead(500).end();\n }\n });\n\n const baseUrl = await listenOnRandomPort(server);\n\n return { server, transport, mcpServer, baseUrl };\n }\n\n /**\n * Helper to create and start authenticated test HTTP server with MCP setup\n */\n async function createTestAuthServer(config: TestServerConfig = { sessionIdGenerator: () => randomUUID() }): Promise<{\n server: Server;\n transport: NodeStreamableHTTPServerTransport;\n mcpServer: McpServer;\n baseUrl: URL;\n }> {\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'profile',\n {\n description: 'A user profile data tool',\n inputSchema: z.object({ active: z.boolean().describe('Profile status') })\n },\n async ({ active }, ctx): Promise => {\n return {\n content: [{ type: 'text', text: `${active ? 'Active' : 'Inactive'} profile from token: ${ctx.http?.authInfo?.token}!` }]\n };\n }\n );\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: config.sessionIdGenerator,\n enableJsonResponse: config.enableJsonResponse ?? false,\n eventStore: config.eventStore,\n onsessioninitialized: config.onsessioninitialized,\n onsessionclosed: config.onsessionclosed\n });\n\n await mcpServer.connect(transport);\n\n const server = createServer(async (req: IncomingMessage & { auth?: AuthInfo }, res) => {\n try {\n if (config.customRequestHandler) {\n await config.customRequestHandler(req, res);\n } else {\n req.auth = { token: req.headers['authorization']?.split(' ')[1] } as AuthInfo;\n await transport.handleRequest(req, res);\n }\n } catch (error) {\n console.error('Error handling request:', error);\n if (!res.headersSent) res.writeHead(500).end();\n }\n });\n\n const baseUrl = await listenOnRandomPort(server);\n\n return { server, transport, mcpServer, baseUrl };\n }\n\n describe('NodeStreamableHTTPServerTransport', () => {\n let server: Server;\n let mcpServer: McpServer;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n\n beforeEach(async () => {\n const result = await createTestServer();\n server = result.server;\n transport = result.transport;\n mcpServer = result.mcpServer;\n baseUrl = result.baseUrl;\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n });\n\n async function initializeServer(): Promise {\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n expect(response.status).toBe(200);\n const newSessionId = response.headers.get('mcp-session-id');\n expect(newSessionId).toBeDefined();\n return newSessionId as string;\n }\n\n it('should initialize server and generate session ID', async () => {\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('text/event-stream');\n expect(response.headers.get('mcp-session-id')).toBeDefined();\n });\n\n it('should reject second initialization request', async () => {\n // First initialize\n const sessionId = await initializeServer();\n expect(sessionId).toBeDefined();\n\n // Try second initialize\n const secondInitMessage = {\n ...TEST_MESSAGES.initialize,\n id: 'second-init'\n };\n\n const response = await sendPostRequest(baseUrl, secondInitMessage);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_600, /Server already initialized/);\n });\n\n it('should reject batch initialize request', async () => {\n const batchInitMessages: JSONRPCMessage[] = [\n TEST_MESSAGES.initialize,\n {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client-2', version: '1.0' },\n protocolVersion: '2025-03-26'\n },\n id: 'init-2'\n }\n ];\n\n const response = await sendPostRequest(baseUrl, batchInitMessages);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_600, /Only one initialization request is allowed/);\n });\n\n it('should handle post requests via sse response correctly', async () => {\n sessionId = await initializeServer();\n\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.toolsList, sessionId);\n\n expect(response.status).toBe(200);\n\n // Read the SSE stream for the response\n const text = await readSSEEvent(response);\n\n // Parse the SSE event\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: expect.objectContaining({\n tools: expect.arrayContaining([\n expect.objectContaining({\n name: 'greet',\n description: 'A simple greeting tool'\n })\n ])\n }),\n id: 'tools-1'\n });\n });\n\n it('should call a tool and return the result', async () => {\n sessionId = await initializeServer();\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: {\n name: 'Test User'\n }\n },\n id: 'call-1'\n };\n\n const response = await sendPostRequest(baseUrl, toolCallMessage, sessionId);\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [\n {\n type: 'text',\n text: 'Hello, Test User!'\n }\n ]\n },\n id: 'call-1'\n });\n });\n\n /***\n * Test: Tool With Request Info\n */\n it('should pass request info to tool callback', async () => {\n sessionId = await initializeServer();\n\n mcpServer.registerTool(\n 'test-request-info',\n {\n description: 'A simple test tool with request info',\n inputSchema: z.object({ name: z.string().describe('Name to greet') })\n },\n async ({ name }, ctx): Promise => {\n // Convert Headers object to plain object for JSON serialization\n // Headers is a Web API class that doesn't serialize with JSON.stringify\n const serializedRequestInfo = {\n headers: Object.fromEntries(ctx.http?.req?.headers ?? new Headers())\n };\n return {\n content: [\n { type: 'text', text: `Hello, ${name}!` },\n { type: 'text', text: `${JSON.stringify(serializedRequestInfo)}` }\n ]\n };\n }\n );\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'test-request-info',\n arguments: {\n name: 'Test User'\n }\n },\n id: 'call-1'\n };\n\n const response = await sendPostRequest(baseUrl, toolCallMessage, sessionId);\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [\n { type: 'text', text: 'Hello, Test User!' },\n { type: 'text', text: expect.any(String) }\n ]\n },\n id: 'call-1'\n });\n\n const requestInfo = JSON.parse(eventData.result.content[1].text);\n expect(requestInfo).toMatchObject({\n headers: {\n 'content-type': 'application/json',\n accept: 'application/json, text/event-stream',\n connection: 'keep-alive',\n 'mcp-session-id': sessionId,\n 'accept-language': '*',\n 'user-agent': expect.any(String),\n 'accept-encoding': expect.any(String),\n 'content-length': expect.any(String)\n }\n });\n });\n\n it('should reject requests without a valid session ID', async () => {\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.toolsList);\n\n expect(response.status).toBe(400);\n const errorData = (await response.json()) as JSONRPCErrorResponse;\n expectErrorResponse(errorData, -32_000, /Bad Request/);\n expect(errorData.id).toBeNull();\n });\n\n it('should reject invalid session ID', async () => {\n // First initialize to be in valid state\n await initializeServer();\n\n // Now try with invalid session ID\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.toolsList, 'invalid-session-id');\n\n expect(response.status).toBe(404);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_001, /Session not found/);\n });\n\n it('should establish standalone SSE stream and receive server-initiated messages', async () => {\n // First initialize to get a session ID\n sessionId = await initializeServer();\n\n // Open a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(sseResponse.status).toBe(200);\n expect(sseResponse.headers.get('content-type')).toBe('text/event-stream');\n\n // Send a notification (server-initiated message) that should appear on SSE stream\n const notification: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'Test notification' }\n };\n\n // Send the notification via transport\n await transport.send(notification);\n\n // Read from the stream and verify we got the notification\n const text = await readSSEEvent(sseResponse);\n\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'Test notification' }\n });\n });\n\n it('should not close GET SSE stream after sending multiple server notifications', async () => {\n sessionId = await initializeServer();\n\n // Open a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(sseResponse.status).toBe(200);\n const reader = sseResponse.body?.getReader();\n\n // Send multiple notifications\n const notification1: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'First notification' }\n };\n\n // Just send one and verify it comes through - then the stream should stay open\n await transport.send(notification1);\n\n const { value, done } = await reader!.read();\n const text = new TextDecoder().decode(value);\n expect(text).toContain('First notification');\n expect(done).toBe(false); // Stream should still be open\n });\n\n it('should reject second SSE stream for the same session', async () => {\n sessionId = await initializeServer();\n\n // Open first SSE stream\n const firstStream = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(firstStream.status).toBe(200);\n\n // Try to open a second SSE stream with the same session ID\n const secondStream = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n // Should be rejected\n expect(secondStream.status).toBe(409); // Conflict\n const errorData = await secondStream.json();\n expectErrorResponse(errorData, -32_000, /Only one SSE stream is allowed per session/);\n });\n\n it('should reject GET requests without Accept: text/event-stream header', async () => {\n sessionId = await initializeServer();\n\n // Try GET without proper Accept header\n const response = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(response.status).toBe(406);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Client must accept text\\/event-stream/);\n });\n\n it('should reject POST requests without proper Accept header', async () => {\n sessionId = await initializeServer();\n\n // Try POST without Accept: text/event-stream\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json', // Missing text/event-stream\n 'mcp-session-id': sessionId\n },\n body: JSON.stringify(TEST_MESSAGES.toolsList)\n });\n\n expect(response.status).toBe(406);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Client must accept both application\\/json and text\\/event-stream/);\n });\n\n it('should reject unsupported Content-Type', async () => {\n sessionId = await initializeServer();\n\n // Try POST with text/plain Content-Type\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'text/plain',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n body: 'This is plain text'\n });\n\n expect(response.status).toBe(415);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Content-Type must be application\\/json/);\n });\n\n it('should handle JSON-RPC batch notification messages with 202 response', async () => {\n sessionId = await initializeServer();\n\n // Send batch of notifications (no IDs)\n const batchNotifications: JSONRPCMessage[] = [\n { jsonrpc: '2.0', method: 'someNotification1', params: {} },\n { jsonrpc: '2.0', method: 'someNotification2', params: {} }\n ];\n const response = await sendPostRequest(baseUrl, batchNotifications, sessionId);\n\n expect(response.status).toBe(202);\n });\n\n it('should handle batch request messages with SSE stream for responses', async () => {\n sessionId = await initializeServer();\n\n // Send batch of requests\n const batchRequests: JSONRPCMessage[] = [\n { jsonrpc: '2.0', method: 'tools/list', params: {}, id: 'req-1' },\n { jsonrpc: '2.0', method: 'tools/call', params: { name: 'greet', arguments: { name: 'BatchUser' } }, id: 'req-2' }\n ];\n const response = await sendPostRequest(baseUrl, batchRequests, sessionId);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('text/event-stream');\n\n const reader = response.body?.getReader();\n\n // The responses may come in any order or together in one chunk\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Check that both responses were sent on the same stream\n expect(text).toContain('\"id\":\"req-1\"');\n expect(text).toContain('\"tools\"'); // tools/list result\n expect(text).toContain('\"id\":\"req-2\"');\n expect(text).toContain('Hello, BatchUser'); // tools/call result\n });\n\n it('should properly handle invalid JSON data', async () => {\n sessionId = await initializeServer();\n\n // Send invalid JSON\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n body: 'This is not valid JSON'\n });\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_700, /Parse error/);\n });\n\n it('should include error data in parse error response for unexpected errors', async () => {\n sessionId = await initializeServer();\n\n // We can't easily trigger the catch-all error handler, but we can verify\n // that the JSON parse error includes useful information\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n body: '{ invalid json }'\n });\n\n expect(response.status).toBe(400);\n const errorData = (await response.json()) as JSONRPCErrorResponse;\n expectErrorResponse(errorData, -32_700, /Parse error/);\n // The error message should contain details about what went wrong\n expect(errorData.error.message).toContain('Invalid JSON');\n });\n\n it('should return 400 error for invalid JSON-RPC messages', async () => {\n sessionId = await initializeServer();\n\n // Invalid JSON-RPC (missing required jsonrpc version)\n const invalidMessage = { method: 'tools/list', params: {}, id: 1 }; // missing jsonrpc version\n const response = await sendPostRequest(baseUrl, invalidMessage as JSONRPCMessage, sessionId);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expect(errorData).toMatchObject({\n jsonrpc: '2.0',\n error: expect.anything()\n });\n });\n\n it('should reject requests to uninitialized server', async () => {\n // Create a new HTTP server and transport without initializing\n const { server: uninitializedServer, transport: uninitializedTransport, baseUrl: uninitializedUrl } = await createTestServer();\n // Transport not used in test but needed for cleanup\n\n // No initialization, just send a request directly\n const uninitializedMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'uninitialized-test'\n };\n\n // Send a request to uninitialized server\n const response = await sendPostRequest(uninitializedUrl, uninitializedMessage, 'any-session-id');\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Server not initialized/);\n\n // Cleanup\n await stopTestServer({ server: uninitializedServer, transport: uninitializedTransport });\n });\n\n it('should send response messages to the connection that sent the request', async () => {\n sessionId = await initializeServer();\n\n const message1: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'req-1'\n };\n\n const message2: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: { name: 'Connection2' }\n },\n id: 'req-2'\n };\n\n // Make two concurrent fetch connections for different requests\n const req1 = sendPostRequest(baseUrl, message1, sessionId);\n const req2 = sendPostRequest(baseUrl, message2, sessionId);\n\n // Get both responses\n const [response1, response2] = await Promise.all([req1, req2]);\n const reader1 = response1.body?.getReader();\n const reader2 = response2.body?.getReader();\n\n // Read responses from each stream (requires each receives its specific response)\n const { value: value1 } = await reader1!.read();\n const text1 = new TextDecoder().decode(value1);\n expect(text1).toContain('\"id\":\"req-1\"');\n expect(text1).toContain('\"tools\"'); // tools/list result\n\n const { value: value2 } = await reader2!.read();\n const text2 = new TextDecoder().decode(value2);\n expect(text2).toContain('\"id\":\"req-2\"');\n expect(text2).toContain('Hello, Connection2'); // tools/call result\n });\n\n it('should keep stream open after sending server notifications', async () => {\n sessionId = await initializeServer();\n\n // Open a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n // Send several server-initiated notifications\n await transport.send({\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'First notification' }\n });\n\n await transport.send({\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'Second notification' }\n });\n\n // Stream should still be open - it should not close after sending notifications\n expect(sseResponse.bodyUsed).toBe(false);\n });\n\n // The current implementation will close the entire transport for DELETE\n // Creating a temporary transport/server where we don't care if it gets closed\n it('should properly handle DELETE requests and close session', async () => {\n // Setup a temporary server for this test\n const tempResult = await createTestServer();\n const tempServer = tempResult.server;\n const tempUrl = tempResult.baseUrl;\n\n // Initialize to get a session ID\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n // Now DELETE the session\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(200);\n\n // Clean up - don't wait indefinitely for server close\n tempServer.close();\n });\n\n it('should reject DELETE requests with invalid session ID', async () => {\n // Initialize the server first to activate it\n sessionId = await initializeServer();\n\n // Try to delete with invalid session ID\n const response = await fetch(baseUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': 'invalid-session-id',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(response.status).toBe(404);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_001, /Session not found/);\n });\n\n describe('protocol version header validation', () => {\n it('should accept requests with matching protocol version', async () => {\n sessionId = await initializeServer();\n\n // Send request with matching protocol version\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.toolsList, sessionId);\n\n expect(response.status).toBe(200);\n });\n\n it('should accept requests without protocol version header', async () => {\n sessionId = await initializeServer();\n\n // Send request without protocol version header\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n // No mcp-protocol-version header\n },\n body: JSON.stringify(TEST_MESSAGES.toolsList)\n });\n\n expect(response.status).toBe(200);\n });\n\n it('should reject requests with unsupported protocol version', async () => {\n sessionId = await initializeServer();\n\n // Send request with unsupported protocol version\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '1999-01-01' // Unsupported version\n },\n body: JSON.stringify(TEST_MESSAGES.toolsList)\n });\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Bad Request: Unsupported protocol version: .+ \\(supported versions: .+\\)/);\n });\n\n it('should accept when protocol version differs from negotiated version', async () => {\n sessionId = await initializeServer();\n\n // Send request with different but supported protocol version\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2024-11-05' // Different but supported version\n },\n body: JSON.stringify(TEST_MESSAGES.toolsList)\n });\n\n // Request should still succeed\n expect(response.status).toBe(200);\n });\n\n it('should reject unsupported protocol version on GET requests', async () => {\n sessionId = await initializeServer();\n\n // GET request with unsupported protocol version\n const response = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '1999-01-01' // Unsupported version\n }\n });\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Bad Request: Unsupported protocol version/);\n });\n\n it('should reject unsupported protocol version on DELETE requests', async () => {\n sessionId = await initializeServer();\n\n // DELETE request with unsupported protocol version\n const response = await fetch(baseUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '1999-01-01' // Unsupported version\n }\n });\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Bad Request: Unsupported protocol version/);\n });\n });\n });\n\n describe('NodeStreamableHTTPServerTransport with AuthInfo', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n\n beforeEach(async () => {\n const result = await createTestAuthServer();\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n });\n\n async function initializeServer(): Promise {\n const response = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n expect(response.status).toBe(200);\n const newSessionId = response.headers.get('mcp-session-id');\n expect(newSessionId).toBeDefined();\n return newSessionId as string;\n }\n\n it('should call a tool with authInfo', async () => {\n sessionId = await initializeServer();\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'profile',\n arguments: { active: true }\n },\n id: 'call-1'\n };\n\n const response = await sendPostRequest(baseUrl, toolCallMessage, sessionId, { authorization: 'Bearer test-token' });\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [\n {\n type: 'text',\n text: 'Active profile from token: test-token!'\n }\n ]\n },\n id: 'call-1'\n });\n });\n\n it('should calls tool without authInfo when it is optional', async () => {\n sessionId = await initializeServer();\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'profile',\n arguments: { active: false }\n },\n id: 'call-1'\n };\n\n const response = await sendPostRequest(baseUrl, toolCallMessage, sessionId);\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n expect(dataLine).toBeDefined();\n\n const eventData = JSON.parse(dataLine!.slice(5));\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [\n {\n type: 'text',\n text: 'Inactive profile from token: undefined!'\n }\n ]\n },\n id: 'call-1'\n });\n });\n });\n\n // Test JSON Response Mode\n describe('NodeStreamableHTTPServerTransport with JSON Response Mode', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n\n beforeEach(async () => {\n const result = await createTestServer({ sessionIdGenerator: () => randomUUID(), enableJsonResponse: true });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n // Initialize and get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n });\n\n it('should return JSON response for a single request', async () => {\n const toolsListMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'json-req-1'\n };\n\n const response = await sendPostRequest(baseUrl, toolsListMessage, sessionId);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('application/json');\n\n const result = await response.json();\n expect(result).toMatchObject({\n jsonrpc: '2.0',\n result: expect.objectContaining({\n tools: expect.arrayContaining([expect.objectContaining({ name: 'greet' })])\n }),\n id: 'json-req-1'\n });\n });\n\n it('should return JSON response for batch requests', async () => {\n const batchMessages: JSONRPCMessage[] = [\n { jsonrpc: '2.0', method: 'tools/list', params: {}, id: 'batch-1' },\n { jsonrpc: '2.0', method: 'tools/call', params: { name: 'greet', arguments: { name: 'JSON' } }, id: 'batch-2' }\n ];\n\n const response = await sendPostRequest(baseUrl, batchMessages, sessionId);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('application/json');\n\n const results = (await response.json()) as JSONRPCResultResponse[];\n expect(Array.isArray(results)).toBe(true);\n expect(results).toHaveLength(2);\n\n // Batch responses can come in any order\n const listResponse = results.find((r: { id?: RequestId }) => r.id === 'batch-1');\n const callResponse = results.find((r: { id?: RequestId }) => r.id === 'batch-2');\n\n expect(listResponse).toEqual(\n expect.objectContaining({\n jsonrpc: '2.0',\n id: 'batch-1',\n result: expect.objectContaining({\n tools: expect.arrayContaining([expect.objectContaining({ name: 'greet' })])\n })\n })\n );\n\n expect(callResponse).toEqual(\n expect.objectContaining({\n jsonrpc: '2.0',\n id: 'batch-2',\n result: expect.objectContaining({\n content: expect.arrayContaining([expect.objectContaining({ type: 'text', text: 'Hello, JSON!' })])\n })\n })\n );\n });\n });\n\n // Test pre-parsed body handling\n describe('NodeStreamableHTTPServerTransport with pre-parsed body', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n let parsedBody: unknown = null;\n\n beforeEach(async () => {\n const result = await createTestServer({\n customRequestHandler: async (req, res) => {\n try {\n if (parsedBody === null) {\n await transport.handleRequest(req, res);\n } else {\n await transport.handleRequest(req, res, parsedBody);\n parsedBody = null; // Reset after use\n }\n } catch (error) {\n console.error('Error handling request:', error);\n if (!res.headersSent) res.writeHead(500).end();\n }\n },\n sessionIdGenerator: () => randomUUID()\n });\n\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n // Initialize and get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n });\n\n it('should accept pre-parsed request body', async () => {\n // Set up the pre-parsed body\n parsedBody = {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'preparsed-1'\n };\n\n // Send an empty body since we'll use pre-parsed body\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n // Empty body - we're testing pre-parsed body\n body: ''\n });\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('text/event-stream');\n\n const reader = response.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Verify the response used the pre-parsed body\n expect(text).toContain('\"id\":\"preparsed-1\"');\n expect(text).toContain('\"tools\"');\n });\n\n it('should handle pre-parsed batch messages', async () => {\n parsedBody = [\n { jsonrpc: '2.0', method: 'tools/list', params: {}, id: 'batch-1' },\n { jsonrpc: '2.0', method: 'tools/call', params: { name: 'greet', arguments: { name: 'PreParsed' } }, id: 'batch-2' }\n ];\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n body: '' // Empty as we're using pre-parsed\n });\n\n expect(response.status).toBe(200);\n\n const reader = response.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n expect(text).toContain('\"id\":\"batch-1\"');\n expect(text).toContain('\"tools\"');\n });\n\n it('should prefer pre-parsed body over request body', async () => {\n // Set pre-parsed to tools/list\n parsedBody = {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'preparsed-wins'\n };\n\n // Send actual body with tools/call - should be ignored\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId\n },\n body: JSON.stringify({\n jsonrpc: '2.0',\n method: 'tools/call',\n params: { name: 'greet', arguments: { name: 'Ignored' } },\n id: 'ignored-id'\n })\n });\n\n expect(response.status).toBe(200);\n\n const reader = response.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Should have processed the pre-parsed body\n expect(text).toContain('\"id\":\"preparsed-wins\"');\n expect(text).toContain('\"tools\"');\n expect(text).not.toContain('\"ignored-id\"');\n });\n });\n\n // Test resumability support\n describe('NodeStreamableHTTPServerTransport with resumability', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n let mcpServer: McpServer;\n const storedEvents: Map = new Map();\n\n // Simple implementation of EventStore\n const eventStore: EventStore = {\n async storeEvent(streamId: string, message: JSONRPCMessage): Promise {\n const eventId = `${streamId}_${randomUUID()}`;\n storedEvents.set(eventId, { eventId, message });\n return eventId;\n },\n\n async replayEventsAfter(\n lastEventId: EventId,\n {\n send\n }: {\n send: (eventId: EventId, message: JSONRPCMessage) => Promise;\n }\n ): Promise {\n const streamId = lastEventId.split('_')[0]!;\n // Extract stream ID from the event ID\n // For test simplicity, just return all events with matching streamId that aren't the lastEventId\n for (const [eventId, { message }] of storedEvents.entries()) {\n if (eventId.startsWith(streamId) && eventId !== lastEventId) {\n await send(eventId, message);\n }\n }\n return streamId;\n }\n };\n\n beforeEach(async () => {\n storedEvents.clear();\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore\n });\n\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Initialize the server\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n storedEvents.clear();\n });\n\n it('should store and include event IDs in server SSE messages', async () => {\n // Open a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(sseResponse.status).toBe(200);\n expect(sseResponse.headers.get('content-type')).toBe('text/event-stream');\n\n // Send a notification that should be stored with an event ID\n const notification: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: { level: 'info', data: 'Test notification with event ID' }\n };\n\n // Send the notification via transport\n await transport.send(notification);\n\n // Read from the stream and verify we got the notification with an event ID\n const reader = sseResponse.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // The response should contain an event ID\n expect(text).toContain('id: ');\n expect(text).toContain('\"method\":\"notifications/message\"');\n\n // Extract the event ID\n const idMatch = text.match(/id: ([^\\n]+)/);\n expect(idMatch).toBeTruthy();\n\n // Verify the event was stored\n const eventId = idMatch![1]!;\n expect(storedEvents.has(eventId)).toBe(true);\n const storedEvent = storedEvents.get(eventId);\n expect(eventId.startsWith('_GET_stream')).toBe(true);\n expect(storedEvent?.message).toMatchObject(notification);\n });\n\n it('should store and replay MCP server tool notifications', async () => {\n // Establish a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(sseResponse.status).toBe(200);\n\n // Send a server notification through the MCP server\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'First notification from MCP server' });\n\n // Read the notification from the SSE stream\n const reader = sseResponse.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Verify the notification was sent with an event ID\n expect(text).toContain('id: ');\n expect(text).toContain('First notification from MCP server');\n\n // Extract the event ID\n const idMatch = text.match(/id: ([^\\n]+)/);\n expect(idMatch).toBeTruthy();\n const firstEventId = idMatch![1]!;\n\n // Send a second notification\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Second notification from MCP server' });\n\n // Close the first SSE stream to simulate a disconnect\n await reader!.cancel();\n\n // Reconnect with the Last-Event-ID to get missed messages\n const reconnectResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25',\n 'last-event-id': firstEventId\n }\n });\n\n expect(reconnectResponse.status).toBe(200);\n\n // Read the replayed notification\n const reconnectReader = reconnectResponse.body?.getReader();\n const reconnectData = await reconnectReader!.read();\n const reconnectText = new TextDecoder().decode(reconnectData.value);\n\n // Verify we received the second notification that was sent after our stored eventId\n expect(reconnectText).toContain('Second notification from MCP server');\n expect(reconnectText).toContain('id: ');\n });\n\n it('should store and replay multiple notifications sent while client is disconnected', async () => {\n // Establish a standalone SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(sseResponse.status).toBe(200);\n\n const reader = sseResponse.body?.getReader();\n\n // Send a notification to get an event ID\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Initial notification' });\n\n // Read the notification from the SSE stream\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Extract the event ID\n const idMatch = text.match(/id: ([^\\n]+)/);\n expect(idMatch).toBeTruthy();\n const lastEventId = idMatch![1]!;\n\n // Close the SSE stream to simulate a disconnect\n await reader!.cancel();\n\n // Send MULTIPLE notifications while the client is disconnected\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Missed notification 1' });\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Missed notification 2' });\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Missed notification 3' });\n\n // Reconnect with the Last-Event-ID to get all missed messages\n const reconnectResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25',\n 'last-event-id': lastEventId\n }\n });\n\n expect(reconnectResponse.status).toBe(200);\n\n // Read replayed notifications with a timeout\n const reconnectReader = reconnectResponse.body?.getReader();\n let allText = '';\n\n // Read chunks until we have all 3 notifications or timeout\n const readWithTimeout = async () => {\n const timeout = setTimeout(() => reconnectReader!.cancel(), 2000);\n try {\n while (!allText.includes('Missed notification 3')) {\n const { value, done } = await reconnectReader!.read();\n if (done) break;\n allText += new TextDecoder().decode(value);\n }\n } finally {\n clearTimeout(timeout);\n }\n };\n await readWithTimeout();\n\n // Verify we received ALL notifications that were sent while disconnected\n expect(allText).toContain('Missed notification 1');\n expect(allText).toContain('Missed notification 2');\n expect(allText).toContain('Missed notification 3');\n });\n });\n\n // Test stateless mode\n describe('NodeStreamableHTTPServerTransport in stateless mode', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n\n beforeEach(async () => {\n const result = await createTestServer({ sessionIdGenerator: undefined });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n });\n\n afterEach(async () => {\n await stopTestServer({ server, transport });\n });\n\n it('should operate without session ID validation', async () => {\n // Initialize the server first\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n expect(initResponse.status).toBe(200);\n // Should NOT have session ID header in stateless mode\n expect(initResponse.headers.get('mcp-session-id')).toBeNull();\n\n // Try request without session ID - should work in stateless mode\n const toolsResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.toolsList);\n\n expect(toolsResponse.status).toBe(200);\n });\n\n it('should handle POST requests with various session IDs in stateless mode', async () => {\n await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n // Try with a random session ID - should be accepted\n const response1 = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': 'random-id-1'\n },\n body: JSON.stringify({ jsonrpc: '2.0', method: 'tools/list', params: {}, id: 't1' })\n });\n expect(response1.status).toBe(200);\n\n // Try with another random session ID - should also be accepted\n const response2 = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': 'different-id-2'\n },\n body: JSON.stringify({ jsonrpc: '2.0', method: 'tools/list', params: {}, id: 't2' })\n });\n expect(response2.status).toBe(200);\n });\n\n it('should reject second SSE stream even in stateless mode', async () => {\n // Despite no session ID requirement, the transport still only allows\n // one standalone SSE stream at a time\n\n // Initialize the server first\n await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n\n // Open first SSE stream\n const stream1 = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(stream1.status).toBe(200);\n\n // Open second SSE stream - should still be rejected, stateless mode still only allows one\n const stream2 = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(stream2.status).toBe(409); // Conflict - only one stream allowed\n });\n });\n\n // Test SSE priming events for POST streams\n describe('NodeStreamableHTTPServerTransport POST SSE priming events', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let sessionId: string;\n let mcpServer: McpServer;\n\n // Simple eventStore for priming event tests\n const createEventStore = (): EventStore => {\n const storedEvents = new Map();\n return {\n async storeEvent(streamId: string, message: JSONRPCMessage): Promise {\n const eventId = `${streamId}::${Date.now()}_${randomUUID()}`;\n storedEvents.set(eventId, { eventId, message, streamId });\n return eventId;\n },\n async getStreamIdForEventId(eventId: string): Promise {\n const event = storedEvents.get(eventId);\n return event?.streamId;\n },\n async replayEventsAfter(\n lastEventId: EventId,\n { send }: { send: (eventId: EventId, message: JSONRPCMessage) => Promise }\n ): Promise {\n const event = storedEvents.get(lastEventId);\n const streamId = event?.streamId || lastEventId.split('::')[0]!;\n const eventsToReplay: Array<[string, { message: JSONRPCMessage }]> = [];\n for (const [eventId, data] of storedEvents.entries()) {\n if (data.streamId === streamId && eventId > lastEventId) {\n eventsToReplay.push([eventId, data]);\n }\n }\n eventsToReplay.sort(([a], [b]) => a.localeCompare(b));\n for (const [eventId, { message }] of eventsToReplay) {\n if (Object.keys(message).length > 0) {\n await send(eventId, message);\n }\n }\n return streamId;\n }\n };\n };\n\n afterEach(async () => {\n if (server && transport) {\n await stopTestServer({ server, transport });\n }\n });\n\n it('should send priming event with retry field on POST SSE stream', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 5000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Send a tool call request\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 100,\n method: 'tools/call',\n params: { name: 'greet', arguments: { name: 'Test' } }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n expect(postResponse.headers.get('content-type')).toBe('text/event-stream');\n\n // Read the priming event\n const reader = postResponse.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Verify priming event has id and retry field\n expect(text).toContain('id: ');\n expect(text).toContain('retry: 5000');\n expect(text).toContain('data: ');\n });\n\n it('should NOT send priming event for old protocol versions (backwards compatibility)', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 5000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Initialize with OLD protocol version to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initializeOldVersion);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Send a tool call request with the same OLD protocol version\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 100,\n method: 'tools/call',\n params: { name: 'greet', arguments: { name: 'Test' } }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-06-18'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n expect(postResponse.headers.get('content-type')).toBe('text/event-stream');\n\n // Read the first chunk - should be the actual response, not a priming event\n const reader = postResponse.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Should NOT contain a priming event (empty data line before the response)\n // The first message should be the actual tool result\n expect(text).toContain('event: message');\n expect(text).toContain('\"result\"');\n // Should NOT have a separate priming event line with empty data\n expect(text).not.toMatch(/^id:.*\\ndata:\\s*\\n\\n/);\n });\n\n it('should send priming event without retry field when retryInterval is not configured', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore()\n // No retryInterval\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Send a tool call request\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 100,\n method: 'tools/call',\n params: { name: 'greet', arguments: { name: 'Test' } }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n // Read the priming event\n const reader = postResponse.body?.getReader();\n const { value } = await reader!.read();\n const text = new TextDecoder().decode(value);\n\n // Priming event should have id field but NOT retry field\n expect(text).toContain('id: ');\n expect(text).toContain('data: ');\n expect(text).not.toContain('retry:');\n });\n\n it('should close POST SSE stream when ctx.http?.closeSSE is called', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Track when stream close is called and tool completes\n let streamCloseCalled = false;\n let toolResolve: () => void;\n const toolCompletePromise = new Promise(resolve => {\n toolResolve = resolve;\n });\n\n // Register a tool that closes its own SSE stream via ctx callback\n mcpServer.registerTool('close-stream-tool', { description: 'Closes its own stream' }, async ctx => {\n // Close the SSE stream for this request\n ctx.http?.closeSSE?.();\n streamCloseCalled = true;\n\n // Wait before returning so we can observe the stream closure\n await toolCompletePromise;\n return { content: [{ type: 'text', text: 'Done' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Send a tool call request\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 100,\n method: 'tools/call',\n params: { name: 'close-stream-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n const reader = postResponse.body?.getReader();\n\n // Read the priming event\n await reader!.read();\n\n // Wait a moment for the tool to call closeSSEStream\n await new Promise(resolve => setTimeout(resolve, 100));\n expect(streamCloseCalled).toBe(true);\n\n // Stream should now be closed\n const { done } = await reader!.read();\n expect(done).toBe(true);\n\n // Clean up - resolve the tool promise\n toolResolve!();\n });\n\n it('should provide closeSSEStream callback in ctx when eventStore is configured', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Track whether closeSSEStream callback was provided\n let receivedCloseSSEStream: (() => void) | undefined;\n\n // Register a tool that captures the ctx.http?.closeSSE callback\n mcpServer.registerTool('test-callback-tool', { description: 'Test tool' }, async ctx => {\n receivedCloseSSEStream = ctx.http?.closeSSE;\n return { content: [{ type: 'text', text: 'Done' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Call the tool\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 200,\n method: 'tools/call',\n params: { name: 'test-callback-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n // Read all events to completion\n const reader = postResponse.body?.getReader();\n while (true) {\n const { done } = await reader!.read();\n if (done) break;\n }\n\n // Verify closeSSEStream callback was provided\n expect(receivedCloseSSEStream).toBeDefined();\n expect(typeof receivedCloseSSEStream).toBe('function');\n });\n\n it('should NOT provide closeSSEStream callback for old protocol versions (backwards compatibility)', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Track whether closeSSEStream callback was provided\n let receivedCloseSSEStream: (() => void) | undefined;\n let receivedCloseStandaloneSSEStream: (() => void) | undefined;\n\n // Register a tool that captures the ctx.http?.closeSSE callback\n mcpServer.registerTool('test-old-version-tool', { description: 'Test tool' }, async ctx => {\n receivedCloseSSEStream = ctx.http?.closeSSE;\n receivedCloseStandaloneSSEStream = ctx.http?.closeStandaloneSSE;\n return { content: [{ type: 'text', text: 'Done' }] };\n });\n\n // Initialize with OLD protocol version to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initializeOldVersion);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Call the tool with the same OLD protocol version\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 200,\n method: 'tools/call',\n params: { name: 'test-old-version-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-06-18'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n // Read all events to completion\n const reader = postResponse.body?.getReader();\n while (true) {\n const { done } = await reader!.read();\n if (done) break;\n }\n\n // Verify closeSSEStream callbacks were NOT provided for old protocol version\n // even though eventStore is configured\n expect(receivedCloseSSEStream).toBeUndefined();\n expect(receivedCloseStandaloneSSEStream).toBeUndefined();\n });\n\n it('should NOT provide closeSSEStream callback when eventStore is NOT configured', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID()\n // No eventStore\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Track whether closeSSEStream callback was provided\n let receivedCloseSSEStream: (() => void) | undefined;\n\n // Register a tool that captures the ctx.http?.closeSSE callback\n mcpServer.registerTool('test-no-callback-tool', { description: 'Test tool' }, async ctx => {\n receivedCloseSSEStream = ctx.http?.closeSSE;\n return { content: [{ type: 'text', text: 'Done' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Call the tool\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 201,\n method: 'tools/call',\n params: { name: 'test-no-callback-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n // Read all events to completion\n const reader = postResponse.body?.getReader();\n while (true) {\n const { done } = await reader!.read();\n if (done) break;\n }\n\n // Verify closeSSEStream callback was NOT provided\n expect(receivedCloseSSEStream).toBeUndefined();\n });\n\n it('should provide closeStandaloneSSEStream callback in ctx when eventStore is configured', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Track whether closeStandaloneSSEStream callback was provided\n let receivedCloseStandaloneSSEStream: (() => void) | undefined;\n\n // Register a tool that captures the ctx.http?.closeStandaloneSSE callback\n mcpServer.registerTool('test-standalone-callback-tool', { description: 'Test tool' }, async ctx => {\n receivedCloseStandaloneSSEStream = ctx.http?.closeStandaloneSSE;\n return { content: [{ type: 'text', text: 'Done' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Call the tool\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 203,\n method: 'tools/call',\n params: { name: 'test-standalone-callback-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n\n expect(postResponse.status).toBe(200);\n\n // Read all events to completion\n const reader = postResponse.body?.getReader();\n while (true) {\n const { done } = await reader!.read();\n if (done) break;\n }\n\n // Verify closeStandaloneSSEStream callback was provided\n expect(receivedCloseStandaloneSSEStream).toBeDefined();\n expect(typeof receivedCloseStandaloneSSEStream).toBe('function');\n });\n\n it('should close standalone GET SSE stream when ctx.http?.closeStandaloneSSE is called', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Register a tool that closes the standalone SSE stream via ctx callback\n mcpServer.registerTool('close-standalone-stream-tool', { description: 'Closes standalone stream' }, async ctx => {\n ctx.http?.closeStandaloneSSE?.();\n return { content: [{ type: 'text', text: 'Stream closed' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Open a standalone GET SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(sseResponse.status).toBe(200);\n\n const getReader = sseResponse.body?.getReader();\n\n // Send a notification to confirm GET stream is established\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Stream established' });\n\n // Read the notification to confirm stream is working\n const { value } = await getReader!.read();\n const text = new TextDecoder().decode(value);\n expect(text).toContain('id: ');\n expect(text).toContain('Stream established');\n\n // Call the tool that closes the standalone SSE stream\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 300,\n method: 'tools/call',\n params: { name: 'close-standalone-stream-tool', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n expect(postResponse.status).toBe(200);\n\n // Read the POST response to completion\n const postReader = postResponse.body?.getReader();\n while (true) {\n const { done } = await postReader!.read();\n if (done) break;\n }\n\n // GET stream should now be closed - use a race with timeout to avoid hanging\n const readPromise = getReader!.read();\n const timeoutPromise = new Promise<{ done: boolean; value: undefined }>((_, reject) =>\n setTimeout(() => reject(new Error('Stream did not close in time')), 1000)\n );\n\n const { done } = await Promise.race([readPromise, timeoutPromise]);\n expect(done).toBe(true);\n });\n\n it('should allow client to reconnect after standalone SSE stream is closed via ctx.http?.closeStandaloneSSE', async () => {\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 1000\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n mcpServer = result.mcpServer;\n\n // Register a tool that closes the standalone SSE stream\n mcpServer.registerTool('close-standalone-for-reconnect', { description: 'Closes standalone stream' }, async ctx => {\n ctx.http?.closeStandaloneSSE?.();\n return { content: [{ type: 'text', text: 'Stream closed' }] };\n });\n\n // Initialize to get session ID\n const initResponse = await sendPostRequest(baseUrl, TEST_MESSAGES.initialize);\n sessionId = initResponse.headers.get('mcp-session-id') as string;\n expect(sessionId).toBeDefined();\n\n // Open a standalone GET SSE stream\n const sseResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n expect(sseResponse.status).toBe(200);\n\n const getReader = sseResponse.body?.getReader();\n\n // Send a notification to get an event ID\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Initial message' });\n\n // Read the notification to get the event ID\n const { value } = await getReader!.read();\n const text = new TextDecoder().decode(value);\n const idMatch = text.match(/id: ([^\\n]+)/);\n expect(idMatch).toBeTruthy();\n const lastEventId = idMatch![1]!;\n\n // Call the tool to close the standalone SSE stream\n const toolCallRequest: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 301,\n method: 'tools/call',\n params: { name: 'close-standalone-for-reconnect', arguments: {} }\n };\n\n const postResponse = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'text/event-stream, application/json',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25'\n },\n body: JSON.stringify(toolCallRequest)\n });\n expect(postResponse.status).toBe(200);\n\n // Read the POST response to completion\n const postReader = postResponse.body?.getReader();\n while (true) {\n const { done } = await postReader!.read();\n if (done) break;\n }\n\n // Wait for GET stream to close - use a race with timeout\n const readPromise = getReader!.read();\n const timeoutPromise = new Promise<{ done: boolean; value: undefined }>((_, reject) =>\n setTimeout(() => reject(new Error('Stream did not close in time')), 1000)\n );\n const { done } = await Promise.race([readPromise, timeoutPromise]);\n expect(done).toBe(true);\n\n // Wait a bit to ensure the next notification gets a different timestamp.\n // The eventStore uses Date.now() in event IDs, and if two events have the same\n // timestamp, the UUID suffix ordering is random and may not preserve creation order.\n await new Promise(resolve => setTimeout(resolve, 5));\n\n // Send a notification while client is disconnected\n await mcpServer.server.sendLoggingMessage({ level: 'info', data: 'Missed while disconnected' });\n\n // Client reconnects with Last-Event-ID\n const reconnectResponse = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': '2025-11-25',\n 'last-event-id': lastEventId\n }\n });\n expect(reconnectResponse.status).toBe(200);\n\n // Read the replayed notification\n const reconnectReader = reconnectResponse.body?.getReader();\n let allText = '';\n const readWithTimeout = async () => {\n const timeout = setTimeout(() => reconnectReader!.cancel(), 5000);\n try {\n while (!allText.includes('Missed while disconnected')) {\n const { value, done } = await reconnectReader!.read();\n if (done) break;\n allText += new TextDecoder().decode(value);\n }\n } finally {\n clearTimeout(timeout);\n }\n };\n await readWithTimeout();\n\n // Verify we received the notification that was sent while disconnected\n expect(allText).toContain('Missed while disconnected');\n }, 15_000);\n });\n\n // Test onsessionclosed callback\n describe('NodeStreamableHTTPServerTransport onsessionclosed callback', () => {\n it('should call onsessionclosed callback when session is closed via DELETE', async () => {\n const mockCallback = vi.fn();\n\n // Create server with onsessionclosed callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: mockCallback\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to get a session ID\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n expect(tempSessionId).toBeDefined();\n\n // DELETE the session\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(200);\n expect(mockCallback).toHaveBeenCalledWith(tempSessionId);\n expect(mockCallback).toHaveBeenCalledTimes(1);\n\n // Clean up\n tempServer.close();\n });\n\n it('should not call onsessionclosed callback when not provided', async () => {\n // Create server without onsessionclosed callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID()\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to get a session ID\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n // DELETE the session - should not throw error\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-03-26'\n }\n });\n\n expect(deleteResponse.status).toBe(200);\n\n // Clean up\n tempServer.close();\n });\n\n it('should not call onsessionclosed callback for invalid session DELETE', async () => {\n const mockCallback = vi.fn();\n\n // Create server with onsessionclosed callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: mockCallback\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to get a valid session\n await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n\n // Try to DELETE with invalid session ID\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': 'invalid-session-id',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(404);\n expect(mockCallback).not.toHaveBeenCalled();\n\n // Clean up\n tempServer.close();\n });\n\n it('should call onsessionclosed callback with correct session ID when multiple sessions exist', async () => {\n const mockCallback = vi.fn();\n\n // Create first server\n const result1 = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: mockCallback\n });\n\n const server1 = result1.server;\n const url1 = result1.baseUrl;\n\n // Create second server\n const result2 = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: mockCallback\n });\n\n const server2 = result2.server;\n const url2 = result2.baseUrl;\n\n // Initialize both servers\n const initResponse1 = await sendPostRequest(url1, TEST_MESSAGES.initialize);\n const sessionId1 = initResponse1.headers.get('mcp-session-id');\n\n const initResponse2 = await sendPostRequest(url2, TEST_MESSAGES.initialize);\n const sessionId2 = initResponse2.headers.get('mcp-session-id');\n\n expect(sessionId1).toBeDefined();\n expect(sessionId2).toBeDefined();\n expect(sessionId1).not.toBe(sessionId2);\n\n // DELETE first session\n const deleteResponse1 = await fetch(url1, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': sessionId1 || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse1.status).toBe(200);\n expect(mockCallback).toHaveBeenCalledWith(sessionId1);\n expect(mockCallback).toHaveBeenCalledTimes(1);\n\n // DELETE second session\n const deleteResponse2 = await fetch(url2, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': sessionId2 || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse2.status).toBe(200);\n expect(mockCallback).toHaveBeenCalledWith(sessionId2);\n expect(mockCallback).toHaveBeenCalledTimes(2);\n\n // Clean up\n server1.close();\n server2.close();\n });\n });\n\n // Test async callbacks for onsessioninitialized and onsessionclosed\n describe('NodeStreamableHTTPServerTransport async callbacks', () => {\n it('should support async onsessioninitialized callback', async () => {\n const initializationOrder: string[] = [];\n\n // Create server with async onsessioninitialized callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: async (sessionId: string) => {\n initializationOrder.push('async-start');\n // Simulate async operation\n await new Promise(resolve => setTimeout(resolve, 10));\n initializationOrder.push('async-end', sessionId);\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to trigger the callback\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n // Give time for async callback to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(initializationOrder).toEqual(['async-start', 'async-end', tempSessionId]);\n\n // Clean up\n tempServer.close();\n });\n\n it('should support sync onsessioninitialized callback (backwards compatibility)', async () => {\n const capturedSessionId: string[] = [];\n\n // Create server with sync onsessioninitialized callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: (sessionId: string) => {\n capturedSessionId.push(sessionId);\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to trigger the callback\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n expect(capturedSessionId).toEqual([tempSessionId]);\n\n // Clean up\n tempServer.close();\n });\n\n it('should support async onsessionclosed callback', async () => {\n const closureOrder: string[] = [];\n\n // Create server with async onsessionclosed callback\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: async (sessionId: string) => {\n closureOrder.push('async-close-start');\n // Simulate async operation\n await new Promise(resolve => setTimeout(resolve, 10));\n closureOrder.push('async-close-end', sessionId);\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to get a session ID\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n expect(tempSessionId).toBeDefined();\n\n // DELETE the session\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(200);\n\n // Give time for async callback to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(closureOrder).toEqual(['async-close-start', 'async-close-end', tempSessionId]);\n\n // Clean up\n tempServer.close();\n });\n\n it('should propagate errors from async onsessioninitialized callback', async () => {\n const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});\n\n // Create server with async onsessioninitialized callback that throws\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: async (_sessionId: string) => {\n throw new Error('Async initialization error');\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize should fail when callback throws\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n expect(initResponse.status).toBe(400);\n\n // Clean up\n consoleErrorSpy.mockRestore();\n tempServer.close();\n });\n\n it('should propagate errors from async onsessionclosed callback', async () => {\n const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});\n\n // Create server with async onsessionclosed callback that throws\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessionclosed: async (_sessionId: string) => {\n throw new Error('Async closure error');\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to get a session ID\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n // DELETE should fail when callback throws\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(500);\n\n // Clean up\n consoleErrorSpy.mockRestore();\n tempServer.close();\n });\n\n it('should handle both async callbacks together', async () => {\n const events: string[] = [];\n\n // Create server with both async callbacks\n const result = await createTestServer({\n sessionIdGenerator: () => randomUUID(),\n onsessioninitialized: async (sessionId: string) => {\n await new Promise(resolve => setTimeout(resolve, 5));\n events.push(`initialized:${sessionId}`);\n },\n onsessionclosed: async (sessionId: string) => {\n await new Promise(resolve => setTimeout(resolve, 5));\n events.push(`closed:${sessionId}`);\n }\n });\n\n const tempServer = result.server;\n const tempUrl = result.baseUrl;\n\n // Initialize to trigger first callback\n const initResponse = await sendPostRequest(tempUrl, TEST_MESSAGES.initialize);\n const tempSessionId = initResponse.headers.get('mcp-session-id');\n\n // Wait for async callback\n await new Promise(resolve => setTimeout(resolve, 20));\n\n expect(events).toContain(`initialized:${tempSessionId}`);\n\n // DELETE to trigger second callback\n const deleteResponse = await fetch(tempUrl, {\n method: 'DELETE',\n headers: {\n 'mcp-session-id': tempSessionId || '',\n 'mcp-protocol-version': '2025-11-25'\n }\n });\n\n expect(deleteResponse.status).toBe(200);\n\n // Wait for async callback\n await new Promise(resolve => setTimeout(resolve, 20));\n\n expect(events).toContain(`closed:${tempSessionId}`);\n expect(events).toHaveLength(2);\n\n // Clean up\n tempServer.close();\n });\n });\n\n // Test DNS rebinding protection\n describe('NodeStreamableHTTPServerTransport DNS rebinding protection', () => {\n let server: Server;\n let transport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n\n afterEach(async () => {\n if (server && transport) {\n await stopTestServer({ server, transport });\n }\n });\n\n describe('Host header validation', () => {\n it('should accept requests with allowed host headers', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedHosts: ['localhost'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n // Note: fetch() automatically sets Host header to match the URL\n // Since we're connecting to localhost:3001 and that's in allowedHosts, this should work\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response.status).toBe(200);\n });\n\n it('should reject requests with disallowed host headers', async () => {\n // Test DNS rebinding protection by creating a server that only allows example.com\n // but we're connecting via localhost, so it should be rejected\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedHosts: ['example.com:3001'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response.status).toBe(403);\n const body = (await response.json()) as JSONRPCErrorResponse;\n expect(body.error.message).toContain('Invalid Host header:');\n });\n\n it('should reject GET requests with disallowed host headers', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedHosts: ['example.com:3001'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'GET',\n headers: {\n Accept: 'text/event-stream'\n }\n });\n\n expect(response.status).toBe(403);\n });\n });\n\n describe('Origin header validation', () => {\n it('should accept requests with allowed origin headers', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedOrigins: ['http://localhost:3000', 'https://example.com'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n Origin: 'http://localhost:3000'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response.status).toBe(200);\n });\n\n it('should reject requests with disallowed origin headers', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedOrigins: ['http://localhost:3000'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n Origin: 'http://evil.com'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response.status).toBe(403);\n const body = (await response.json()) as JSONRPCErrorResponse;\n expect(body.error.message).toBe('Invalid Origin header: http://evil.com');\n });\n\n it('should accept requests without origin headers', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedOrigins: ['http://localhost:3000', 'https://example.com'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n // Should pass even with no Origin headers because requests that do not come from browsers may not have Origin and DNS rebinding attacks can only be performed via browsers\n expect(response.status).toBe(200);\n });\n });\n\n describe('enableDnsRebindingProtection option', () => {\n it('should skip all validations when enableDnsRebindingProtection is false', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedHosts: ['localhost'],\n allowedOrigins: ['http://localhost:3000'],\n enableDnsRebindingProtection: false\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n const response = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n Host: 'evil.com',\n Origin: 'http://evil.com'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n // Should pass even with invalid headers because protection is disabled\n expect(response.status).toBe(200);\n });\n });\n\n describe('Combined validations', () => {\n it('should validate both host and origin when both are configured', async () => {\n const result = await createTestServerWithDnsProtection({\n sessionIdGenerator: undefined,\n allowedHosts: ['localhost'],\n allowedOrigins: ['http://localhost:3001'],\n enableDnsRebindingProtection: true\n });\n server = result.server;\n transport = result.transport;\n baseUrl = result.baseUrl;\n\n // Test with invalid origin (host will be automatically correct via fetch)\n const response1 = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n Origin: 'http://evil.com'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response1.status).toBe(403);\n const body1 = (await response1.json()) as JSONRPCErrorResponse;\n expect(body1.error.message).toBe('Invalid Origin header: http://evil.com');\n\n // Test with valid origin\n const response2 = await fetch(baseUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n Origin: 'http://localhost:3001'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n expect(response2.status).toBe(200);\n });\n });\n });\n});\n\ndescribe('NodeStreamableHTTPServerTransport global Response preservation', () => {\n it('should not override the global Response object', () => {\n // Store reference to the original global Response constructor\n const OriginalResponse = globalThis.Response;\n\n // Create a custom class that extends Response (similar to Next.js's NextResponse)\n class CustomResponse extends Response {\n customProperty = 'test';\n }\n\n // Verify instanceof works before creating transport\n const customResponseBefore = new CustomResponse('test body');\n expect(customResponseBefore instanceof Response).toBe(true);\n expect(customResponseBefore instanceof OriginalResponse).toBe(true);\n\n // Create the transport - this should NOT override globalThis.Response\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n // Verify the global Response is still the original\n expect(globalThis.Response).toBe(OriginalResponse);\n\n // Verify instanceof still works after creating transport\n const customResponseAfter = new CustomResponse('test body');\n expect(customResponseAfter instanceof Response).toBe(true);\n expect(customResponseAfter instanceof OriginalResponse).toBe(true);\n\n // Verify that instances created before transport initialization still work\n expect(customResponseBefore instanceof Response).toBe(true);\n\n // Clean up\n transport.close();\n });\n\n it('should not override the global Response object when calling handleRequest', async () => {\n // Store reference to the original global Response constructor\n const OriginalResponse = globalThis.Response;\n\n // Create a custom class that extends Response\n class CustomResponse extends Response {\n customProperty = 'test';\n }\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n // Create a mock server to test handleRequest\n const port = await getFreePort();\n const httpServer = createServer(async (req, res) => {\n await transport.handleRequest(req as IncomingMessage & { auth?: AuthInfo }, res);\n });\n\n await new Promise(resolve => {\n httpServer.listen(port, () => resolve());\n });\n\n try {\n // Make a request to trigger handleRequest\n await fetch(`http://localhost:${port}`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n\n // Verify the global Response is still the original after handleRequest\n expect(globalThis.Response).toBe(OriginalResponse);\n\n // Verify instanceof still works\n const customResponse = new CustomResponse('test body');\n expect(customResponse instanceof Response).toBe(true);\n expect(customResponse instanceof OriginalResponse).toBe(true);\n } finally {\n await transport.close();\n httpServer.close();\n }\n });\n});\n\n/**\n * Helper to create test server with DNS rebinding protection options\n */\nasync function createTestServerWithDnsProtection(config: {\n sessionIdGenerator: (() => string) | undefined;\n allowedHosts?: string[];\n allowedOrigins?: string[];\n enableDnsRebindingProtection?: boolean;\n}): Promise<{\n server: Server;\n transport: NodeStreamableHTTPServerTransport;\n mcpServer: McpServer;\n baseUrl: URL;\n}> {\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n const port = await getFreePort();\n\n if (config.allowedHosts) {\n config.allowedHosts = config.allowedHosts.map(host => {\n if (host.includes(':')) {\n return host;\n }\n return `localhost:${port}`;\n });\n }\n\n const transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: config.sessionIdGenerator,\n allowedHosts: config.allowedHosts,\n allowedOrigins: config.allowedOrigins,\n enableDnsRebindingProtection: config.enableDnsRebindingProtection\n });\n\n await mcpServer.connect(transport);\n\n const httpServer = createServer(async (req, res) => {\n if (req.method === 'POST') {\n let body = '';\n req.on('data', chunk => (body += chunk));\n req.on('end', async () => {\n const parsedBody = JSON.parse(body);\n await transport.handleRequest(req as IncomingMessage & { auth?: AuthInfo }, res, parsedBody);\n });\n } else {\n await transport.handleRequest(req as IncomingMessage & { auth?: AuthInfo }, res);\n }\n });\n\n await new Promise(resolve => {\n httpServer.listen(port, () => resolve());\n });\n\n const serverUrl = new URL(`http://localhost:${port}/`);\n\n return {\n server: httpServer,\n transport,\n mcpServer,\n baseUrl: serverUrl\n };\n}\n" }, { "path": "packages/middleware/node/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"]\n }\n }\n}\n" }, { "path": "packages/middleware/node/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n // 1. Entry Points\n // Directly matches package.json include/exclude globs\n entry: ['src/index.ts'],\n\n // 2. Output Configuration\n format: ['esm'],\n outDir: 'dist',\n clean: true, // Recommended: Cleans 'dist' before building\n sourcemap: true,\n\n // 3. Platform & Target\n target: 'esnext',\n platform: 'node',\n shims: true, // Polyfills common Node.js shims (__dirname, etc.)\n\n // 4. Type Definitions\n // Bundles d.ts files into a single output\n dts: {\n resolver: 'tsc',\n // override just for DTS generation:\n compilerOptions: {\n baseUrl: '.',\n paths: {\n '@modelcontextprotocol/core': ['../core/src/index.ts']\n }\n }\n }\n});\n" }, { "path": "packages/middleware/node/typedoc.json", "content": "{\n \"$schema\": \"https://typedoc.org/schema.json\",\n \"entryPoints\": [\"src\"],\n \"entryPointStrategy\": \"expand\",\n \"exclude\": [\"**/*.test.ts\"],\n \"navigation\": {\n \"includeGroups\": true,\n \"includeCategories\": true\n }\n}\n" }, { "path": "packages/middleware/node/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "packages/server/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default [\n ...baseConfig,\n {\n settings: {\n 'import/internal-regex': '^@modelcontextprotocol/core'\n }\n }\n];\n" }, { "path": "packages/server/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/server\",\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript - Server package\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\",\n \"server\"\n ],\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.mts\",\n \"import\": \"./dist/index.mjs\"\n },\n \"./_shims\": {\n \"workerd\": {\n \"types\": \"./dist/shimsWorkerd.d.mts\",\n \"import\": \"./dist/shimsWorkerd.mjs\"\n },\n \"browser\": {\n \"types\": \"./dist/shimsWorkerd.d.mts\",\n \"import\": \"./dist/shimsWorkerd.mjs\"\n },\n \"node\": {\n \"types\": \"./dist/shimsNode.d.mts\",\n \"import\": \"./dist/shimsNode.mjs\"\n },\n \"default\": {\n \"types\": \"./dist/shimsNode.d.mts\",\n \"import\": \"./dist/shimsNode.mjs\"\n }\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"typecheck\": \"tsgo -p tsconfig.json --noEmit\",\n \"build\": \"tsdown\",\n \"build:watch\": \"tsdown --watch\",\n \"prepack\": \"pnpm run build\",\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"pnpm run typecheck && pnpm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"dependencies\": {\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependencies\": {\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\"\n },\n \"peerDependenciesMeta\": {\n \"@cfworker/json-schema\": {\n \"optional\": true\n },\n \"zod\": {\n \"optional\": false\n }\n },\n \"devDependencies\": {\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"@eslint/js\": \"catalog:devTools\",\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@types/cross-spawn\": \"catalog:devTools\",\n \"@types/eventsource\": \"catalog:devTools\",\n \"@typescript/native-preview\": \"catalog:devTools\",\n \"eslint\": \"catalog:devTools\",\n \"eslint-config-prettier\": \"catalog:devTools\",\n \"eslint-plugin-n\": \"catalog:devTools\",\n \"prettier\": \"catalog:devTools\",\n \"supertest\": \"catalog:devTools\",\n \"tsdown\": \"catalog:devTools\",\n \"tsx\": \"catalog:devTools\",\n \"typescript\": \"catalog:devTools\",\n \"typescript-eslint\": \"catalog:devTools\",\n \"vitest\": \"catalog:devTools\"\n }\n}\n" }, { "path": "packages/server/src/experimental/index.ts", "content": "/**\n * Experimental MCP SDK features.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * Import experimental features from this module:\n * ```typescript\n * import { TaskStore, InMemoryTaskStore } from '@modelcontextprotocol/sdk/experimental';\n * ```\n *\n * @experimental\n */\n\nexport * from './tasks/index.js';\n" }, { "path": "packages/server/src/experimental/tasks/index.ts", "content": "/**\n * Experimental task features for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n\nexport * from './interfaces.js';\nexport * from './mcpServer.js';\nexport * from './server.js';\n" }, { "path": "packages/server/src/experimental/tasks/interfaces.ts", "content": "/**\n * Experimental task interfaces for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n */\n\nimport type {\n AnySchema,\n CallToolResult,\n CreateTaskResult,\n CreateTaskServerContext,\n GetTaskResult,\n Result,\n TaskServerContext\n} from '@modelcontextprotocol/core';\n\nimport type { BaseToolCallback } from '../../server/mcp.js';\n\n// ============================================================================\n// Task Handler Types (for registerToolTask)\n// ============================================================================\n\n/**\n * Handler for creating a task.\n * @experimental\n */\nexport type CreateTaskRequestHandler = BaseToolCallback<\n ResultT,\n CreateTaskServerContext,\n Args\n>;\n\n/**\n * Handler for task operations (`get`, `getResult`).\n * @experimental\n */\nexport type TaskRequestHandler = BaseToolCallback<\n ResultT,\n TaskServerContext,\n Args\n>;\n\n/**\n * Interface for task-based tool handlers.\n *\n * Task-based tools split a long-running operation into three phases:\n * `createTask`, `getTask`, and `getTaskResult`.\n *\n * @see {@linkcode @modelcontextprotocol/server!experimental/tasks/mcpServer.ExperimentalMcpServerTasks#registerToolTask | registerToolTask} for registration.\n * @experimental\n */\nexport interface ToolTaskHandler {\n /**\n * Called on the initial `tools/call` request.\n *\n * Creates a task via `ctx.task.store.createTask(...)`, starts any\n * background work, and returns the task object.\n */\n createTask: CreateTaskRequestHandler;\n /**\n * Handler for `tasks/get` requests.\n */\n getTask: TaskRequestHandler;\n /**\n * Handler for `tasks/result` requests.\n */\n getTaskResult: TaskRequestHandler;\n}\n" }, { "path": "packages/server/src/experimental/tasks/mcpServer.ts", "content": "/**\n * Experimental {@linkcode McpServer} task features for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n\nimport type { AnySchema, TaskToolExecution, ToolAnnotations, ToolExecution } from '@modelcontextprotocol/core';\n\nimport type { AnyToolHandler, McpServer, RegisteredTool } from '../../server/mcp.js';\nimport type { ToolTaskHandler } from './interfaces.js';\n\n/**\n * Internal interface for accessing {@linkcode McpServer}'s private _createRegisteredTool method.\n * @internal\n */\ninterface McpServerInternal {\n _createRegisteredTool(\n name: string,\n title: string | undefined,\n description: string | undefined,\n inputSchema: AnySchema | undefined,\n outputSchema: AnySchema | undefined,\n annotations: ToolAnnotations | undefined,\n execution: ToolExecution | undefined,\n _meta: Record | undefined,\n handler: AnyToolHandler\n ): RegisteredTool;\n}\n\n/**\n * Experimental task features for {@linkcode McpServer}.\n *\n * Access via `server.experimental.tasks`:\n * ```typescript\n * server.experimental.tasks.registerToolTask('long-running', config, handler);\n * ```\n *\n * @experimental\n */\nexport class ExperimentalMcpServerTasks {\n constructor(private readonly _mcpServer: McpServer) {}\n\n /**\n * Registers a task-based tool with a config object and handler.\n *\n * Task-based tools support long-running operations that can be polled for status\n * and results. The handler must implement {@linkcode ToolTaskHandler.createTask | createTask}, {@linkcode ToolTaskHandler.getTask | getTask}, and {@linkcode ToolTaskHandler.getTaskResult | getTaskResult}\n * methods.\n *\n * @example\n * ```typescript\n * server.experimental.tasks.registerToolTask('long-computation', {\n * description: 'Performs a long computation',\n * inputSchema: z.object({ input: z.string() }),\n * execution: { taskSupport: 'required' }\n * }, {\n * createTask: async (args, ctx) => {\n * const task = await ctx.task.store.createTask({ ttl: 300000 });\n * startBackgroundWork(task.taskId, args);\n * return { task };\n * },\n * getTask: async (args, ctx) => {\n * return ctx.task.store.getTask(ctx.task.id);\n * },\n * getTaskResult: async (args, ctx) => {\n * return ctx.task.store.getTaskResult(ctx.task.id);\n * }\n * });\n * ```\n *\n * @param name - The tool name\n * @param config - Tool configuration (description, schemas, etc.)\n * @param handler - Task handler with {@linkcode ToolTaskHandler.createTask | createTask}, {@linkcode ToolTaskHandler.getTask | getTask}, {@linkcode ToolTaskHandler.getTaskResult | getTaskResult} methods\n * @returns {@linkcode server/mcp.RegisteredTool | RegisteredTool} for managing the tool's lifecycle\n *\n * @experimental\n */\n registerToolTask(\n name: string,\n config: {\n title?: string;\n description?: string;\n outputSchema?: OutputArgs;\n annotations?: ToolAnnotations;\n execution?: TaskToolExecution;\n _meta?: Record;\n },\n handler: ToolTaskHandler\n ): RegisteredTool;\n\n registerToolTask(\n name: string,\n config: {\n title?: string;\n description?: string;\n inputSchema: InputArgs;\n outputSchema?: OutputArgs;\n annotations?: ToolAnnotations;\n execution?: TaskToolExecution;\n _meta?: Record;\n },\n handler: ToolTaskHandler\n ): RegisteredTool;\n\n registerToolTask(\n name: string,\n config: {\n title?: string;\n description?: string;\n inputSchema?: InputArgs;\n outputSchema?: OutputArgs;\n annotations?: ToolAnnotations;\n execution?: TaskToolExecution;\n _meta?: Record;\n },\n handler: ToolTaskHandler\n ): RegisteredTool {\n // Validate that taskSupport is not 'forbidden' for task-based tools\n const execution: ToolExecution = { taskSupport: 'required', ...config.execution };\n if (execution.taskSupport === 'forbidden') {\n throw new Error(`Cannot register task-based tool '${name}' with taskSupport 'forbidden'. Use registerTool() instead.`);\n }\n\n // Access McpServer's internal _createRegisteredTool method\n const mcpServerInternal = this._mcpServer as unknown as McpServerInternal;\n return mcpServerInternal._createRegisteredTool(\n name,\n config.title,\n config.description,\n config.inputSchema,\n config.outputSchema,\n config.annotations,\n execution,\n config._meta,\n handler as AnyToolHandler\n );\n }\n}\n" }, { "path": "packages/server/src/experimental/tasks/server.ts", "content": "/**\n * Experimental server task features for MCP SDK.\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n\nimport type {\n AnySchema,\n CancelTaskResult,\n CreateMessageRequestParams,\n CreateMessageResult,\n ElicitRequestFormParams,\n ElicitRequestURLParams,\n ElicitResult,\n GetTaskResult,\n ListTasksResult,\n RequestMethod,\n RequestOptions,\n ResponseMessage,\n ResultTypeMap,\n SchemaOutput\n} from '@modelcontextprotocol/core';\n\nimport type { Server } from '../../server/server.js';\n\n/**\n * Experimental task features for low-level MCP servers.\n *\n * Access via `server.experimental.tasks`:\n * ```typescript\n * const stream = server.experimental.tasks.requestStream(request, options);\n * ```\n *\n * For high-level server usage with task-based tools, use {@linkcode index.McpServer | McpServer}.experimental.tasks instead.\n *\n * @experimental\n */\nexport class ExperimentalServerTasks {\n constructor(private readonly _server: Server) {}\n\n /**\n * Sends a request and returns an AsyncGenerator that yields response messages.\n * The generator is guaranteed to end with either a `'result'` or `'error'` message.\n *\n * This method provides streaming access to request processing, allowing you to\n * observe intermediate task status updates for task-augmented requests.\n *\n * @param request - The request to send (method name determines the result schema)\n * @param options - Optional request options (timeout, signal, task creation params, etc.)\n * @returns AsyncGenerator that yields {@linkcode ResponseMessage} objects\n *\n * @experimental\n */\n requestStream(\n request: { method: M; params?: Record },\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n // Delegate to the server's underlying Protocol method\n type ServerWithRequestStream = {\n requestStream(\n request: { method: N; params?: Record },\n options?: RequestOptions\n ): AsyncGenerator, void, void>;\n };\n return (this._server as unknown as ServerWithRequestStream).requestStream(request, options);\n }\n\n /**\n * Sends a sampling request and returns an AsyncGenerator that yields response messages.\n * The generator is guaranteed to end with either a 'result' or 'error' message.\n *\n * For task-augmented requests, yields 'taskCreated' and 'taskStatus' messages\n * before the final result.\n *\n * @example\n * ```typescript\n * const stream = server.experimental.tasks.createMessageStream({\n * messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n * maxTokens: 100\n * }, {\n * onprogress: (progress) => {\n * // Handle streaming tokens via progress notifications\n * console.log('Progress:', progress.message);\n * }\n * });\n *\n * for await (const message of stream) {\n * switch (message.type) {\n * case 'taskCreated':\n * console.log('Task created:', message.task.taskId);\n * break;\n * case 'taskStatus':\n * console.log('Task status:', message.task.status);\n * break;\n * case 'result':\n * console.log('Final result:', message.result);\n * break;\n * case 'error':\n * console.error('Error:', message.error);\n * break;\n * }\n * }\n * ```\n *\n * @param params - The sampling request parameters\n * @param options - Optional request options (timeout, signal, task creation params, onprogress, etc.)\n * @returns AsyncGenerator that yields ResponseMessage objects\n *\n * @experimental\n */\n createMessageStream(\n params: CreateMessageRequestParams,\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n // Access client capabilities via the server\n const clientCapabilities = this._server.getClientCapabilities();\n\n // Capability check - only required when tools/toolChoice are provided\n if ((params.tools || params.toolChoice) && !clientCapabilities?.sampling?.tools) {\n throw new Error('Client does not support sampling tools capability.');\n }\n\n // Message structure validation - always validate tool_use/tool_result pairs.\n // These may appear even without tools/toolChoice in the current request when\n // a previous sampling request returned tool_use and this is a follow-up with results.\n if (params.messages.length > 0) {\n const lastMessage = params.messages.at(-1)!;\n const lastContent = Array.isArray(lastMessage.content) ? lastMessage.content : [lastMessage.content];\n const hasToolResults = lastContent.some(c => c.type === 'tool_result');\n\n const previousMessage = params.messages.length > 1 ? params.messages.at(-2) : undefined;\n const previousContent = previousMessage\n ? Array.isArray(previousMessage.content)\n ? previousMessage.content\n : [previousMessage.content]\n : [];\n const hasPreviousToolUse = previousContent.some(c => c.type === 'tool_use');\n\n if (hasToolResults) {\n if (lastContent.some(c => c.type !== 'tool_result')) {\n throw new Error('The last message must contain only tool_result content if any is present');\n }\n if (!hasPreviousToolUse) {\n throw new Error('tool_result blocks are not matching any tool_use from the previous message');\n }\n }\n if (hasPreviousToolUse) {\n const toolUseIds = new Set(previousContent.filter(c => c.type === 'tool_use').map(c => c.id));\n const toolResultIds = new Set(lastContent.filter(c => c.type === 'tool_result').map(c => c.toolUseId));\n if (toolUseIds.size !== toolResultIds.size || ![...toolUseIds].every(id => toolResultIds.has(id))) {\n throw new Error('ids of tool_result blocks and tool_use blocks from previous message do not match');\n }\n }\n }\n\n return this.requestStream(\n {\n method: 'sampling/createMessage',\n params\n },\n options\n ) as AsyncGenerator, void, void>;\n }\n\n /**\n * Sends an elicitation request and returns an AsyncGenerator that yields response messages.\n * The generator is guaranteed to end with either a 'result' or 'error' message.\n *\n * For task-augmented requests (especially URL-based elicitation), yields 'taskCreated'\n * and 'taskStatus' messages before the final result.\n *\n * @example\n * ```typescript\n * const stream = server.experimental.tasks.elicitInputStream({\n * mode: 'url',\n * message: 'Please authenticate',\n * elicitationId: 'auth-123',\n * url: 'https://example.com/auth'\n * }, {\n * task: { ttl: 300000 } // Task-augmented for long-running auth flow\n * });\n *\n * for await (const message of stream) {\n * switch (message.type) {\n * case 'taskCreated':\n * console.log('Task created:', message.task.taskId);\n * break;\n * case 'taskStatus':\n * console.log('Task status:', message.task.status);\n * break;\n * case 'result':\n * console.log('User action:', message.result.action);\n * break;\n * case 'error':\n * console.error('Error:', message.error);\n * break;\n * }\n * }\n * ```\n *\n * @param params - The elicitation request parameters\n * @param options - Optional request options (timeout, signal, task creation params, etc.)\n * @returns AsyncGenerator that yields ResponseMessage objects\n *\n * @experimental\n */\n elicitInputStream(\n params: ElicitRequestFormParams | ElicitRequestURLParams,\n options?: RequestOptions\n ): AsyncGenerator, void, void> {\n // Access client capabilities via the server\n const clientCapabilities = this._server.getClientCapabilities();\n const mode = params.mode ?? 'form';\n\n // Capability check based on mode\n switch (mode) {\n case 'url': {\n if (!clientCapabilities?.elicitation?.url) {\n throw new Error('Client does not support url elicitation.');\n }\n break;\n }\n case 'form': {\n if (!clientCapabilities?.elicitation?.form) {\n throw new Error('Client does not support form elicitation.');\n }\n break;\n }\n }\n\n // Normalize params to ensure mode is set\n const normalizedParams = mode === 'form' && params.mode !== 'form' ? { ...params, mode: 'form' } : params;\n return this.requestStream(\n {\n method: 'elicitation/create',\n params: normalizedParams\n },\n options\n ) as AsyncGenerator, void, void>;\n }\n\n /**\n * Gets the current status of a task.\n *\n * @param taskId - The task identifier\n * @param options - Optional request options\n * @returns The task status\n *\n * @experimental\n */\n async getTask(taskId: string, options?: RequestOptions): Promise {\n type ServerWithGetTask = { getTask(params: { taskId: string }, options?: RequestOptions): Promise };\n return (this._server as unknown as ServerWithGetTask).getTask({ taskId }, options);\n }\n\n /**\n * Retrieves the result of a completed task.\n *\n * @param taskId - The task identifier\n * @param resultSchema - Zod schema for validating the result\n * @param options - Optional request options\n * @returns The task result\n *\n * @experimental\n */\n async getTaskResult(taskId: string, resultSchema?: T, options?: RequestOptions): Promise> {\n return (\n this._server as unknown as {\n getTaskResult: (\n params: { taskId: string },\n resultSchema?: U,\n options?: RequestOptions\n ) => Promise>;\n }\n ).getTaskResult({ taskId }, resultSchema, options);\n }\n\n /**\n * Lists tasks with optional pagination.\n *\n * @param cursor - Optional pagination cursor\n * @param options - Optional request options\n * @returns List of tasks with optional next cursor\n *\n * @experimental\n */\n async listTasks(cursor?: string, options?: RequestOptions): Promise {\n return (\n this._server as unknown as {\n listTasks: (params?: { cursor?: string }, options?: RequestOptions) => Promise;\n }\n ).listTasks(cursor ? { cursor } : undefined, options);\n }\n\n /**\n * Cancels a running task.\n *\n * @param taskId - The task identifier\n * @param options - Optional request options\n *\n * @experimental\n */\n async cancelTask(taskId: string, options?: RequestOptions): Promise {\n return (\n this._server as unknown as {\n cancelTask: (params: { taskId: string }, options?: RequestOptions) => Promise;\n }\n ).cancelTask({ taskId }, options);\n }\n}\n" }, { "path": "packages/server/src/index.ts", "content": "export * from './server/completable.js';\nexport * from './server/mcp.js';\nexport * from './server/middleware/hostHeaderValidation.js';\nexport * from './server/server.js';\nexport * from './server/stdio.js';\nexport * from './server/streamableHttp.js';\n\n// experimental exports\nexport * from './experimental/index.js';\n\n// re-export shared types\nexport * from '@modelcontextprotocol/core';\n" }, { "path": "packages/server/src/server/completable.examples.ts", "content": "/**\n * Type-checked examples for `completable.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport * as z from 'zod/v4';\n\nimport { completable } from './completable.js';\nimport { McpServer } from './mcp.js';\n\n/**\n * Example: Using completable() in a prompt registration.\n */\nfunction completable_basicUsage() {\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n //#region completable_basicUsage\n server.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n argsSchema: z.object({\n language: completable(z.string().describe('Programming language'), value =>\n ['typescript', 'javascript', 'python', 'rust', 'go'].filter(lang => lang.startsWith(value))\n )\n })\n },\n ({ language }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Review this ${language} code.`\n }\n }\n ]\n })\n );\n //#endregion completable_basicUsage\n return server;\n}\n" }, { "path": "packages/server/src/server/completable.ts", "content": "import type { AnySchema } from '@modelcontextprotocol/core';\nimport type * as z from 'zod/v4';\n\nexport const COMPLETABLE_SYMBOL: unique symbol = Symbol.for('mcp.completable');\n\nexport type CompleteCallback = (\n value: z.input,\n context?: {\n arguments?: Record;\n }\n) => z.input[] | Promise[]>;\n\nexport type CompletableMeta = {\n complete: CompleteCallback;\n};\n\nexport type CompletableSchema = T & {\n [COMPLETABLE_SYMBOL]: CompletableMeta;\n};\n\n/**\n * Wraps a Zod type to provide autocompletion capabilities. Useful for, e.g., prompt arguments in MCP.\n *\n * @example\n * ```ts source=\"./completable.examples.ts#completable_basicUsage\"\n * server.registerPrompt(\n * 'review-code',\n * {\n * title: 'Code Review',\n * argsSchema: z.object({\n * language: completable(z.string().describe('Programming language'), value =>\n * ['typescript', 'javascript', 'python', 'rust', 'go'].filter(lang => lang.startsWith(value))\n * )\n * })\n * },\n * ({ language }) => ({\n * messages: [\n * {\n * role: 'user' as const,\n * content: {\n * type: 'text' as const,\n * text: `Review this ${language} code.`\n * }\n * }\n * ]\n * })\n * );\n * ```\n *\n * @see {@linkcode server/mcp.McpServer.registerPrompt | McpServer.registerPrompt} for using completable schemas in prompt argument definitions\n */\nexport function completable(schema: T, complete: CompleteCallback): CompletableSchema {\n Object.defineProperty(schema as object, COMPLETABLE_SYMBOL, {\n value: { complete } as CompletableMeta,\n enumerable: false,\n writable: false,\n configurable: false\n });\n return schema as CompletableSchema;\n}\n\n/**\n * Checks if a schema is completable (has completion metadata).\n */\nexport function isCompletable(schema: unknown): schema is CompletableSchema {\n return !!schema && typeof schema === 'object' && COMPLETABLE_SYMBOL in (schema as object);\n}\n\n/**\n * Gets the completer callback from a completable schema, if it exists.\n */\nexport function getCompleter(schema: T): CompleteCallback | undefined {\n const meta = (schema as unknown as { [COMPLETABLE_SYMBOL]?: CompletableMeta })[COMPLETABLE_SYMBOL];\n return meta?.complete as CompleteCallback | undefined;\n}\n" }, { "path": "packages/server/src/server/mcp.examples.ts", "content": "/**\n * Type-checked examples for `mcp.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport type { CallToolResult } from '@modelcontextprotocol/core';\nimport * as z from 'zod/v4';\n\nimport { McpServer } from './mcp.js';\nimport { StdioServerTransport } from './stdio.js';\n\n/**\n * Example: Creating a new McpServer.\n */\nfunction McpServer_basicUsage() {\n //#region McpServer_basicUsage\n const server = new McpServer({\n name: 'my-server',\n version: '1.0.0'\n });\n //#endregion McpServer_basicUsage\n return server;\n}\n\n/**\n * Example: Registering a tool with inputSchema and outputSchema.\n */\nfunction McpServer_registerTool_basic(server: McpServer) {\n //#region McpServer_registerTool_basic\n server.registerTool(\n 'calculate-bmi',\n {\n title: 'BMI Calculator',\n description: 'Calculate Body Mass Index',\n inputSchema: z.object({\n weightKg: z.number(),\n heightM: z.number()\n }),\n outputSchema: z.object({ bmi: z.number() })\n },\n async ({ weightKg, heightM }) => {\n const output = { bmi: weightKg / (heightM * heightM) };\n return {\n content: [{ type: 'text', text: JSON.stringify(output) }],\n structuredContent: output\n };\n }\n );\n //#endregion McpServer_registerTool_basic\n}\n\n/**\n * Example: Registering a static resource at a fixed URI.\n */\nfunction McpServer_registerResource_static(server: McpServer) {\n //#region McpServer_registerResource_static\n server.registerResource(\n 'config',\n 'config://app',\n {\n title: 'Application Config',\n mimeType: 'text/plain'\n },\n async uri => ({\n contents: [{ uri: uri.href, text: 'App configuration here' }]\n })\n );\n //#endregion McpServer_registerResource_static\n}\n\n/**\n * Example: Registering a prompt with an argument schema.\n */\nfunction McpServer_registerPrompt_basic(server: McpServer) {\n //#region McpServer_registerPrompt_basic\n server.registerPrompt(\n 'review-code',\n {\n title: 'Code Review',\n description: 'Review code for best practices',\n argsSchema: z.object({ code: z.string() })\n },\n ({ code }) => ({\n messages: [\n {\n role: 'user' as const,\n content: {\n type: 'text' as const,\n text: `Please review this code:\\n\\n${code}`\n }\n }\n ]\n })\n );\n //#endregion McpServer_registerPrompt_basic\n}\n\n/**\n * Example: Connecting an McpServer to a stdio transport.\n */\nasync function McpServer_connect_stdio() {\n //#region McpServer_connect_stdio\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n const transport = new StdioServerTransport();\n await server.connect(transport);\n //#endregion McpServer_connect_stdio\n}\n\n/**\n * Example: Sending a log message to the client.\n */\nasync function McpServer_sendLoggingMessage_basic(server: McpServer) {\n //#region McpServer_sendLoggingMessage_basic\n await server.sendLoggingMessage({\n level: 'info',\n data: 'Processing complete'\n });\n //#endregion McpServer_sendLoggingMessage_basic\n}\n\n/**\n * Example: Logging from inside a tool handler via ctx.mcpReq.log().\n */\nfunction McpServer_registerTool_logging(server: McpServer) {\n //#region McpServer_registerTool_logging\n server.registerTool(\n 'fetch-data',\n {\n description: 'Fetch data from an API',\n inputSchema: z.object({ url: z.string() })\n },\n async ({ url }, ctx): Promise => {\n await ctx.mcpReq.log('info', `Fetching ${url}`);\n const res = await fetch(url);\n await ctx.mcpReq.log('debug', `Response status: ${res.status}`);\n const text = await res.text();\n return { content: [{ type: 'text', text }] };\n }\n );\n //#endregion McpServer_registerTool_logging\n}\n" }, { "path": "packages/server/src/server/mcp.ts", "content": "import type {\n AnySchema,\n BaseMetadata,\n CallToolRequest,\n CallToolResult,\n CompleteRequestPrompt,\n CompleteRequestResourceTemplate,\n CompleteResult,\n CreateTaskResult,\n CreateTaskServerContext,\n GetPromptResult,\n Implementation,\n ListPromptsResult,\n ListResourcesResult,\n ListToolsResult,\n LoggingMessageNotification,\n Prompt,\n PromptArgument,\n PromptReference,\n ReadResourceResult,\n Resource,\n ResourceTemplateReference,\n Result,\n SchemaOutput,\n ServerContext,\n Tool,\n ToolAnnotations,\n ToolExecution,\n Transport,\n Variables\n} from '@modelcontextprotocol/core';\nimport {\n assertCompleteRequestPrompt,\n assertCompleteRequestResourceTemplate,\n getSchemaDescription,\n getSchemaShape,\n isOptionalSchema,\n parseSchemaAsync,\n ProtocolError,\n ProtocolErrorCode,\n schemaToJson,\n unwrapOptionalSchema,\n UriTemplate,\n validateAndWarnToolName\n} from '@modelcontextprotocol/core';\n\nimport type { ToolTaskHandler } from '../experimental/tasks/interfaces.js';\nimport { ExperimentalMcpServerTasks } from '../experimental/tasks/mcpServer.js';\nimport { getCompleter, isCompletable } from './completable.js';\nimport type { ServerOptions } from './server.js';\nimport { Server } from './server.js';\n\n/**\n * High-level MCP server that provides a simpler API for working with resources, tools, and prompts.\n * For advanced usage (like sending notifications or setting custom request handlers), use the underlying\n * {@linkcode Server} instance available via the {@linkcode McpServer.server | server} property.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_basicUsage\"\n * const server = new McpServer({\n * name: 'my-server',\n * version: '1.0.0'\n * });\n * ```\n */\nexport class McpServer {\n /**\n * The underlying {@linkcode Server} instance, useful for advanced operations like sending notifications.\n */\n public readonly server: Server;\n\n private _registeredResources: { [uri: string]: RegisteredResource } = {};\n private _registeredResourceTemplates: {\n [name: string]: RegisteredResourceTemplate;\n } = {};\n private _registeredTools: { [name: string]: RegisteredTool } = {};\n private _registeredPrompts: { [name: string]: RegisteredPrompt } = {};\n private _experimental?: { tasks: ExperimentalMcpServerTasks };\n\n constructor(serverInfo: Implementation, options?: ServerOptions) {\n this.server = new Server(serverInfo, options);\n }\n\n /**\n * Access experimental features.\n *\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n get experimental(): { tasks: ExperimentalMcpServerTasks } {\n if (!this._experimental) {\n this._experimental = {\n tasks: new ExperimentalMcpServerTasks(this)\n };\n }\n return this._experimental;\n }\n\n /**\n * Attaches to the given transport, starts it, and starts listening for messages.\n *\n * The `server` object assumes ownership of the {@linkcode Transport}, replacing any callbacks that have already been set, and expects that it is the only user of the {@linkcode Transport} instance going forward.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_connect_stdio\"\n * const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n * const transport = new StdioServerTransport();\n * await server.connect(transport);\n * ```\n */\n async connect(transport: Transport): Promise {\n return await this.server.connect(transport);\n }\n\n /**\n * Closes the connection.\n */\n async close(): Promise {\n await this.server.close();\n }\n\n private _toolHandlersInitialized = false;\n\n private setToolRequestHandlers() {\n if (this._toolHandlersInitialized) {\n return;\n }\n\n this.server.assertCanSetRequestHandler('tools/list');\n this.server.assertCanSetRequestHandler('tools/call');\n\n this.server.registerCapabilities({\n tools: {\n listChanged: this.server.getCapabilities().tools?.listChanged ?? true\n }\n });\n\n this.server.setRequestHandler(\n 'tools/list',\n (): ListToolsResult => ({\n tools: Object.entries(this._registeredTools)\n .filter(([, tool]) => tool.enabled)\n .map(([name, tool]): Tool => {\n const toolDefinition: Tool = {\n name,\n title: tool.title,\n description: tool.description,\n inputSchema: tool.inputSchema\n ? (schemaToJson(tool.inputSchema, { io: 'input' }) as Tool['inputSchema'])\n : EMPTY_OBJECT_JSON_SCHEMA,\n annotations: tool.annotations,\n execution: tool.execution,\n _meta: tool._meta\n };\n\n if (tool.outputSchema) {\n toolDefinition.outputSchema = schemaToJson(tool.outputSchema, {\n io: 'output'\n }) as Tool['outputSchema'];\n }\n\n return toolDefinition;\n })\n })\n );\n\n this.server.setRequestHandler('tools/call', async (request, ctx): Promise => {\n const tool = this._registeredTools[request.params.name];\n if (!tool) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Tool ${request.params.name} not found`);\n }\n if (!tool.enabled) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Tool ${request.params.name} disabled`);\n }\n\n try {\n const isTaskRequest = !!request.params.task;\n const taskSupport = tool.execution?.taskSupport;\n const isTaskHandler = 'createTask' in (tool.handler as AnyToolHandler);\n\n // Validate task hint configuration\n if ((taskSupport === 'required' || taskSupport === 'optional') && !isTaskHandler) {\n throw new ProtocolError(\n ProtocolErrorCode.InternalError,\n `Tool ${request.params.name} has taskSupport '${taskSupport}' but was not registered with registerToolTask`\n );\n }\n\n // Handle taskSupport 'required' without task augmentation\n if (taskSupport === 'required' && !isTaskRequest) {\n throw new ProtocolError(\n ProtocolErrorCode.MethodNotFound,\n `Tool ${request.params.name} requires task augmentation (taskSupport: 'required')`\n );\n }\n\n // Handle taskSupport 'optional' without task augmentation - automatic polling\n if (taskSupport === 'optional' && !isTaskRequest && isTaskHandler) {\n return await this.handleAutomaticTaskPolling(tool, request, ctx);\n }\n\n // Normal execution path\n const args = await this.validateToolInput(tool, request.params.arguments, request.params.name);\n const result = await this.executeToolHandler(tool, args, ctx);\n\n // Return CreateTaskResult immediately for task requests\n if (isTaskRequest) {\n return result;\n }\n\n // Validate output schema for non-task requests\n await this.validateToolOutput(tool, result, request.params.name);\n return result;\n } catch (error) {\n if (error instanceof ProtocolError && error.code === ProtocolErrorCode.UrlElicitationRequired) {\n throw error; // Return the error to the caller without wrapping in CallToolResult\n }\n return this.createToolError(error instanceof Error ? error.message : String(error));\n }\n });\n\n this._toolHandlersInitialized = true;\n }\n\n /**\n * Creates a tool error result.\n *\n * @param errorMessage - The error message.\n * @returns The tool error result.\n */\n private createToolError(errorMessage: string): CallToolResult {\n return {\n content: [\n {\n type: 'text',\n text: errorMessage\n }\n ],\n isError: true\n };\n }\n\n /**\n * Validates tool input arguments against the tool's input schema.\n */\n private async validateToolInput<\n Tool extends RegisteredTool,\n Args extends Tool['inputSchema'] extends infer InputSchema\n ? InputSchema extends AnySchema\n ? SchemaOutput\n : undefined\n : undefined\n >(tool: Tool, args: Args, toolName: string): Promise {\n if (!tool.inputSchema) {\n return undefined as Args;\n }\n\n const parseResult = await parseSchemaAsync(tool.inputSchema, args ?? {});\n if (!parseResult.success) {\n const errorMessage = parseResult.error.issues.map((i: { message: string }) => i.message).join(', ');\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Input validation error: Invalid arguments for tool ${toolName}: ${errorMessage}`\n );\n }\n\n return parseResult.data as unknown as Args;\n }\n\n /**\n * Validates tool output against the tool's output schema.\n */\n private async validateToolOutput(tool: RegisteredTool, result: CallToolResult | CreateTaskResult, toolName: string): Promise {\n if (!tool.outputSchema) {\n return;\n }\n\n // Only validate CallToolResult, not CreateTaskResult\n if (!('content' in result)) {\n return;\n }\n\n if (result.isError) {\n return;\n }\n\n if (!result.structuredContent) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Output validation error: Tool ${toolName} has an output schema but no structured content was provided`\n );\n }\n\n // if the tool has an output schema, validate structured content\n const parseResult = await parseSchemaAsync(tool.outputSchema, result.structuredContent);\n if (!parseResult.success) {\n const errorMessage = parseResult.error.issues.map((i: { message: string }) => i.message).join(', ');\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Output validation error: Invalid structured content for tool ${toolName}: ${errorMessage}`\n );\n }\n }\n\n /**\n * Executes a tool handler (either regular or task-based).\n */\n private async executeToolHandler(tool: RegisteredTool, args: unknown, ctx: ServerContext): Promise {\n // Executor encapsulates handler invocation with proper types\n return tool.executor(args, ctx);\n }\n\n /**\n * Handles automatic task polling for tools with `taskSupport` `'optional'`.\n */\n private async handleAutomaticTaskPolling(\n tool: RegisteredTool,\n request: RequestT,\n ctx: ServerContext\n ): Promise {\n if (!ctx.task?.store) {\n throw new Error('No task store provided for task-capable tool.');\n }\n\n // Validate input and create task using the executor\n const args = await this.validateToolInput(tool, request.params.arguments, request.params.name);\n const createTaskResult = (await tool.executor(args, ctx)) as CreateTaskResult;\n\n // Poll until completion\n const taskId = createTaskResult.task.taskId;\n let task = createTaskResult.task;\n const pollInterval = task.pollInterval ?? 5000;\n\n while (task.status !== 'completed' && task.status !== 'failed' && task.status !== 'cancelled') {\n await new Promise(resolve => setTimeout(resolve, pollInterval));\n const updatedTask = await ctx.task.store.getTask(taskId);\n if (!updatedTask) {\n throw new ProtocolError(ProtocolErrorCode.InternalError, `Task ${taskId} not found during polling`);\n }\n task = updatedTask;\n }\n\n // Return the final result\n return (await ctx.task.store.getTaskResult(taskId)) as CallToolResult;\n }\n\n private _completionHandlerInitialized = false;\n\n private setCompletionRequestHandler() {\n if (this._completionHandlerInitialized) {\n return;\n }\n\n this.server.assertCanSetRequestHandler('completion/complete');\n\n this.server.registerCapabilities({\n completions: {}\n });\n\n this.server.setRequestHandler('completion/complete', async (request): Promise => {\n switch (request.params.ref.type) {\n case 'ref/prompt': {\n assertCompleteRequestPrompt(request);\n return this.handlePromptCompletion(request, request.params.ref);\n }\n\n case 'ref/resource': {\n assertCompleteRequestResourceTemplate(request);\n return this.handleResourceCompletion(request, request.params.ref);\n }\n\n default: {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid completion reference: ${request.params.ref}`);\n }\n }\n });\n\n this._completionHandlerInitialized = true;\n }\n\n private async handlePromptCompletion(request: CompleteRequestPrompt, ref: PromptReference): Promise {\n const prompt = this._registeredPrompts[ref.name];\n if (!prompt) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Prompt ${ref.name} not found`);\n }\n\n if (!prompt.enabled) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Prompt ${ref.name} disabled`);\n }\n\n if (!prompt.argsSchema) {\n return EMPTY_COMPLETION_RESULT;\n }\n\n const promptShape = getSchemaShape(prompt.argsSchema);\n const field = promptShape?.[request.params.argument.name];\n if (!isCompletable(field)) {\n return EMPTY_COMPLETION_RESULT;\n }\n\n const completer = getCompleter(field);\n if (!completer) {\n return EMPTY_COMPLETION_RESULT;\n }\n const suggestions = await completer(request.params.argument.value, request.params.context);\n return createCompletionResult(suggestions);\n }\n\n private async handleResourceCompletion(\n request: CompleteRequestResourceTemplate,\n ref: ResourceTemplateReference\n ): Promise {\n const template = Object.values(this._registeredResourceTemplates).find(t => t.resourceTemplate.uriTemplate.toString() === ref.uri);\n\n if (!template) {\n if (this._registeredResources[ref.uri]) {\n // Attempting to autocomplete a fixed resource URI is not an error in the spec (but probably should be).\n return EMPTY_COMPLETION_RESULT;\n }\n\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Resource template ${request.params.ref.uri} not found`);\n }\n\n const completer = template.resourceTemplate.completeCallback(request.params.argument.name);\n if (!completer) {\n return EMPTY_COMPLETION_RESULT;\n }\n\n const suggestions = await completer(request.params.argument.value, request.params.context);\n return createCompletionResult(suggestions);\n }\n\n private _resourceHandlersInitialized = false;\n\n private setResourceRequestHandlers() {\n if (this._resourceHandlersInitialized) {\n return;\n }\n\n this.server.assertCanSetRequestHandler('resources/list');\n this.server.assertCanSetRequestHandler('resources/templates/list');\n this.server.assertCanSetRequestHandler('resources/read');\n\n this.server.registerCapabilities({\n resources: {\n listChanged: this.server.getCapabilities().resources?.listChanged ?? true\n }\n });\n\n this.server.setRequestHandler('resources/list', async (_request, ctx) => {\n const resources = Object.entries(this._registeredResources)\n .filter(([_, resource]) => resource.enabled)\n .map(([uri, resource]) => ({\n uri,\n name: resource.name,\n ...resource.metadata\n }));\n\n const templateResources: Resource[] = [];\n for (const template of Object.values(this._registeredResourceTemplates)) {\n if (!template.resourceTemplate.listCallback) {\n continue;\n }\n\n const result = await template.resourceTemplate.listCallback(ctx);\n for (const resource of result.resources) {\n templateResources.push({\n ...template.metadata,\n // the defined resource metadata should override the template metadata if present\n ...resource\n });\n }\n }\n\n return { resources: [...resources, ...templateResources] };\n });\n\n this.server.setRequestHandler('resources/templates/list', async () => {\n const resourceTemplates = Object.entries(this._registeredResourceTemplates).map(([name, template]) => ({\n name,\n uriTemplate: template.resourceTemplate.uriTemplate.toString(),\n ...template.metadata\n }));\n\n return { resourceTemplates };\n });\n\n this.server.setRequestHandler('resources/read', async (request, ctx) => {\n const uri = new URL(request.params.uri);\n\n // First check for exact resource match\n const resource = this._registeredResources[uri.toString()];\n if (resource) {\n if (!resource.enabled) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Resource ${uri} disabled`);\n }\n return resource.readCallback(uri, ctx);\n }\n\n // Then check templates\n for (const template of Object.values(this._registeredResourceTemplates)) {\n const variables = template.resourceTemplate.uriTemplate.match(uri.toString());\n if (variables) {\n return template.readCallback(uri, variables, ctx);\n }\n }\n\n throw new ProtocolError(ProtocolErrorCode.ResourceNotFound, `Resource ${uri} not found`);\n });\n\n this._resourceHandlersInitialized = true;\n }\n\n private _promptHandlersInitialized = false;\n\n private setPromptRequestHandlers() {\n if (this._promptHandlersInitialized) {\n return;\n }\n\n this.server.assertCanSetRequestHandler('prompts/list');\n this.server.assertCanSetRequestHandler('prompts/get');\n\n this.server.registerCapabilities({\n prompts: {\n listChanged: this.server.getCapabilities().prompts?.listChanged ?? true\n }\n });\n\n this.server.setRequestHandler(\n 'prompts/list',\n (): ListPromptsResult => ({\n prompts: Object.entries(this._registeredPrompts)\n .filter(([, prompt]) => prompt.enabled)\n .map(([name, prompt]): Prompt => {\n return {\n name,\n title: prompt.title,\n description: prompt.description,\n arguments: prompt.argsSchema ? promptArgumentsFromSchema(prompt.argsSchema) : undefined\n };\n })\n })\n );\n\n this.server.setRequestHandler('prompts/get', async (request, ctx): Promise => {\n const prompt = this._registeredPrompts[request.params.name];\n if (!prompt) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Prompt ${request.params.name} not found`);\n }\n\n if (!prompt.enabled) {\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Prompt ${request.params.name} disabled`);\n }\n\n // Handler encapsulates parsing and callback invocation with proper types\n return prompt.handler(request.params.arguments, ctx);\n });\n\n this._promptHandlersInitialized = true;\n }\n\n /**\n * Registers a resource with a config object and callback.\n * For static resources, use a URI string. For dynamic resources, use a {@linkcode ResourceTemplate}.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_registerResource_static\"\n * server.registerResource(\n * 'config',\n * 'config://app',\n * {\n * title: 'Application Config',\n * mimeType: 'text/plain'\n * },\n * async uri => ({\n * contents: [{ uri: uri.href, text: 'App configuration here' }]\n * })\n * );\n * ```\n */\n registerResource(name: string, uriOrTemplate: string, config: ResourceMetadata, readCallback: ReadResourceCallback): RegisteredResource;\n registerResource(\n name: string,\n uriOrTemplate: ResourceTemplate,\n config: ResourceMetadata,\n readCallback: ReadResourceTemplateCallback\n ): RegisteredResourceTemplate;\n registerResource(\n name: string,\n uriOrTemplate: string | ResourceTemplate,\n config: ResourceMetadata,\n readCallback: ReadResourceCallback | ReadResourceTemplateCallback\n ): RegisteredResource | RegisteredResourceTemplate {\n if (typeof uriOrTemplate === 'string') {\n if (this._registeredResources[uriOrTemplate]) {\n throw new Error(`Resource ${uriOrTemplate} is already registered`);\n }\n\n const registeredResource = this._createRegisteredResource(\n name,\n (config as BaseMetadata).title,\n uriOrTemplate,\n config,\n readCallback as ReadResourceCallback\n );\n\n this.setResourceRequestHandlers();\n this.sendResourceListChanged();\n return registeredResource;\n } else {\n if (this._registeredResourceTemplates[name]) {\n throw new Error(`Resource template ${name} is already registered`);\n }\n\n const registeredResourceTemplate = this._createRegisteredResourceTemplate(\n name,\n (config as BaseMetadata).title,\n uriOrTemplate,\n config,\n readCallback as ReadResourceTemplateCallback\n );\n\n this.setResourceRequestHandlers();\n this.sendResourceListChanged();\n return registeredResourceTemplate;\n }\n }\n\n private _createRegisteredResource(\n name: string,\n title: string | undefined,\n uri: string,\n metadata: ResourceMetadata | undefined,\n readCallback: ReadResourceCallback\n ): RegisteredResource {\n const registeredResource: RegisteredResource = {\n name,\n title,\n metadata,\n readCallback,\n enabled: true,\n disable: () => registeredResource.update({ enabled: false }),\n enable: () => registeredResource.update({ enabled: true }),\n remove: () => registeredResource.update({ uri: null }),\n update: updates => {\n if (updates.uri !== undefined && updates.uri !== uri) {\n delete this._registeredResources[uri];\n if (updates.uri) this._registeredResources[updates.uri] = registeredResource;\n }\n if (updates.name !== undefined) registeredResource.name = updates.name;\n if (updates.title !== undefined) registeredResource.title = updates.title;\n if (updates.metadata !== undefined) registeredResource.metadata = updates.metadata;\n if (updates.callback !== undefined) registeredResource.readCallback = updates.callback;\n if (updates.enabled !== undefined) registeredResource.enabled = updates.enabled;\n this.sendResourceListChanged();\n }\n };\n this._registeredResources[uri] = registeredResource;\n return registeredResource;\n }\n\n private _createRegisteredResourceTemplate(\n name: string,\n title: string | undefined,\n template: ResourceTemplate,\n metadata: ResourceMetadata | undefined,\n readCallback: ReadResourceTemplateCallback\n ): RegisteredResourceTemplate {\n const registeredResourceTemplate: RegisteredResourceTemplate = {\n resourceTemplate: template,\n title,\n metadata,\n readCallback,\n enabled: true,\n disable: () => registeredResourceTemplate.update({ enabled: false }),\n enable: () => registeredResourceTemplate.update({ enabled: true }),\n remove: () => registeredResourceTemplate.update({ name: null }),\n update: updates => {\n if (updates.name !== undefined && updates.name !== name) {\n delete this._registeredResourceTemplates[name];\n if (updates.name) this._registeredResourceTemplates[updates.name] = registeredResourceTemplate;\n }\n if (updates.title !== undefined) registeredResourceTemplate.title = updates.title;\n if (updates.template !== undefined) registeredResourceTemplate.resourceTemplate = updates.template;\n if (updates.metadata !== undefined) registeredResourceTemplate.metadata = updates.metadata;\n if (updates.callback !== undefined) registeredResourceTemplate.readCallback = updates.callback;\n if (updates.enabled !== undefined) registeredResourceTemplate.enabled = updates.enabled;\n this.sendResourceListChanged();\n }\n };\n this._registeredResourceTemplates[name] = registeredResourceTemplate;\n\n // If the resource template has any completion callbacks, enable completions capability\n const variableNames = template.uriTemplate.variableNames;\n const hasCompleter = Array.isArray(variableNames) && variableNames.some(v => !!template.completeCallback(v));\n if (hasCompleter) {\n this.setCompletionRequestHandler();\n }\n\n return registeredResourceTemplate;\n }\n\n private _createRegisteredPrompt(\n name: string,\n title: string | undefined,\n description: string | undefined,\n argsSchema: AnySchema | undefined,\n callback: PromptCallback\n ): RegisteredPrompt {\n // Track current schema and callback for handler regeneration\n let currentArgsSchema = argsSchema;\n let currentCallback = callback;\n\n const registeredPrompt: RegisteredPrompt = {\n title,\n description,\n argsSchema,\n handler: createPromptHandler(name, argsSchema, callback),\n enabled: true,\n disable: () => registeredPrompt.update({ enabled: false }),\n enable: () => registeredPrompt.update({ enabled: true }),\n remove: () => registeredPrompt.update({ name: null }),\n update: updates => {\n if (updates.name !== undefined && updates.name !== name) {\n delete this._registeredPrompts[name];\n if (updates.name) this._registeredPrompts[updates.name] = registeredPrompt;\n }\n if (updates.title !== undefined) registeredPrompt.title = updates.title;\n if (updates.description !== undefined) registeredPrompt.description = updates.description;\n\n // Track if we need to regenerate the handler\n let needsHandlerRegen = false;\n if (updates.argsSchema !== undefined) {\n registeredPrompt.argsSchema = updates.argsSchema;\n currentArgsSchema = updates.argsSchema;\n needsHandlerRegen = true;\n }\n if (updates.callback !== undefined) {\n currentCallback = updates.callback as PromptCallback;\n needsHandlerRegen = true;\n }\n if (needsHandlerRegen) {\n registeredPrompt.handler = createPromptHandler(name, currentArgsSchema, currentCallback);\n }\n\n if (updates.enabled !== undefined) registeredPrompt.enabled = updates.enabled;\n this.sendPromptListChanged();\n }\n };\n this._registeredPrompts[name] = registeredPrompt;\n\n // If any argument uses a Completable schema, enable completions capability\n if (argsSchema) {\n const shape = getSchemaShape(argsSchema);\n if (shape) {\n const hasCompletable = Object.values(shape).some(field => {\n const inner = unwrapOptionalSchema(field);\n return isCompletable(inner);\n });\n if (hasCompletable) {\n this.setCompletionRequestHandler();\n }\n }\n }\n\n return registeredPrompt;\n }\n\n private _createRegisteredTool(\n name: string,\n title: string | undefined,\n description: string | undefined,\n inputSchema: AnySchema | undefined,\n outputSchema: AnySchema | undefined,\n annotations: ToolAnnotations | undefined,\n execution: ToolExecution | undefined,\n _meta: Record | undefined,\n handler: AnyToolHandler\n ): RegisteredTool {\n // Validate tool name according to SEP specification\n validateAndWarnToolName(name);\n\n // Track current handler for executor regeneration\n let currentHandler = handler;\n\n const registeredTool: RegisteredTool = {\n title,\n description,\n inputSchema,\n outputSchema,\n annotations,\n execution,\n _meta,\n handler: handler,\n executor: createToolExecutor(inputSchema, handler),\n enabled: true,\n disable: () => registeredTool.update({ enabled: false }),\n enable: () => registeredTool.update({ enabled: true }),\n remove: () => registeredTool.update({ name: null }),\n update: updates => {\n if (updates.name !== undefined && updates.name !== name) {\n if (typeof updates.name === 'string') {\n validateAndWarnToolName(updates.name);\n }\n delete this._registeredTools[name];\n if (updates.name) this._registeredTools[updates.name] = registeredTool;\n }\n if (updates.title !== undefined) registeredTool.title = updates.title;\n if (updates.description !== undefined) registeredTool.description = updates.description;\n\n // Track if we need to regenerate the executor\n let needsExecutorRegen = false;\n if (updates.paramsSchema !== undefined) {\n registeredTool.inputSchema = updates.paramsSchema;\n needsExecutorRegen = true;\n }\n if (updates.callback !== undefined) {\n registeredTool.handler = updates.callback;\n currentHandler = updates.callback as AnyToolHandler;\n needsExecutorRegen = true;\n }\n if (needsExecutorRegen) {\n registeredTool.executor = createToolExecutor(registeredTool.inputSchema, currentHandler);\n }\n\n if (updates.outputSchema !== undefined) registeredTool.outputSchema = updates.outputSchema;\n if (updates.annotations !== undefined) registeredTool.annotations = updates.annotations;\n if (updates._meta !== undefined) registeredTool._meta = updates._meta;\n if (updates.enabled !== undefined) registeredTool.enabled = updates.enabled;\n this.sendToolListChanged();\n }\n };\n this._registeredTools[name] = registeredTool;\n\n this.setToolRequestHandlers();\n this.sendToolListChanged();\n\n return registeredTool;\n }\n\n /**\n * Registers a tool with a config object and callback.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_registerTool_basic\"\n * server.registerTool(\n * 'calculate-bmi',\n * {\n * title: 'BMI Calculator',\n * description: 'Calculate Body Mass Index',\n * inputSchema: z.object({\n * weightKg: z.number(),\n * heightM: z.number()\n * }),\n * outputSchema: z.object({ bmi: z.number() })\n * },\n * async ({ weightKg, heightM }) => {\n * const output = { bmi: weightKg / (heightM * heightM) };\n * return {\n * content: [{ type: 'text', text: JSON.stringify(output) }],\n * structuredContent: output\n * };\n * }\n * );\n * ```\n */\n registerTool(\n name: string,\n config: {\n title?: string;\n description?: string;\n inputSchema?: InputArgs;\n outputSchema?: OutputArgs;\n annotations?: ToolAnnotations;\n _meta?: Record;\n },\n cb: ToolCallback\n ): RegisteredTool {\n if (this._registeredTools[name]) {\n throw new Error(`Tool ${name} is already registered`);\n }\n\n const { title, description, inputSchema, outputSchema, annotations, _meta } = config;\n\n return this._createRegisteredTool(\n name,\n title,\n description,\n inputSchema,\n outputSchema,\n annotations,\n { taskSupport: 'forbidden' },\n _meta,\n cb as ToolCallback\n );\n }\n\n /**\n * Registers a prompt with a config object and callback.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_registerPrompt_basic\"\n * server.registerPrompt(\n * 'review-code',\n * {\n * title: 'Code Review',\n * description: 'Review code for best practices',\n * argsSchema: z.object({ code: z.string() })\n * },\n * ({ code }) => ({\n * messages: [\n * {\n * role: 'user' as const,\n * content: {\n * type: 'text' as const,\n * text: `Please review this code:\\n\\n${code}`\n * }\n * }\n * ]\n * })\n * );\n * ```\n */\n registerPrompt(\n name: string,\n config: {\n title?: string;\n description?: string;\n argsSchema?: Args;\n },\n cb: PromptCallback\n ): RegisteredPrompt {\n if (this._registeredPrompts[name]) {\n throw new Error(`Prompt ${name} is already registered`);\n }\n\n const { title, description, argsSchema } = config;\n\n const registeredPrompt = this._createRegisteredPrompt(\n name,\n title,\n description,\n argsSchema,\n cb as PromptCallback\n );\n\n this.setPromptRequestHandlers();\n this.sendPromptListChanged();\n\n return registeredPrompt;\n }\n\n /**\n * Checks if the server is connected to a transport.\n * @returns `true` if the server is connected\n */\n isConnected() {\n return this.server.transport !== undefined;\n }\n\n /**\n * Sends a logging message to the client, if connected.\n * Note: You only need to send the parameters object, not the entire JSON-RPC message.\n * @see {@linkcode LoggingMessageNotification}\n * @param params\n * @param sessionId Optional for stateless transports and backward compatibility.\n *\n * @example\n * ```ts source=\"./mcp.examples.ts#McpServer_sendLoggingMessage_basic\"\n * await server.sendLoggingMessage({\n * level: 'info',\n * data: 'Processing complete'\n * });\n * ```\n */\n async sendLoggingMessage(params: LoggingMessageNotification['params'], sessionId?: string) {\n return this.server.sendLoggingMessage(params, sessionId);\n }\n /**\n * Sends a resource list changed event to the client, if connected.\n */\n sendResourceListChanged() {\n if (this.isConnected()) {\n this.server.sendResourceListChanged();\n }\n }\n\n /**\n * Sends a tool list changed event to the client, if connected.\n */\n sendToolListChanged() {\n if (this.isConnected()) {\n this.server.sendToolListChanged();\n }\n }\n\n /**\n * Sends a prompt list changed event to the client, if connected.\n */\n sendPromptListChanged() {\n if (this.isConnected()) {\n this.server.sendPromptListChanged();\n }\n }\n}\n\n/**\n * A callback to complete one variable within a resource template's URI template.\n */\nexport type CompleteResourceTemplateCallback = (\n value: string,\n context?: {\n arguments?: Record;\n }\n) => string[] | Promise;\n\n/**\n * A resource template combines a URI pattern with optional functionality to enumerate\n * all resources matching that pattern.\n */\nexport class ResourceTemplate {\n private _uriTemplate: UriTemplate;\n\n constructor(\n uriTemplate: string | UriTemplate,\n private _callbacks: {\n /**\n * A callback to list all resources matching this template. This is required to be specified, even if `undefined`, to avoid accidentally forgetting resource listing.\n */\n list: ListResourcesCallback | undefined;\n\n /**\n * An optional callback to autocomplete variables within the URI template. Useful for clients and users to discover possible values.\n */\n complete?: {\n [variable: string]: CompleteResourceTemplateCallback;\n };\n }\n ) {\n this._uriTemplate = typeof uriTemplate === 'string' ? new UriTemplate(uriTemplate) : uriTemplate;\n }\n\n /**\n * Gets the URI template pattern.\n */\n get uriTemplate(): UriTemplate {\n return this._uriTemplate;\n }\n\n /**\n * Gets the list callback, if one was provided.\n */\n get listCallback(): ListResourcesCallback | undefined {\n return this._callbacks.list;\n }\n\n /**\n * Gets the callback for completing a specific URI template variable, if one was provided.\n */\n completeCallback(variable: string): CompleteResourceTemplateCallback | undefined {\n return this._callbacks.complete?.[variable];\n }\n}\n\nexport type BaseToolCallback = Args extends AnySchema\n ? (args: SchemaOutput, ctx: Ctx) => ResultT | Promise\n : (ctx: Ctx) => ResultT | Promise;\n\n/**\n * Callback for a tool handler registered with {@linkcode McpServer.registerTool}.\n */\nexport type ToolCallback = BaseToolCallback;\n\n/**\n * Supertype that can handle both regular tools (simple callback) and task-based tools (task handler object).\n */\nexport type AnyToolHandler = ToolCallback | ToolTaskHandler;\n\n/**\n * Internal executor type that encapsulates handler invocation with proper types.\n */\ntype ToolExecutor = (args: unknown, ctx: ServerContext) => Promise;\n\nexport type RegisteredTool = {\n title?: string;\n description?: string;\n inputSchema?: AnySchema;\n outputSchema?: AnySchema;\n annotations?: ToolAnnotations;\n execution?: ToolExecution;\n _meta?: Record;\n handler: AnyToolHandler;\n /** @hidden */\n executor: ToolExecutor;\n enabled: boolean;\n enable(): void;\n disable(): void;\n update(updates: {\n name?: string | null;\n title?: string;\n description?: string;\n paramsSchema?: AnySchema;\n outputSchema?: AnySchema;\n annotations?: ToolAnnotations;\n _meta?: Record;\n callback?: ToolCallback;\n enabled?: boolean;\n }): void;\n remove(): void;\n};\n\n/**\n * Creates an executor that invokes the handler with the appropriate arguments.\n * When `inputSchema` is defined, the handler is called with `(args, ctx)`.\n * When `inputSchema` is undefined, the handler is called with just `(ctx)`.\n */\nfunction createToolExecutor(inputSchema: AnySchema | undefined, handler: AnyToolHandler): ToolExecutor {\n const isTaskHandler = 'createTask' in handler;\n\n if (isTaskHandler) {\n const taskHandler = handler as TaskHandlerInternal;\n return async (args, ctx) => {\n if (!ctx.task?.store) {\n throw new Error('No task store provided.');\n }\n const taskCtx: CreateTaskServerContext = { ...ctx, task: { store: ctx.task.store, requestedTtl: ctx.task?.requestedTtl } };\n if (inputSchema) {\n return taskHandler.createTask(args, taskCtx);\n }\n // When no inputSchema, call with just ctx (the handler expects (ctx) signature)\n return (taskHandler.createTask as (ctx: CreateTaskServerContext) => CreateTaskResult | Promise)(taskCtx);\n };\n }\n\n if (inputSchema) {\n const callback = handler as ToolCallbackInternal;\n return async (args, ctx) => callback(args, ctx);\n }\n\n // When no inputSchema, call with just ctx (the handler expects (ctx) signature)\n const callback = handler as (ctx: ServerContext) => CallToolResult | Promise;\n return async (_args, ctx) => callback(ctx);\n}\n\nconst EMPTY_OBJECT_JSON_SCHEMA = {\n type: 'object' as const,\n properties: {}\n};\n\n/**\n * Additional, optional information for annotating a resource.\n */\nexport type ResourceMetadata = Omit;\n\n/**\n * Callback to list all resources matching a given template.\n */\nexport type ListResourcesCallback = (ctx: ServerContext) => ListResourcesResult | Promise;\n\n/**\n * Callback to read a resource at a given URI.\n */\nexport type ReadResourceCallback = (uri: URL, ctx: ServerContext) => ReadResourceResult | Promise;\n\nexport type RegisteredResource = {\n name: string;\n title?: string;\n metadata?: ResourceMetadata;\n readCallback: ReadResourceCallback;\n enabled: boolean;\n enable(): void;\n disable(): void;\n update(updates: {\n name?: string;\n title?: string;\n uri?: string | null;\n metadata?: ResourceMetadata;\n callback?: ReadResourceCallback;\n enabled?: boolean;\n }): void;\n remove(): void;\n};\n\n/**\n * Callback to read a resource at a given URI, following a filled-in URI template.\n */\nexport type ReadResourceTemplateCallback = (\n uri: URL,\n variables: Variables,\n ctx: ServerContext\n) => ReadResourceResult | Promise;\n\nexport type RegisteredResourceTemplate = {\n resourceTemplate: ResourceTemplate;\n title?: string;\n metadata?: ResourceMetadata;\n readCallback: ReadResourceTemplateCallback;\n enabled: boolean;\n enable(): void;\n disable(): void;\n update(updates: {\n name?: string | null;\n title?: string;\n template?: ResourceTemplate;\n metadata?: ResourceMetadata;\n callback?: ReadResourceTemplateCallback;\n enabled?: boolean;\n }): void;\n remove(): void;\n};\n\nexport type PromptCallback = Args extends AnySchema\n ? (args: SchemaOutput, ctx: ServerContext) => GetPromptResult | Promise\n : (ctx: ServerContext) => GetPromptResult | Promise;\n\n/**\n * Internal handler type that encapsulates parsing and callback invocation.\n * This allows type-safe handling without runtime type assertions.\n */\ntype PromptHandler = (args: Record | undefined, ctx: ServerContext) => Promise;\n\ntype ToolCallbackInternal = (args: unknown, ctx: ServerContext) => CallToolResult | Promise;\n\ntype TaskHandlerInternal = {\n createTask: (args: unknown, ctx: CreateTaskServerContext) => CreateTaskResult | Promise;\n};\n\nexport type RegisteredPrompt = {\n title?: string;\n description?: string;\n argsSchema?: AnySchema;\n /** @hidden */\n handler: PromptHandler;\n enabled: boolean;\n enable(): void;\n disable(): void;\n update(updates: {\n name?: string | null;\n title?: string;\n description?: string;\n argsSchema?: Args;\n callback?: PromptCallback;\n enabled?: boolean;\n }): void;\n remove(): void;\n};\n\n/**\n * Creates a type-safe prompt handler that captures the schema and callback in a closure.\n * This eliminates the need for type assertions at the call site.\n */\nfunction createPromptHandler(\n name: string,\n argsSchema: AnySchema | undefined,\n callback: PromptCallback\n): PromptHandler {\n if (argsSchema) {\n const typedCallback = callback as (args: SchemaOutput, ctx: ServerContext) => GetPromptResult | Promise;\n\n return async (args, ctx) => {\n const parseResult = await parseSchemaAsync(argsSchema, args);\n if (!parseResult.success) {\n const errorMessage = parseResult.error.issues.map((i: { message: string }) => i.message).join(', ');\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid arguments for prompt ${name}: ${errorMessage}`);\n }\n return typedCallback(parseResult.data as SchemaOutput, ctx);\n };\n } else {\n const typedCallback = callback as (ctx: ServerContext) => GetPromptResult | Promise;\n\n return async (_args, ctx) => {\n return typedCallback(ctx);\n };\n }\n}\n\nfunction promptArgumentsFromSchema(schema: AnySchema): PromptArgument[] {\n const shape = getSchemaShape(schema);\n if (!shape) return [];\n return Object.entries(shape).map(([name, field]): PromptArgument => {\n return {\n name,\n description: getSchemaDescription(field),\n required: !isOptionalSchema(field)\n };\n });\n}\n\nfunction createCompletionResult(suggestions: readonly unknown[]): CompleteResult {\n const values = suggestions.map(String).slice(0, 100);\n return {\n completion: {\n values,\n total: suggestions.length,\n hasMore: suggestions.length > 100\n }\n };\n}\n\nconst EMPTY_COMPLETION_RESULT: CompleteResult = {\n completion: {\n values: [],\n hasMore: false\n }\n};\n" }, { "path": "packages/server/src/server/middleware/hostHeaderValidation.examples.ts", "content": "/**\n * Type-checked examples for `hostHeaderValidation.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { validateHostHeader } from './hostHeaderValidation.js';\n\n/**\n * Example: Validating a host header against allowed hosts.\n */\nfunction hostHeaderValidationResponse_basicUsage(req: Request) {\n //#region hostHeaderValidationResponse_basicUsage\n const result = validateHostHeader(req.headers.get('host'), ['localhost']);\n //#endregion hostHeaderValidationResponse_basicUsage\n return result;\n}\n" }, { "path": "packages/server/src/server/middleware/hostHeaderValidation.ts", "content": "export type HostHeaderValidationResult =\n | { ok: true; hostname: string }\n | {\n ok: false;\n errorCode: 'missing_host' | 'invalid_host_header' | 'invalid_host';\n message: string;\n hostHeader?: string;\n hostname?: string;\n };\n\n/**\n * Parse and validate a `Host` header against an allowlist of hostnames (port-agnostic).\n *\n * - Input host header may include a port (e.g. `localhost:3000`) or IPv6 brackets (e.g. `[::1]:3000`).\n * - Allowlist items should be hostnames only (no ports). For IPv6, include brackets (e.g. `[::1]`).\n */\nexport function validateHostHeader(hostHeader: string | null | undefined, allowedHostnames: string[]): HostHeaderValidationResult {\n if (!hostHeader) {\n return { ok: false, errorCode: 'missing_host', message: 'Missing Host header' };\n }\n\n // Use URL API to parse hostname (handles IPv4, IPv6, and regular hostnames)\n let hostname: string;\n try {\n hostname = new URL(`http://${hostHeader}`).hostname;\n } catch {\n return { ok: false, errorCode: 'invalid_host_header', message: `Invalid Host header: ${hostHeader}`, hostHeader };\n }\n\n if (!allowedHostnames.includes(hostname)) {\n return { ok: false, errorCode: 'invalid_host', message: `Invalid Host: ${hostname}`, hostHeader, hostname };\n }\n\n return { ok: true, hostname };\n}\n\n/**\n * Convenience allowlist for `localhost` DNS rebinding protection.\n */\nexport function localhostAllowedHostnames(): string[] {\n return ['localhost', '127.0.0.1', '[::1]'];\n}\n\n/**\n * Web-standard `Request` helper for DNS rebinding protection.\n * @example\n * ```ts source=\"./hostHeaderValidation.examples.ts#hostHeaderValidationResponse_basicUsage\"\n * const result = validateHostHeader(req.headers.get('host'), ['localhost']);\n * ```\n */\nexport function hostHeaderValidationResponse(req: Request, allowedHostnames: string[]): Response | undefined {\n const result = validateHostHeader(req.headers.get('host'), allowedHostnames);\n if (result.ok) return undefined;\n\n return Response.json(\n {\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: result.message\n },\n id: null\n },\n {\n status: 403,\n headers: { 'Content-Type': 'application/json' }\n }\n );\n}\n" }, { "path": "packages/server/src/server/server.ts", "content": "import type {\n BaseContext,\n ClientCapabilities,\n CreateMessageRequest,\n CreateMessageRequestParamsBase,\n CreateMessageRequestParamsWithTools,\n CreateMessageResult,\n CreateMessageResultWithTools,\n ElicitRequestFormParams,\n ElicitRequestURLParams,\n ElicitResult,\n Implementation,\n InitializeRequest,\n InitializeResult,\n JsonSchemaType,\n jsonSchemaValidator,\n ListRootsRequest,\n LoggingLevel,\n LoggingMessageNotification,\n MessageExtraInfo,\n NotificationMethod,\n NotificationOptions,\n ProtocolOptions,\n RequestMethod,\n RequestOptions,\n RequestTypeMap,\n ResourceUpdatedNotification,\n ResultTypeMap,\n ServerCapabilities,\n ServerContext,\n ServerResult,\n ToolResultContent,\n ToolUseContent\n} from '@modelcontextprotocol/core';\nimport {\n assertClientRequestTaskCapability,\n assertToolsCallTaskCapability,\n CallToolRequestSchema,\n CallToolResultSchema,\n CreateMessageResultSchema,\n CreateMessageResultWithToolsSchema,\n CreateTaskResultSchema,\n ElicitResultSchema,\n EmptyResultSchema,\n LATEST_PROTOCOL_VERSION,\n ListRootsResultSchema,\n LoggingLevelSchema,\n mergeCapabilities,\n parseSchema,\n Protocol,\n ProtocolError,\n ProtocolErrorCode,\n SdkError,\n SdkErrorCode\n} from '@modelcontextprotocol/core';\nimport { DefaultJsonSchemaValidator } from '@modelcontextprotocol/server/_shims';\n\nimport { ExperimentalServerTasks } from '../experimental/tasks/server.js';\n\nexport type ServerOptions = ProtocolOptions & {\n /**\n * Capabilities to advertise as being supported by this server.\n */\n capabilities?: ServerCapabilities;\n\n /**\n * Optional instructions describing how to use the server and its features.\n */\n instructions?: string;\n\n /**\n * JSON Schema validator for elicitation response validation.\n *\n * The validator is used to validate user input returned from elicitation\n * requests against the requested schema.\n *\n * @default {@linkcode DefaultJsonSchemaValidator} ({@linkcode index.AjvJsonSchemaValidator | AjvJsonSchemaValidator} on Node.js, {@linkcode index.CfWorkerJsonSchemaValidator | CfWorkerJsonSchemaValidator} on Cloudflare Workers)\n */\n jsonSchemaValidator?: jsonSchemaValidator;\n};\n\n/**\n * An MCP server on top of a pluggable transport.\n *\n * This server will automatically respond to the initialization flow as initiated from the client.\n *\n * @deprecated Use {@linkcode server/mcp.McpServer | McpServer} instead for the high-level API. Only use `Server` for advanced use cases.\n */\nexport class Server extends Protocol {\n private _clientCapabilities?: ClientCapabilities;\n private _clientVersion?: Implementation;\n private _capabilities: ServerCapabilities;\n private _instructions?: string;\n private _jsonSchemaValidator: jsonSchemaValidator;\n private _experimental?: { tasks: ExperimentalServerTasks };\n\n /**\n * Callback for when initialization has fully completed (i.e., the client has sent an `notifications/initialized` notification).\n */\n oninitialized?: () => void;\n\n /**\n * Initializes this server with the given name and version information.\n */\n constructor(\n private _serverInfo: Implementation,\n options?: ServerOptions\n ) {\n super(options);\n this._capabilities = options?.capabilities ?? {};\n this._instructions = options?.instructions;\n this._jsonSchemaValidator = options?.jsonSchemaValidator ?? new DefaultJsonSchemaValidator();\n\n this.setRequestHandler('initialize', request => this._oninitialize(request));\n this.setNotificationHandler('notifications/initialized', () => this.oninitialized?.());\n\n if (this._capabilities.logging) {\n this._registerLoggingHandler();\n }\n }\n\n private _registerLoggingHandler(): void {\n this.setRequestHandler('logging/setLevel', async (request, ctx) => {\n const transportSessionId: string | undefined =\n ctx.sessionId || (ctx.http?.req?.headers.get('mcp-session-id') as string) || undefined;\n const { level } = request.params;\n const parseResult = parseSchema(LoggingLevelSchema, level);\n if (parseResult.success) {\n this._loggingLevels.set(transportSessionId, parseResult.data);\n }\n return {};\n });\n }\n\n protected override buildContext(ctx: BaseContext, transportInfo?: MessageExtraInfo): ServerContext {\n // Only create http when there's actual HTTP transport info or auth info\n const hasHttpInfo =\n ctx.http || transportInfo?.requestInfo || transportInfo?.closeSSEStream || transportInfo?.closeStandaloneSSEStream;\n return {\n ...ctx,\n mcpReq: {\n ...ctx.mcpReq,\n log: (level, data, logger) => this.sendLoggingMessage({ level, data, logger }),\n elicitInput: (params, options) => this.elicitInput(params, options),\n requestSampling: (params, options) => this.createMessage(params, options)\n },\n http: hasHttpInfo\n ? {\n ...ctx.http,\n req: transportInfo?.requestInfo,\n closeSSE: transportInfo?.closeSSEStream,\n closeStandaloneSSE: transportInfo?.closeStandaloneSSEStream\n }\n : undefined\n };\n }\n\n /**\n * Access experimental features.\n *\n * WARNING: These APIs are experimental and may change without notice.\n *\n * @experimental\n */\n get experimental(): { tasks: ExperimentalServerTasks } {\n if (!this._experimental) {\n this._experimental = {\n tasks: new ExperimentalServerTasks(this)\n };\n }\n return this._experimental;\n }\n\n // Map log levels by session id\n private _loggingLevels = new Map();\n\n // Map LogLevelSchema to severity index\n private readonly LOG_LEVEL_SEVERITY = new Map(LoggingLevelSchema.options.map((level, index) => [level, index]));\n\n // Is a message with the given level ignored in the log level set for the given session id?\n private isMessageIgnored = (level: LoggingLevel, sessionId?: string): boolean => {\n const currentLevel = this._loggingLevels.get(sessionId);\n return currentLevel ? this.LOG_LEVEL_SEVERITY.get(level)! < this.LOG_LEVEL_SEVERITY.get(currentLevel)! : false;\n };\n\n /**\n * Registers new capabilities. This can only be called before connecting to a transport.\n *\n * The new capabilities will be merged with any existing capabilities previously given (e.g., at initialization).\n */\n public registerCapabilities(capabilities: ServerCapabilities): void {\n if (this.transport) {\n throw new SdkError(SdkErrorCode.AlreadyConnected, 'Cannot register capabilities after connecting to transport');\n }\n const hadLogging = !!this._capabilities.logging;\n this._capabilities = mergeCapabilities(this._capabilities, capabilities);\n if (!hadLogging && this._capabilities.logging) {\n this._registerLoggingHandler();\n }\n }\n\n /**\n * Override request handler registration to enforce server-side validation for `tools/call`.\n */\n public override setRequestHandler(\n method: M,\n handler: (request: RequestTypeMap[M], ctx: ServerContext) => ResultTypeMap[M] | Promise\n ): void {\n if (method === 'tools/call') {\n const wrappedHandler = async (request: RequestTypeMap[M], ctx: ServerContext): Promise => {\n const validatedRequest = parseSchema(CallToolRequestSchema, request);\n if (!validatedRequest.success) {\n const errorMessage =\n validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid tools/call request: ${errorMessage}`);\n }\n\n const { params } = validatedRequest.data;\n\n const result = await Promise.resolve(handler(request, ctx));\n\n // When task creation is requested, validate and return CreateTaskResult\n if (params.task) {\n const taskValidationResult = parseSchema(CreateTaskResultSchema, result);\n if (!taskValidationResult.success) {\n const errorMessage =\n taskValidationResult.error instanceof Error\n ? taskValidationResult.error.message\n : String(taskValidationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid task creation result: ${errorMessage}`);\n }\n return taskValidationResult.data;\n }\n\n // For non-task requests, validate against CallToolResultSchema\n const validationResult = parseSchema(CallToolResultSchema, result);\n if (!validationResult.success) {\n const errorMessage =\n validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);\n throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Invalid tools/call result: ${errorMessage}`);\n }\n\n return validationResult.data;\n };\n\n // Install the wrapped handler\n return super.setRequestHandler(method, wrappedHandler);\n }\n\n // Other handlers use default behavior\n return super.setRequestHandler(method, handler);\n }\n\n protected assertCapabilityForMethod(method: RequestMethod): void {\n switch (method) {\n case 'sampling/createMessage': {\n if (!this._clientCapabilities?.sampling) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Client does not support sampling (required for ${method})`);\n }\n break;\n }\n\n case 'elicitation/create': {\n if (!this._clientCapabilities?.elicitation) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Client does not support elicitation (required for ${method})`);\n }\n break;\n }\n\n case 'roots/list': {\n if (!this._clientCapabilities?.roots) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support listing roots (required for ${method})`\n );\n }\n break;\n }\n\n case 'ping': {\n // No specific capability required for ping\n break;\n }\n }\n }\n\n protected assertNotificationCapability(method: NotificationMethod): void {\n switch (method) {\n case 'notifications/message': {\n if (!this._capabilities.logging) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support logging (required for ${method})`);\n }\n break;\n }\n\n case 'notifications/resources/updated':\n case 'notifications/resources/list_changed': {\n if (!this._capabilities.resources) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Server does not support notifying about resources (required for ${method})`\n );\n }\n break;\n }\n\n case 'notifications/tools/list_changed': {\n if (!this._capabilities.tools) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Server does not support notifying of tool list changes (required for ${method})`\n );\n }\n break;\n }\n\n case 'notifications/prompts/list_changed': {\n if (!this._capabilities.prompts) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Server does not support notifying of prompt list changes (required for ${method})`\n );\n }\n break;\n }\n\n case 'notifications/elicitation/complete': {\n if (!this._clientCapabilities?.elicitation?.url) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Client does not support URL elicitation (required for ${method})`\n );\n }\n break;\n }\n\n case 'notifications/cancelled': {\n // Cancellation notifications are always allowed\n break;\n }\n\n case 'notifications/progress': {\n // Progress notifications are always allowed\n break;\n }\n }\n }\n\n protected assertRequestHandlerCapability(method: string): void {\n // Task handlers are registered in Protocol constructor before _capabilities is initialized\n // Skip capability check for task methods during initialization\n if (!this._capabilities) {\n return;\n }\n\n switch (method) {\n case 'completion/complete': {\n if (!this._capabilities.completions) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support completions (required for ${method})`);\n }\n break;\n }\n\n case 'logging/setLevel': {\n if (!this._capabilities.logging) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support logging (required for ${method})`);\n }\n break;\n }\n\n case 'prompts/get':\n case 'prompts/list': {\n if (!this._capabilities.prompts) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support prompts (required for ${method})`);\n }\n break;\n }\n\n case 'resources/list':\n case 'resources/templates/list':\n case 'resources/read': {\n if (!this._capabilities.resources) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support resources (required for ${method})`);\n }\n break;\n }\n\n case 'tools/call':\n case 'tools/list': {\n if (!this._capabilities.tools) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, `Server does not support tools (required for ${method})`);\n }\n break;\n }\n\n case 'tasks/get':\n case 'tasks/list':\n case 'tasks/result':\n case 'tasks/cancel': {\n if (!this._capabilities.tasks) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n `Server does not support tasks capability (required for ${method})`\n );\n }\n break;\n }\n\n case 'ping':\n case 'initialize': {\n // No specific capability required for these methods\n break;\n }\n }\n }\n\n protected assertTaskCapability(method: string): void {\n assertClientRequestTaskCapability(this._clientCapabilities?.tasks?.requests, method, 'Client');\n }\n\n protected assertTaskHandlerCapability(method: string): void {\n // Task handlers are registered in Protocol constructor before _capabilities is initialized\n // Skip capability check for task methods during initialization\n if (!this._capabilities) {\n return;\n }\n\n assertToolsCallTaskCapability(this._capabilities.tasks?.requests, method, 'Server');\n }\n\n private async _oninitialize(request: InitializeRequest): Promise {\n const requestedVersion = request.params.protocolVersion;\n\n this._clientCapabilities = request.params.capabilities;\n this._clientVersion = request.params.clientInfo;\n\n const protocolVersion = this._supportedProtocolVersions.includes(requestedVersion)\n ? requestedVersion\n : (this._supportedProtocolVersions[0] ?? LATEST_PROTOCOL_VERSION);\n\n return {\n protocolVersion,\n capabilities: this.getCapabilities(),\n serverInfo: this._serverInfo,\n ...(this._instructions && { instructions: this._instructions })\n };\n }\n\n /**\n * After initialization has completed, this will be populated with the client's reported capabilities.\n */\n getClientCapabilities(): ClientCapabilities | undefined {\n return this._clientCapabilities;\n }\n\n /**\n * After initialization has completed, this will be populated with information about the client's name and version.\n */\n getClientVersion(): Implementation | undefined {\n return this._clientVersion;\n }\n\n /**\n * Returns the current server capabilities.\n */\n public getCapabilities(): ServerCapabilities {\n return this._capabilities;\n }\n\n async ping() {\n return this._requestWithSchema({ method: 'ping' }, EmptyResultSchema);\n }\n\n /**\n * Request LLM sampling from the client (without tools).\n * Returns single content block for backwards compatibility.\n */\n async createMessage(params: CreateMessageRequestParamsBase, options?: RequestOptions): Promise;\n\n /**\n * Request LLM sampling from the client with tool support.\n * Returns content that may be a single block or array (for parallel tool calls).\n */\n async createMessage(params: CreateMessageRequestParamsWithTools, options?: RequestOptions): Promise;\n\n /**\n * Request LLM sampling from the client.\n * When tools may or may not be present, returns the union type.\n */\n async createMessage(\n params: CreateMessageRequest['params'],\n options?: RequestOptions\n ): Promise;\n\n // Implementation\n async createMessage(\n params: CreateMessageRequest['params'],\n options?: RequestOptions\n ): Promise {\n // Capability check - only required when tools/toolChoice are provided\n if ((params.tools || params.toolChoice) && !this._clientCapabilities?.sampling?.tools) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, 'Client does not support sampling tools capability.');\n }\n\n // Message structure validation - always validate tool_use/tool_result pairs.\n // These may appear even without tools/toolChoice in the current request when\n // a previous sampling request returned tool_use and this is a follow-up with results.\n if (params.messages.length > 0) {\n const lastMessage = params.messages.at(-1)!;\n const lastContent = Array.isArray(lastMessage.content) ? lastMessage.content : [lastMessage.content];\n const hasToolResults = lastContent.some(c => c.type === 'tool_result');\n\n const previousMessage = params.messages.length > 1 ? params.messages.at(-2) : undefined;\n const previousContent = previousMessage\n ? Array.isArray(previousMessage.content)\n ? previousMessage.content\n : [previousMessage.content]\n : [];\n const hasPreviousToolUse = previousContent.some(c => c.type === 'tool_use');\n\n if (hasToolResults) {\n if (lastContent.some(c => c.type !== 'tool_result')) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n 'The last message must contain only tool_result content if any is present'\n );\n }\n if (!hasPreviousToolUse) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n 'tool_result blocks are not matching any tool_use from the previous message'\n );\n }\n }\n if (hasPreviousToolUse) {\n const toolUseIds = new Set(previousContent.filter(c => c.type === 'tool_use').map(c => (c as ToolUseContent).id));\n const toolResultIds = new Set(\n lastContent.filter(c => c.type === 'tool_result').map(c => (c as ToolResultContent).toolUseId)\n );\n if (toolUseIds.size !== toolResultIds.size || ![...toolUseIds].every(id => toolResultIds.has(id))) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n 'ids of tool_result blocks and tool_use blocks from previous message do not match'\n );\n }\n }\n }\n\n // Use different schemas based on whether tools are provided\n if (params.tools) {\n return this._requestWithSchema({ method: 'sampling/createMessage', params }, CreateMessageResultWithToolsSchema, options);\n }\n return this._requestWithSchema({ method: 'sampling/createMessage', params }, CreateMessageResultSchema, options);\n }\n\n /**\n * Creates an elicitation request for the given parameters.\n * For backwards compatibility, `mode` may be omitted for form requests and will default to `\"form\"`.\n * @param params The parameters for the elicitation request.\n * @param options Optional request options.\n * @returns The result of the elicitation request.\n */\n async elicitInput(params: ElicitRequestFormParams | ElicitRequestURLParams, options?: RequestOptions): Promise {\n const mode = (params.mode ?? 'form') as 'form' | 'url';\n\n switch (mode) {\n case 'url': {\n if (!this._clientCapabilities?.elicitation?.url) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, 'Client does not support url elicitation.');\n }\n\n const urlParams = params as ElicitRequestURLParams;\n return this._requestWithSchema({ method: 'elicitation/create', params: urlParams }, ElicitResultSchema, options);\n }\n case 'form': {\n if (!this._clientCapabilities?.elicitation?.form) {\n throw new SdkError(SdkErrorCode.CapabilityNotSupported, 'Client does not support form elicitation.');\n }\n\n const formParams: ElicitRequestFormParams =\n params.mode === 'form' ? (params as ElicitRequestFormParams) : { ...(params as ElicitRequestFormParams), mode: 'form' };\n\n const result = await this._requestWithSchema(\n { method: 'elicitation/create', params: formParams },\n ElicitResultSchema,\n options\n );\n\n if (result.action === 'accept' && result.content && formParams.requestedSchema) {\n try {\n const validator = this._jsonSchemaValidator.getValidator(formParams.requestedSchema as JsonSchemaType);\n const validationResult = validator(result.content);\n\n if (!validationResult.valid) {\n throw new ProtocolError(\n ProtocolErrorCode.InvalidParams,\n `Elicitation response content does not match requested schema: ${validationResult.errorMessage}`\n );\n }\n } catch (error) {\n if (error instanceof ProtocolError) {\n throw error;\n }\n throw new ProtocolError(\n ProtocolErrorCode.InternalError,\n `Error validating elicitation response: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n }\n return result;\n }\n }\n }\n\n /**\n * Creates a reusable callback that, when invoked, will send a `notifications/elicitation/complete`\n * notification for the specified elicitation ID.\n *\n * @param elicitationId The ID of the elicitation to mark as complete.\n * @param options Optional notification options. Useful when the completion notification should be related to a prior request.\n * @returns A function that emits the completion notification when awaited.\n */\n createElicitationCompletionNotifier(elicitationId: string, options?: NotificationOptions): () => Promise {\n if (!this._clientCapabilities?.elicitation?.url) {\n throw new SdkError(\n SdkErrorCode.CapabilityNotSupported,\n 'Client does not support URL elicitation (required for notifications/elicitation/complete)'\n );\n }\n\n return () =>\n this.notification(\n {\n method: 'notifications/elicitation/complete',\n params: {\n elicitationId\n }\n },\n options\n );\n }\n\n async listRoots(params?: ListRootsRequest['params'], options?: RequestOptions) {\n return this._requestWithSchema({ method: 'roots/list', params }, ListRootsResultSchema, options);\n }\n\n /**\n * Sends a logging message to the client, if connected.\n * Note: You only need to send the parameters object, not the entire JSON-RPC message.\n * @see {@linkcode LoggingMessageNotification}\n * @param params\n * @param sessionId Optional for stateless transports and backward compatibility.\n */\n async sendLoggingMessage(params: LoggingMessageNotification['params'], sessionId?: string) {\n if (this._capabilities.logging && !this.isMessageIgnored(params.level, sessionId)) {\n return this.notification({ method: 'notifications/message', params });\n }\n }\n\n async sendResourceUpdated(params: ResourceUpdatedNotification['params']) {\n return this.notification({\n method: 'notifications/resources/updated',\n params\n });\n }\n\n async sendResourceListChanged() {\n return this.notification({\n method: 'notifications/resources/list_changed'\n });\n }\n\n async sendToolListChanged() {\n return this.notification({ method: 'notifications/tools/list_changed' });\n }\n\n async sendPromptListChanged() {\n return this.notification({ method: 'notifications/prompts/list_changed' });\n }\n}\n" }, { "path": "packages/server/src/server/stdio.examples.ts", "content": "/**\n * Type-checked examples for `stdio.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { McpServer } from './mcp.js';\nimport { StdioServerTransport } from './stdio.js';\n\n/**\n * Example: Basic stdio transport usage.\n */\nasync function StdioServerTransport_basicUsage() {\n //#region StdioServerTransport_basicUsage\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n const transport = new StdioServerTransport();\n await server.connect(transport);\n //#endregion StdioServerTransport_basicUsage\n}\n" }, { "path": "packages/server/src/server/stdio.ts", "content": "import type { Readable, Writable } from 'node:stream';\n\nimport type { JSONRPCMessage, Transport } from '@modelcontextprotocol/core';\nimport { ReadBuffer, serializeMessage } from '@modelcontextprotocol/core';\nimport { process } from '@modelcontextprotocol/server/_shims';\n\n/**\n * Server transport for stdio: this communicates with an MCP client by reading from the current process' `stdin` and writing to `stdout`.\n *\n * This transport is only available in Node.js environments.\n *\n * @example\n * ```ts source=\"./stdio.examples.ts#StdioServerTransport_basicUsage\"\n * const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n * const transport = new StdioServerTransport();\n * await server.connect(transport);\n * ```\n */\nexport class StdioServerTransport implements Transport {\n private _readBuffer: ReadBuffer = new ReadBuffer();\n private _started = false;\n\n constructor(\n private _stdin: Readable = process.stdin,\n private _stdout: Writable = process.stdout\n ) {}\n\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage) => void;\n\n // Arrow functions to bind `this` properly, while maintaining function identity.\n _ondata = (chunk: Buffer) => {\n this._readBuffer.append(chunk);\n this.processReadBuffer();\n };\n _onerror = (error: Error) => {\n this.onerror?.(error);\n };\n\n /**\n * Starts listening for messages on `stdin`.\n */\n async start(): Promise {\n if (this._started) {\n throw new Error(\n 'StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.'\n );\n }\n\n this._started = true;\n this._stdin.on('data', this._ondata);\n this._stdin.on('error', this._onerror);\n }\n\n private processReadBuffer() {\n while (true) {\n try {\n const message = this._readBuffer.readMessage();\n if (message === null) {\n break;\n }\n\n this.onmessage?.(message);\n } catch (error) {\n this.onerror?.(error as Error);\n }\n }\n }\n\n async close(): Promise {\n // Remove our event listeners first\n this._stdin.off('data', this._ondata);\n this._stdin.off('error', this._onerror);\n\n // Check if we were the only data listener\n const remainingDataListeners = this._stdin.listenerCount('data');\n if (remainingDataListeners === 0) {\n // Only pause stdin if we were the only listener\n // This prevents interfering with other parts of the application that might be using stdin\n this._stdin.pause();\n }\n\n // Clear the buffer and notify closure\n this._readBuffer.clear();\n this.onclose?.();\n }\n\n send(message: JSONRPCMessage): Promise {\n return new Promise(resolve => {\n const json = serializeMessage(message);\n if (this._stdout.write(json)) {\n resolve();\n } else {\n this._stdout.once('drain', resolve);\n }\n });\n }\n}\n" }, { "path": "packages/server/src/server/streamableHttp.examples.ts", "content": "/**\n * Type-checked examples for `streamableHttp.ts`.\n *\n * These examples are synced into JSDoc comments via the sync-snippets script.\n * Each function's region markers define the code snippet that appears in the docs.\n *\n * @module\n */\n\nimport { McpServer } from './mcp.js';\nimport { WebStandardStreamableHTTPServerTransport } from './streamableHttp.js';\n\n/**\n * Example: Stateful Streamable HTTP transport (Web Standard).\n */\nasync function WebStandardStreamableHTTPServerTransport_stateful() {\n //#region WebStandardStreamableHTTPServerTransport_stateful\n const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => crypto.randomUUID()\n });\n\n await server.connect(transport);\n //#endregion WebStandardStreamableHTTPServerTransport_stateful\n}\n\n/**\n * Example: Stateless Streamable HTTP transport (Web Standard).\n */\nasync function WebStandardStreamableHTTPServerTransport_stateless() {\n //#region WebStandardStreamableHTTPServerTransport_stateless\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n });\n //#endregion WebStandardStreamableHTTPServerTransport_stateless\n return transport;\n}\n\n// Stubs for framework-specific examples\ndeclare const app: { all(path: string, handler: (c: { req: { raw: Request } }) => Promise): void };\n\n/**\n * Example: Using with Hono.js.\n */\nfunction WebStandardStreamableHTTPServerTransport_hono(transport: WebStandardStreamableHTTPServerTransport) {\n //#region WebStandardStreamableHTTPServerTransport_hono\n app.all('/mcp', async c => {\n return transport.handleRequest(c.req.raw);\n });\n //#endregion WebStandardStreamableHTTPServerTransport_hono\n}\n\n/**\n * Example: Using with Cloudflare Workers.\n */\nfunction WebStandardStreamableHTTPServerTransport_workers(transport: WebStandardStreamableHTTPServerTransport) {\n //#region WebStandardStreamableHTTPServerTransport_workers\n const worker = {\n async fetch(request: Request): Promise {\n return transport.handleRequest(request);\n }\n };\n //#endregion WebStandardStreamableHTTPServerTransport_workers\n return worker;\n}\n" }, { "path": "packages/server/src/server/streamableHttp.ts", "content": "/**\n * Web Standards Streamable HTTP Server Transport\n *\n * This is the core transport implementation using Web Standard APIs (`Request`, `Response`, `ReadableStream`).\n * It can run on any runtime that supports Web Standards: Node.js 18+, Cloudflare Workers, Deno, Bun, etc.\n *\n * For Node.js Express/HTTP compatibility, use {@linkcode @modelcontextprotocol/node!NodeStreamableHTTPServerTransport | NodeStreamableHTTPServerTransport} which wraps this transport.\n */\n\nimport type { AuthInfo, JSONRPCMessage, MessageExtraInfo, RequestId, RequestInfo, Transport } from '@modelcontextprotocol/core';\nimport {\n DEFAULT_NEGOTIATED_PROTOCOL_VERSION,\n isInitializeRequest,\n isJSONRPCErrorResponse,\n isJSONRPCRequest,\n isJSONRPCResultResponse,\n JSONRPCMessageSchema,\n SUPPORTED_PROTOCOL_VERSIONS\n} from '@modelcontextprotocol/core';\n\nexport type StreamId = string;\nexport type EventId = string;\n\n/**\n * Interface for resumability support via event storage\n */\nexport interface EventStore {\n /**\n * Stores an event for later retrieval\n * @param streamId ID of the stream the event belongs to\n * @param message The JSON-RPC message to store\n * @returns The generated event ID for the stored event\n */\n storeEvent(streamId: StreamId, message: JSONRPCMessage): Promise;\n\n /**\n * Get the stream ID associated with a given event ID.\n * @param eventId The event ID to look up\n * @returns The stream ID, or `undefined` if not found\n *\n * Optional: If not provided, the SDK will use the `streamId` returned by\n * {@linkcode replayEventsAfter} for stream mapping.\n */\n getStreamIdForEventId?(eventId: EventId): Promise;\n\n replayEventsAfter(\n lastEventId: EventId,\n {\n send\n }: {\n send: (eventId: EventId, message: JSONRPCMessage) => Promise;\n }\n ): Promise;\n}\n\n/**\n * Internal stream mapping for managing SSE connections\n */\ninterface StreamMapping {\n /** Stream controller for pushing SSE data - only used with `ReadableStream` approach */\n controller?: ReadableStreamDefaultController;\n /** Text encoder for SSE formatting */\n encoder?: InstanceType;\n /** Promise resolver for JSON response mode */\n resolveJson?: (response: Response) => void;\n /** Cleanup function to close stream and remove mapping */\n cleanup: () => void;\n}\n\n/**\n * Configuration options for {@linkcode WebStandardStreamableHTTPServerTransport}\n */\nexport interface WebStandardStreamableHTTPServerTransportOptions {\n /**\n * Function that generates a session ID for the transport.\n * The session ID SHOULD be globally unique and cryptographically secure (e.g., a securely generated UUID, a JWT, or a cryptographic hash)\n *\n * If not provided, session management is disabled (stateless mode).\n */\n sessionIdGenerator?: () => string;\n\n /**\n * A callback for session initialization events\n * This is called when the server initializes a new session.\n * Useful in cases when you need to register multiple mcp sessions\n * and need to keep track of them.\n * @param sessionId The generated session ID\n */\n onsessioninitialized?: (sessionId: string) => void | Promise;\n\n /**\n * A callback for session close events\n * This is called when the server closes a session due to a `DELETE` request.\n * Useful in cases when you need to clean up resources associated with the session.\n * Note that this is different from the transport closing, if you are handling\n * HTTP requests from multiple nodes you might want to close each\n * {@linkcode WebStandardStreamableHTTPServerTransport} after a request is completed while still keeping the\n * session open/running.\n * @param sessionId The session ID that was closed\n */\n onsessionclosed?: (sessionId: string) => void | Promise;\n\n /**\n * If `true`, the server will return JSON responses instead of starting an SSE stream.\n * This can be useful for simple request/response scenarios without streaming.\n * Default is `false` (SSE streams are preferred).\n */\n enableJsonResponse?: boolean;\n\n /**\n * Event store for resumability support\n * If provided, resumability will be enabled, allowing clients to reconnect and resume messages\n */\n eventStore?: EventStore;\n\n /**\n * List of allowed `Host` header values for DNS rebinding protection.\n * If not specified, host validation is disabled.\n * @deprecated Use external middleware for host validation instead.\n */\n allowedHosts?: string[];\n\n /**\n * List of allowed `Origin` header values for DNS rebinding protection.\n * If not specified, origin validation is disabled.\n * @deprecated Use external middleware for origin validation instead.\n */\n allowedOrigins?: string[];\n\n /**\n * Enable DNS rebinding protection (requires `allowedHosts` and/or `allowedOrigins` to be configured).\n * Default is `false` for backwards compatibility.\n * @deprecated Use external middleware for DNS rebinding protection instead.\n */\n enableDnsRebindingProtection?: boolean;\n\n /**\n * Retry interval in milliseconds to suggest to clients in SSE `retry` field.\n * When set, the server will send a `retry` field in SSE priming events to control\n * client reconnection timing for polling behavior.\n */\n retryInterval?: number;\n\n /**\n * List of protocol versions that this transport will accept.\n * Used to validate the `mcp-protocol-version` header in incoming requests.\n *\n * Note: When using {@linkcode server/server.Server.connect | Server.connect()}, the server automatically passes its\n * `supportedProtocolVersions` to the transport, so you typically don't need\n * to set this option directly.\n *\n * @default {@linkcode SUPPORTED_PROTOCOL_VERSIONS}\n */\n supportedProtocolVersions?: string[];\n}\n\n/**\n * Options for handling a request\n */\nexport interface HandleRequestOptions {\n /**\n * Pre-parsed request body. If provided, the transport will use this instead of parsing `req.json()`.\n * Useful when using body-parser middleware that has already parsed the body.\n */\n parsedBody?: unknown;\n\n /**\n * Authentication info from middleware. If provided, will be passed to message handlers.\n */\n authInfo?: AuthInfo;\n}\n\n/**\n * Server transport for Web Standards Streamable HTTP: this implements the MCP Streamable HTTP transport specification\n * using Web Standard APIs (`Request`, `Response`, `ReadableStream`).\n *\n * This transport works on any runtime that supports Web Standards: Node.js 18+, Cloudflare Workers, Deno, Bun, etc.\n *\n * In stateful mode:\n * - Session ID is generated and included in response headers\n * - Session ID is always included in initialization responses\n * - Requests with invalid session IDs are rejected with `404 Not Found`\n * - Non-initialization requests without a session ID are rejected with `400 Bad Request`\n * - State is maintained in-memory (connections, message history)\n *\n * In stateless mode:\n * - No Session ID is included in any responses\n * - No session validation is performed\n *\n * @example Stateful setup\n * ```ts source=\"./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_stateful\"\n * const server = new McpServer({ name: 'my-server', version: '1.0.0' });\n *\n * const transport = new WebStandardStreamableHTTPServerTransport({\n * sessionIdGenerator: () => crypto.randomUUID()\n * });\n *\n * await server.connect(transport);\n * ```\n *\n * @example Stateless setup\n * ```ts source=\"./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_stateless\"\n * const transport = new WebStandardStreamableHTTPServerTransport({\n * sessionIdGenerator: undefined\n * });\n * ```\n *\n * @example Hono.js\n * ```ts source=\"./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_hono\"\n * app.all('/mcp', async c => {\n * return transport.handleRequest(c.req.raw);\n * });\n * ```\n *\n * @example Cloudflare Workers\n * ```ts source=\"./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_workers\"\n * const worker = {\n * async fetch(request: Request): Promise {\n * return transport.handleRequest(request);\n * }\n * };\n * ```\n */\nexport class WebStandardStreamableHTTPServerTransport implements Transport {\n // when sessionId is not set (undefined), it means the transport is in stateless mode\n private sessionIdGenerator: (() => string) | undefined;\n private _started: boolean = false;\n private _streamMapping: Map = new Map();\n private _requestToStreamMapping: Map = new Map();\n private _requestResponseMap: Map = new Map();\n private _initialized: boolean = false;\n private _enableJsonResponse: boolean = false;\n private _standaloneSseStreamId: string = '_GET_stream';\n private _eventStore?: EventStore;\n private _onsessioninitialized?: (sessionId: string) => void | Promise;\n private _onsessionclosed?: (sessionId: string) => void | Promise;\n private _allowedHosts?: string[];\n private _allowedOrigins?: string[];\n private _enableDnsRebindingProtection: boolean;\n private _retryInterval?: number;\n private _supportedProtocolVersions: string[];\n\n sessionId?: string;\n onclose?: () => void;\n onerror?: (error: Error) => void;\n onmessage?: (message: JSONRPCMessage, extra?: MessageExtraInfo) => void;\n\n constructor(options: WebStandardStreamableHTTPServerTransportOptions = {}) {\n this.sessionIdGenerator = options.sessionIdGenerator;\n this._enableJsonResponse = options.enableJsonResponse ?? false;\n this._eventStore = options.eventStore;\n this._onsessioninitialized = options.onsessioninitialized;\n this._onsessionclosed = options.onsessionclosed;\n this._allowedHosts = options.allowedHosts;\n this._allowedOrigins = options.allowedOrigins;\n this._enableDnsRebindingProtection = options.enableDnsRebindingProtection ?? false;\n this._retryInterval = options.retryInterval;\n this._supportedProtocolVersions = options.supportedProtocolVersions ?? SUPPORTED_PROTOCOL_VERSIONS;\n }\n\n /**\n * Starts the transport. This is required by the {@linkcode Transport} interface but is a no-op\n * for the Streamable HTTP transport as connections are managed per-request.\n */\n async start(): Promise {\n if (this._started) {\n throw new Error('Transport already started');\n }\n this._started = true;\n }\n\n /**\n * Sets the supported protocol versions for header validation.\n * Called by the server during {@linkcode server/server.Server.connect | connect()} to pass its supported versions.\n */\n setSupportedProtocolVersions(versions: string[]): void {\n this._supportedProtocolVersions = versions;\n }\n\n /**\n * Helper to create a JSON error response\n */\n private createJsonErrorResponse(\n status: number,\n code: number,\n message: string,\n options?: { headers?: Record; data?: string }\n ): Response {\n const error: { code: number; message: string; data?: string } = { code, message };\n if (options?.data !== undefined) {\n error.data = options.data;\n }\n return Response.json(\n {\n jsonrpc: '2.0',\n error,\n id: null\n },\n {\n status,\n headers: {\n 'Content-Type': 'application/json',\n ...options?.headers\n }\n }\n );\n }\n\n /**\n * Validates request headers for DNS rebinding protection.\n * @returns Error response if validation fails, `undefined` if validation passes.\n */\n private validateRequestHeaders(req: Request): Response | undefined {\n // Skip validation if protection is not enabled\n if (!this._enableDnsRebindingProtection) {\n return undefined;\n }\n\n // Validate Host header if allowedHosts is configured\n if (this._allowedHosts && this._allowedHosts.length > 0) {\n const hostHeader = req.headers.get('host');\n if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {\n const error = `Invalid Host header: ${hostHeader}`;\n this.onerror?.(new Error(error));\n return this.createJsonErrorResponse(403, -32_000, error);\n }\n }\n\n // Validate Origin header if allowedOrigins is configured\n if (this._allowedOrigins && this._allowedOrigins.length > 0) {\n const originHeader = req.headers.get('origin');\n if (originHeader && !this._allowedOrigins.includes(originHeader)) {\n const error = `Invalid Origin header: ${originHeader}`;\n this.onerror?.(new Error(error));\n return this.createJsonErrorResponse(403, -32_000, error);\n }\n }\n\n return undefined;\n }\n\n /**\n * Handles an incoming HTTP request, whether `GET`, `POST`, or `DELETE`\n * Returns a `Response` object (Web Standard)\n */\n async handleRequest(req: Request, options?: HandleRequestOptions): Promise {\n // Validate request headers for DNS rebinding protection\n const validationError = this.validateRequestHeaders(req);\n if (validationError) {\n return validationError;\n }\n\n switch (req.method) {\n case 'POST': {\n return this.handlePostRequest(req, options);\n }\n case 'GET': {\n return this.handleGetRequest(req);\n }\n case 'DELETE': {\n return this.handleDeleteRequest(req);\n }\n default: {\n return this.handleUnsupportedRequest();\n }\n }\n }\n\n /**\n * Writes a priming event to establish resumption capability.\n * Only sends if `eventStore` is configured (opt-in for resumability) and\n * the client's protocol version supports empty SSE data (>= `2025-11-25`).\n */\n private async writePrimingEvent(\n controller: ReadableStreamDefaultController,\n encoder: InstanceType,\n streamId: string,\n protocolVersion: string\n ): Promise {\n if (!this._eventStore) {\n return;\n }\n\n // Priming events have empty data which older clients cannot handle.\n // Only send priming events to clients with protocol version >= 2025-11-25\n // which includes the fix for handling empty SSE data.\n if (protocolVersion < '2025-11-25') {\n return;\n }\n\n const primingEventId = await this._eventStore.storeEvent(streamId, {} as JSONRPCMessage);\n\n let primingEvent = `id: ${primingEventId}\\ndata: \\n\\n`;\n if (this._retryInterval !== undefined) {\n primingEvent = `id: ${primingEventId}\\nretry: ${this._retryInterval}\\ndata: \\n\\n`;\n }\n controller.enqueue(encoder.encode(primingEvent));\n }\n\n /**\n * Handles `GET` requests for SSE stream\n */\n private async handleGetRequest(req: Request): Promise {\n // The client MUST include an Accept header, listing text/event-stream as a supported content type.\n const acceptHeader = req.headers.get('accept');\n if (!acceptHeader?.includes('text/event-stream')) {\n return this.createJsonErrorResponse(406, -32_000, 'Not Acceptable: Client must accept text/event-stream');\n }\n\n // If an Mcp-Session-Id is returned by the server during initialization,\n // clients using the Streamable HTTP transport MUST include it\n // in the Mcp-Session-Id header on all of their subsequent HTTP requests.\n const sessionError = this.validateSession(req);\n if (sessionError) {\n return sessionError;\n }\n const protocolError = this.validateProtocolVersion(req);\n if (protocolError) {\n return protocolError;\n }\n\n // Handle resumability: check for Last-Event-ID header\n if (this._eventStore) {\n const lastEventId = req.headers.get('last-event-id');\n if (lastEventId) {\n return this.replayEvents(lastEventId);\n }\n }\n\n // Check if there's already an active standalone SSE stream for this session\n if (this._streamMapping.get(this._standaloneSseStreamId) !== undefined) {\n // Only one GET SSE stream is allowed per session\n return this.createJsonErrorResponse(409, -32_000, 'Conflict: Only one SSE stream is allowed per session');\n }\n\n const encoder = new TextEncoder();\n let streamController: ReadableStreamDefaultController;\n\n // Create a ReadableStream with a controller we can use to push SSE events\n const readable = new ReadableStream({\n start: controller => {\n streamController = controller;\n },\n cancel: () => {\n // Stream was cancelled by client\n this._streamMapping.delete(this._standaloneSseStreamId);\n }\n });\n\n const headers: Record = {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n };\n\n // After initialization, always include the session ID if we have one\n if (this.sessionId !== undefined) {\n headers['mcp-session-id'] = this.sessionId;\n }\n\n // Store the stream mapping with the controller for pushing data\n this._streamMapping.set(this._standaloneSseStreamId, {\n controller: streamController!,\n encoder,\n cleanup: () => {\n this._streamMapping.delete(this._standaloneSseStreamId);\n try {\n streamController!.close();\n } catch {\n // Controller might already be closed\n }\n }\n });\n\n return new Response(readable, { headers });\n }\n\n /**\n * Replays events that would have been sent after the specified event ID\n * Only used when resumability is enabled\n */\n private async replayEvents(lastEventId: string): Promise {\n if (!this._eventStore) {\n return this.createJsonErrorResponse(400, -32_000, 'Event store not configured');\n }\n\n try {\n // If getStreamIdForEventId is available, use it for conflict checking\n let streamId: string | undefined;\n if (this._eventStore.getStreamIdForEventId) {\n streamId = await this._eventStore.getStreamIdForEventId(lastEventId);\n\n if (!streamId) {\n return this.createJsonErrorResponse(400, -32_000, 'Invalid event ID format');\n }\n\n // Check conflict with the SAME streamId we'll use for mapping\n if (this._streamMapping.get(streamId) !== undefined) {\n return this.createJsonErrorResponse(409, -32_000, 'Conflict: Stream already has an active connection');\n }\n }\n\n const headers: Record = {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache, no-transform',\n Connection: 'keep-alive'\n };\n\n if (this.sessionId !== undefined) {\n headers['mcp-session-id'] = this.sessionId;\n }\n\n // Create a ReadableStream with controller for SSE\n const encoder = new TextEncoder();\n let streamController: ReadableStreamDefaultController;\n\n const readable = new ReadableStream({\n start: controller => {\n streamController = controller;\n },\n cancel: () => {\n // Stream was cancelled by client\n // Cleanup will be handled by the mapping\n }\n });\n\n // Replay events - returns the streamId for backwards compatibility\n const replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, {\n send: async (eventId: string, message: JSONRPCMessage) => {\n const success = this.writeSSEEvent(streamController!, encoder, message, eventId);\n if (!success) {\n this.onerror?.(new Error('Failed replay events'));\n try {\n streamController!.close();\n } catch {\n // Controller might already be closed\n }\n }\n }\n });\n\n this._streamMapping.set(replayedStreamId, {\n controller: streamController!,\n encoder,\n cleanup: () => {\n this._streamMapping.delete(replayedStreamId);\n try {\n streamController!.close();\n } catch {\n // Controller might already be closed\n }\n }\n });\n\n return new Response(readable, { headers });\n } catch (error) {\n this.onerror?.(error as Error);\n return this.createJsonErrorResponse(500, -32_000, 'Error replaying events');\n }\n }\n\n /**\n * Writes an event to an SSE stream via controller with proper formatting\n */\n private writeSSEEvent(\n controller: ReadableStreamDefaultController,\n encoder: InstanceType,\n message: JSONRPCMessage,\n eventId?: string\n ): boolean {\n try {\n let eventData = `event: message\\n`;\n // Include event ID if provided - this is important for resumability\n if (eventId) {\n eventData += `id: ${eventId}\\n`;\n }\n eventData += `data: ${JSON.stringify(message)}\\n\\n`;\n controller.enqueue(encoder.encode(eventData));\n return true;\n } catch {\n return false;\n }\n }\n\n /**\n * Handles unsupported requests (`PUT`, `PATCH`, etc.)\n */\n private handleUnsupportedRequest(): Response {\n return Response.json(\n {\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Method not allowed.'\n },\n id: null\n },\n {\n status: 405,\n headers: {\n Allow: 'GET, POST, DELETE',\n 'Content-Type': 'application/json'\n }\n }\n );\n }\n\n /**\n * Handles `POST` requests containing JSON-RPC messages\n */\n private async handlePostRequest(req: Request, options?: HandleRequestOptions): Promise {\n try {\n // Validate the Accept header\n const acceptHeader = req.headers.get('accept');\n // The client MUST include an Accept header, listing both application/json and text/event-stream as supported content types.\n if (!acceptHeader?.includes('application/json') || !acceptHeader.includes('text/event-stream')) {\n return this.createJsonErrorResponse(\n 406,\n -32_000,\n 'Not Acceptable: Client must accept both application/json and text/event-stream'\n );\n }\n\n const ct = req.headers.get('content-type');\n if (!ct || !ct.includes('application/json')) {\n return this.createJsonErrorResponse(415, -32_000, 'Unsupported Media Type: Content-Type must be application/json');\n }\n\n // Build request info from headers\n const requestInfo: RequestInfo = {\n headers: req.headers\n };\n\n let rawMessage;\n if (options?.parsedBody === undefined) {\n try {\n rawMessage = await req.json();\n } catch {\n return this.createJsonErrorResponse(400, -32_700, 'Parse error: Invalid JSON');\n }\n } else {\n rawMessage = options.parsedBody;\n }\n\n let messages: JSONRPCMessage[];\n\n // handle batch and single messages\n try {\n messages = Array.isArray(rawMessage)\n ? rawMessage.map(msg => JSONRPCMessageSchema.parse(msg))\n : [JSONRPCMessageSchema.parse(rawMessage)];\n } catch {\n return this.createJsonErrorResponse(400, -32_700, 'Parse error: Invalid JSON-RPC message');\n }\n\n // Check if this is an initialization request\n // https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/lifecycle/\n const isInitializationRequest = messages.some(element => isInitializeRequest(element));\n if (isInitializationRequest) {\n // If it's a server with session management and the session ID is already set we should reject the request\n // to avoid re-initialization.\n if (this._initialized && this.sessionId !== undefined) {\n return this.createJsonErrorResponse(400, -32_600, 'Invalid Request: Server already initialized');\n }\n if (messages.length > 1) {\n return this.createJsonErrorResponse(400, -32_600, 'Invalid Request: Only one initialization request is allowed');\n }\n this.sessionId = this.sessionIdGenerator?.();\n this._initialized = true;\n\n // If we have a session ID and an onsessioninitialized handler, call it immediately\n // This is needed in cases where the server needs to keep track of multiple sessions\n if (this.sessionId && this._onsessioninitialized) {\n await Promise.resolve(this._onsessioninitialized(this.sessionId));\n }\n }\n if (!isInitializationRequest) {\n // If an Mcp-Session-Id is returned by the server during initialization,\n // clients using the Streamable HTTP transport MUST include it\n // in the Mcp-Session-Id header on all of their subsequent HTTP requests.\n const sessionError = this.validateSession(req);\n if (sessionError) {\n return sessionError;\n }\n // Mcp-Protocol-Version header is required for all requests after initialization.\n const protocolError = this.validateProtocolVersion(req);\n if (protocolError) {\n return protocolError;\n }\n }\n\n // check if it contains requests\n const hasRequests = messages.some(element => isJSONRPCRequest(element));\n\n if (!hasRequests) {\n // if it only contains notifications or responses, return 202\n for (const message of messages) {\n this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });\n }\n return new Response(null, { status: 202 });\n }\n\n // The default behavior is to use SSE streaming\n // but in some cases server will return JSON responses\n const streamId = crypto.randomUUID();\n\n // Extract protocol version for priming event decision.\n // For initialize requests, get from request params.\n // For other requests, get from header (already validated).\n const initRequest = messages.find(m => isInitializeRequest(m));\n const clientProtocolVersion = initRequest\n ? initRequest.params.protocolVersion\n : (req.headers.get('mcp-protocol-version') ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION);\n\n if (this._enableJsonResponse) {\n // For JSON response mode, return a Promise that resolves when all responses are ready\n return new Promise(resolve => {\n this._streamMapping.set(streamId, {\n resolveJson: resolve,\n cleanup: () => {\n this._streamMapping.delete(streamId);\n }\n });\n\n for (const message of messages) {\n if (isJSONRPCRequest(message)) {\n this._requestToStreamMapping.set(message.id, streamId);\n }\n }\n\n for (const message of messages) {\n this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });\n }\n });\n }\n\n // SSE streaming mode - use ReadableStream with controller for more reliable data pushing\n const encoder = new TextEncoder();\n let streamController: ReadableStreamDefaultController;\n\n const readable = new ReadableStream({\n start: controller => {\n streamController = controller;\n },\n cancel: () => {\n // Stream was cancelled by client\n this._streamMapping.delete(streamId);\n }\n });\n\n const headers: Record = {\n 'Content-Type': 'text/event-stream',\n 'Cache-Control': 'no-cache',\n Connection: 'keep-alive'\n };\n\n // After initialization, always include the session ID if we have one\n if (this.sessionId !== undefined) {\n headers['mcp-session-id'] = this.sessionId;\n }\n\n // Store the response for this request to send messages back through this connection\n // We need to track by request ID to maintain the connection\n for (const message of messages) {\n if (isJSONRPCRequest(message)) {\n this._streamMapping.set(streamId, {\n controller: streamController!,\n encoder,\n cleanup: () => {\n this._streamMapping.delete(streamId);\n try {\n streamController!.close();\n } catch {\n // Controller might already be closed\n }\n }\n });\n this._requestToStreamMapping.set(message.id, streamId);\n }\n }\n\n // Write priming event if event store is configured (after mapping is set up)\n await this.writePrimingEvent(streamController!, encoder, streamId, clientProtocolVersion);\n\n // handle each message\n for (const message of messages) {\n // Build closeSSEStream callback for requests when eventStore is configured\n // AND client supports resumability (protocol version >= 2025-11-25).\n // Old clients can't resume if the stream is closed early because they\n // didn't receive a priming event with an event ID.\n let closeSSEStream: (() => void) | undefined;\n let closeStandaloneSSEStream: (() => void) | undefined;\n if (isJSONRPCRequest(message) && this._eventStore && clientProtocolVersion >= '2025-11-25') {\n closeSSEStream = () => {\n this.closeSSEStream(message.id);\n };\n closeStandaloneSSEStream = () => {\n this.closeStandaloneSSEStream();\n };\n }\n\n this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo, closeSSEStream, closeStandaloneSSEStream });\n }\n // The server SHOULD NOT close the SSE stream before sending all JSON-RPC responses\n // This will be handled by the send() method when responses are ready\n\n return new Response(readable, { status: 200, headers });\n } catch (error) {\n // return JSON-RPC formatted error\n this.onerror?.(error as Error);\n return this.createJsonErrorResponse(400, -32_700, 'Parse error', { data: String(error) });\n }\n }\n\n /**\n * Handles `DELETE` requests to terminate sessions\n */\n private async handleDeleteRequest(req: Request): Promise {\n const sessionError = this.validateSession(req);\n if (sessionError) {\n return sessionError;\n }\n const protocolError = this.validateProtocolVersion(req);\n if (protocolError) {\n return protocolError;\n }\n\n await Promise.resolve(this._onsessionclosed?.(this.sessionId!));\n await this.close();\n return new Response(null, { status: 200 });\n }\n\n /**\n * Validates session ID for non-initialization requests.\n * Returns `Response` error if invalid, `undefined` otherwise\n */\n private validateSession(req: Request): Response | undefined {\n if (this.sessionIdGenerator === undefined) {\n // If the sessionIdGenerator ID is not set, the session management is disabled\n // and we don't need to validate the session ID\n return undefined;\n }\n if (!this._initialized) {\n // If the server has not been initialized yet, reject all requests\n return this.createJsonErrorResponse(400, -32_000, 'Bad Request: Server not initialized');\n }\n\n const sessionId = req.headers.get('mcp-session-id');\n\n if (!sessionId) {\n // Non-initialization requests without a session ID should return 400 Bad Request\n return this.createJsonErrorResponse(400, -32_000, 'Bad Request: Mcp-Session-Id header is required');\n }\n\n if (sessionId !== this.sessionId) {\n // Reject requests with invalid session ID with 404 Not Found\n return this.createJsonErrorResponse(404, -32_001, 'Session not found');\n }\n\n return undefined;\n }\n\n /**\n * Validates the `MCP-Protocol-Version` header on incoming requests.\n *\n * For initialization: Version negotiation handles unknown versions gracefully\n * (server responds with its supported version).\n *\n * For subsequent requests with `MCP-Protocol-Version` header:\n * - Accept if in supported list\n * - 400 if unsupported\n *\n * For HTTP requests without the `MCP-Protocol-Version` header:\n * - Accept and default to the version negotiated at initialization\n */\n private validateProtocolVersion(req: Request): Response | undefined {\n const protocolVersion = req.headers.get('mcp-protocol-version');\n\n if (protocolVersion !== null && !this._supportedProtocolVersions.includes(protocolVersion)) {\n return this.createJsonErrorResponse(\n 400,\n -32_000,\n `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${this._supportedProtocolVersions.join(', ')})`\n );\n }\n return undefined;\n }\n\n async close(): Promise {\n // Close all SSE connections\n for (const { cleanup } of this._streamMapping.values()) {\n cleanup();\n }\n this._streamMapping.clear();\n\n // Clear any pending responses\n this._requestResponseMap.clear();\n this.onclose?.();\n }\n\n /**\n * Close an SSE stream for a specific request, triggering client reconnection.\n * Use this to implement polling behavior during long-running operations -\n * client will reconnect after the retry interval specified in the priming event.\n */\n closeSSEStream(requestId: RequestId): void {\n const streamId = this._requestToStreamMapping.get(requestId);\n if (!streamId) return;\n\n const stream = this._streamMapping.get(streamId);\n if (stream) {\n stream.cleanup();\n }\n }\n\n /**\n * Close the standalone `GET` SSE stream, triggering client reconnection.\n * Use this to implement polling behavior for server-initiated notifications.\n */\n closeStandaloneSSEStream(): void {\n const stream = this._streamMapping.get(this._standaloneSseStreamId);\n if (stream) {\n stream.cleanup();\n }\n }\n\n async send(message: JSONRPCMessage, options?: { relatedRequestId?: RequestId }): Promise {\n let requestId = options?.relatedRequestId;\n if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {\n // If the message is a response, use the request ID from the message\n requestId = message.id;\n }\n\n // Check if this message should be sent on the standalone SSE stream (no request ID)\n // Ignore notifications from tools (which have relatedRequestId set)\n // Those will be sent via dedicated response SSE streams\n if (requestId === undefined) {\n // For standalone SSE streams, we can only send requests and notifications\n if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {\n throw new Error('Cannot send a response on a standalone SSE stream unless resuming a previous client request');\n }\n\n // Generate and store event ID if event store is provided\n // Store even if stream is disconnected so events can be replayed on reconnect\n let eventId: string | undefined;\n if (this._eventStore) {\n // Stores the event and gets the generated event ID\n eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);\n }\n\n const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);\n if (standaloneSse === undefined) {\n // Stream is disconnected - event is stored for replay, nothing more to do\n return;\n }\n\n // Send the message to the standalone SSE stream\n if (standaloneSse.controller && standaloneSse.encoder) {\n this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);\n }\n return;\n }\n\n // Get the response for this request\n const streamId = this._requestToStreamMapping.get(requestId);\n if (!streamId) {\n throw new Error(`No connection established for request ID: ${String(requestId)}`);\n }\n\n const stream = this._streamMapping.get(streamId);\n\n if (!this._enableJsonResponse && stream?.controller && stream?.encoder) {\n // For SSE responses, generate event ID if event store is provided\n let eventId: string | undefined;\n\n if (this._eventStore) {\n eventId = await this._eventStore.storeEvent(streamId, message);\n }\n // Write the event to the response stream\n this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);\n }\n\n if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {\n this._requestResponseMap.set(requestId, message);\n const relatedIds = [...this._requestToStreamMapping.entries()].filter(([_, sid]) => sid === streamId).map(([id]) => id);\n\n // Check if we have responses for all requests using this connection\n const allResponsesReady = relatedIds.every(id => this._requestResponseMap.has(id));\n\n if (allResponsesReady) {\n if (!stream) {\n throw new Error(`No connection established for request ID: ${String(requestId)}`);\n }\n if (this._enableJsonResponse && stream.resolveJson) {\n // All responses ready, send as JSON\n const headers: Record = {\n 'Content-Type': 'application/json'\n };\n if (this.sessionId !== undefined) {\n headers['mcp-session-id'] = this.sessionId;\n }\n\n const responses = relatedIds.map(id => this._requestResponseMap.get(id)!);\n\n if (responses.length === 1) {\n stream.resolveJson(Response.json(responses[0], { status: 200, headers }));\n } else {\n stream.resolveJson(Response.json(responses, { status: 200, headers }));\n }\n } else {\n // End the SSE stream\n stream.cleanup();\n }\n // Clean up\n for (const id of relatedIds) {\n this._requestResponseMap.delete(id);\n this._requestToStreamMapping.delete(id);\n }\n }\n }\n }\n}\n" }, { "path": "packages/server/src/shimsNode.ts", "content": "/**\n * Node.js runtime shims for server package\n *\n * This file is selected via package.json export conditions when running in Node.js.\n */\nexport { AjvJsonSchemaValidator as DefaultJsonSchemaValidator } from '@modelcontextprotocol/core';\nexport { default as process } from 'node:process';\n" }, { "path": "packages/server/src/shimsWorkerd.ts", "content": "/**\n * Cloudflare Workers runtime shims for server package\n *\n * This file is selected via package.json export conditions when running in workerd.\n */\nexport { CfWorkerJsonSchemaValidator as DefaultJsonSchemaValidator } from '@modelcontextprotocol/core';\n\n/**\n * Stub process object for non-Node.js environments.\n * StdioServerTransport is not supported in Cloudflare Workers/browser environments.\n */\nfunction notSupported(): never {\n throw new Error('StdioServerTransport is not supported in this environment. Use StreamableHTTPServerTransport instead.');\n}\n\nexport const process = {\n get stdin(): never {\n return notSupported();\n },\n get stdout(): never {\n return notSupported();\n }\n};\n" }, { "path": "packages/server/test/server/completable.test.ts", "content": "import * as z from 'zod/v4';\nimport { describe, expect, it } from 'vitest';\n\nimport { completable, getCompleter } from '../../src/server/completable.js';\n\ndescribe('completable with Zod v4', () => {\n it('preserves types and values of underlying schema', () => {\n const baseSchema = z.string();\n const schema = completable(baseSchema, () => []);\n\n expect(schema.parse('test')).toBe('test');\n expect(() => schema.parse(123)).toThrow();\n });\n\n it('provides access to completion function', async () => {\n const completions = ['foo', 'bar', 'baz'];\n const schema = completable(z.string(), () => completions);\n\n const completer = getCompleter(schema);\n expect(completer).toBeDefined();\n expect(await completer!('')).toEqual(completions);\n });\n\n it('allows async completion functions', async () => {\n const completions = ['foo', 'bar', 'baz'];\n const schema = completable(z.string(), async () => completions);\n\n const completer = getCompleter(schema);\n expect(completer).toBeDefined();\n expect(await completer!('')).toEqual(completions);\n });\n\n it('passes current value to completion function', async () => {\n const schema = completable(z.string(), value => [value + '!']);\n\n const completer = getCompleter(schema);\n expect(completer).toBeDefined();\n expect(await completer!('test')).toEqual(['test!']);\n });\n\n it('works with number schemas', async () => {\n const schema = completable(z.number(), () => [1, 2, 3]);\n\n expect(schema.parse(1)).toBe(1);\n const completer = getCompleter(schema);\n expect(completer).toBeDefined();\n expect(await completer!(0)).toEqual([1, 2, 3]);\n });\n\n it('preserves schema description', () => {\n const desc = 'test description';\n const schema = completable(z.string().describe(desc), () => []);\n\n expect(schema.description).toBe(desc);\n });\n});\n" }, { "path": "packages/server/test/server/stdio.test.ts", "content": "import { Readable, Writable } from 'node:stream';\n\nimport type { JSONRPCMessage } from '@modelcontextprotocol/core';\nimport { ReadBuffer, serializeMessage } from '@modelcontextprotocol/core';\n\nimport { StdioServerTransport } from '../../src/server/stdio.js';\n\nlet input: Readable;\nlet outputBuffer: ReadBuffer;\nlet output: Writable;\n\nbeforeEach(() => {\n input = new Readable({\n // We'll use input.push() instead.\n read: () => {}\n });\n\n outputBuffer = new ReadBuffer();\n output = new Writable({\n write(chunk, _encoding, callback) {\n outputBuffer.append(chunk);\n callback();\n }\n });\n});\n\ntest('should start then close cleanly', async () => {\n const server = new StdioServerTransport(input, output);\n server.onerror = error => {\n throw error;\n };\n\n let didClose = false;\n server.onclose = () => {\n didClose = true;\n };\n\n await server.start();\n expect(didClose).toBeFalsy();\n await server.close();\n expect(didClose).toBeTruthy();\n});\n\ntest('should not read until started', async () => {\n const server = new StdioServerTransport(input, output);\n server.onerror = error => {\n throw error;\n };\n\n let didRead = false;\n const readMessage = new Promise(resolve => {\n server.onmessage = message => {\n didRead = true;\n resolve(message);\n };\n });\n\n const message: JSONRPCMessage = {\n jsonrpc: '2.0',\n id: 1,\n method: 'ping'\n };\n input.push(serializeMessage(message));\n\n expect(didRead).toBeFalsy();\n await server.start();\n expect(await readMessage).toEqual(message);\n});\n\ntest('should read multiple messages', async () => {\n const server = new StdioServerTransport(input, output);\n server.onerror = error => {\n throw error;\n };\n\n const messages: JSONRPCMessage[] = [\n {\n jsonrpc: '2.0',\n id: 1,\n method: 'ping'\n },\n {\n jsonrpc: '2.0',\n method: 'notifications/initialized'\n }\n ];\n\n const readMessages: JSONRPCMessage[] = [];\n const finished = new Promise(resolve => {\n server.onmessage = message => {\n readMessages.push(message);\n if (JSON.stringify(message) === JSON.stringify(messages[1])) {\n resolve();\n }\n };\n });\n\n input.push(serializeMessage(messages[0]!));\n input.push(serializeMessage(messages[1]!));\n\n await server.start();\n await finished;\n expect(readMessages).toEqual(messages);\n});\n" }, { "path": "packages/server/test/server/streamableHttp.test.ts", "content": "import { randomUUID } from 'node:crypto';\n\nimport type { CallToolResult, JSONRPCErrorResponse, JSONRPCMessage } from '@modelcontextprotocol/core';\nimport * as z from 'zod/v4';\n\nimport { McpServer } from '../../src/server/mcp.js';\nimport type { EventId, EventStore, StreamId } from '../../src/server/streamableHttp.js';\nimport { WebStandardStreamableHTTPServerTransport } from '../../src/server/streamableHttp.js';\n\n/**\n * Common test messages\n */\nconst TEST_MESSAGES = {\n initialize: {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-11-25',\n capabilities: {}\n },\n id: 'init-1'\n } as JSONRPCMessage,\n\n initializeOldVersion: {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client', version: '1.0' },\n protocolVersion: '2025-06-18',\n capabilities: {}\n },\n id: 'init-1'\n } as JSONRPCMessage,\n\n toolsList: {\n jsonrpc: '2.0',\n method: 'tools/list',\n params: {},\n id: 'tools-1'\n } as JSONRPCMessage\n};\n\n/**\n * Helper to create a Web Standard Request\n */\nfunction createRequest(\n method: string,\n body?: JSONRPCMessage | JSONRPCMessage[],\n options?: {\n sessionId?: string;\n accept?: string;\n contentType?: string;\n extraHeaders?: Record;\n }\n): Request {\n const headers: Record = {};\n\n if (options?.accept) {\n headers['Accept'] = options.accept;\n } else if (method === 'POST') {\n headers['Accept'] = 'application/json, text/event-stream';\n } else if (method === 'GET') {\n headers['Accept'] = 'text/event-stream';\n }\n\n if (options?.contentType) {\n headers['Content-Type'] = options.contentType;\n } else if (body) {\n headers['Content-Type'] = 'application/json';\n }\n\n if (options?.sessionId) {\n headers['mcp-session-id'] = options.sessionId;\n headers['mcp-protocol-version'] = '2025-11-25';\n }\n\n if (options?.extraHeaders) {\n Object.assign(headers, options.extraHeaders);\n }\n\n return new Request('http://localhost/mcp', {\n method,\n headers,\n body: body ? JSON.stringify(body) : undefined\n });\n}\n\n/**\n * Helper to extract text from SSE response\n */\nasync function readSSEEvent(response: Response): Promise {\n const reader = response.body?.getReader();\n const { value } = await reader!.read();\n return new TextDecoder().decode(value);\n}\n\n/**\n * Helper to parse SSE data line\n */\nfunction parseSSEData(text: string): unknown {\n const eventLines = text.split('\\n');\n const dataLine = eventLines.find(line => line.startsWith('data:'));\n if (!dataLine) {\n throw new Error('No data line found in SSE event');\n }\n return JSON.parse(dataLine.slice(5).trim());\n}\n\nfunction expectErrorResponse(data: unknown, expectedCode: number, expectedMessagePattern: RegExp): void {\n expect(data).toMatchObject({\n jsonrpc: '2.0',\n error: expect.objectContaining({\n code: expectedCode,\n message: expect.stringMatching(expectedMessagePattern)\n })\n });\n}\n\ndescribe('Zod v4', () => {\n describe('HTTPServerTransport', () => {\n let transport: WebStandardStreamableHTTPServerTransport;\n let mcpServer: McpServer;\n let sessionId: string;\n\n beforeEach(async () => {\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'greet',\n {\n description: 'A simple greeting tool',\n inputSchema: z.object({ name: z.string().describe('Name to greet') })\n },\n async ({ name }): Promise => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n }\n );\n\n transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await mcpServer.connect(transport);\n });\n\n afterEach(async () => {\n await transport.close();\n });\n\n async function initializeServer(): Promise {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n const newSessionId = response.headers.get('mcp-session-id');\n expect(newSessionId).toBeDefined();\n return newSessionId as string;\n }\n\n describe('Initialization', () => {\n it('should initialize server and generate session ID', async () => {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('text/event-stream');\n expect(response.headers.get('mcp-session-id')).toBeDefined();\n });\n\n it('should reject second initialization request', async () => {\n sessionId = await initializeServer();\n expect(sessionId).toBeDefined();\n\n const secondInitMessage = {\n ...TEST_MESSAGES.initialize,\n id: 'second-init'\n };\n\n const request = createRequest('POST', secondInitMessage);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_600, /Server already initialized/);\n });\n\n it('should reject batch initialize request', async () => {\n const batchInitMessages: JSONRPCMessage[] = [\n TEST_MESSAGES.initialize,\n {\n jsonrpc: '2.0',\n method: 'initialize',\n params: {\n clientInfo: { name: 'test-client-2', version: '1.0' },\n protocolVersion: '2025-03-26'\n },\n id: 'init-2'\n }\n ];\n\n const request = createRequest('POST', batchInitMessages);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_600, /Only one initialization request is allowed/);\n });\n });\n\n describe('POST Requests', () => {\n it('should handle post requests via SSE response correctly', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('POST', TEST_MESSAGES.toolsList, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventData = parseSSEData(text);\n\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: expect.objectContaining({\n tools: expect.arrayContaining([\n expect.objectContaining({\n name: 'greet',\n description: 'A simple greeting tool'\n })\n ])\n }),\n id: 'tools-1'\n });\n });\n\n it('should call a tool and return the result', async () => {\n sessionId = await initializeServer();\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: {\n name: 'Test User'\n }\n },\n id: 'call-1'\n };\n\n const request = createRequest('POST', toolCallMessage, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n\n const text = await readSSEEvent(response);\n const eventData = parseSSEData(text);\n\n expect(eventData).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [\n {\n type: 'text',\n text: 'Hello, Test User!'\n }\n ]\n },\n id: 'call-1'\n });\n });\n\n it('should reject requests without a valid session ID', async () => {\n const request = createRequest('POST', TEST_MESSAGES.toolsList);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(400);\n const errorData = (await response.json()) as JSONRPCErrorResponse;\n expectErrorResponse(errorData, -32_000, /Bad Request/);\n expect(errorData.id).toBeNull();\n });\n\n it('should reject invalid session ID', async () => {\n await initializeServer();\n\n const request = createRequest('POST', TEST_MESSAGES.toolsList, { sessionId: 'invalid-session-id' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(404);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_001, /Session not found/);\n });\n\n it('should reject request with wrong Accept header', async () => {\n const request = createRequest('POST', TEST_MESSAGES.initialize, { accept: 'application/json' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(406);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Not Acceptable/);\n });\n\n it('should reject request with wrong Content-Type header', async () => {\n const request = new Request('http://localhost/mcp', {\n method: 'POST',\n headers: {\n Accept: 'application/json, text/event-stream',\n 'Content-Type': 'text/plain'\n },\n body: JSON.stringify(TEST_MESSAGES.initialize)\n });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(415);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Unsupported Media Type/);\n });\n\n it('should reject invalid JSON', async () => {\n const request = new Request('http://localhost/mcp', {\n method: 'POST',\n headers: {\n Accept: 'application/json, text/event-stream',\n 'Content-Type': 'application/json'\n },\n body: 'not valid json'\n });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_700, /Parse error.*Invalid JSON/);\n });\n\n it('should accept notifications without session and return 202', async () => {\n sessionId = await initializeServer();\n\n const notification: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'notifications/initialized'\n };\n\n const request = createRequest('POST', notification, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(202);\n });\n });\n\n describe('GET Requests (SSE Stream)', () => {\n it('should establish standalone SSE stream', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('GET', undefined, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('text/event-stream');\n expect(response.headers.get('mcp-session-id')).toBe(sessionId);\n });\n\n it('should reject GET without Accept: text/event-stream', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('GET', undefined, { sessionId, accept: 'application/json' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(406);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Not Acceptable/);\n });\n\n it('should reject second standalone SSE stream', async () => {\n sessionId = await initializeServer();\n\n // First SSE stream\n const request1 = createRequest('GET', undefined, { sessionId });\n const response1 = await transport.handleRequest(request1);\n expect(response1.status).toBe(200);\n\n // Second SSE stream should be rejected\n const request2 = createRequest('GET', undefined, { sessionId });\n const response2 = await transport.handleRequest(request2);\n\n expect(response2.status).toBe(409);\n const errorData = await response2.json();\n expectErrorResponse(errorData, -32_000, /Conflict/);\n });\n });\n\n describe('DELETE Requests', () => {\n it('should handle DELETE to close session', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('DELETE', undefined, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n });\n\n it('should reject DELETE without valid session', async () => {\n await initializeServer();\n\n const request = createRequest('DELETE', undefined, { sessionId: 'invalid-session' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(404);\n });\n });\n\n describe('Unsupported Methods', () => {\n it('should reject PUT requests', async () => {\n const request = new Request('http://localhost/mcp', { method: 'PUT' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(405);\n expect(response.headers.get('Allow')).toBe('GET, POST, DELETE');\n });\n\n it('should reject PATCH requests', async () => {\n const request = new Request('http://localhost/mcp', { method: 'PATCH' });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(405);\n });\n });\n });\n\n describe('HTTPServerTransport - Stateless Mode', () => {\n let transport: WebStandardStreamableHTTPServerTransport;\n let mcpServer: McpServer;\n\n beforeEach(async () => {\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'echo',\n { description: 'Echo tool', inputSchema: z.object({ message: z.string() }) },\n async ({ message }): Promise => {\n return { content: [{ type: 'text', text: message }] };\n }\n );\n\n transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: undefined\n });\n\n await mcpServer.connect(transport);\n });\n\n afterEach(async () => {\n await transport.close();\n });\n\n it('should work without session management', async () => {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('mcp-session-id')).toBeNull();\n });\n\n it('should not require session ID on subsequent requests', async () => {\n // Initialize\n const initRequest = createRequest('POST', TEST_MESSAGES.initialize);\n await transport.handleRequest(initRequest);\n\n // Subsequent request without session ID should work\n const request = createRequest('POST', TEST_MESSAGES.toolsList);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n });\n });\n\n describe('HTTPServerTransport - JSON Response Mode', () => {\n let transport: WebStandardStreamableHTTPServerTransport;\n let mcpServer: McpServer;\n let sessionId: string;\n\n beforeEach(async () => {\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'greet',\n { description: 'Greeting tool', inputSchema: z.object({ name: z.string() }) },\n async ({ name }): Promise => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n }\n );\n\n transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n enableJsonResponse: true\n });\n\n await mcpServer.connect(transport);\n });\n\n afterEach(async () => {\n await transport.close();\n });\n\n async function initializeServer(): Promise {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n const newSessionId = response.headers.get('mcp-session-id');\n expect(newSessionId).toBeDefined();\n return newSessionId as string;\n }\n\n it('should return JSON response instead of SSE', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('POST', TEST_MESSAGES.toolsList, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('application/json');\n\n const data = await response.json();\n expect(data).toMatchObject({\n jsonrpc: '2.0',\n result: expect.objectContaining({\n tools: expect.any(Array)\n }),\n id: 'tools-1'\n });\n });\n\n it('should handle tool calls in JSON response mode', async () => {\n sessionId = await initializeServer();\n\n const toolCallMessage: JSONRPCMessage = {\n jsonrpc: '2.0',\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: { name: 'World' }\n },\n id: 'call-1'\n };\n\n const request = createRequest('POST', toolCallMessage, { sessionId });\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n expect(response.headers.get('content-type')).toBe('application/json');\n\n const data = await response.json();\n expect(data).toMatchObject({\n jsonrpc: '2.0',\n result: {\n content: [{ type: 'text', text: 'Hello, World!' }]\n },\n id: 'call-1'\n });\n });\n });\n\n describe('HTTPServerTransport - Session Callbacks', () => {\n it('should call onsessioninitialized callback', async () => {\n const onInitialized = vi.fn();\n\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => 'test-session-123',\n onsessioninitialized: onInitialized\n });\n\n await mcpServer.connect(transport);\n\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n await transport.handleRequest(request);\n\n expect(onInitialized).toHaveBeenCalledWith('test-session-123');\n\n await transport.close();\n });\n\n it('should call onsessionclosed callback on DELETE', async () => {\n const onClosed = vi.fn();\n\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => 'test-session-456',\n onsessionclosed: onClosed\n });\n\n await mcpServer.connect(transport);\n\n // Initialize first\n const initRequest = createRequest('POST', TEST_MESSAGES.initialize);\n await transport.handleRequest(initRequest);\n\n // Then delete\n const deleteRequest = createRequest('DELETE', undefined, { sessionId: 'test-session-456' });\n await transport.handleRequest(deleteRequest);\n\n expect(onClosed).toHaveBeenCalledWith('test-session-456');\n });\n });\n\n describe('HTTPServerTransport - Event Store (Resumability)', () => {\n let transport: WebStandardStreamableHTTPServerTransport;\n let mcpServer: McpServer;\n let eventStore: EventStore;\n let storedEvents: Map;\n let sessionId: string;\n\n beforeEach(async () => {\n storedEvents = new Map();\n\n eventStore = {\n async storeEvent(streamId: StreamId, message: JSONRPCMessage): Promise {\n const eventId = `${streamId}_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;\n storedEvents.set(eventId, { streamId, message });\n return eventId;\n },\n async getStreamIdForEventId(eventId: EventId): Promise {\n const event = storedEvents.get(eventId);\n return event?.streamId;\n },\n async replayEventsAfter(\n lastEventId: EventId,\n { send }: { send: (eventId: EventId, message: JSONRPCMessage) => Promise }\n ): Promise {\n const lastEvent = storedEvents.get(lastEventId);\n if (!lastEvent) {\n throw new Error('Event not found');\n }\n\n // Replay events after lastEventId for the same stream\n const streamId = lastEvent.streamId;\n const entries = [...storedEvents.entries()];\n let foundLast = false;\n\n for (const [eventId, event] of entries) {\n if (eventId === lastEventId) {\n foundLast = true;\n continue;\n }\n if (foundLast && event.streamId === streamId) {\n await send(eventId, event.message);\n }\n }\n\n return streamId;\n }\n };\n\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n mcpServer.registerTool(\n 'greet',\n { description: 'Greeting tool', inputSchema: z.object({ name: z.string() }) },\n async ({ name }): Promise => {\n return { content: [{ type: 'text', text: `Hello, ${name}!` }] };\n }\n );\n\n transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore\n });\n\n await mcpServer.connect(transport);\n });\n\n afterEach(async () => {\n await transport.close();\n });\n\n async function initializeServer(): Promise {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(200);\n const newSessionId = response.headers.get('mcp-session-id');\n expect(newSessionId).toBeDefined();\n return newSessionId as string;\n }\n\n it('should store events when event store is configured', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('POST', TEST_MESSAGES.toolsList, { sessionId });\n await transport.handleRequest(request);\n\n // Events should have been stored (priming event + response)\n expect(storedEvents.size).toBeGreaterThan(0);\n });\n\n it('should include event ID in SSE events', async () => {\n sessionId = await initializeServer();\n\n const request = createRequest('POST', TEST_MESSAGES.toolsList, { sessionId });\n const response = await transport.handleRequest(request);\n\n const text = await readSSEEvent(response);\n\n // Should have id: field in the SSE event\n expect(text).toContain('id:');\n });\n });\n\n describe('HTTPServerTransport - Protocol Version Validation', () => {\n let transport: WebStandardStreamableHTTPServerTransport;\n let mcpServer: McpServer;\n let sessionId: string;\n\n beforeEach(async () => {\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await mcpServer.connect(transport);\n });\n\n afterEach(async () => {\n await transport.close();\n });\n\n async function initializeServer(): Promise {\n const request = createRequest('POST', TEST_MESSAGES.initialize);\n const response = await transport.handleRequest(request);\n return response.headers.get('mcp-session-id') as string;\n }\n\n it('should reject unsupported protocol version in header', async () => {\n sessionId = await initializeServer();\n\n const request = new Request('http://localhost/mcp', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json, text/event-stream',\n 'mcp-session-id': sessionId,\n 'mcp-protocol-version': 'unsupported-version'\n },\n body: JSON.stringify(TEST_MESSAGES.toolsList)\n });\n\n const response = await transport.handleRequest(request);\n\n expect(response.status).toBe(400);\n const errorData = await response.json();\n expectErrorResponse(errorData, -32_000, /Unsupported protocol version/);\n });\n });\n\n describe('HTTPServerTransport - start() method', () => {\n it('should throw error when started twice', async () => {\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await transport.start();\n\n await expect(transport.start()).rejects.toThrow('Transport already started');\n });\n });\n});\n" }, { "path": "packages/server/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./src/shimsNode.ts\"]\n }\n }\n}\n" }, { "path": "packages/server/tsdown.config.ts", "content": "import { defineConfig } from 'tsdown';\n\nexport default defineConfig({\n // 1. Entry Points\n // Directly matches package.json include/exclude globs\n entry: ['src/index.ts', 'src/shimsNode.ts', 'src/shimsWorkerd.ts'],\n\n // 2. Output Configuration\n format: ['esm'],\n outDir: 'dist',\n clean: true, // Recommended: Cleans 'dist' before building\n sourcemap: true,\n\n // 3. Platform & Target\n target: 'esnext',\n platform: 'node',\n shims: true, // Polyfills common Node.js shims (__dirname, etc.)\n\n // 4. Type Definitions\n // Bundles d.ts files into a single output\n dts: {\n resolver: 'tsc',\n // override just for DTS generation:\n compilerOptions: {\n baseUrl: '.',\n paths: {\n '@modelcontextprotocol/core': ['../core/src/index.ts']\n }\n }\n },\n // 5. Vendoring Strategy - Bundle the code for this specific package into the output,\n // but treat all other dependencies as external (require/import).\n noExternal: ['@modelcontextprotocol/core'],\n\n // 6. External packages - keep self-reference imports external for runtime resolution\n external: ['@modelcontextprotocol/server/_shims']\n});\n" }, { "path": "packages/server/typedoc.json", "content": "{\n \"$schema\": \"https://typedoc.org/schema.json\",\n \"entryPoints\": [\"src\"],\n \"entryPointStrategy\": \"expand\",\n \"exclude\": [\"**/*.test.ts\", \"**/__*__/**\"],\n \"navigation\": {\n \"includeGroups\": true,\n \"includeCategories\": true\n }\n}\n" }, { "path": "packages/server/vitest.config.js", "content": "import baseConfig from '@modelcontextprotocol/vitest-config';\n\nexport default baseConfig;\n" }, { "path": "pnpm-workspace.yaml", "content": "packages:\n - packages/**/*\n - common/**/*\n - examples/**/*\n - test/**/*\n\ncatalogs:\n devTools:\n '@eslint/js': ^9.39.2\n wrangler: ^4.14.4\n '@types/content-type': ^1.1.8\n '@types/cors': ^2.8.17\n '@types/cross-spawn': ^6.0.6\n '@types/eventsource': ^1.1.15\n '@types/express': ^5.0.6\n '@types/express-serve-static-core': ^5.1.0\n '@types/supertest': ^6.0.2\n '@types/ws': ^8.5.12\n '@typescript/native-preview': ^7.0.0-dev.20251217.1\n eslint: ^9.39.2\n eslint-config-prettier: ^10.1.8\n eslint-plugin-n: ^17.23.1\n prettier: 3.6.2\n supertest: ^7.0.0\n tsdown: ^0.18.0\n typedoc: ^0.28.14\n tsx: ^4.16.5\n typescript: ^5.9.3\n typescript-eslint: ^8.48.1\n vite-tsconfig-paths: ^5.1.4\n vitest: ^4.0.15\n ws: ^8.18.0\n runtimeClientOnly:\n cross-spawn: ^7.0.5\n eventsource: ^3.0.2\n eventsource-parser: ^3.0.0\n jose: ^6.1.3\n runtimeServerOnly:\n '@hono/node-server': ^1.19.9\n content-type: ^1.0.5\n cors: ^2.8.5\n express: ^5.2.1\n hono: ^4.11.4\n raw-body: ^3.0.0\n runtimeShared:\n '@cfworker/json-schema': ^4.1.1\n ajv: ^8.17.1\n ajv-formats: ^3.0.1\n json-schema-typed: ^8.0.2\n pkce-challenge: ^5.0.0\n zod: ^4.0\n\nenableGlobalVirtualStore: false\n\nlinkWorkspacePackages: deep\n\nminimumReleaseAge: 10080 # 7 days\nminimumReleaseAgeExclude:\n - '@modelcontextprotocol/conformance'\n\nonlyBuiltDependencies:\n - better-sqlite3\n - esbuild\n\nignoredBuiltDependencies:\n - unrs-resolver\n" }, { "path": "scripts/cli.ts", "content": "import WebSocket from 'ws';\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\n(global as any).WebSocket = WebSocket;\n\nimport express from 'express';\nimport { Client } from '../src/client/index.js';\nimport { SSEClientTransport } from '../src/client/sse.js';\nimport { StdioClientTransport } from '../src/client/stdio.js';\nimport { WebSocketClientTransport } from '../src/client/websocket.js';\nimport { Server } from '../src/server/index.js';\nimport { SSEServerTransport } from '../src/server/sse.js';\nimport { StdioServerTransport } from '../src/server/stdio.js';\nimport { ListResourcesResultSchema } from '../src/types.js';\n\nasync function runClient(url_or_command: string, args: string[]) {\n const client = new Client(\n {\n name: 'mcp-typescript test client',\n version: '0.1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n let clientTransport;\n\n let url: URL | undefined = undefined;\n try {\n url = new URL(url_or_command);\n } catch {\n // Ignore\n }\n\n if (url?.protocol === 'http:' || url?.protocol === 'https:') {\n clientTransport = new SSEClientTransport(new URL(url_or_command));\n } else if (url?.protocol === 'ws:' || url?.protocol === 'wss:') {\n clientTransport = new WebSocketClientTransport(new URL(url_or_command));\n } else {\n clientTransport = new StdioClientTransport({\n command: url_or_command,\n args\n });\n }\n\n console.log('Connected to server.');\n\n await client.connect(clientTransport);\n console.log('Initialized.');\n\n await client.request({ method: 'resources/list' }, ListResourcesResultSchema);\n\n await client.close();\n console.log('Closed.');\n}\n\nasync function runServer(port: number | null) {\n if (port !== null) {\n const app = express();\n\n let servers: Server[] = [];\n\n app.get('/sse', async (req, res) => {\n console.log('Got new SSE connection');\n\n const transport = new SSEServerTransport('/message', res);\n const server = new Server(\n {\n name: 'mcp-typescript test server',\n version: '0.1.0'\n },\n {\n capabilities: {}\n }\n );\n\n servers.push(server);\n\n server.onclose = () => {\n console.log('SSE connection closed');\n servers = servers.filter(s => s !== server);\n };\n\n await server.connect(transport);\n });\n\n app.post('/message', async (req, res) => {\n console.log('Received message');\n\n const sessionId = req.query.sessionId as string;\n const transport = servers.map(s => s.transport as SSEServerTransport).find(t => t.sessionId === sessionId);\n if (!transport) {\n res.status(404).send('Session not found');\n return;\n }\n\n await transport.handlePostMessage(req, res);\n });\n\n app.listen(port, error => {\n if (error) {\n console.error('Failed to start server:', error);\n process.exit(1);\n }\n console.log(`Server running on http://localhost:${port}/sse`);\n });\n } else {\n const server = new Server(\n {\n name: 'mcp-typescript test server',\n version: '0.1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n\n console.log('Server running on stdio');\n }\n}\n\nconst args = process.argv.slice(2);\nconst command = args[0];\nswitch (command) {\n case 'client':\n if (args.length < 2) {\n console.error('Usage: client [args...]');\n process.exit(1);\n }\n\n runClient(args[1], args.slice(2)).catch(error => {\n console.error(error);\n process.exit(1);\n });\n\n break;\n\n case 'server': {\n const port = args[1] ? parseInt(args[1]) : null;\n runServer(port).catch(error => {\n console.error(error);\n process.exit(1);\n });\n\n break;\n }\n\n default:\n console.error('Unrecognized command:', command);\n}\n" }, { "path": "scripts/fetch-spec-types.ts", "content": "import { writeFileSync } from 'node:fs';\nimport { dirname, join } from 'node:path';\nimport { fileURLToPath } from 'node:url';\n\nconst __filename = fileURLToPath(import.meta.url);\nconst __dirname = dirname(__filename);\nconst PROJECT_ROOT = join(__dirname, '..');\n\ninterface GitHubCommit {\n sha: string;\n}\n\nasync function fetchLatestSHA(): Promise {\n const url = 'https://api.github.com/repos/modelcontextprotocol/modelcontextprotocol/commits?path=schema/draft/schema.ts&per_page=1';\n\n const response = await fetch(url);\n if (!response.ok) {\n throw new Error(`Failed to fetch commit info: ${response.status} ${response.statusText}`);\n }\n\n const commits = (await response.json()) as GitHubCommit[];\n if (!commits || commits.length === 0) {\n throw new Error('No commits found');\n }\n\n return commits[0].sha;\n}\n\nasync function fetchSpecTypes(sha: string): Promise {\n const url = `https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/${sha}/schema/draft/schema.ts`;\n\n const response = await fetch(url);\n if (!response.ok) {\n throw new Error(`Failed to fetch spec types: ${response.status} ${response.statusText}`);\n }\n\n return await response.text();\n}\n\nasync function main() {\n try {\n // Check if SHA is provided as command line argument\n const providedSHA = process.argv[2];\n\n let latestSHA: string;\n if (providedSHA) {\n console.log(`Using provided SHA: ${providedSHA}`);\n latestSHA = providedSHA;\n } else {\n console.log('Fetching latest commit SHA...');\n latestSHA = await fetchLatestSHA();\n }\n\n console.log(`Fetching spec.types.ts from commit: ${latestSHA}`);\n\n const specContent = await fetchSpecTypes(latestSHA);\n\n // Read header template\n const headerTemplate = `/**\n * This file is automatically generated from the Model Context Protocol specification.\n *\n * Source: https://github.com/modelcontextprotocol/modelcontextprotocol\n * Pulled from: https://raw.githubusercontent.com/modelcontextprotocol/modelcontextprotocol/main/schema/draft/schema.ts\n * Last updated from commit: {SHA}\n *\n * DO NOT EDIT THIS FILE MANUALLY. Changes will be overwritten by automated updates.\n * To update this file, run: pnpm run fetch:spec-types\n */`;\n\n const header = headerTemplate.replace('{SHA}', latestSHA);\n\n // Combine header and content\n const fullContent = header + specContent;\n\n // Write to file\n const outputPath = join(PROJECT_ROOT, 'packages', 'core', 'src', 'types', 'spec.types.ts');\n writeFileSync(outputPath, fullContent, 'utf-8');\n\n console.log('Successfully updated packages/core/src/types/spec.types.ts');\n } catch (error) {\n console.error('Error:', error instanceof Error ? error.message : String(error));\n process.exit(1);\n }\n}\n\nmain();\n" }, { "path": "scripts/generate-multidoc.sh", "content": "#!/usr/bin/env bash\n#\n# Generate combined V1 + V2 TypeDoc documentation.\n#\n# V1 docs (from the v1.x branch) are placed at the root.\n# V2 docs (from main) are placed under /v2/.\n#\n# Usage:\n# scripts/generate-multidoc.sh [output-dir]\n#\n# Default output directory: tmp/docs-combined\n#\nset -euo pipefail\n\nSCRIPT_DIR=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\nREPO_ROOT=\"$(cd \"$SCRIPT_DIR/..\" && pwd)\"\nOUTPUT_DIR=\"$(cd \"$REPO_ROOT\" && realpath -m \"${1:-tmp/docs-combined}\")\"\nV1_WORKTREE=\"$REPO_ROOT/.worktrees/v1-docs\"\nV2_WORKTREE=\"$REPO_ROOT/.worktrees/v2-docs\"\n\ncleanup() {\n echo \"Cleaning up worktrees...\"\n cd \"$REPO_ROOT\"\n git worktree remove --force \"$V1_WORKTREE\" 2>/dev/null || true\n git worktree remove --force \"$V2_WORKTREE\" 2>/dev/null || true\n}\ntrap cleanup EXIT\n\nrm -rf \"$OUTPUT_DIR\"\nmkdir -p \"$OUTPUT_DIR\"\n\n# ---------------------------------------------------------------------------\n# Step 1: Generate V1 docs from v1.x branch\n# ---------------------------------------------------------------------------\necho \"=== Generating V1 docs ===\"\n\ngit fetch origin v1.x\n\ngit worktree remove --force \"$V1_WORKTREE\" 2>/dev/null || true\nrm -rf \"$V1_WORKTREE\"\ngit worktree add \"$V1_WORKTREE\" \"origin/v1.x\" --detach\n\ncd \"$V1_WORKTREE\"\nnpm install\nnpm install --save-dev typedoc@^0.28.14\n\ncat > typedoc.json << 'TYPEDOC_EOF'\n{\n \"name\": \"MCP TypeScript SDK\",\n \"entryPoints\": [\n \"src/client/index.ts\",\n \"src/server/index.ts\",\n \"src/shared/protocol.ts\",\n \"src/shared/transport.ts\",\n \"src/types.ts\",\n \"src/inMemory.ts\",\n \"src/validation/index.ts\",\n \"src/experimental/index.ts\"\n ],\n \"tsconfig\": \"tsconfig.json\",\n \"out\": \"tmp/docs\",\n \"exclude\": [\n \"**/*.test.ts\",\n \"**/__fixtures__/**\",\n \"**/__mocks__/**\",\n \"src/examples/**\"\n ],\n \"projectDocuments\": [\n \"docs/server.md\",\n \"docs/client.md\",\n \"docs/capabilities.md\",\n \"docs/protocol.md\",\n \"docs/faq.md\"\n ],\n \"navigationLinks\": {\n \"V2 Docs\": \"/v2/\"\n },\n \"headings\": {\n \"readme\": false\n },\n \"skipErrorChecking\": true\n}\nTYPEDOC_EOF\n\n# Rewrite relative .ts links to point to GitHub source instead of media downloads\nV1_GITHUB=\"https://github.com/modelcontextprotocol/typescript-sdk/blob/v1.x\"\nsed -i \"s|(src/examples/|(${V1_GITHUB}/src/examples/|g\" README.md\nsed -i \"s|(../src/examples/|(${V1_GITHUB}/src/examples/|g\" docs/*.md\n\nnpx typedoc\n\ncp -r \"$V1_WORKTREE/tmp/docs/\"* \"$OUTPUT_DIR/\"\n\n# ---------------------------------------------------------------------------\n# Step 2: Generate V2 docs from main branch\n# ---------------------------------------------------------------------------\necho \"=== Generating V2 docs ===\"\n\ngit fetch origin main\n\ngit worktree remove --force \"$V2_WORKTREE\" 2>/dev/null || true\nrm -rf \"$V2_WORKTREE\"\ngit worktree add \"$V2_WORKTREE\" \"origin/main\" --detach\n\ncd \"$V2_WORKTREE\"\npnpm install\npnpm -r --filter='./packages/**' build\n\nnpx typedoc # outputs to tmp/docs/ per typedoc.config.mjs\n\nmkdir -p \"$OUTPUT_DIR/v2\"\ncp -r \"$V2_WORKTREE/tmp/docs/\"* \"$OUTPUT_DIR/v2/\"\n\ncd \"$REPO_ROOT\"\necho \"=== Combined docs generated at $OUTPUT_DIR ===\"\n" }, { "path": "scripts/sync-snippets.ts", "content": "/**\n * Code Snippet Sync Script\n *\n * This script syncs code snippets into JSDoc comments and markdown files\n * containing labeled code fences.\n *\n * ## Supported Source Files\n *\n * - **Full-file inclusion**: Any file type (e.g., `.json`, `.yaml`, `.sh`, `.ts`)\n * - **Region extraction**: Only `.ts` files (using `//#region` markers)\n *\n * ## Code Fence Format\n *\n * Full-file inclusion (any file type):\n *\n * ``````typescript\n * ```json source=\"./config.json\"\n * // entire file content is synced here\n * ```\n * ``````\n *\n * Region extraction (.ts only):\n *\n * ``````typescript\n * ```ts source=\"./path.examples.ts#regionName\"\n * // region content is synced here\n * ```\n * ``````\n *\n * Optionally, a display filename can be shown before the source reference:\n *\n * ``````typescript\n * ```ts my-app.ts source=\"./path.examples.ts#regionName\"\n * // code is synced here\n * ```\n * ``````\n *\n * ## Region Format (in .examples.ts files)\n *\n * ``````typescript\n * //#region regionName\n * // code here\n * //#endregion regionName\n * ``````\n *\n * Run: pnpm sync:snippets\n */\n\nimport { readFileSync, writeFileSync, readdirSync } from 'node:fs';\nimport { dirname, join, resolve } from 'node:path';\nimport { fileURLToPath } from 'node:url';\n\nconst __filename = fileURLToPath(import.meta.url);\nconst __dirname = dirname(__filename);\nconst PROJECT_ROOT = join(__dirname, '..');\nconst PACKAGES_DIR = join(PROJECT_ROOT, 'packages');\nconst DOCS_DIR = join(PROJECT_ROOT, 'docs');\n\n/** Processing mode based on file type */\ntype FileMode = 'jsdoc' | 'markdown';\n\n/**\n * Represents a labeled code fence found in a source file.\n */\ninterface LabeledCodeFence {\n /** Optional display filename (e.g., \"my-app.ts\") */\n displayName?: string;\n /** Relative path to the example file (e.g., \"./app.examples.ts\") */\n examplePath: string;\n /** Region name (e.g., \"App_basicUsage\"), or undefined for whole file */\n regionName?: string;\n /** Language from the code fence (e.g., \"ts\", \"json\", \"yaml\") */\n language: string;\n /** Character index of the opening fence line start */\n openingFenceStart: number;\n /** Character index after the opening fence line (after newline) */\n openingFenceEnd: number;\n /** Character index of the closing fence line start */\n closingFenceStart: number;\n /** The JSDoc line prefix extracted from context (e.g., \" * \") */\n linePrefix: string;\n}\n\n/**\n * Cache for example file regions to avoid re-reading files.\n * Key: `${absoluteExamplePath}#${regionName}` (empty regionName for whole file)\n * Value: extracted code string\n */\ntype RegionCache = Map;\n\n/**\n * Processing result for a source file.\n */\ninterface FileProcessingResult {\n filePath: string;\n modified: boolean;\n snippetsProcessed: number;\n errors: string[];\n}\n\n// JSDoc patterns - for code fences inside JSDoc comments with \" * \" prefix\n// Matches: ``` [displayName] source=\"\" or source=\"#\"\n// Example: \" * ```ts my-app.ts source=\"./app.examples.ts#App_basicUsage\"\"\n// Example: \" * ```ts source=\"./app.examples.ts#App_basicUsage\"\"\n// Example: \" * ```ts source=\"./complete-example.ts\"\" (whole file)\nconst JSDOC_LABELED_FENCE_PATTERN =\n /^(\\s*\\*\\s*)```(\\w+)(?:\\s+(\\S+))?\\s+source=\"([^\"#]+)(?:#([^\"]+))?\"/;\nconst JSDOC_CLOSING_FENCE_PATTERN = /^(\\s*\\*\\s*)```\\s*$/;\n\n// Markdown patterns - for plain code fences in markdown files (no prefix)\n// Matches: ``` [displayName] source=\"\" or source=\"#\"\n// Example: ```ts source=\"./patterns.ts#chunkedDataServer\"\n// Example: ```ts source=\"./complete-example.ts\" (whole file)\nconst MARKDOWN_LABELED_FENCE_PATTERN =\n /^```(\\w+)(?:\\s+(\\S+))?\\s+source=\"([^\"#]+)(?:#([^\"]+))?\"/;\nconst MARKDOWN_CLOSING_FENCE_PATTERN = /^```\\s*$/;\n\n/**\n * Find all labeled code fences in a source file.\n * @param content The file content\n * @param filePath The file path (for error messages)\n * @param mode The processing mode (jsdoc or markdown)\n * @returns Array of labeled code fence references\n */\nfunction findLabeledCodeFences(\n content: string,\n filePath: string,\n mode: FileMode,\n): LabeledCodeFence[] {\n const results: LabeledCodeFence[] = [];\n const lines = content.split('\\n');\n let charIndex = 0;\n\n // Select patterns based on mode\n const openPattern =\n mode === 'jsdoc'\n ? JSDOC_LABELED_FENCE_PATTERN\n : MARKDOWN_LABELED_FENCE_PATTERN;\n const closePattern =\n mode === 'jsdoc'\n ? JSDOC_CLOSING_FENCE_PATTERN\n : MARKDOWN_CLOSING_FENCE_PATTERN;\n\n for (let i = 0; i < lines.length; i++) {\n const line = lines[i];\n const openMatch = line.match(openPattern);\n\n if (openMatch) {\n let linePrefix: string;\n let language: string;\n let displayName: string | undefined;\n let examplePath: string;\n let regionName: string;\n\n if (mode === 'jsdoc') {\n // JSDoc: group 1=prefix, 2=lang, 3=displayName, 4=path, 5=region\n [, linePrefix, language, displayName, examplePath, regionName] =\n openMatch;\n } else {\n // Markdown: group 1=lang, 2=displayName, 3=path, 4=region (no prefix)\n [, language, displayName, examplePath, regionName] = openMatch;\n linePrefix = '';\n }\n\n const openingFenceStart = charIndex;\n const openingFenceEnd = charIndex + line.length + 1; // +1 for newline\n\n // Find closing fence\n let closingFenceStart = -1;\n let searchIndex = openingFenceEnd;\n\n for (let j = i + 1; j < lines.length; j++) {\n const closeLine = lines[j];\n if (closePattern.test(closeLine)) {\n closingFenceStart = searchIndex;\n break;\n }\n searchIndex += closeLine.length + 1;\n }\n\n if (closingFenceStart === -1) {\n throw new Error(\n `${filePath}: No closing fence for ${examplePath}#${regionName}`,\n );\n }\n\n results.push({\n displayName,\n examplePath,\n regionName,\n language,\n openingFenceStart,\n openingFenceEnd,\n closingFenceStart,\n linePrefix,\n });\n }\n\n charIndex += line.length + 1;\n }\n\n return results;\n}\n\n/**\n * Dedent content by removing a base indentation prefix from each line.\n * @param content The content to dedent\n * @param baseIndent The indentation to remove\n * @returns The dedented content\n */\nfunction dedent(content: string, baseIndent: string): string {\n const lines = content.split('\\n');\n const dedentedLines = lines.map((line) => {\n // Preserve empty lines as-is\n if (line.trim() === '') return '';\n // Remove the base indentation if present\n if (line.startsWith(baseIndent)) {\n return line.slice(baseIndent.length);\n }\n // Line has less indentation than base - keep as-is\n return line;\n });\n\n // Trim trailing empty lines\n while (\n dedentedLines.length > 0 &&\n dedentedLines[dedentedLines.length - 1] === ''\n ) {\n dedentedLines.pop();\n }\n\n return dedentedLines.join('\\n');\n}\n\n/**\n * Extract a region from an example file.\n * @param exampleContent The content of the example file\n * @param regionName The region name to extract\n * @param examplePath The example file path (for error messages)\n * @returns The dedented region content\n */\nfunction extractRegion(\n exampleContent: string,\n regionName: string,\n examplePath: string,\n): string {\n // Region extraction only supported for .ts files (uses //#region syntax)\n if (!examplePath.endsWith('.ts')) {\n throw new Error(\n `Region extraction (#${regionName}) is only supported for .ts files. ` +\n `Use full-file inclusion (without #regionName) for: ${examplePath}`,\n );\n }\n\n const lineEnding = exampleContent.includes('\\r\\n') ? '\\r\\n' : '\\n';\n const regionStart = `//#region ${regionName}${lineEnding}`;\n const regionEnd = `//#endregion ${regionName}${lineEnding}`;\n\n const startIndex = exampleContent.indexOf(regionStart);\n if (startIndex === -1) {\n throw new Error(`Region \"${regionName}\" not found in ${examplePath}`);\n }\n\n const endIndex = exampleContent.indexOf(regionEnd, startIndex);\n if (endIndex === -1) {\n throw new Error(\n `Region end marker for \"${regionName}\" not found in ${examplePath}`,\n );\n }\n\n // Get content after the region start line\n const afterStart = exampleContent.indexOf('\\n', startIndex);\n if (afterStart === -1 || afterStart >= endIndex) {\n return ''; // Empty region\n }\n\n // Extract the raw content\n const rawContent = exampleContent.slice(afterStart + 1, endIndex);\n\n // Determine base indentation from the //#region line\n let lineStart = exampleContent.lastIndexOf('\\n', startIndex);\n lineStart = lineStart === -1 ? 0 : lineStart + 1;\n const regionLine = exampleContent.slice(lineStart, startIndex);\n\n // The base indent is the whitespace before //#region\n const baseIndent = regionLine;\n\n return dedent(rawContent, baseIndent);\n}\n\n/**\n * Get or load a region from the cache.\n * @param sourceFilePath The source file requesting the region\n * @param examplePath The relative path to the example file\n * @param regionName The region name to extract, or undefined for whole file\n * @param cache The region cache\n * @returns The extracted code string\n */\nfunction getOrLoadRegion(\n sourceFilePath: string,\n examplePath: string,\n regionName: string | undefined,\n cache: RegionCache,\n): string {\n // Resolve the example path relative to the source file\n const sourceDir = dirname(sourceFilePath);\n const absoluteExamplePath = resolve(sourceDir, examplePath);\n\n // File content is always cached with key ending in \"#\" (empty region)\n const fileKey = `${absoluteExamplePath}#`;\n let fileContent = cache.get(fileKey);\n\n if (fileContent === undefined) {\n try {\n fileContent = readFileSync(absoluteExamplePath, 'utf-8');\n } catch {\n throw new Error(`Example file not found: ${absoluteExamplePath}`);\n }\n cache.set(fileKey, fileContent);\n }\n\n // If no region name, return whole file\n if (!regionName) {\n return fileContent.trim();\n }\n\n // Extract region from cached file content, cache the result\n const regionKey = `${absoluteExamplePath}#${regionName}`;\n let regionContent = cache.get(regionKey);\n\n if (regionContent === undefined) {\n regionContent = extractRegion(fileContent, regionName, examplePath);\n cache.set(regionKey, regionContent);\n }\n\n return regionContent;\n}\n\n/**\n * Format code lines for insertion into a JSDoc comment.\n * @param code The code to format\n * @param linePrefix The JSDoc line prefix (e.g., \" * \")\n * @returns The formatted code with JSDoc prefixes\n */\nfunction formatCodeLines(code: string, linePrefix: string): string {\n const lines = code.split('\\n');\n return lines\n .map((line) =>\n line === '' ? linePrefix.trimEnd() : `${linePrefix}${line}`,\n )\n .join('\\n');\n}\n\ninterface ProcessFileOptions {\n check?: boolean;\n}\n\n/**\n * Process a single source file to sync snippets.\n * @param filePath The source file path\n * @param cache The region cache\n * @param mode The processing mode (jsdoc or markdown)\n * @returns The processing result\n */\nfunction processFile(\n filePath: string,\n cache: RegionCache,\n mode: FileMode,\n options?: ProcessFileOptions,\n): FileProcessingResult {\n const result: FileProcessingResult = {\n filePath,\n modified: false,\n snippetsProcessed: 0,\n errors: [],\n };\n\n let content: string;\n try {\n content = readFileSync(filePath, 'utf-8');\n } catch (err) {\n result.errors.push(`Failed to read file: ${err}`);\n return result;\n }\n\n let fences: LabeledCodeFence[];\n try {\n fences = findLabeledCodeFences(content, filePath, mode);\n } catch (err) {\n result.errors.push(err instanceof Error ? err.message : String(err));\n return result;\n }\n\n if (fences.length === 0) {\n return result;\n }\n\n const originalContent = content;\n\n // Process fences in reverse order to preserve positions\n for (let i = fences.length - 1; i >= 0; i--) {\n const fence = fences[i];\n\n try {\n const code = getOrLoadRegion(\n filePath,\n fence.examplePath,\n fence.regionName,\n cache,\n );\n\n const formattedCode = formatCodeLines(code, fence.linePrefix);\n\n // Replace content between opening fence end and closing fence start\n content =\n content.slice(0, fence.openingFenceEnd) +\n formattedCode +\n '\\n' +\n content.slice(fence.closingFenceStart);\n\n result.snippetsProcessed++;\n } catch (err) {\n result.errors.push(\n `${filePath}: ${err instanceof Error ? err.message : String(err)}`,\n );\n }\n }\n\n if (\n result.snippetsProcessed > 0 &&\n result.errors.length === 0 &&\n content !== originalContent\n ) {\n if (!options?.check) {\n writeFileSync(filePath, content);\n }\n result.modified = true;\n }\n\n return result;\n}\n\n/**\n * Find all TypeScript source files in a directory, excluding examples, tests, and generated files.\n * @param dir The directory to search\n * @returns Array of absolute file paths\n */\nfunction findSourceFiles(dir: string): string[] {\n const files: string[] = [];\n const entries = readdirSync(dir, { withFileTypes: true, recursive: true });\n\n for (const entry of entries) {\n if (!entry.isFile()) continue;\n\n const name = entry.name;\n\n // Only process .ts files\n if (!name.endsWith('.ts')) continue;\n\n // Exclude example files, test files\n if (name.endsWith('.examples.ts')) continue;\n if (name.endsWith('.test.ts')) continue;\n\n // Get the relative path from the parent directory\n const parentPath = entry.parentPath;\n\n // Exclude generated directory\n if (parentPath.includes('/generated') || parentPath.includes('\\\\generated'))\n continue;\n\n const fullPath = join(parentPath, name);\n files.push(fullPath);\n }\n\n return files;\n}\n\n/**\n * Find all markdown files in a directory.\n * @param dir The directory to search\n * @returns Array of absolute file paths\n */\nfunction findMarkdownFiles(dir: string): string[] {\n const files: string[] = [];\n const entries = readdirSync(dir, { withFileTypes: true, recursive: true });\n\n for (const entry of entries) {\n if (!entry.isFile()) continue;\n\n // Only process .md files\n if (!entry.name.endsWith('.md')) continue;\n\n const fullPath = join(entry.parentPath, entry.name);\n files.push(fullPath);\n }\n\n return files;\n}\n\n/**\n * Find all package src directories under the packages directory.\n * @param packagesDir The packages directory\n * @returns Array of absolute paths to src directories\n */\nfunction findPackageSrcDirs(packagesDir: string): string[] {\n const srcDirs: string[] = [];\n const entries = readdirSync(packagesDir, {\n withFileTypes: true,\n recursive: true,\n });\n\n for (const entry of entries) {\n if (!entry.isDirectory()) continue;\n if (entry.name !== 'src') continue;\n\n const fullPath = join(entry.parentPath, entry.name);\n\n // Only include src dirs that are direct children of a package\n // (e.g., packages/core/src, packages/middleware/express/src)\n // Skip nested src dirs like node_modules/*/src\n if (fullPath.includes('node_modules')) continue;\n\n srcDirs.push(fullPath);\n }\n\n return srcDirs;\n}\n\nasync function main() {\n const checkMode = process.argv.includes('--check');\n console.log(\n checkMode\n ? 'Checking code snippets are in sync...\\n'\n : 'Syncing code snippets from example files...\\n',\n );\n\n const cache: RegionCache = new Map();\n const results: FileProcessingResult[] = [];\n\n // Process TypeScript source files (JSDoc mode) across all packages\n const packageSrcDirs = findPackageSrcDirs(PACKAGES_DIR);\n for (const srcDir of packageSrcDirs) {\n const sourceFiles = findSourceFiles(srcDir);\n for (const filePath of sourceFiles) {\n const result = processFile(filePath, cache, 'jsdoc', { check: checkMode });\n results.push(result);\n }\n }\n\n // Process markdown documentation files\n const markdownFiles = findMarkdownFiles(DOCS_DIR);\n for (const filePath of markdownFiles) {\n const result = processFile(filePath, cache, 'markdown', { check: checkMode });\n results.push(result);\n }\n\n // Report results\n const modified = results.filter((r) => r.modified);\n const errors = results.flatMap((r) => r.errors);\n\n if (modified.length > 0) {\n if (checkMode) {\n console.error(`${modified.length} file(s) out of sync:`);\n } else {\n console.log(`Modified ${modified.length} file(s):`);\n }\n for (const r of modified) {\n console.log(` ${r.filePath} (${r.snippetsProcessed} snippet(s))`);\n }\n } else {\n console.log('All snippets are up to date');\n }\n\n if (errors.length > 0) {\n console.error('\\nErrors:');\n for (const error of errors) {\n console.error(` ${error}`);\n }\n process.exit(1);\n }\n\n if (checkMode && modified.length > 0) {\n console.error('\\nRun \"pnpm sync:snippets\" to fix.');\n process.exit(1);\n }\n\n console.log('\\nSnippet sync complete!');\n}\n\nmain().catch((error) => {\n console.error('Snippet sync failed:', error);\n process.exit(1);\n});\n" }, { "path": "test/conformance/README.md", "content": "# Conformance Tests\n\nThis directory contains conformance test implementations for the TypeScript MCP SDK.\n\n## Client Conformance Tests\n\nTests the SDK's client implementation against a conformance test server.\n\n```bash\n# Run all client tests\npnpm run test:conformance:client:all\n\n# Run specific suite\npnpm run test:conformance:client -- --suite auth\n\n# Run single scenario\npnpm run test:conformance:client -- --scenario auth/basic-cimd\n```\n\n## Server Conformance Tests\n\nTests the SDK's server implementation by running a conformance server.\n\n```bash\n# Run all active server tests\npnpm run test:conformance:server\n\n# Run all server tests (including pending)\npnpm run test:conformance:server:all\n```\n\n## Local Development\n\n### Running Tests Against Local Conformance Repo\n\nLink the local conformance package:\n\n```bash\ncd ~/code/mcp/typescript-sdk\npnpm link ~/code/mcp/conformance\n```\n\nThen run tests as above.\n\n### Debugging Server Tests\n\nStart the server manually:\n\n```bash\npnpm run test:conformance:server:run\n```\n\nIn another terminal, run specific tests:\n\n```bash\nnpx @modelcontextprotocol/conformance server \\\n --url http://localhost:3000/mcp \\\n --scenario server-initialize\n```\n\n## Files\n\n- `everything-client.ts` - Client that handles all client conformance scenarios\n- `everything-server.ts` - Server that implements all server conformance features\n- `helpers/` - Shared utilities for conformance tests\n\nScripts are in `scripts/` at the repo root.\n" }, { "path": "test/conformance/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default baseConfig;\n" }, { "path": "test/conformance/expected-failures.yaml", "content": "# Conformance scenarios not yet implemented in the v2 TypeScript SDK.\n# CI exits 0 if only these fail, exits 1 on unexpected failures or stale entries.\n\nclient: []\n" }, { "path": "test/conformance/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/test-conformance\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\",\n \"pnpm\": \">=10.24.0\"\n },\n \"packageManager\": \"pnpm@10.24.0\",\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"npm run typecheck && npm run lint\",\n \"start\": \"npm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\",\n \"test:conformance:client\": \"conformance client --command 'npx tsx ./src/everythingClient.ts' --expected-failures ./expected-failures.yaml\",\n \"test:conformance:client:all\": \"conformance client --command 'npx tsx ./src/everythingClient.ts' --suite all --expected-failures ./expected-failures.yaml\",\n \"test:conformance:client:run\": \"npx tsx ./src/everythingClient.ts\",\n \"test:conformance:server\": \"scripts/run-server-conformance.sh --expected-failures ./expected-failures.yaml\",\n \"test:conformance:server:all\": \"scripts/run-server-conformance.sh --suite all --expected-failures ./expected-failures.yaml\",\n \"test:conformance:server:run\": \"npx tsx ./src/everythingServer.ts\",\n \"test:conformance:all\": \"pnpm run test:conformance:client:all && pnpm run test:conformance:server:all\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/conformance\": \"0.1.15\",\n \"@modelcontextprotocol/client\": \"workspace:^\",\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/express\": \"workspace:^\",\n \"@modelcontextprotocol/node\": \"workspace:^\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\",\n \"cors\": \"catalog:runtimeServerOnly\",\n \"express\": \"catalog:runtimeServerOnly\",\n \"zod\": \"catalog:runtimeShared\"\n }\n}\n" }, { "path": "test/conformance/scripts/run-server-conformance.sh", "content": "#!/bin/bash\n# Script to run server conformance tests\n# Starts the conformance server, runs conformance tests, then stops the server\n\nset -e\n\nPORT=\"${PORT:-3000}\"\nSERVER_URL=\"http://localhost:${PORT}/mcp\"\n\n# Navigate to the repo root\nSCRIPT_DIR=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\ncd \"$SCRIPT_DIR/..\"\n\n# Start the server in the background\necho \"Starting conformance test server on port ${PORT}...\"\nnpx tsx ./src/everythingServer.ts &\nSERVER_PID=$!\n\n# Function to cleanup on exit\ncleanup() {\n echo \"Stopping server (PID: ${SERVER_PID})...\"\n kill $SERVER_PID 2>/dev/null || true\n wait $SERVER_PID 2>/dev/null || true\n}\ntrap cleanup EXIT\n\n# Wait for server to be ready\necho \"Waiting for server to be ready...\"\nMAX_RETRIES=30\nRETRY_COUNT=0\nwhile ! curl -s \"${SERVER_URL}\" > /dev/null 2>&1; do\n RETRY_COUNT=$((RETRY_COUNT + 1))\n if [ $RETRY_COUNT -ge $MAX_RETRIES ]; then\n echo \"Server failed to start after ${MAX_RETRIES} attempts\"\n exit 1\n fi\n sleep 0.5\ndone\n\necho \"Server is ready. Running conformance tests...\"\n\n# Run conformance tests - pass through all arguments\nnpx @modelcontextprotocol/conformance server --url \"${SERVER_URL}\" \"$@\"\n\necho \"Conformance tests completed.\"\n" }, { "path": "test/conformance/src/everythingClient.ts", "content": "#!/usr/bin/env node\n\n/**\n * Everything client - a single conformance test client that handles all scenarios.\n *\n * Usage: everything-client \n *\n * The scenario name is read from the MCP_CONFORMANCE_SCENARIO environment variable,\n * which is set by the conformance test runner.\n *\n * This client routes to the appropriate behavior based on the scenario name,\n * consolidating all the individual test clients into one.\n */\n\nimport {\n Client,\n ClientCredentialsProvider,\n CrossAppAccessProvider,\n PrivateKeyJwtProvider,\n requestJwtAuthorizationGrant,\n StreamableHTTPClientTransport\n} from '@modelcontextprotocol/client';\nimport * as z from 'zod/v4';\n\nimport { ConformanceOAuthProvider } from './helpers/conformanceOAuthProvider.js';\nimport { logger } from './helpers/logger.js';\nimport { handle401, withOAuthRetry } from './helpers/withOAuthRetry.js';\n\n/**\n * Fixed client metadata URL for CIMD conformance tests.\n * When server supports client_id_metadata_document_supported, this URL\n * will be used as the client_id instead of doing dynamic registration.\n */\nconst CIMD_CLIENT_METADATA_URL = 'https://conformance-test.local/client-metadata.json';\n\n/**\n * Schema for client conformance test context passed via MCP_CONFORMANCE_CONTEXT.\n *\n * Each variant includes a `name` field matching the scenario name to enable\n * discriminated union parsing and type-safe access to scenario-specific fields.\n */\nconst ClientConformanceContextSchema = z.discriminatedUnion('name', [\n z.object({\n name: z.literal('auth/client-credentials-jwt'),\n client_id: z.string(),\n private_key_pem: z.string(),\n signing_algorithm: z.string().optional()\n }),\n z.object({\n name: z.literal('auth/client-credentials-basic'),\n client_id: z.string(),\n client_secret: z.string()\n }),\n z.object({\n name: z.literal('auth/pre-registration'),\n client_id: z.string(),\n client_secret: z.string()\n }),\n z.object({\n name: z.literal('auth/cross-app-access-complete-flow'),\n client_id: z.string(),\n client_secret: z.string(),\n idp_client_id: z.string(),\n idp_id_token: z.string(),\n idp_issuer: z.string(),\n idp_token_endpoint: z.string()\n })\n]);\n\n/**\n * Parse the conformance context from MCP_CONFORMANCE_CONTEXT env var.\n */\nfunction parseContext() {\n const raw = process.env.MCP_CONFORMANCE_CONTEXT;\n if (!raw) {\n throw new Error('MCP_CONFORMANCE_CONTEXT not set');\n }\n return ClientConformanceContextSchema.parse(JSON.parse(raw));\n}\n\n// Scenario handler type\ntype ScenarioHandler = (serverUrl: string) => Promise;\n\n// Registry of scenario handlers\nconst scenarioHandlers: Record = {};\n\n// Helper to register a scenario handler\nfunction registerScenario(name: string, handler: ScenarioHandler): void {\n scenarioHandlers[name] = handler;\n}\n\n// Helper to register multiple scenarios with the same handler\nfunction registerScenarios(names: string[], handler: ScenarioHandler): void {\n for (const name of names) {\n scenarioHandlers[name] = handler;\n }\n}\n\n// ============================================================================\n// Basic scenarios (initialize, tools_call)\n// ============================================================================\n\nasync function runBasicClient(serverUrl: string): Promise {\n const client = new Client({ name: 'test-client', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n\n await client.connect(transport);\n logger.debug('Successfully connected to MCP server');\n\n await client.listTools();\n logger.debug('Successfully listed tools');\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\n// tools_call scenario needs to actually call a tool\nasync function runToolsCallClient(serverUrl: string): Promise {\n const client = new Client({ name: 'test-client', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n\n await client.connect(transport);\n logger.debug('Successfully connected to MCP server');\n\n const tools = await client.listTools();\n logger.debug('Successfully listed tools');\n\n // Call the add_numbers tool\n const addTool = tools.tools.find(t => t.name === 'add_numbers');\n if (addTool) {\n const result = await client.callTool({\n name: 'add_numbers',\n arguments: { a: 5, b: 3 }\n });\n logger.debug('Tool call result:', JSON.stringify(result, null, 2));\n }\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('initialize', runBasicClient);\nregisterScenario('tools_call', runToolsCallClient);\n\n// ============================================================================\n// Auth scenarios - well-behaved client\n// ============================================================================\n\nasync function runAuthClient(serverUrl: string): Promise {\n const client = new Client({ name: 'test-auth-client', version: '1.0.0' }, { capabilities: {} });\n\n const oauthFetch = withOAuthRetry('test-auth-client', new URL(serverUrl), handle401, CIMD_CLIENT_METADATA_URL)(fetch);\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n fetch: oauthFetch\n });\n\n await client.connect(transport);\n logger.debug('Successfully connected to MCP server');\n\n await client.listTools();\n logger.debug('Successfully listed tools');\n\n await client.callTool({ name: 'test-tool', arguments: {} });\n logger.debug('Successfully called tool');\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\n// Register all auth scenarios that should use the well-behaved auth client\n// Note: client-credentials-jwt and client-credentials-basic have their own handlers below\nregisterScenarios(\n [\n 'auth/basic-cimd',\n 'auth/metadata-default',\n 'auth/metadata-var1',\n 'auth/metadata-var2',\n 'auth/metadata-var3',\n 'auth/2025-03-26-oauth-metadata-backcompat',\n 'auth/2025-03-26-oauth-endpoint-fallback',\n 'auth/scope-from-www-authenticate',\n 'auth/scope-from-scopes-supported',\n 'auth/scope-omitted-when-undefined',\n 'auth/scope-step-up',\n 'auth/scope-retry-limit',\n 'auth/token-endpoint-auth-basic',\n 'auth/token-endpoint-auth-post',\n 'auth/token-endpoint-auth-none'\n ],\n runAuthClient\n);\n\n// ============================================================================\n// Client Credentials scenarios\n// ============================================================================\n\n/**\n * Client credentials with private_key_jwt authentication.\n */\nasync function runClientCredentialsJwt(serverUrl: string): Promise {\n const ctx = parseContext();\n if (ctx.name !== 'auth/client-credentials-jwt') {\n throw new Error(`Expected jwt context, got ${ctx.name}`);\n }\n\n const provider = new PrivateKeyJwtProvider({\n clientId: ctx.client_id,\n privateKey: ctx.private_key_pem,\n algorithm: ctx.signing_algorithm || 'ES256'\n });\n\n const client = new Client({ name: 'conformance-client-credentials-jwt', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n authProvider: provider\n });\n\n await client.connect(transport);\n logger.debug('Successfully connected with private_key_jwt auth');\n\n await client.listTools();\n logger.debug('Successfully listed tools');\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('auth/client-credentials-jwt', runClientCredentialsJwt);\n\n/**\n * Client credentials with client_secret_basic authentication.\n */\nasync function runClientCredentialsBasic(serverUrl: string): Promise {\n const ctx = parseContext();\n if (ctx.name !== 'auth/client-credentials-basic') {\n throw new Error(`Expected basic context, got ${ctx.name}`);\n }\n\n const provider = new ClientCredentialsProvider({\n clientId: ctx.client_id,\n clientSecret: ctx.client_secret\n });\n\n const client = new Client({ name: 'conformance-client-credentials-basic', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n authProvider: provider\n });\n\n await client.connect(transport);\n logger.debug('Successfully connected with client_secret_basic auth');\n\n await client.listTools();\n logger.debug('Successfully listed tools');\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('auth/client-credentials-basic', runClientCredentialsBasic);\n\n/**\n * Cross-App Access (SEP-990 Enterprise Managed Authorization).\n *\n * Exchanges an IdP-issued ID token for an ID-JAG (RFC 8693 token exchange at the IdP),\n * then exchanges the ID-JAG for an access token at the AS (RFC 7523 JWT bearer grant\n * with client_secret_basic). The provider drives discovery + the JWT bearer step; the\n * assertion callback handles the IdP exchange using the context-supplied ID token.\n */\nasync function runCrossAppAccessCompleteFlow(serverUrl: string): Promise {\n const ctx = parseContext();\n if (ctx.name !== 'auth/cross-app-access-complete-flow') {\n throw new Error(`Expected cross-app-access context, got ${ctx.name}`);\n }\n\n const provider = new CrossAppAccessProvider({\n clientId: ctx.client_id,\n clientSecret: ctx.client_secret,\n assertion: async authCtx => {\n const result = await requestJwtAuthorizationGrant({\n tokenEndpoint: ctx.idp_token_endpoint,\n audience: authCtx.authorizationServerUrl,\n resource: authCtx.resourceUrl,\n idToken: ctx.idp_id_token,\n clientId: ctx.idp_client_id,\n fetchFn: authCtx.fetchFn\n });\n return result.jwtAuthGrant;\n }\n });\n\n const client = new Client({ name: 'conformance-cross-app-access', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n authProvider: provider\n });\n\n await client.connect(transport);\n logger.debug('Successfully connected with cross-app-access auth');\n\n await client.listTools();\n logger.debug('Successfully listed tools');\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('auth/cross-app-access-complete-flow', runCrossAppAccessCompleteFlow);\n\n// ============================================================================\n// Pre-registration scenario (no dynamic client registration)\n// ============================================================================\n\nasync function runPreRegistrationClient(serverUrl: string): Promise {\n const ctx = parseContext();\n if (ctx.name !== 'auth/pre-registration') {\n throw new Error(`Expected pre-registration context, got ${ctx.name}`);\n }\n\n // Create a provider pre-populated with registered credentials,\n // so the SDK skips dynamic client registration.\n const provider = new ConformanceOAuthProvider('http://localhost:3000/callback', {\n client_name: 'conformance-pre-registration',\n redirect_uris: ['http://localhost:3000/callback']\n });\n provider.saveClientInformation({\n client_id: ctx.client_id,\n client_secret: ctx.client_secret,\n redirect_uris: ['http://localhost:3000/callback']\n });\n\n const oauthFetch = withOAuthRetry('conformance-pre-registration', new URL(serverUrl), handle401, undefined, provider)(fetch);\n\n const client = new Client({ name: 'conformance-pre-registration', version: '1.0.0' }, { capabilities: {} });\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {\n fetch: oauthFetch\n });\n\n await client.connect(transport);\n await client.listTools();\n await client.callTool({ name: 'test-tool', arguments: {} });\n await transport.close();\n}\n\nregisterScenario('auth/pre-registration', runPreRegistrationClient);\n\n// ============================================================================\n// Elicitation defaults scenario\n// ============================================================================\n\nasync function runElicitationDefaultsClient(serverUrl: string): Promise {\n const client = new Client(\n { name: 'elicitation-defaults-test-client', version: '1.0.0' },\n {\n capabilities: {\n elicitation: {\n form: {\n applyDefaults: true\n }\n }\n }\n }\n );\n\n // Register elicitation handler that returns empty content\n // The SDK should fill in defaults for all omitted fields\n client.setRequestHandler('elicitation/create', async request => {\n logger.debug('Received elicitation request:', JSON.stringify(request.params, null, 2));\n logger.debug('Accepting with empty content - SDK should apply defaults');\n\n // Return empty content - SDK should merge in defaults\n return {\n action: 'accept' as const,\n content: {}\n };\n });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n\n await client.connect(transport);\n logger.debug('Successfully connected to MCP server');\n\n // List available tools\n const tools = await client.listTools();\n logger.debug(\n 'Available tools:',\n tools.tools.map(t => t.name)\n );\n\n // Call the test tool which will trigger elicitation\n const testTool = tools.tools.find(t => t.name === 'test_client_elicitation_defaults');\n if (!testTool) {\n throw new Error('Test tool not found: test_client_elicitation_defaults');\n }\n\n logger.debug('Calling test_client_elicitation_defaults tool...');\n const result = await client.callTool({\n name: 'test_client_elicitation_defaults',\n arguments: {}\n });\n\n logger.debug('Tool result:', JSON.stringify(result, null, 2));\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('elicitation-sep1034-client-defaults', runElicitationDefaultsClient);\n\n// ============================================================================\n// SSE retry scenario\n// ============================================================================\n\nasync function runSSERetryClient(serverUrl: string): Promise {\n const client = new Client({ name: 'sse-retry-test-client', version: '1.0.0' }, { capabilities: {} });\n\n const transport = new StreamableHTTPClientTransport(new URL(serverUrl));\n\n await client.connect(transport);\n logger.debug('Successfully connected to MCP server');\n\n // List tools to get the reconnection test tool\n const tools = await client.listTools();\n logger.debug(\n 'Available tools:',\n tools.tools.map(t => t.name)\n );\n\n // Call the test_reconnection tool which triggers stream closure\n const testTool = tools.tools.find(t => t.name === 'test_reconnection');\n if (!testTool) {\n throw new Error('Test tool not found: test_reconnection');\n }\n\n logger.debug('Calling test_reconnection tool...');\n const result = await client.callTool({\n name: 'test_reconnection',\n arguments: {}\n });\n\n logger.debug('Tool result:', JSON.stringify(result, null, 2));\n\n await transport.close();\n logger.debug('Connection closed successfully');\n}\n\nregisterScenario('sse-retry', runSSERetryClient);\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\nasync function main(): Promise {\n const scenarioName = process.env.MCP_CONFORMANCE_SCENARIO;\n const serverUrl = process.argv[2];\n\n if (!scenarioName || !serverUrl) {\n logger.error('Usage: MCP_CONFORMANCE_SCENARIO= everything-client ');\n logger.error('\\nThe MCP_CONFORMANCE_SCENARIO env var is set automatically by the conformance runner.');\n logger.error('\\nAvailable scenarios:');\n for (const name of Object.keys(scenarioHandlers).toSorted()) {\n logger.error(` - ${name}`);\n }\n process.exit(1);\n }\n\n const handler = scenarioHandlers[scenarioName];\n if (!handler) {\n logger.error(`Unknown scenario: ${scenarioName}`);\n logger.error('\\nAvailable scenarios:');\n for (const name of Object.keys(scenarioHandlers).toSorted()) {\n logger.error(` - ${name}`);\n }\n process.exit(1);\n }\n\n try {\n await handler(serverUrl);\n process.exit(0);\n } catch (error) {\n logger.error('Error:', error);\n process.exit(1);\n }\n}\n\ntry {\n await main();\n} catch (error) {\n logger.error('Error:', error);\n process.exit(1);\n}\n" }, { "path": "test/conformance/src/everythingServer.ts", "content": "#!/usr/bin/env node\n\n/**\n * MCP Conformance Test Server\n *\n * Server implementing all MCP features for conformance testing.\n * This server is designed to pass all conformance test scenarios.\n */\n\nimport { randomUUID } from 'node:crypto';\n\nimport { localhostHostValidation } from '@modelcontextprotocol/express';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { CallToolResult, EventId, EventStore, GetPromptResult, ReadResourceResult, StreamId } from '@modelcontextprotocol/server';\nimport { isInitializeRequest, McpServer, ResourceTemplate } from '@modelcontextprotocol/server';\nimport cors from 'cors';\nimport type { Request, Response } from 'express';\nimport express from 'express';\nimport * as z from 'zod/v4';\n\n// Server state\nconst resourceSubscriptions = new Set();\nconst watchedResourceContent = 'Watched resource content';\n\n// Session management\nconst transports: { [sessionId: string]: NodeStreamableHTTPServerTransport } = {};\nconst servers: { [sessionId: string]: McpServer } = {};\n\n// In-memory event store for SEP-1699 resumability\nconst eventStoreData = new Map();\n\nfunction createEventStore(): EventStore {\n return {\n async storeEvent(streamId: StreamId, message: unknown): Promise {\n const eventId = `${streamId}::${Date.now()}_${randomUUID()}`;\n eventStoreData.set(eventId, { eventId, message, streamId });\n return eventId;\n },\n async replayEventsAfter(\n lastEventId: EventId,\n { send }: { send: (eventId: EventId, message: unknown) => Promise }\n ): Promise {\n const streamId = lastEventId.split('::')[0] || lastEventId;\n const eventsToReplay: Array<[string, { message: unknown }]> = [];\n for (const [eventId, data] of eventStoreData.entries()) {\n if (data.streamId === streamId && eventId > lastEventId) {\n eventsToReplay.push([eventId, data]);\n }\n }\n eventsToReplay.sort(([a], [b]) => a.localeCompare(b));\n for (const [eventId, { message }] of eventsToReplay) {\n if (message && typeof message === 'object' && Object.keys(message).length > 0) {\n await send(eventId, message);\n }\n }\n return streamId;\n }\n };\n}\n\n// Sample base64 encoded 1x1 red PNG pixel for testing\nconst TEST_IMAGE_BASE64 = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8z8DwHwAFBQIAX8jx0gAAAABJRU5ErkJggg==';\n\n// Sample base64 encoded minimal WAV file for testing\nconst TEST_AUDIO_BASE64 = 'UklGRiYAAABXQVZFZm10IBAAAAABAAEAQB8AAAB9AAACABAAZGF0YQIAAAA=';\n\n// Function to create a new MCP server instance (one per session)\nfunction createMcpServer() {\n const mcpServer = new McpServer(\n {\n name: 'mcp-conformance-test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {\n listChanged: true\n },\n resources: {\n subscribe: true,\n listChanged: true\n },\n prompts: {\n listChanged: true\n },\n logging: {},\n completions: {}\n }\n }\n );\n\n // Helper to send log messages using the underlying server\n function sendLog(\n level: 'debug' | 'info' | 'notice' | 'warning' | 'error' | 'critical' | 'alert' | 'emergency',\n message: string,\n _data?: unknown\n ) {\n mcpServer.server\n .notification({\n method: 'notifications/message',\n params: {\n level,\n logger: 'conformance-test-server',\n data: _data || message\n }\n })\n .catch(() => {\n // Ignore error if no client is connected\n });\n }\n\n // ===== TOOLS =====\n\n // Simple text tool\n mcpServer.registerTool(\n 'test_simple_text',\n {\n description: 'Tests simple text content response'\n },\n async (): Promise => {\n return {\n content: [{ type: 'text', text: 'This is a simple text response for testing.' }]\n };\n }\n );\n\n // Image content tool\n mcpServer.registerTool(\n 'test_image_content',\n {\n description: 'Tests image content response'\n },\n async (): Promise => {\n return {\n content: [{ type: 'image', data: TEST_IMAGE_BASE64, mimeType: 'image/png' }]\n };\n }\n );\n\n // Audio content tool\n mcpServer.registerTool(\n 'test_audio_content',\n {\n description: 'Tests audio content response'\n },\n async (): Promise => {\n return {\n content: [{ type: 'audio', data: TEST_AUDIO_BASE64, mimeType: 'audio/wav' }]\n };\n }\n );\n\n // Embedded resource tool\n mcpServer.registerTool(\n 'test_embedded_resource',\n {\n description: 'Tests embedded resource content response'\n },\n async (): Promise => {\n return {\n content: [\n {\n type: 'resource',\n resource: {\n uri: 'test://embedded-resource',\n mimeType: 'text/plain',\n text: 'This is an embedded resource content.'\n }\n }\n ]\n };\n }\n );\n\n // Multiple content types tool\n mcpServer.registerTool(\n 'test_multiple_content_types',\n {\n description: 'Tests response with multiple content types (text, image, resource)'\n },\n async (): Promise => {\n return {\n content: [\n { type: 'text', text: 'Multiple content types test:' },\n { type: 'image', data: TEST_IMAGE_BASE64, mimeType: 'image/png' },\n {\n type: 'resource',\n resource: {\n uri: 'test://mixed-content-resource',\n mimeType: 'application/json',\n text: JSON.stringify({ test: 'data', value: 123 })\n }\n }\n ]\n };\n }\n );\n\n // Tool with logging\n mcpServer.registerTool(\n 'test_tool_with_logging',\n {\n description: 'Tests tool that emits log messages during execution',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: {\n level: 'info',\n data: 'Tool execution started'\n }\n });\n await new Promise(resolve => setTimeout(resolve, 50));\n\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: {\n level: 'info',\n data: 'Tool processing data'\n }\n });\n await new Promise(resolve => setTimeout(resolve, 50));\n\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: {\n level: 'info',\n data: 'Tool execution completed'\n }\n });\n return {\n content: [{ type: 'text', text: 'Tool with logging executed successfully' }]\n };\n }\n );\n\n // Tool with progress\n mcpServer.registerTool(\n 'test_tool_with_progress',\n {\n description: 'Tests tool that reports progress notifications',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n const progressToken = ctx.mcpReq._meta?.progressToken ?? 0;\n console.log('Progress token:', progressToken);\n await ctx.mcpReq.notify({\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 0,\n total: 100,\n message: `Completed step ${0} of ${100}`\n }\n });\n await new Promise(resolve => setTimeout(resolve, 50));\n\n await ctx.mcpReq.notify({\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 50,\n total: 100,\n message: `Completed step ${50} of ${100}`\n }\n });\n await new Promise(resolve => setTimeout(resolve, 50));\n\n await ctx.mcpReq.notify({\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: 100,\n total: 100,\n message: `Completed step ${100} of ${100}`\n }\n });\n\n return {\n content: [{ type: 'text', text: String(progressToken) }]\n };\n }\n );\n\n // Error handling tool\n mcpServer.registerTool(\n 'test_error_handling',\n {\n description: 'Tests error response handling'\n },\n async (): Promise => {\n throw new Error('This tool intentionally returns an error for testing');\n }\n );\n\n // SEP-1699: Reconnection test tool - closes SSE stream mid-call to test client reconnection\n mcpServer.registerTool(\n 'test_reconnection',\n {\n description:\n 'Tests SSE stream disconnection and client reconnection (SEP-1699). Server will close the stream mid-call and send the result after client reconnects.',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n const sleep = (ms: number) => new Promise(resolve => setTimeout(resolve, ms));\n\n console.log(`[${ctx.sessionId}] Starting test_reconnection tool...`);\n\n // Get the transport for this session\n const transport = ctx.sessionId ? transports[ctx.sessionId] : undefined;\n if (transport && ctx.mcpReq.id) {\n // Close the SSE stream to trigger client reconnection\n console.log(`[${ctx.sessionId}] Closing SSE stream to trigger client polling...`);\n transport.closeSSEStream(ctx.mcpReq.id);\n }\n\n // Wait for client to reconnect (should respect retry field)\n await sleep(100);\n\n console.log(`[${ctx.sessionId}] test_reconnection tool complete`);\n\n return {\n content: [\n {\n type: 'text',\n text: 'Reconnection test completed successfully. If you received this, the client properly reconnected after stream closure.'\n }\n ]\n };\n }\n );\n\n // Sampling tool - requests LLM completion from client\n mcpServer.registerTool(\n 'test_sampling',\n {\n description: 'Tests server-initiated sampling (LLM completion request)',\n inputSchema: z.object({\n prompt: z.string().describe('The prompt to send to the LLM')\n })\n },\n async (args: { prompt: string }, ctx): Promise => {\n try {\n // Request sampling from client\n const result = (await ctx.mcpReq.send({\n method: 'sampling/createMessage',\n params: {\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: args.prompt\n }\n }\n ],\n maxTokens: 100\n }\n })) as { content?: { text?: string }; message?: { content?: { text?: string } } };\n\n const modelResponse = result.content?.text || result.message?.content?.text || 'No response';\n\n return {\n content: [\n {\n type: 'text',\n text: `LLM response: ${modelResponse}`\n }\n ]\n };\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Sampling not supported or error: ${error instanceof Error ? error.message : String(error)}`\n }\n ]\n };\n }\n }\n );\n\n // Elicitation tool - requests user input from client\n mcpServer.registerTool(\n 'test_elicitation',\n {\n description: 'Tests server-initiated elicitation (user input request)',\n inputSchema: z.object({\n message: z.string().describe('The message to show the user')\n })\n },\n async (args: { message: string }, ctx): Promise => {\n try {\n // Request user input from client\n const result = await ctx.mcpReq.send({\n method: 'elicitation/create',\n params: {\n message: args.message,\n requestedSchema: {\n type: 'object',\n properties: {\n response: {\n type: 'string',\n description: \"User's response\"\n }\n },\n required: ['response']\n }\n }\n });\n\n const elicitResult = result as { action?: string; content?: unknown };\n return {\n content: [\n {\n type: 'text',\n text: `User response: action=${elicitResult.action}, content=${JSON.stringify(elicitResult.content || {})}`\n }\n ]\n };\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Elicitation not supported or error: ${error instanceof Error ? error.message : String(error)}`\n }\n ]\n };\n }\n }\n );\n\n // SEP-1034: Elicitation with default values for all primitive types\n mcpServer.registerTool(\n 'test_elicitation_sep1034_defaults',\n {\n description: 'Tests elicitation with default values per SEP-1034',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n try {\n // Request user input with default values for all primitive types\n const result = await ctx.mcpReq.send({\n method: 'elicitation/create',\n params: {\n message: 'Please review and update the form fields with defaults',\n requestedSchema: {\n type: 'object',\n properties: {\n name: {\n type: 'string',\n description: 'User name',\n default: 'John Doe'\n },\n age: {\n type: 'integer',\n description: 'User age',\n default: 30\n },\n score: {\n type: 'number',\n description: 'User score',\n default: 95.5\n },\n status: {\n type: 'string',\n description: 'User status',\n enum: ['active', 'inactive', 'pending'],\n default: 'active'\n },\n verified: {\n type: 'boolean',\n description: 'Verification status',\n default: true\n }\n },\n required: []\n }\n }\n });\n\n const elicitResult = result as { action?: string; content?: unknown };\n return {\n content: [\n {\n type: 'text',\n text: `Elicitation completed: action=${elicitResult.action}, content=${JSON.stringify(elicitResult.content || {})}`\n }\n ]\n };\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Elicitation not supported or error: ${error instanceof Error ? error.message : String(error)}`\n }\n ]\n };\n }\n }\n );\n\n // SEP-1330: Elicitation with enum schema improvements\n mcpServer.registerTool(\n 'test_elicitation_sep1330_enums',\n {\n description: 'Tests elicitation with enum schema improvements per SEP-1330',\n inputSchema: z.object({})\n },\n async (_args, ctx): Promise => {\n try {\n // Request user input with all 5 enum schema variants\n const result = await ctx.mcpReq.send({\n method: 'elicitation/create',\n params: {\n message: 'Please select options from the enum fields',\n requestedSchema: {\n type: 'object',\n properties: {\n // Untitled single-select enum (basic)\n untitledSingle: {\n type: 'string',\n description: 'Select one option',\n enum: ['option1', 'option2', 'option3']\n },\n // Titled single-select enum (using oneOf with const/title)\n titledSingle: {\n type: 'string',\n description: 'Select one option with titles',\n oneOf: [\n { const: 'value1', title: 'First Option' },\n { const: 'value2', title: 'Second Option' },\n { const: 'value3', title: 'Third Option' }\n ]\n },\n // Legacy titled enum (using enumNames - deprecated)\n legacyEnum: {\n type: 'string',\n description: 'Select one option (legacy)',\n enum: ['opt1', 'opt2', 'opt3'],\n enumNames: ['Option One', 'Option Two', 'Option Three']\n },\n // Untitled multi-select enum\n untitledMulti: {\n type: 'array',\n description: 'Select multiple options',\n minItems: 1,\n maxItems: 3,\n items: {\n type: 'string',\n enum: ['option1', 'option2', 'option3']\n }\n },\n // Titled multi-select enum (using anyOf with const/title)\n titledMulti: {\n type: 'array',\n description: 'Select multiple options with titles',\n minItems: 1,\n maxItems: 3,\n items: {\n anyOf: [\n { const: 'value1', title: 'First Choice' },\n { const: 'value2', title: 'Second Choice' },\n { const: 'value3', title: 'Third Choice' }\n ]\n }\n }\n },\n required: []\n }\n }\n });\n\n const elicitResult = result as { action?: string; content?: unknown };\n return {\n content: [\n {\n type: 'text',\n text: `Elicitation completed: action=${elicitResult.action}, content=${JSON.stringify(elicitResult.content || {})}`\n }\n ]\n };\n } catch (error) {\n return {\n content: [\n {\n type: 'text',\n text: `Elicitation not supported or error: ${error instanceof Error ? error.message : String(error)}`\n }\n ]\n };\n }\n }\n );\n\n // SEP-1613: JSON Schema 2020-12 conformance test tool\n mcpServer.registerTool(\n 'json_schema_2020_12_tool',\n {\n description: 'Tool with JSON Schema 2020-12 features for conformance testing (SEP-1613)',\n inputSchema: z.object({\n name: z.string().optional(),\n address: z\n .object({\n street: z.string().optional(),\n city: z.string().optional()\n })\n .optional()\n })\n },\n async (args: { name?: string; address?: { street?: string; city?: string } }): Promise => {\n return {\n content: [\n {\n type: 'text',\n text: `JSON Schema 2020-12 tool called with: ${JSON.stringify(args)}`\n }\n ]\n };\n }\n );\n\n // ===== RESOURCES =====\n\n // Static text resource\n mcpServer.registerResource(\n 'static-text',\n 'test://static-text',\n {\n title: 'Static Text Resource',\n description: 'A static text resource for testing',\n mimeType: 'text/plain'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'test://static-text',\n mimeType: 'text/plain',\n text: 'This is the content of the static text resource.'\n }\n ]\n };\n }\n );\n\n // Static binary resource\n mcpServer.registerResource(\n 'static-binary',\n 'test://static-binary',\n {\n title: 'Static Binary Resource',\n description: 'A static binary resource (image) for testing',\n mimeType: 'image/png'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'test://static-binary',\n mimeType: 'image/png',\n blob: TEST_IMAGE_BASE64\n }\n ]\n };\n }\n );\n\n // Resource template\n mcpServer.registerResource(\n 'template',\n new ResourceTemplate('test://template/{id}/data', { list: undefined }),\n {\n title: 'Resource Template',\n description: 'A resource template with parameter substitution',\n mimeType: 'application/json'\n },\n async (uri, variables): Promise => {\n const id = variables.id;\n return {\n contents: [\n {\n uri: uri.toString(),\n mimeType: 'application/json',\n text: JSON.stringify({\n id,\n templateTest: true,\n data: `Data for ID: ${id}`\n })\n }\n ]\n };\n }\n );\n\n // Watched resource\n mcpServer.registerResource(\n 'watched-resource',\n 'test://watched-resource',\n {\n title: 'Watched Resource',\n description: 'A resource that auto-updates every 3 seconds',\n mimeType: 'text/plain'\n },\n async (): Promise => {\n return {\n contents: [\n {\n uri: 'test://watched-resource',\n mimeType: 'text/plain',\n text: watchedResourceContent\n }\n ]\n };\n }\n );\n\n // Subscribe/Unsubscribe handlers\n mcpServer.server.setRequestHandler('resources/subscribe', async request => {\n const uri = request.params.uri;\n resourceSubscriptions.add(uri);\n sendLog('info', `Subscribed to resource: ${uri}`);\n return {};\n });\n\n mcpServer.server.setRequestHandler('resources/unsubscribe', async request => {\n const uri = request.params.uri;\n resourceSubscriptions.delete(uri);\n sendLog('info', `Unsubscribed from resource: ${uri}`);\n return {};\n });\n\n // ===== PROMPTS =====\n\n // Simple prompt\n mcpServer.registerPrompt(\n 'test_simple_prompt',\n {\n title: 'Simple Test Prompt',\n description: 'A simple prompt without arguments'\n },\n async (): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: 'This is a simple prompt for testing.'\n }\n }\n ]\n };\n }\n );\n\n // Prompt with arguments\n mcpServer.registerPrompt(\n 'test_prompt_with_arguments',\n {\n title: 'Prompt With Arguments',\n description: 'A prompt with required arguments',\n argsSchema: z.object({\n arg1: z.string().describe('First test argument'),\n arg2: z.string().describe('Second test argument')\n })\n },\n async (args: { arg1: string; arg2: string }): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Prompt with arguments: arg1='${args.arg1}', arg2='${args.arg2}'`\n }\n }\n ]\n };\n }\n );\n\n // Prompt with embedded resource\n mcpServer.registerPrompt(\n 'test_prompt_with_embedded_resource',\n {\n title: 'Prompt With Embedded Resource',\n description: 'A prompt that includes an embedded resource',\n argsSchema: z.object({\n resourceUri: z.string().describe('URI of the resource to embed')\n })\n },\n async (args: { resourceUri: string }): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'resource',\n resource: {\n uri: args.resourceUri,\n mimeType: 'text/plain',\n text: 'Embedded resource content for testing.'\n }\n }\n },\n {\n role: 'user',\n content: {\n type: 'text',\n text: 'Please process the embedded resource above.'\n }\n }\n ]\n };\n }\n );\n\n // Prompt with image\n mcpServer.registerPrompt(\n 'test_prompt_with_image',\n {\n title: 'Prompt With Image',\n description: 'A prompt that includes image content'\n },\n async (): Promise => {\n return {\n messages: [\n {\n role: 'user',\n content: {\n type: 'image',\n data: TEST_IMAGE_BASE64,\n mimeType: 'image/png'\n }\n },\n {\n role: 'user',\n content: { type: 'text', text: 'Please analyze the image above.' }\n }\n ]\n };\n }\n );\n\n // ===== LOGGING =====\n\n mcpServer.server.setRequestHandler('logging/setLevel', async request => {\n const level = request.params.level;\n sendLog('info', `Log level set to: ${level}`);\n return {};\n });\n\n // ===== COMPLETION =====\n\n mcpServer.server.setRequestHandler('completion/complete', async () => {\n // Basic completion support - returns empty array for conformance\n // Real implementations would provide contextual suggestions\n return {\n completion: {\n values: [],\n total: 0,\n hasMore: false\n }\n };\n });\n\n return mcpServer;\n}\n\n// ===== EXPRESS APP =====\n\nconst app = express();\napp.use(express.json());\n\n// DNS rebinding protection: reject non-localhost Host headers\napp.use(localhostHostValidation());\n\n// Configure CORS to expose Mcp-Session-Id header for browser-based clients\napp.use(\n cors({\n origin: '*',\n exposedHeaders: ['Mcp-Session-Id'],\n allowedHeaders: ['Content-Type', 'mcp-session-id', 'last-event-id']\n })\n);\n\n// Handle POST requests - stateful mode\napp.post('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n\n try {\n let transport: NodeStreamableHTTPServerTransport;\n\n if (sessionId && transports[sessionId]) {\n // Reuse existing transport for established sessions\n transport = transports[sessionId];\n } else if (!sessionId && isInitializeRequest(req.body)) {\n // Create new transport for initialization requests\n const mcpServer = createMcpServer();\n\n transport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore: createEventStore(),\n retryInterval: 5000, // 5 second retry interval for SEP-1699\n onsessioninitialized: (newSessionId: string) => {\n transports[newSessionId] = transport;\n servers[newSessionId] = mcpServer;\n console.log(`Session initialized with ID: ${newSessionId}`);\n }\n });\n\n transport.onclose = () => {\n const sid = transport.sessionId;\n if (sid && transports[sid]) {\n delete transports[sid];\n if (servers[sid]) {\n servers[sid].close();\n delete servers[sid];\n }\n console.log(`Session ${sid} closed`);\n }\n };\n\n await mcpServer.connect(transport);\n await transport.handleRequest(req, res, req.body);\n return;\n } else {\n res.status(400).json({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Invalid or missing session ID'\n },\n id: null\n });\n return;\n }\n\n await transport.handleRequest(req, res, req.body);\n } catch (error) {\n console.error('Error handling MCP request:', error);\n if (!res.headersSent) {\n res.status(500).json({\n jsonrpc: '2.0',\n error: {\n code: -32_603,\n message: 'Internal server error'\n },\n id: null\n });\n }\n }\n});\n\n// Handle GET requests - SSE streams for sessions\napp.get('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n const lastEventId = req.headers['last-event-id'] as string | undefined;\n if (lastEventId) {\n console.log(`Client reconnecting with Last-Event-ID: ${lastEventId}`);\n } else {\n console.log(`Establishing SSE stream for session ${sessionId}`);\n }\n\n try {\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n } catch (error) {\n console.error('Error handling SSE stream:', error);\n if (!res.headersSent) {\n res.status(500).send('Error establishing SSE stream');\n }\n }\n});\n\n// Handle DELETE requests - session termination\napp.delete('/mcp', async (req: Request, res: Response) => {\n const sessionId = req.headers['mcp-session-id'] as string | undefined;\n\n if (!sessionId || !transports[sessionId]) {\n res.status(400).send('Invalid or missing session ID');\n return;\n }\n\n console.log(`Received session termination request for session ${sessionId}`);\n\n try {\n const transport = transports[sessionId];\n await transport.handleRequest(req, res);\n } catch (error) {\n console.error('Error handling termination:', error);\n if (!res.headersSent) {\n res.status(500).send('Error processing session termination');\n }\n }\n});\n\n// Start server\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n console.log(`MCP Conformance Test Server running on http://localhost:${PORT}`);\n console.log(` - MCP endpoint: http://localhost:${PORT}/mcp`);\n});\n" }, { "path": "test/conformance/src/helpers/conformanceOAuthProvider.ts", "content": "import type {\n OAuthClientInformation,\n OAuthClientInformationFull,\n OAuthClientMetadata,\n OAuthClientProvider,\n OAuthTokens\n} from '@modelcontextprotocol/client';\n\nexport class ConformanceOAuthProvider implements OAuthClientProvider {\n private _clientInformation?: OAuthClientInformationFull;\n private _tokens?: OAuthTokens;\n private _codeVerifier?: string;\n private _authCode?: string;\n private _authCodePromise?: Promise;\n\n constructor(\n private readonly _redirectUrl: string | URL,\n private readonly _clientMetadata: OAuthClientMetadata,\n private readonly _clientMetadataUrl?: string | URL\n ) {}\n\n get redirectUrl(): string | URL {\n return this._redirectUrl;\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return this._clientMetadata;\n }\n\n get clientMetadataUrl(): string | undefined {\n return this._clientMetadataUrl?.toString();\n }\n\n clientInformation(): OAuthClientInformation | undefined {\n return this._clientInformation;\n }\n\n saveClientInformation(clientInformation: OAuthClientInformationFull): void {\n this._clientInformation = clientInformation;\n }\n\n tokens(): OAuthTokens | undefined {\n return this._tokens;\n }\n\n saveTokens(tokens: OAuthTokens): void {\n this._tokens = tokens;\n }\n\n async redirectToAuthorization(authorizationUrl: URL): Promise {\n try {\n const response = await fetch(authorizationUrl.toString(), {\n redirect: 'manual' // Don't follow redirects automatically\n });\n\n // Get the Location header which contains the redirect with auth code\n const location = response.headers.get('location');\n if (location) {\n const redirectUrl = new URL(location);\n const code = redirectUrl.searchParams.get('code');\n if (code) {\n this._authCode = code;\n return;\n } else {\n throw new Error('No auth code in redirect URL');\n }\n } else {\n throw new Error(`No redirect location received, from '${authorizationUrl.toString()}'`);\n }\n } catch (error) {\n console.error('Failed to fetch authorization URL:', error);\n throw error;\n }\n }\n\n async getAuthCode(): Promise {\n if (this._authCode) {\n return this._authCode;\n }\n throw new Error('No authorization code');\n }\n\n saveCodeVerifier(codeVerifier: string): void {\n this._codeVerifier = codeVerifier;\n }\n\n codeVerifier(): string {\n if (!this._codeVerifier) {\n throw new Error('No code verifier saved');\n }\n return this._codeVerifier;\n }\n}\n" }, { "path": "test/conformance/src/helpers/logger.ts", "content": "/**\n * Simple logger with configurable log levels.\n * Set to 'error' in tests to suppress debug output.\n */\n\nexport type LogLevel = 'debug' | 'error';\n\nlet currentLogLevel: LogLevel = 'debug';\n\nexport function setLogLevel(level: LogLevel): void {\n currentLogLevel = level;\n}\n\nexport function getLogLevel(): LogLevel {\n return currentLogLevel;\n}\n\nexport const logger = {\n debug: (...args: unknown[]): void => {\n if (currentLogLevel === 'debug') {\n console.log(...args);\n }\n },\n error: (...args: unknown[]): void => {\n console.error(...args);\n }\n};\n" }, { "path": "test/conformance/src/helpers/withOAuthRetry.ts", "content": "import type { FetchLike, Middleware } from '@modelcontextprotocol/client';\nimport { auth, extractWWWAuthenticateParams, UnauthorizedError } from '@modelcontextprotocol/client';\n\nimport { ConformanceOAuthProvider } from './conformanceOAuthProvider.js';\n\nexport const handle401 = async (\n response: Response,\n provider: ConformanceOAuthProvider,\n next: FetchLike,\n serverUrl: string | URL\n): Promise => {\n const { resourceMetadataUrl, scope } = extractWWWAuthenticateParams(response);\n let result = await auth(provider, {\n serverUrl,\n resourceMetadataUrl,\n scope,\n fetchFn: next\n });\n\n if (result === 'REDIRECT') {\n // Ordinarily, we'd wait for the callback to be handled here,\n // but in our conformance provider, we get the authorization code\n // during the redirect handling, so we can go straight to\n // retrying the auth step.\n // await provider.waitForCallback();\n\n const authorizationCode = await provider.getAuthCode();\n\n // TODO: this retry logic should be incorporated into the typescript SDK\n result = await auth(provider, {\n serverUrl,\n resourceMetadataUrl,\n scope,\n authorizationCode,\n fetchFn: next\n });\n if (result !== 'AUTHORIZED') {\n throw new UnauthorizedError(`Authentication failed with result: ${result}`);\n }\n }\n};\n/**\n * Creates a fetch wrapper that handles OAuth authentication with retry logic.\n *\n * Unlike the SDK's withOAuth, this version:\n * - Automatically handles authorization redirects by retrying with fresh tokens\n * - Does not throw UnauthorizedError on redirect, but instead retries\n * - Calls next() instead of throwing for redirect-based auth\n *\n * @param provider - OAuth client provider for authentication\n * @param baseUrl - Base URL for OAuth server discovery (defaults to request URL domain)\n * @returns A fetch middleware function\n */\nexport const withOAuthRetry = (\n clientName: string,\n baseUrl?: string | URL,\n handle401Fn: typeof handle401 = handle401,\n clientMetadataUrl?: string,\n existingProvider?: ConformanceOAuthProvider\n): Middleware => {\n const provider =\n existingProvider ??\n new ConformanceOAuthProvider(\n 'http://localhost:3000/callback',\n {\n client_name: clientName,\n redirect_uris: ['http://localhost:3000/callback']\n },\n clientMetadataUrl\n );\n return (next: FetchLike) => {\n return async (input: string | URL, init?: RequestInit): Promise => {\n const makeRequest = async (): Promise => {\n const headers = new Headers(init?.headers);\n\n // Add authorization header if tokens are available\n const tokens = await provider.tokens();\n if (tokens) {\n headers.set('Authorization', `Bearer ${tokens.access_token}`);\n }\n\n return await next(input, { ...init, headers });\n };\n\n let response = await makeRequest();\n\n // Handle 401 responses by attempting re-authentication\n if (response.status === 401 || response.status === 403) {\n const serverUrl = baseUrl || (typeof input === 'string' ? new URL(input).origin : input.origin);\n await handle401Fn(response, provider, next, serverUrl);\n\n response = await makeRequest();\n }\n\n // If we still have a 401 after re-auth attempt, throw an error\n if (response.status === 401 || response.status === 403) {\n const url = typeof input === 'string' ? input : input.toString();\n throw new UnauthorizedError(`Authentication failed for ${url}`);\n }\n\n return response;\n };\n };\n};\n" }, { "path": "test/conformance/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/client\": [\"./node_modules/@modelcontextprotocol/client/src/index.ts\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/express\": [\"./node_modules/@modelcontextprotocol/express/src/index.ts\"],\n \"@modelcontextprotocol/node\": [\"./node_modules/@modelcontextprotocol/node/src/index.ts\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"]\n }\n }\n}\n" }, { "path": "test/conformance/vitest.config.js", "content": "import baseConfig from '../../common/vitest-config/vitest.config.js';\n\nexport default baseConfig;\n" }, { "path": "test/helpers/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default baseConfig;\n" }, { "path": "test/helpers/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/test-helpers\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\",\n \"pnpm\": \">=10.24.0\"\n },\n \"packageManager\": \"pnpm@10.24.0\",\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"lint\": \"eslint src/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint src/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"npm run typecheck && npm run lint\",\n \"start\": \"npm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"zod\": \"catalog:runtimeShared\",\n \"vitest\": \"catalog:devTools\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\"\n }\n}\n" }, { "path": "test/helpers/src/helpers/http.ts", "content": "import type { Server, ServerResponse } from 'node:http';\nimport type { AddressInfo } from 'node:net';\n\nimport type { Response } from 'express';\nimport { vi } from 'vitest';\n\n/**\n * Attach a listener to an existing server on a random localhost port and return its base URL.\n */\nexport async function listenOnRandomPort(server: Server, host: string = '127.0.0.1'): Promise {\n return new Promise(resolve => {\n server.listen(0, host, () => {\n const addr = server.address() as AddressInfo;\n resolve(new URL(`http://${host}:${addr.port}`));\n });\n });\n}\n\n// =========================\n// HTTP/Express mock helpers\n// =========================\n\n/**\n * Create a minimal Express-like Response mock for tests.\n *\n * The mock supports:\n * - redirect()\n * - status().json().send() chaining\n * - set()/header()\n * - optional getRedirectUrl() helper used in some tests\n */\nexport function createExpressResponseMock(options: { trackRedirectUrl?: boolean } = {}): Response & {\n getRedirectUrl?: () => string;\n} {\n let capturedRedirectUrl: string | undefined;\n\n const res: Partial & { getRedirectUrl?: () => string } = {\n redirect: vi.fn((urlOrStatus: string | number, maybeUrl?: string | number) => {\n if (options.trackRedirectUrl) {\n if (typeof urlOrStatus === 'string') {\n capturedRedirectUrl = urlOrStatus;\n } else if (typeof maybeUrl === 'string') {\n capturedRedirectUrl = maybeUrl;\n }\n }\n return res as Response;\n }) as unknown as Response['redirect'],\n status: vi.fn().mockImplementation((_code: number) => {\n // status code is ignored for now; tests assert it via jest/vitest spies\n return res as Response;\n }),\n json: vi.fn().mockImplementation((_body: unknown) => {\n // body is ignored; tests usually assert via spy\n return res as Response;\n }),\n send: vi.fn().mockImplementation((_body?: unknown) => {\n // body is ignored; tests usually assert via spy\n return res as Response;\n }),\n set: vi.fn().mockImplementation((_field: string, _value?: string | string[]) => {\n // header value is ignored in the generic mock; tests spy on set()\n return res as Response;\n }),\n header: vi.fn().mockImplementation((_field: string, _value?: string | string[]) => {\n return res as Response;\n })\n };\n\n if (options.trackRedirectUrl) {\n res.getRedirectUrl = () => {\n if (capturedRedirectUrl === undefined) {\n throw new Error('No redirect URL was captured. Ensure redirect() was called first.');\n }\n return capturedRedirectUrl;\n };\n }\n\n return res as Response & { getRedirectUrl?: () => string };\n}\n\n/**\n * Create a Node http.ServerResponse mock used for low-level transport tests.\n *\n * All core methods are jest/vitest fns returning `this` so that\n * tests can assert on writeHead/write/on/end calls.\n */\nexport function createNodeServerResponseMock(): ServerResponse {\n const res = {\n writeHead: vi.fn().mockReturnThis(),\n write: vi.fn().mockReturnThis(),\n on: vi.fn().mockReturnThis(),\n end: vi.fn().mockReturnThis()\n };\n\n return res as unknown as ServerResponse;\n}\n" }, { "path": "test/helpers/src/helpers/oauth.ts", "content": "import type { FetchLike } from '@modelcontextprotocol/core';\nimport { vi } from 'vitest';\n\nexport interface MockOAuthFetchOptions {\n resourceServerUrl: string;\n authServerUrl: string;\n /**\n * Optional hook to inspect or override the token request.\n */\n onTokenRequest?: (url: URL, init: RequestInit | undefined) => void | Promise;\n}\n\n/**\n * Shared mock fetch implementation for OAuth flows used in client tests.\n *\n * It handles:\n * - OAuth Protected Resource Metadata discovery\n * - Authorization Server Metadata discovery\n * - Token endpoint responses\n */\nexport function createMockOAuthFetch(options: MockOAuthFetchOptions): FetchLike {\n const { resourceServerUrl, authServerUrl, onTokenRequest } = options;\n\n return async (input: string | URL, init?: RequestInit): Promise => {\n const url = input instanceof URL ? input : new URL(input);\n\n // Protected resource metadata discovery\n if (url.origin === resourceServerUrl.slice(0, -1) && url.pathname === '/.well-known/oauth-protected-resource') {\n return Response.json(\n {\n resource: resourceServerUrl,\n authorization_servers: [authServerUrl]\n },\n {\n status: 200,\n headers: { 'Content-Type': 'application/json' }\n }\n );\n }\n\n // Authorization server metadata discovery\n if (url.origin === authServerUrl && url.pathname === '/.well-known/oauth-authorization-server') {\n return Response.json(\n {\n issuer: authServerUrl,\n authorization_endpoint: `${authServerUrl}/authorize`,\n token_endpoint: `${authServerUrl}/token`,\n response_types_supported: ['code'],\n token_endpoint_auth_methods_supported: ['client_secret_basic', 'private_key_jwt']\n },\n {\n status: 200,\n headers: { 'Content-Type': 'application/json' }\n }\n );\n }\n\n // Token endpoint\n if (url.origin === authServerUrl && url.pathname === '/token') {\n if (onTokenRequest) {\n await onTokenRequest(url, init);\n }\n\n return Response.json(\n {\n access_token: 'test-access-token',\n token_type: 'Bearer'\n },\n {\n status: 200,\n headers: { 'Content-Type': 'application/json' }\n }\n );\n }\n\n throw new Error(`Unexpected URL in mock OAuth fetch: ${url.toString()}`);\n };\n}\n\ntype MockFetch = (...args: unknown[]) => unknown;\n\n/**\n * Helper to install a vi.fn-based global.fetch mock for tests that rely on global fetch.\n */\nexport function mockGlobalFetch(): MockFetch {\n const mockFetch = vi.fn() as unknown as MockFetch;\n (globalThis as { fetch?: MockFetch }).fetch = mockFetch;\n return mockFetch;\n}\n" }, { "path": "test/helpers/src/helpers/tasks.ts", "content": "import type { Task } from '@modelcontextprotocol/core';\n\n/**\n * Polls the provided getTask function until the task reaches the desired status or times out.\n */\nexport async function waitForTaskStatus(\n getTask: (taskId: string) => Promise,\n taskId: string,\n desiredStatus: Task['status'],\n {\n intervalMs = 100,\n timeoutMs = 10_000\n }: {\n intervalMs?: number;\n timeoutMs?: number;\n } = {}\n): Promise {\n const start = Date.now();\n\n // eslint-disable-next-line no-constant-condition\n while (true) {\n const task = await getTask(taskId);\n if (task && task.status === desiredStatus) {\n return task;\n }\n\n if (Date.now() - start > timeoutMs) {\n throw new Error(`Timed out waiting for task ${taskId} to reach status ${desiredStatus}`);\n }\n\n await new Promise(resolve => setTimeout(resolve, intervalMs));\n }\n}\n" }, { "path": "test/helpers/src/index.ts", "content": "export * from './helpers/http.js';\nexport * from './helpers/oauth.js';\nexport * from './helpers/tasks.js';\n" }, { "path": "test/helpers/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"]\n }\n }\n}\n" }, { "path": "test/helpers/vitest.config.js", "content": "import baseConfig from '../../common/vitest-config/vitest.config.js';\n\nexport default baseConfig;\n" }, { "path": "test/integration/eslint.config.mjs", "content": "// @ts-check\n\nimport baseConfig from '@modelcontextprotocol/eslint-config';\n\nexport default baseConfig;\n" }, { "path": "test/integration/package.json", "content": "{\n \"name\": \"@modelcontextprotocol/test-integration\",\n \"private\": true,\n \"version\": \"2.0.0-alpha.0\",\n \"description\": \"Model Context Protocol implementation for TypeScript\",\n \"license\": \"MIT\",\n \"author\": \"Anthropic, PBC (https://anthropic.com)\",\n \"homepage\": \"https://modelcontextprotocol.io\",\n \"bugs\": \"https://github.com/modelcontextprotocol/typescript-sdk/issues\",\n \"type\": \"module\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/modelcontextprotocol/typescript-sdk.git\"\n },\n \"engines\": {\n \"node\": \">=20\",\n \"pnpm\": \">=10.24.0\"\n },\n \"packageManager\": \"pnpm@10.24.0\",\n \"keywords\": [\n \"modelcontextprotocol\",\n \"mcp\"\n ],\n \"scripts\": {\n \"lint\": \"eslint test/ && prettier --ignore-path ../../.prettierignore --check .\",\n \"lint:fix\": \"eslint test/ --fix && prettier --ignore-path ../../.prettierignore --write .\",\n \"check\": \"npm run typecheck && npm run lint\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"start\": \"npm run server\",\n \"server\": \"tsx watch --clear-screen=false scripts/cli.ts server\",\n \"client\": \"tsx scripts/cli.ts client\",\n \"test:integration:bun\": \"bun test test/server/bun.test.ts\",\n \"test:integration:deno\": \"deno test --no-check --allow-net --allow-read --allow-env test/server/deno.test.ts\"\n },\n \"devDependencies\": {\n \"@modelcontextprotocol/core\": \"workspace:^\",\n \"@modelcontextprotocol/client\": \"workspace:^\",\n \"@modelcontextprotocol/server\": \"workspace:^\",\n \"@modelcontextprotocol/express\": \"workspace:^\",\n \"@modelcontextprotocol/node\": \"workspace:^\",\n \"@cfworker/json-schema\": \"catalog:runtimeShared\",\n \"zod\": \"catalog:runtimeShared\",\n \"vitest\": \"catalog:devTools\",\n \"supertest\": \"catalog:devTools\",\n \"wrangler\": \"catalog:devTools\",\n \"@modelcontextprotocol/tsconfig\": \"workspace:^\",\n \"@modelcontextprotocol/vitest-config\": \"workspace:^\",\n \"@modelcontextprotocol/eslint-config\": \"workspace:^\",\n \"@modelcontextprotocol/test-helpers\": \"workspace:^\"\n }\n}\n" }, { "path": "test/integration/test/__fixtures__/serverThatHangs.ts", "content": "import process from 'node:process';\nimport { setInterval } from 'node:timers';\n\nimport { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\n\nconst transport = new StdioServerTransport();\n\nconst server = new McpServer(\n {\n name: 'server-that-hangs',\n title: 'Test Server that hangs',\n version: '1.0.0'\n },\n {\n capabilities: {\n logging: {}\n }\n }\n);\n\nawait server.connect(transport);\n\n// Keep process alive even after stdin closes\nconst keepAlive = setInterval(() => {}, 60_000);\n\n// Prevent transport close from exiting\ntransport.onclose = () => {\n // Intentionally ignore - we want to test the signal handling\n};\n\nconst doNotExitImmediately = async (signal: NodeJS.Signals) => {\n await server.sendLoggingMessage({\n level: 'debug',\n data: `received signal ${signal}`\n });\n // Clear keepalive but delay exit to simulate slow shutdown\n clearInterval(keepAlive);\n setInterval(() => {}, 30_000);\n};\n\nprocess.on('SIGINT', doNotExitImmediately);\nprocess.on('SIGTERM', doNotExitImmediately);\n" }, { "path": "test/integration/test/__fixtures__/testServer.ts", "content": "import { McpServer, StdioServerTransport } from '@modelcontextprotocol/server';\n\nconst transport = new StdioServerTransport();\n\nconst server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n});\n\nawait server.connect(transport);\n\nconst exit = async () => {\n await server.close();\n // eslint-disable-next-line unicorn/no-process-exit\n process.exit(0);\n};\n\nprocess.on('SIGINT', exit);\nprocess.on('SIGTERM', exit);\n" }, { "path": "test/integration/test/client/client.test.ts", "content": "import { Client, getSupportedElicitationModes } from '@modelcontextprotocol/client';\nimport type { Prompt, Resource, Tool, Transport } from '@modelcontextprotocol/core';\nimport {\n CallToolResultSchema,\n ElicitResultSchema,\n InMemoryTransport,\n LATEST_PROTOCOL_VERSION,\n ProtocolErrorCode,\n SdkError,\n SdkErrorCode,\n SUPPORTED_PROTOCOL_VERSIONS\n} from '@modelcontextprotocol/core';\nimport { InMemoryTaskStore, McpServer, Server } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\n/***\n * Test: Initialize with Matching Protocol Version\n */\ntest('should initialize with matching protocol version', async () => {\n const clientTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.method === 'initialize') {\n clientTransport.onmessage?.({\n jsonrpc: '2.0',\n id: message.id,\n result: {\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {},\n serverInfo: {\n name: 'test',\n version: '1.0'\n },\n instructions: 'test instructions'\n }\n });\n }\n return Promise.resolve();\n })\n };\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n await client.connect(clientTransport);\n\n // Should have sent initialize with latest version\n expect(clientTransport.send).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'initialize',\n params: expect.objectContaining({\n protocolVersion: LATEST_PROTOCOL_VERSION\n })\n }),\n expect.objectContaining({\n relatedRequestId: undefined\n })\n );\n\n // Should have the instructions returned\n expect(client.getInstructions()).toEqual('test instructions');\n});\n\n/***\n * Test: Initialize with Supported Older Protocol Version\n */\ntest('should initialize with supported older protocol version', async () => {\n const OLD_VERSION = SUPPORTED_PROTOCOL_VERSIONS[1];\n const clientTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.method === 'initialize') {\n clientTransport.onmessage?.({\n jsonrpc: '2.0',\n id: message.id,\n result: {\n protocolVersion: OLD_VERSION,\n capabilities: {},\n serverInfo: {\n name: 'test',\n version: '1.0'\n }\n }\n });\n }\n return Promise.resolve();\n })\n };\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n await client.connect(clientTransport);\n\n // Connection should succeed with the older version\n expect(client.getServerVersion()).toEqual({\n name: 'test',\n version: '1.0'\n });\n\n // Expect no instructions\n expect(client.getInstructions()).toBeUndefined();\n});\n\n/***\n * Test: Reject Unsupported Protocol Version\n */\ntest('should reject unsupported protocol version', async () => {\n const clientTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.method === 'initialize') {\n clientTransport.onmessage?.({\n jsonrpc: '2.0',\n id: message.id,\n result: {\n protocolVersion: 'invalid-version',\n capabilities: {},\n serverInfo: {\n name: 'test',\n version: '1.0'\n }\n }\n });\n }\n return Promise.resolve();\n })\n };\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n await expect(client.connect(clientTransport)).rejects.toThrow(\"Server's protocol version is not supported: invalid-version\");\n\n expect(clientTransport.close).toHaveBeenCalled();\n});\n\n/***\n * Test: Connect New Client to Old Supported Server Version\n */\ntest('should connect new client to old, supported server version', async () => {\n const OLD_VERSION = SUPPORTED_PROTOCOL_VERSIONS[1];\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {},\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('initialize', _request => ({\n protocolVersion: OLD_VERSION,\n capabilities: {\n resources: {},\n tools: {}\n },\n serverInfo: {\n name: 'old server',\n version: '1.0'\n }\n }));\n\n server.setRequestHandler('resources/list', () => ({\n resources: []\n }));\n\n server.setRequestHandler('tools/list', () => ({\n tools: []\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'new client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(client.getServerVersion()).toEqual({\n name: 'old server',\n version: '1.0'\n });\n});\n\n/***\n * Test: Version Negotiation with Old Client and Newer Server\n */\ntest('should negotiate version when client is old, and newer server supports its version', async () => {\n const server = new Server(\n {\n name: 'new server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {},\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('initialize', _request => ({\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {\n resources: {},\n tools: {}\n },\n serverInfo: {\n name: 'new server',\n version: '1.0'\n }\n }));\n\n server.setRequestHandler('resources/list', () => ({\n resources: []\n }));\n\n server.setRequestHandler('tools/list', () => ({\n tools: []\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'old client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(client.getServerVersion()).toEqual({\n name: 'new server',\n version: '1.0'\n });\n});\n\n/***\n * Test: Throw when Old Client and Server Version Mismatch\n */\ntest(\"should throw when client is old, and server doesn't support its version\", async () => {\n const FUTURE_VERSION = 'FUTURE_VERSION';\n const server = new Server(\n {\n name: 'new server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {},\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('initialize', _request => ({\n protocolVersion: FUTURE_VERSION,\n capabilities: {\n resources: {},\n tools: {}\n },\n serverInfo: {\n name: 'new server',\n version: '1.0'\n }\n }));\n\n server.setRequestHandler('resources/list', () => ({\n resources: []\n }));\n\n server.setRequestHandler('tools/list', () => ({\n tools: []\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'old client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n await Promise.all([\n expect(client.connect(clientTransport)).rejects.toThrow(\"Server's protocol version is not supported: FUTURE_VERSION\"),\n server.connect(serverTransport)\n ]);\n});\n\n/***\n * Test: Respect Server Capabilities\n */\ntest('should respect server capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {},\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('initialize', _request => ({\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {\n resources: {},\n tools: {}\n },\n serverInfo: {\n name: 'test',\n version: '1.0'\n }\n }));\n\n server.setRequestHandler('resources/list', () => ({\n resources: []\n }));\n\n server.setRequestHandler('tools/list', () => ({\n tools: []\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server supports resources and tools, but not prompts\n expect(client.getServerCapabilities()).toEqual({\n resources: {},\n tools: {}\n });\n\n // These should work\n await expect(client.listResources()).resolves.not.toThrow();\n await expect(client.listTools()).resolves.not.toThrow();\n\n // These should throw because prompts, logging, and completions are not supported\n await expect(client.listPrompts()).rejects.toThrow('Server does not support prompts');\n await expect(client.setLoggingLevel('error')).rejects.toThrow('Server does not support logging');\n await expect(\n client.complete({\n ref: { type: 'ref/prompt', name: 'test' },\n argument: { name: 'test', value: 'test' }\n })\n ).rejects.toThrow('Server does not support completions');\n});\n\n/***\n * Test: Return empty lists for missing capabilities (default behavior)\n * When enforceStrictCapabilities is not set (default), list methods should\n * return empty lists instead of sending requests to servers that don't\n * advertise those capabilities.\n */\ntest('should return empty lists for missing capabilities by default', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n // Server only supports tools - no prompts or resources\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('initialize', _request => ({\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {\n tools: {}\n },\n serverInfo: {\n name: 'test',\n version: '1.0'\n }\n }));\n\n server.setRequestHandler('tools/list', () => ({\n tools: [{ name: 'test-tool', inputSchema: { type: 'object' } }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n // Client with default settings (enforceStrictCapabilities not set)\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server only supports tools\n expect(client.getServerCapabilities()).toEqual({\n tools: {}\n });\n\n // listTools should work and return actual tools\n const toolsResult = await client.listTools();\n expect(toolsResult.tools).toHaveLength(1);\n expect(toolsResult.tools[0]!.name).toBe('test-tool');\n\n // listPrompts should return empty list without sending request\n const promptsResult = await client.listPrompts();\n expect(promptsResult.prompts).toEqual([]);\n\n // listResources should return empty list without sending request\n const resourcesResult = await client.listResources();\n expect(resourcesResult.resources).toEqual([]);\n\n // listResourceTemplates should return empty list without sending request\n const templatesResult = await client.listResourceTemplates();\n expect(templatesResult.resourceTemplates).toEqual([]);\n});\n\n/***\n * Test: Respect Client Notification Capabilities\n */\ntest('should respect client notification capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n roots: {\n listChanged: true\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // This should work because the client has the roots.listChanged capability\n await expect(client.sendRootsListChanged()).resolves.not.toThrow();\n\n // Create a new client without the roots.listChanged capability\n const clientWithoutCapability = new Client(\n {\n name: 'test client without capability',\n version: '1.0'\n },\n {\n capabilities: {},\n enforceStrictCapabilities: true\n }\n );\n\n await clientWithoutCapability.connect(clientTransport);\n\n // This should throw because the client doesn't have the roots.listChanged capability\n await expect(clientWithoutCapability.sendRootsListChanged()).rejects.toThrow(/^Client does not support/);\n});\n\n/***\n * Test: Respect Server Notification Capabilities\n */\ntest('should respect server notification capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n logging: {},\n resources: {\n listChanged: true\n }\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // These should work because the server has the corresponding capabilities\n await expect(server.sendLoggingMessage({ level: 'info', data: 'Test' })).resolves.not.toThrow();\n await expect(server.sendResourceListChanged()).resolves.not.toThrow();\n\n // This should throw because the server doesn't have the tools capability\n await expect(server.sendToolListChanged()).rejects.toThrow('Server does not support notifying of tool list changes');\n});\n\n/***\n * Test: Only Allow setRequestHandler for Declared Capabilities\n */\ntest('should only allow setRequestHandler for declared capabilities', () => {\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n // This should work because sampling is a declared capability\n expect(() => {\n client.setRequestHandler('sampling/createMessage', () => ({\n model: 'test-model',\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }));\n }).not.toThrow();\n\n // This should throw because roots listing is not a declared capability\n expect(() => {\n client.setRequestHandler('roots/list', () => ({}));\n }).toThrow('Client does not support roots capability');\n});\n\ntest('should allow setRequestHandler for declared elicitation capability', () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // This should work because elicitation is a declared capability\n expect(() => {\n client.setRequestHandler('elicitation/create', () => ({\n action: 'accept',\n content: {\n username: 'test-user',\n confirmed: true\n }\n }));\n }).not.toThrow();\n\n // This should throw because sampling is not a declared capability\n expect(() => {\n client.setRequestHandler('sampling/createMessage', () => ({\n model: 'test-model',\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }));\n }).toThrow('Client does not support sampling capability');\n});\n\ntest('should accept form-mode elicitation request when client advertises empty elicitation object (back-compat)', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // Set up client handler for form-mode elicitation\n client.setRequestHandler('elicitation/create', request => {\n expect(request.params.mode).toBe('form');\n return {\n action: 'accept',\n content: {\n username: 'test-user',\n confirmed: true\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server should be able to send form-mode elicitation request\n // This works because getSupportedElicitationModes defaults to form mode\n // when neither form nor url are explicitly declared\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string',\n title: 'Username',\n description: 'Your username'\n },\n confirmed: {\n type: 'boolean',\n title: 'Confirm',\n description: 'Please confirm',\n default: false\n }\n },\n required: ['username']\n }\n });\n\n expect(result.action).toBe('accept');\n expect(result.content).toEqual({\n username: 'test-user',\n confirmed: true\n });\n});\n\ntest('should reject form-mode elicitation when client only supports URL mode', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const handler = vi.fn().mockResolvedValue({\n action: 'cancel'\n });\n client.setRequestHandler('elicitation/create', handler);\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n let resolveResponse: ((message: unknown) => void) | undefined;\n const responsePromise = new Promise(resolve => {\n resolveResponse = resolve;\n });\n\n serverTransport.onmessage = async message => {\n if ('method' in message) {\n if (message.method === 'initialize') {\n if (!('id' in message) || message.id === undefined) {\n throw new Error('Expected initialize request to include an id');\n }\n const messageId = message.id;\n await serverTransport.send({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {},\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }\n });\n } else if (message.method === 'notifications/initialized') {\n // ignore\n }\n } else {\n resolveResponse?.(message);\n }\n };\n\n await client.connect(clientTransport);\n\n // Server shouldn't send this, because the client capabilities\n // only advertised URL mode. Test that it's rejected by the client:\n const requestId = 1;\n await serverTransport.send({\n jsonrpc: '2.0',\n id: requestId,\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string'\n }\n }\n }\n }\n });\n\n const response = (await responsePromise) as { id: number; error: { code: number; message: string } };\n\n expect(response.id).toBe(requestId);\n expect(response.error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(response.error.message).toContain('Client does not support form-mode elicitation requests');\n expect(handler).not.toHaveBeenCalled();\n\n await client.close();\n});\n\ntest('should reject missing-mode elicitation when client only supports URL mode', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const handler = vi.fn().mockResolvedValue({\n action: 'cancel'\n });\n client.setRequestHandler('elicitation/create', handler);\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.request({\n method: 'elicitation/create',\n params: {\n message: 'Please provide data',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string'\n }\n }\n }\n }\n })\n ).rejects.toThrow('Client does not support form-mode elicitation requests');\n\n expect(handler).not.toHaveBeenCalled();\n\n await Promise.all([client.close(), server.close()]);\n});\n\ntest('should reject URL-mode elicitation when client only supports form mode', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n const handler = vi.fn().mockResolvedValue({\n action: 'cancel'\n });\n client.setRequestHandler('elicitation/create', handler);\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n let resolveResponse: ((message: unknown) => void) | undefined;\n const responsePromise = new Promise(resolve => {\n resolveResponse = resolve;\n });\n\n serverTransport.onmessage = async message => {\n if ('method' in message) {\n if (message.method === 'initialize') {\n if (!('id' in message) || message.id === undefined) {\n throw new Error('Expected initialize request to include an id');\n }\n const messageId = message.id;\n await serverTransport.send({\n jsonrpc: '2.0',\n id: messageId,\n result: {\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {},\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }\n });\n } else if (message.method === 'notifications/initialized') {\n // ignore\n }\n } else {\n resolveResponse?.(message);\n }\n };\n\n await client.connect(clientTransport);\n\n // Server shouldn't send this, because the client capabilities\n // only advertised form mode. Test that it's rejected by the client:\n const requestId = 2;\n await serverTransport.send({\n jsonrpc: '2.0',\n id: requestId,\n method: 'elicitation/create',\n params: {\n mode: 'url',\n message: 'Open the authorization page',\n elicitationId: 'elicitation-123',\n url: 'https://example.com/authorize'\n }\n });\n\n const response = (await responsePromise) as { id: number; error: { code: number; message: string } };\n\n expect(response.id).toBe(requestId);\n expect(response.error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(response.error.message).toContain('Client does not support URL-mode elicitation requests');\n expect(handler).not.toHaveBeenCalled();\n\n await client.close();\n});\n\ntest('should apply defaults for form-mode elicitation when applyDefaults is enabled', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {\n applyDefaults: true\n }\n }\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', request => {\n expect(request.params.mode).toBe('form');\n return {\n action: 'accept',\n content: {}\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Please confirm your preferences',\n requestedSchema: {\n type: 'object',\n properties: {\n confirmed: {\n type: 'boolean',\n default: true\n }\n }\n }\n });\n\n expect(result.action).toBe('accept');\n expect(result.content).toEqual({\n confirmed: true\n });\n\n await client.close();\n});\n\n/***\n * Test: Handle Client Cancelling a Request\n */\ntest('should handle client cancelling a request', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {}\n }\n }\n );\n\n // Set up server to delay responding to listResources\n server.setRequestHandler('resources/list', async () => {\n await new Promise(resolve => setTimeout(resolve, 1000));\n return {\n resources: []\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Set up abort controller\n const controller = new AbortController();\n\n // Issue request but cancel it immediately\n const listResourcesPromise = client.listResources(undefined, {\n signal: controller.signal\n });\n controller.abort('Cancelled by test');\n\n // Request should be rejected with an SdkError (local timeout/cancellation)\n await expect(listResourcesPromise).rejects.toThrow(SdkError);\n});\n\n/***\n * Test: Handle Request Timeout\n */\ntest('should handle request timeout', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n resources: {}\n }\n }\n );\n\n // Set up server with a delayed response\n server.setRequestHandler('resources/list', async (_request, ctx) => {\n const timer = new Promise(resolve => {\n const timeout = setTimeout(resolve, 100);\n ctx.mcpReq.signal.addEventListener('abort', () => clearTimeout(timeout));\n });\n\n await timer;\n return {\n resources: []\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Request with 0 msec timeout should fail immediately\n await expect(client.listResources(undefined, { timeout: 0 })).rejects.toMatchObject({\n code: SdkErrorCode.RequestTimeout\n });\n});\n\n/***\n * Test: Handle Tool List Changed Notifications with Auto Refresh\n */\ntest('should handle tool list changed notification with auto refresh', async () => {\n // List changed notifications\n const notifications: [Error | null, Tool[] | null][] = [];\n\n const server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n });\n\n // Register initial tool to enable the tools capability\n server.registerTool(\n 'initial-tool',\n {\n description: 'Initial tool'\n },\n async () => ({ content: [] })\n );\n\n // Configure listChanged handler in constructor\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n listChanged: {\n tools: {\n onChanged: (err, tools) => {\n notifications.push([err, tools]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result1 = await client.listTools();\n expect(result1.tools).toHaveLength(1);\n\n // Register another tool - this triggers listChanged notification\n server.registerTool(\n 'test-tool',\n {\n description: 'A test tool'\n },\n async () => ({ content: [] })\n );\n\n // Wait for the debounced notifications to be processed\n await new Promise(resolve => setTimeout(resolve, 1000));\n\n // Should be 1 notification with 2 tools because autoRefresh is true\n expect(notifications).toHaveLength(1);\n expect(notifications[0]![0]).toBeNull();\n expect(notifications[0]![1]).toHaveLength(2);\n expect(notifications[0]![1]?.[1]!.name).toBe('test-tool');\n});\n\n/***\n * Test: Handle Tool List Changed Notifications with Manual Refresh\n */\ntest('should handle tool list changed notification with manual refresh', async () => {\n // List changed notifications\n const notifications: [Error | null, Tool[] | null][] = [];\n\n const server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n });\n\n // Register initial tool to enable the tools capability\n server.registerTool('initial-tool', {}, async () => ({ content: [] }));\n\n // Configure listChanged handler with manual refresh (autoRefresh: false)\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n listChanged: {\n tools: {\n autoRefresh: false,\n debounceMs: 0,\n onChanged: (err, tools) => {\n notifications.push([err, tools]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result1 = await client.listTools();\n expect(result1.tools).toHaveLength(1);\n\n // Register another tool - this triggers listChanged notification\n server.registerTool(\n 'test-tool',\n {\n description: 'A test tool'\n },\n async () => ({ content: [] })\n );\n\n // Wait for the notifications to be processed (no debounce)\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Should be 1 notification with no tool data because autoRefresh is false\n expect(notifications).toHaveLength(1);\n expect(notifications[0]![0]).toBeNull();\n expect(notifications[0]![1]).toBeNull();\n});\n\n/***\n * Test: Handle Prompt List Changed Notifications\n */\ntest('should handle prompt list changed notification with auto refresh', async () => {\n const notifications: [Error | null, Prompt[] | null][] = [];\n\n const server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n });\n\n // Register initial prompt to enable the prompts capability\n server.registerPrompt(\n 'initial-prompt',\n {\n description: 'Initial prompt'\n },\n async () => ({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }]\n })\n );\n\n // Configure listChanged handler in constructor\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n listChanged: {\n prompts: {\n onChanged: (err, prompts) => {\n notifications.push([err, prompts]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result1 = await client.listPrompts();\n expect(result1.prompts).toHaveLength(1);\n\n // Register another prompt - this triggers listChanged notification\n server.registerPrompt('test-prompt', { description: 'A test prompt' }, async () => ({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }]\n }));\n\n // Wait for the debounced notifications to be processed\n await new Promise(resolve => setTimeout(resolve, 1000));\n\n // Should be 1 notification with 2 prompts because autoRefresh is true\n expect(notifications).toHaveLength(1);\n expect(notifications[0]![0]).toBeNull();\n expect(notifications[0]![1]).toHaveLength(2);\n expect(notifications[0]![1]?.[1]!.name).toBe('test-prompt');\n});\n\n/***\n * Test: Handle Resource List Changed Notifications\n */\ntest('should handle resource list changed notification with auto refresh', async () => {\n const notifications: [Error | null, Resource[] | null][] = [];\n\n const server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n });\n\n // Register initial resource to enable the resources capability\n server.registerResource('initial-resource', 'file:///initial.txt', {}, async () => ({\n contents: [{ uri: 'file:///initial.txt', text: 'Hello' }]\n }));\n\n // Configure listChanged handler in constructor\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n listChanged: {\n resources: {\n onChanged: (err, resources) => {\n notifications.push([err, resources]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result1 = await client.listResources();\n expect(result1.resources).toHaveLength(1);\n\n // Register another resource - this triggers listChanged notification\n server.registerResource('test-resource', 'file:///test.txt', {}, async () => ({\n contents: [{ uri: 'file:///test.txt', text: 'Hello' }]\n }));\n\n // Wait for the debounced notifications to be processed\n await new Promise(resolve => setTimeout(resolve, 1000));\n\n // Should be 1 notification with 2 resources because autoRefresh is true\n expect(notifications).toHaveLength(1);\n expect(notifications[0]![0]).toBeNull();\n expect(notifications[0]![1]).toHaveLength(2);\n expect(notifications[0]![1]?.[1]!.name).toBe('test-resource');\n});\n\n/***\n * Test: Handle Multiple List Changed Handlers\n */\ntest('should handle multiple list changed handlers configured together', async () => {\n const toolNotifications: [Error | null, Tool[] | null][] = [];\n const promptNotifications: [Error | null, Prompt[] | null][] = [];\n\n const server = new McpServer({\n name: 'test-server',\n version: '1.0.0'\n });\n\n // Register initial tool and prompt to enable capabilities\n server.registerTool(\n 'tool-1',\n {\n description: 'Tool 1'\n },\n async () => ({ content: [] })\n );\n server.registerPrompt(\n 'prompt-1',\n {\n description: 'Prompt 1'\n },\n async () => ({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }]\n })\n );\n\n // Configure multiple listChanged handlers in constructor\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n listChanged: {\n tools: {\n debounceMs: 0,\n onChanged: (err, tools) => {\n toolNotifications.push([err, tools]);\n }\n },\n prompts: {\n debounceMs: 0,\n onChanged: (err, prompts) => {\n promptNotifications.push([err, prompts]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Register another tool and prompt to trigger notifications\n server.registerTool(\n 'tool-2',\n {\n description: 'Tool 2'\n },\n async () => ({ content: [] })\n );\n server.registerPrompt(\n 'prompt-2',\n {\n description: 'Prompt 2'\n },\n async () => ({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }]\n })\n );\n\n // Wait for notifications to be processed\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Both handlers should have received their respective notifications\n expect(toolNotifications).toHaveLength(1);\n expect(toolNotifications[0]![1]).toHaveLength(2);\n\n expect(promptNotifications).toHaveLength(1);\n expect(promptNotifications[0]![1]).toHaveLength(2);\n});\n\n/***\n * Test: Handler not activated when server doesn't advertise listChanged capability\n */\ntest('should not activate listChanged handler when server does not advertise capability', async () => {\n const notifications: [Error | null, Tool[] | null][] = [];\n\n // Server with tools capability but WITHOUT listChanged\n const server = new Server({ name: 'test-server', version: '1.0.0' }, { capabilities: { tools: {} } });\n\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: {} }, // No listChanged: true\n serverInfo: { name: 'test-server', version: '1.0.0' }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [{ name: 'test-tool', inputSchema: { type: 'object' } }]\n }));\n\n // Configure listChanged handler that should NOT be activated\n const client = new Client(\n { name: 'test-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n debounceMs: 0,\n onChanged: (err, tools) => {\n notifications.push([err, tools]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify server doesn't have tools.listChanged capability\n expect(client.getServerCapabilities()?.tools?.listChanged).toBeFalsy();\n\n // Send a tool list changed notification manually\n await server.notification({ method: 'notifications/tools/list_changed' });\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Handler should NOT have been activated because server didn't advertise listChanged\n expect(notifications).toHaveLength(0);\n});\n\n/***\n * Test: Handler activated when server advertises listChanged capability\n */\ntest('should activate listChanged handler when server advertises capability', async () => {\n const notifications: [Error | null, Tool[] | null][] = [];\n\n // Server with tools.listChanged: true capability\n const server = new Server({ name: 'test-server', version: '1.0.0' }, { capabilities: { tools: { listChanged: true } } });\n\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: { listChanged: true } },\n serverInfo: { name: 'test-server', version: '1.0.0' }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [{ name: 'test-tool', inputSchema: { type: 'object' } }]\n }));\n\n // Configure listChanged handler that SHOULD be activated\n const client = new Client(\n { name: 'test-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n debounceMs: 0,\n onChanged: (err, tools) => {\n notifications.push([err, tools]);\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify server has tools.listChanged capability\n expect(client.getServerCapabilities()?.tools?.listChanged).toBe(true);\n\n // Send a tool list changed notification\n await server.notification({ method: 'notifications/tools/list_changed' });\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Handler SHOULD have been called\n expect(notifications).toHaveLength(1);\n expect(notifications[0]![0]).toBeNull();\n expect(notifications[0]![1]).toHaveLength(1);\n});\n\n/***\n * Test: No handlers activated when server has no listChanged capabilities\n */\ntest('should not activate any handlers when server has no listChanged capabilities', async () => {\n const toolNotifications: [Error | null, Tool[] | null][] = [];\n const promptNotifications: [Error | null, Prompt[] | null][] = [];\n const resourceNotifications: [Error | null, Resource[] | null][] = [];\n\n // Server with capabilities but NO listChanged for any\n const server = new Server({ name: 'test-server', version: '1.0.0' }, { capabilities: { tools: {}, prompts: {}, resources: {} } });\n\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: {}, prompts: {}, resources: {} },\n serverInfo: { name: 'test-server', version: '1.0.0' }\n }));\n\n // Configure listChanged handlers for all three types\n const client = new Client(\n { name: 'test-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n debounceMs: 0,\n onChanged: (err, tools) => toolNotifications.push([err, tools])\n },\n prompts: {\n debounceMs: 0,\n onChanged: (err, prompts) => promptNotifications.push([err, prompts])\n },\n resources: {\n debounceMs: 0,\n onChanged: (err, resources) => resourceNotifications.push([err, resources])\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify server has no listChanged capabilities\n const caps = client.getServerCapabilities();\n expect(caps?.tools?.listChanged).toBeFalsy();\n expect(caps?.prompts?.listChanged).toBeFalsy();\n expect(caps?.resources?.listChanged).toBeFalsy();\n\n // Send notifications for all three types\n await server.notification({ method: 'notifications/tools/list_changed' });\n await server.notification({ method: 'notifications/prompts/list_changed' });\n await server.notification({ method: 'notifications/resources/list_changed' });\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // No handlers should have been activated\n expect(toolNotifications).toHaveLength(0);\n expect(promptNotifications).toHaveLength(0);\n expect(resourceNotifications).toHaveLength(0);\n});\n\n/***\n * Test: Partial capability support - some handlers activated, others not\n */\ntest('should handle partial listChanged capability support', async () => {\n const toolNotifications: [Error | null, Tool[] | null][] = [];\n const promptNotifications: [Error | null, Prompt[] | null][] = [];\n\n // Server with tools.listChanged: true but prompts without listChanged\n const server = new Server({ name: 'test-server', version: '1.0.0' }, { capabilities: { tools: { listChanged: true }, prompts: {} } });\n\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: { listChanged: true }, prompts: {} },\n serverInfo: { name: 'test-server', version: '1.0.0' }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [{ name: 'tool-1', inputSchema: { type: 'object' } }]\n }));\n\n server.setRequestHandler('prompts/list', async () => ({\n prompts: [{ name: 'prompt-1' }]\n }));\n\n const client = new Client(\n { name: 'test-client', version: '1.0.0' },\n {\n listChanged: {\n tools: {\n debounceMs: 0,\n onChanged: (err, tools) => toolNotifications.push([err, tools])\n },\n prompts: {\n debounceMs: 0,\n onChanged: (err, prompts) => promptNotifications.push([err, prompts])\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify capability state\n expect(client.getServerCapabilities()?.tools?.listChanged).toBe(true);\n expect(client.getServerCapabilities()?.prompts?.listChanged).toBeFalsy();\n\n // Send notifications for both\n await server.notification({ method: 'notifications/tools/list_changed' });\n await server.notification({ method: 'notifications/prompts/list_changed' });\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Tools handler should have been called\n expect(toolNotifications).toHaveLength(1);\n // Prompts handler should NOT have been called (no prompts.listChanged)\n expect(promptNotifications).toHaveLength(0);\n});\n\ndescribe('outputSchema validation', () => {\n /***\n * Test: Validate structuredContent Against outputSchema\n */\n test('should validate structuredContent against outputSchema', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: {},\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' },\n count: { type: 'number' }\n },\n required: ['result', 'count'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'test-tool') {\n return {\n structuredContent: { result: 'success', count: 42 }\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n },\n tasks: {\n get: true,\n list: {},\n result: true\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should validate successfully\n const result = await client.callTool({ name: 'test-tool' });\n expect(result.structuredContent).toEqual({ result: 'success', count: 42 });\n });\n\n /***\n * Test: Throw Error when structuredContent Does Not Match Schema\n */\n test('should throw error when structuredContent does not match schema', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: {} },\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' },\n count: { type: 'number' }\n },\n required: ['result', 'count'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'test-tool') {\n // Return invalid structured content (count is string instead of number)\n return {\n structuredContent: { result: 'success', count: 'not a number' }\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n },\n tasks: {\n get: true,\n list: {},\n result: true\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should throw validation error\n await expect(client.callTool({ name: 'test-tool' })).rejects.toThrow(/Structured content does not match the tool's output schema/);\n });\n\n /***\n * Test: Throw Error when Tool with outputSchema Returns No structuredContent\n */\n test('should throw error when tool with outputSchema returns no structuredContent', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: {} },\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' }\n },\n required: ['result']\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'test-tool') {\n // Return content instead of structuredContent\n return {\n content: [{ type: 'text', text: 'This should be structured content' }]\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n },\n tasks: {\n get: true,\n list: {},\n result: true\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should throw error\n await expect(client.callTool({ name: 'test-tool' })).rejects.toThrow(\n /Tool test-tool has an output schema but did not return structured content/\n );\n });\n\n /***\n * Test: Handle Tools Without outputSchema Normally\n */\n test('should handle tools without outputSchema normally', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: {},\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n }\n // No outputSchema\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'test-tool') {\n // Return regular content\n return {\n content: [{ type: 'text', text: 'Normal response' }]\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n },\n tasks: {\n get: true,\n list: {},\n result: true\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should work normally without validation\n const result = await client.callTool({ name: 'test-tool' });\n expect(result.content).toEqual([{ type: 'text', text: 'Normal response' }]);\n });\n\n /***\n * Test: Handle Complex JSON Schema Validation\n */\n test('should handle complex JSON schema validation', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: {},\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'complex-tool',\n description: 'A tool with complex schema',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 3 },\n age: { type: 'integer', minimum: 0, maximum: 120 },\n active: { type: 'boolean' },\n tags: {\n type: 'array',\n items: { type: 'string' },\n minItems: 1\n },\n metadata: {\n type: 'object',\n properties: {\n created: { type: 'string' }\n },\n required: ['created']\n }\n },\n required: ['name', 'age', 'active', 'tags', 'metadata'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'complex-tool') {\n return {\n structuredContent: {\n name: 'John Doe',\n age: 30,\n active: true,\n tags: ['user', 'admin'],\n metadata: {\n created: '2023-01-01T00:00:00Z'\n }\n }\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n },\n tasks: {\n get: true,\n list: {},\n result: true\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should validate successfully\n const result = await client.callTool({ name: 'complex-tool' });\n expect(result.structuredContent).toBeDefined();\n const structuredContent = result.structuredContent as { name: string; age: number };\n expect(structuredContent.name).toBe('John Doe');\n expect(structuredContent.age).toBe(30);\n });\n\n /***\n * Test: Fail Validation with Additional Properties When Not Allowed\n */\n test('should fail validation with additional properties when not allowed', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Set up server handlers\n server.setRequestHandler('initialize', async request => ({\n protocolVersion: request.params.protocolVersion,\n capabilities: { tools: {} },\n serverInfo: {\n name: 'test-server',\n version: '1.0.0'\n }\n }));\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'strict-tool',\n description: 'A tool with strict schema',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n required: ['name'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'strict-tool') {\n // Return structured content with extra property\n return {\n structuredContent: {\n name: 'John',\n extraField: 'not allowed'\n }\n };\n }\n throw new Error('Unknown tool');\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n // Call the tool - should throw validation error due to additional property\n await expect(client.callTool({ name: 'strict-tool' })).rejects.toThrow(\n /Structured content does not match the tool's output schema/\n );\n });\n});\n\ndescribe('Task-based execution', () => {\n describe('Client calling server', () => {\n let serverTaskStore: InMemoryTaskStore;\n\n beforeEach(() => {\n serverTaskStore = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n serverTaskStore?.cleanup();\n });\n\n test('should create task on server via tool call', async () => {\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: 'Tool executed successfully!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Client creates task on server via tool call\n await client.callTool(\n { name: 'test-tool', arguments: {} },\n {\n task: {\n ttl: 60_000\n }\n }\n );\n\n // Verify task was created successfully by listing tasks\n const taskList = await client.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThan(0);\n const task = taskList.tasks[0]!;\n expect(task.status).toBe('completed');\n });\n\n test('should query task status from server using getTask', async () => {\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: 'Success!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create a task\n await client.callTool(\n { name: 'test-tool', arguments: {} },\n {\n task: { ttl: 60_000 }\n }\n );\n\n // Query task status by listing tasks and getting the first one\n const taskList = await client.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThan(0);\n const task = taskList.tasks[0]!;\n expect(task).toBeDefined();\n expect(task.taskId).toBeDefined();\n expect(task.status).toBe('completed');\n });\n\n test('should query task result from server using getTaskResult', async () => {\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {},\n list: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: 'Result data!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create a task using callToolStream to capture the task ID\n let taskId: string | undefined;\n const stream = client.experimental.tasks.callToolStream(\n { name: 'test-tool', arguments: {} },\n {\n task: { ttl: 60_000 }\n }\n );\n\n for await (const message of stream) {\n if (message.type === 'taskCreated') {\n taskId = message.task.taskId;\n }\n }\n\n expect(taskId).toBeDefined();\n\n // Query task result using the captured task ID\n const result = await client.experimental.tasks.getTaskResult(taskId!, CallToolResultSchema);\n expect(result.content).toEqual([{ type: 'text', text: 'Result data!' }]);\n });\n\n test('should query task list from server using listTasks', async () => {\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: 'Success!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create multiple tasks\n const createdTaskIds: string[] = [];\n\n for (let i = 0; i < 2; i++) {\n await client.callTool(\n { name: 'test-tool', arguments: {} },\n {\n task: { ttl: 60_000 }\n }\n );\n\n // Get the task ID from the task list\n const taskList = await client.experimental.tasks.listTasks();\n const newTask = taskList.tasks.find(t => !createdTaskIds.includes(t.taskId));\n if (newTask) {\n createdTaskIds.push(newTask.taskId);\n }\n }\n\n // Query task list\n const taskList = await client.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThanOrEqual(2);\n for (const taskId of createdTaskIds) {\n expect(taskList.tasks).toContainEqual(\n expect.objectContaining({\n taskId,\n status: 'completed'\n })\n );\n }\n });\n });\n\n describe('Server calling client', () => {\n let clientTaskStore: InMemoryTaskStore;\n\n beforeEach(() => {\n clientTaskStore = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n clientTaskStore?.cleanup();\n });\n\n test('should create task on client via server elicitation', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'list-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server creates task on client via elicitation\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: { type: 'string' }\n },\n required: ['username']\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Verify task was created\n const task = await server.experimental.tasks.getTask(taskId);\n expect(task.status).toBe('completed');\n });\n\n test('should query task status from client using getTask', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'list-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create a task on client and wait for CreateTaskResult\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide info',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Query task status\n const task = await server.experimental.tasks.getTask(taskId);\n expect(task).toBeDefined();\n expect(task.taskId).toBe(taskId);\n expect(task.status).toBe('completed');\n });\n\n test('should query task result from client using getTaskResult', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'result-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create a task on client and wait for CreateTaskResult\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide info',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Query task result using getTaskResult\n const taskResult = await server.experimental.tasks.getTaskResult(taskId, ElicitResultSchema);\n expect(taskResult.action).toBe('accept');\n expect(taskResult.content).toEqual({ username: 'result-user' });\n });\n\n test('should query task list from client using listTasks', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'list-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create multiple tasks on client\n const createdTaskIds: string[] = [];\n for (let i = 0; i < 2; i++) {\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide info',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure and capture taskId\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n createdTaskIds.push(createTaskResult.task.taskId);\n }\n\n // Query task list\n const taskList = await server.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThanOrEqual(2);\n for (const taskId of createdTaskIds) {\n expect(taskList.tasks).toContainEqual(\n expect.objectContaining({\n taskId,\n status: 'completed'\n })\n );\n }\n });\n });\n\n test('should list tasks from server with pagination', async () => {\n const serverTaskStore = new InMemoryTaskStore();\n\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({\n id: z.string()\n })\n },\n {\n async createTask({ id }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: `Result for ${id || 'unknown'}` }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create multiple tasks\n const createdTaskIds: string[] = [];\n\n for (let i = 0; i < 3; i++) {\n await client.callTool(\n { name: 'test-tool', arguments: { id: `task-${i + 1}` } },\n {\n task: { ttl: 60_000 }\n }\n );\n\n // Get the task ID from the task list\n const taskList = await client.experimental.tasks.listTasks();\n const newTask = taskList.tasks.find(t => !createdTaskIds.includes(t.taskId));\n if (newTask) {\n createdTaskIds.push(newTask.taskId);\n }\n }\n\n // List all tasks without cursor\n const firstPage = await client.experimental.tasks.listTasks();\n expect(firstPage.tasks.length).toBeGreaterThan(0);\n expect(firstPage.tasks.map(t => t.taskId)).toEqual(expect.arrayContaining(createdTaskIds));\n\n // If there's a cursor, test pagination\n if (firstPage.nextCursor) {\n const secondPage = await client.experimental.tasks.listTasks(firstPage.nextCursor);\n expect(secondPage.tasks).toBeDefined();\n }\n\n serverTaskStore.cleanup();\n });\n\n describe('Error scenarios', () => {\n let serverTaskStore: InMemoryTaskStore;\n let clientTaskStore: InMemoryTaskStore;\n\n beforeEach(() => {\n serverTaskStore = new InMemoryTaskStore();\n clientTaskStore = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n serverTaskStore?.cleanup();\n clientTaskStore?.cleanup();\n });\n\n test('should throw error when querying non-existent task from server', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to get a task that doesn't exist\n await expect(client.experimental.tasks.getTask('non-existent-task')).rejects.toThrow();\n });\n\n test('should throw error when querying result of non-existent task from server', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to get result of a task that doesn't exist\n await expect(client.experimental.tasks.getTaskResult('non-existent-task', CallToolResultSchema)).rejects.toThrow();\n });\n\n test('should throw error when server queries non-existent task from client', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async () => ({\n action: 'accept',\n content: { username: 'test' }\n }));\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to query a task that doesn't exist on client\n await expect(server.experimental.tasks.getTask('non-existent-task')).rejects.toThrow();\n });\n });\n});\n\ntest('should respect server task capabilities', async () => {\n const serverTaskStore = new InMemoryTaskStore();\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore: serverTaskStore\n }\n );\n\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n const result = {\n content: [{ type: 'text', text: 'Success!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n enforceStrictCapabilities: true\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server supports task creation for tools/call\n expect(client.getServerCapabilities()).toEqual({\n tools: {\n listChanged: true\n },\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n });\n\n // These should work because server supports tasks\n await expect(\n client.callTool(\n { name: 'test-tool', arguments: {} },\n {\n task: { ttl: 60_000 }\n }\n )\n ).resolves.not.toThrow();\n await expect(client.experimental.tasks.listTasks()).resolves.not.toThrow();\n\n // tools/list doesn't support task creation, but it shouldn't throw - it should just ignore the task metadata\n await expect(\n client.request({\n method: 'tools/list',\n params: {}\n })\n ).resolves.not.toThrow();\n\n serverTaskStore.cleanup();\n});\n\n/**\n * Test: requestStream() method\n */\ntest('should expose requestStream() method for streaming responses', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/call', async () => {\n return {\n content: [{ type: 'text', text: 'Tool result' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // First verify that regular request() works\n const regularResult = await client.callTool({ name: 'test-tool', arguments: {} });\n expect(regularResult.content).toEqual([{ type: 'text', text: 'Tool result' }]);\n\n // Test requestStream with non-task request (should yield only result)\n const stream = client.experimental.tasks.requestStream({\n method: 'tools/call',\n params: { name: 'test-tool', arguments: {} }\n });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Should have received only a result message (no task messages)\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.content).toEqual([{ type: 'text', text: 'Tool result' }]);\n }\n\n await client.close();\n await server.close();\n});\n\n/**\n * Test: callToolStream() method\n */\ntest('should expose callToolStream() method for streaming tool calls', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/call', async () => {\n return {\n content: [{ type: 'text', text: 'Tool result' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Test callToolStream\n const stream = client.experimental.tasks.callToolStream({ name: 'test-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Should have received messages ending with result\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.content).toEqual([{ type: 'text', text: 'Tool result' }]);\n }\n\n await client.close();\n await server.close();\n});\n\n/**\n * Test: callToolStream() with output schema validation\n */\ntest('should validate structured output in callToolStream()', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => {\n return {\n tools: [\n {\n name: 'structured-tool',\n description: 'A tool with output schema',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n value: { type: 'number' }\n },\n required: ['value']\n }\n }\n ]\n };\n });\n\n server.setRequestHandler('tools/call', async () => {\n return {\n content: [{ type: 'text', text: 'Result' }],\n structuredContent: { value: 42 }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the output schema\n await client.listTools();\n\n // Test callToolStream with valid structured output\n const stream = client.experimental.tasks.callToolStream({ name: 'structured-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Should have received result with validated structured content\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.structuredContent).toEqual({ value: 42 });\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should yield error when structuredContent does not match schema', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' },\n count: { type: 'number' }\n },\n required: ['result', 'count'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n // Return invalid structured content (count is string instead of number)\n return {\n structuredContent: { result: 'success', count: 'not a number' }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // List tools to cache the schemas\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'test-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('error');\n if (messages[0]!.type === 'error') {\n expect(messages[0]!.error.message).toMatch(/Structured content does not match the tool's output schema/);\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should yield error when tool with outputSchema returns no structuredContent', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' }\n },\n required: ['result']\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n return {\n content: [{ type: 'text', text: 'This should be structured content' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'test-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('error');\n if (messages[0]!.type === 'error') {\n expect(messages[0]!.error.message).toMatch(/Tool test-tool has an output schema but did not return structured content/);\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should handle tools without outputSchema normally', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n return {\n content: [{ type: 'text', text: 'Normal response' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'test-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.content).toEqual([{ type: 'text', text: 'Normal response' }]);\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should handle complex JSON schema validation', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'complex-tool',\n description: 'A tool with complex schema',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 3 },\n age: { type: 'integer', minimum: 0, maximum: 120 },\n active: { type: 'boolean' },\n tags: {\n type: 'array',\n items: { type: 'string' },\n minItems: 1\n },\n metadata: {\n type: 'object',\n properties: {\n created: { type: 'string' }\n },\n required: ['created']\n }\n },\n required: ['name', 'age', 'active', 'tags', 'metadata'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n return {\n structuredContent: {\n name: 'John Doe',\n age: 30,\n active: true,\n tags: ['user', 'admin'],\n metadata: {\n created: '2023-01-01T00:00:00Z'\n }\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'complex-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.structuredContent).toBeDefined();\n const structuredContent = messages[0]!.result.structuredContent as { name: string; age: number };\n expect(structuredContent.name).toBe('John Doe');\n expect(structuredContent.age).toBe(30);\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should yield error with additional properties when not allowed', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'strict-tool',\n description: 'A tool with strict schema',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n required: ['name'],\n additionalProperties: false\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n return {\n structuredContent: {\n name: 'John',\n extraField: 'not allowed'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'strict-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('error');\n if (messages[0]!.type === 'error') {\n expect(messages[0]!.error.message).toMatch(/Structured content does not match the tool's output schema/);\n }\n\n await client.close();\n await server.close();\n});\n\ntest('callToolStream() should not validate structuredContent when isError is true', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n },\n outputSchema: {\n type: 'object',\n properties: {\n result: { type: 'string' }\n },\n required: ['result']\n }\n }\n ]\n }));\n\n server.setRequestHandler('tools/call', async () => {\n // Return isError with content (no structuredContent) - should NOT trigger validation error\n return {\n isError: true,\n content: [{ type: 'text', text: 'Something went wrong' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await client.listTools();\n\n const stream = client.experimental.tasks.callToolStream({ name: 'test-tool', arguments: {} });\n\n const messages = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Should have received result (not error), with isError flag set\n expect(messages.length).toBe(1);\n expect(messages[0]!.type).toBe('result');\n if (messages[0]!.type === 'result') {\n expect(messages[0]!.result.isError).toBe(true);\n expect(messages[0]!.result.content).toEqual([{ type: 'text', text: 'Something went wrong' }]);\n }\n\n await client.close();\n await server.close();\n});\n\ndescribe('getSupportedElicitationModes', () => {\n test('should support nothing when capabilities are undefined', () => {\n const result = getSupportedElicitationModes(undefined);\n expect(result.supportsFormMode).toBe(false);\n expect(result.supportsUrlMode).toBe(false);\n });\n\n test('should default to form mode when capabilities are an empty object', () => {\n const result = getSupportedElicitationModes({});\n expect(result.supportsFormMode).toBe(true);\n expect(result.supportsUrlMode).toBe(false);\n });\n\n test('should support form mode when form is explicitly declared', () => {\n const result = getSupportedElicitationModes({ form: {} });\n expect(result.supportsFormMode).toBe(true);\n expect(result.supportsUrlMode).toBe(false);\n });\n\n test('should support url mode when url is explicitly declared', () => {\n const result = getSupportedElicitationModes({ url: {} });\n expect(result.supportsFormMode).toBe(false);\n expect(result.supportsUrlMode).toBe(true);\n });\n\n test('should support both modes when both are explicitly declared', () => {\n const result = getSupportedElicitationModes({ form: {}, url: {} });\n expect(result.supportsFormMode).toBe(true);\n expect(result.supportsUrlMode).toBe(true);\n });\n\n test('should support form mode when form declares applyDefaults', () => {\n const result = getSupportedElicitationModes({ form: { applyDefaults: true } });\n expect(result.supportsFormMode).toBe(true);\n expect(result.supportsUrlMode).toBe(false);\n });\n});\n\ndescribe('Client sampling validation with tools', () => {\n test('should validate array content with tool_use when request includes tools', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n // Handler returns array content with tool_use - should validate with CreateMessageResultWithToolsSchema\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n stopReason: 'toolUse',\n content: [{ type: 'tool_use', id: 'call_1', name: 'test_tool', input: { arg: 'value' } }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n });\n\n expect(result.stopReason).toBe('toolUse');\n expect(Array.isArray(result.content)).toBe(true);\n expect((result.content as Array<{ type: string }>)[0]!.type).toBe('tool_use');\n });\n\n test('should validate single content when request includes tools', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n // Handler returns single content (text) - should still validate with CreateMessageResultWithToolsSchema\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'No tool needed' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n });\n\n expect((result.content as { type: string }).type).toBe('text');\n });\n\n test('should validate single content when request has no tools', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n // Handler returns single content - should validate with CreateMessageResultSchema\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100\n });\n\n expect((result.content as { type: string }).type).toBe('text');\n });\n\n test('should reject array content when request has no tools', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n // Handler returns array content - should fail validation with CreateMessageResultSchema\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: [{ type: 'text', text: 'Array response' }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100\n })\n ).rejects.toThrow('Invalid sampling result');\n });\n\n test('should validate array content when request includes toolChoice', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n // Handler returns array content with tool_use\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n stopReason: 'toolUse',\n content: [{ type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }],\n toolChoice: { mode: 'auto' }\n });\n\n expect(result.stopReason).toBe('toolUse');\n expect(Array.isArray(result.content)).toBe(true);\n });\n});\n" }, { "path": "test/integration/test/experimental/tasks/task.test.ts", "content": "import { isTerminal } from '@modelcontextprotocol/core';\nimport type { Task } from '@modelcontextprotocol/server';\nimport { describe, expect, it } from 'vitest';\n\ndescribe('Task utility functions', () => {\n describe('isTerminal', () => {\n it('should return true for completed status', () => {\n expect(isTerminal('completed')).toBe(true);\n });\n\n it('should return true for failed status', () => {\n expect(isTerminal('failed')).toBe(true);\n });\n\n it('should return true for cancelled status', () => {\n expect(isTerminal('cancelled')).toBe(true);\n });\n\n it('should return false for working status', () => {\n expect(isTerminal('working')).toBe(false);\n });\n\n it('should return false for input_required status', () => {\n expect(isTerminal('input_required')).toBe(false);\n });\n });\n});\n\ndescribe('Task Schema Validation', () => {\n it('should validate task with ttl field', () => {\n const createdAt = new Date().toISOString();\n const task: Task = {\n taskId: 'test-123',\n status: 'working',\n ttl: 60_000,\n createdAt,\n lastUpdatedAt: createdAt,\n pollInterval: 1000\n };\n\n expect(task.ttl).toBe(60_000);\n expect(task.createdAt).toBeDefined();\n expect(typeof task.createdAt).toBe('string');\n });\n\n it('should validate task with null ttl', () => {\n const createdAt = new Date().toISOString();\n const task: Task = {\n taskId: 'test-456',\n status: 'completed',\n ttl: null,\n createdAt,\n lastUpdatedAt: createdAt\n };\n\n expect(task.ttl).toBeNull();\n });\n\n it('should validate task with statusMessage field', () => {\n const createdAt = new Date().toISOString();\n const task: Task = {\n taskId: 'test-789',\n status: 'failed',\n ttl: null,\n createdAt,\n lastUpdatedAt: createdAt,\n statusMessage: 'Operation failed due to timeout'\n };\n\n expect(task.statusMessage).toBe('Operation failed due to timeout');\n });\n\n it('should validate task with createdAt in ISO 8601 format', () => {\n const now = new Date();\n const createdAt = now.toISOString();\n const task: Task = {\n taskId: 'test-iso',\n status: 'working',\n ttl: 30_000,\n createdAt,\n lastUpdatedAt: createdAt\n };\n\n expect(task.createdAt).toMatch(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/);\n expect(new Date(task.createdAt).getTime()).toBe(now.getTime());\n });\n\n it('should validate task with lastUpdatedAt in ISO 8601 format', () => {\n const now = new Date();\n const createdAt = now.toISOString();\n const task: Task = {\n taskId: 'test-iso',\n status: 'working',\n ttl: 30_000,\n createdAt,\n lastUpdatedAt: createdAt\n };\n\n expect(task.lastUpdatedAt).toMatch(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/);\n });\n\n it('should validate all task statuses', () => {\n const statuses: Task['status'][] = ['working', 'input_required', 'completed', 'failed', 'cancelled'];\n\n const createdAt = new Date().toISOString();\n for (const status of statuses) {\n const task: Task = {\n taskId: `test-${status}`,\n status,\n ttl: null,\n createdAt,\n lastUpdatedAt: createdAt\n };\n expect(task.status).toBe(status);\n }\n });\n});\n" }, { "path": "test/integration/test/experimental/tasks/taskListing.test.ts", "content": "import { ProtocolError, ProtocolErrorCode } from '@modelcontextprotocol/core';\nimport { afterEach, beforeEach, describe, expect, it } from 'vitest';\n\nimport { createInMemoryTaskEnvironment } from '../../helpers/mcp.js';\n\ndescribe('Task Listing with Pagination', () => {\n let client: Awaited>['client'];\n let server: Awaited>['server'];\n let taskStore: Awaited>['taskStore'];\n\n beforeEach(async () => {\n const env = await createInMemoryTaskEnvironment();\n client = env.client;\n server = env.server;\n taskStore = env.taskStore;\n });\n\n afterEach(async () => {\n taskStore.cleanup();\n await client.close();\n await server.close();\n });\n\n it('should return empty list when no tasks exist', async () => {\n const result = await client.experimental.tasks.listTasks();\n\n expect(result.tasks).toEqual([]);\n expect(result.nextCursor).toBeUndefined();\n });\n\n it('should return all tasks when less than page size', async () => {\n // Create 3 tasks\n for (let i = 0; i < 3; i++) {\n await taskStore.createTask({}, i, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n }\n\n const result = await client.experimental.tasks.listTasks();\n\n expect(result.tasks).toHaveLength(3);\n expect(result.nextCursor).toBeUndefined();\n });\n\n it('should paginate when more than page size exists', async () => {\n // Create 15 tasks (page size is 10 in InMemoryTaskStore)\n for (let i = 0; i < 15; i++) {\n await taskStore.createTask({}, i, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n }\n\n // Get first page\n const page1 = await client.experimental.tasks.listTasks();\n expect(page1.tasks).toHaveLength(10);\n expect(page1.nextCursor).toBeDefined();\n\n // Get second page using cursor\n const page2 = await client.experimental.tasks.listTasks(page1.nextCursor);\n expect(page2.tasks).toHaveLength(5);\n expect(page2.nextCursor).toBeUndefined();\n });\n\n it('should treat cursor as opaque token', async () => {\n // Create 5 tasks\n for (let i = 0; i < 5; i++) {\n await taskStore.createTask({}, i, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n }\n\n // Get all tasks to get a valid cursor\n const allTasks = taskStore.getAllTasks();\n const validCursor = allTasks[2]!.taskId;\n\n // Use the cursor - should work even though we don't know its internal structure\n const result = await client.experimental.tasks.listTasks(validCursor);\n expect(result.tasks).toHaveLength(2);\n });\n\n it('should return error code -32602 for invalid cursor', async () => {\n await taskStore.createTask({}, 1, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n\n // Try to use an invalid cursor - should return -32602 (Invalid params) per MCP spec\n await expect(client.experimental.tasks.listTasks('invalid-cursor')).rejects.toSatisfy((error: ProtocolError) => {\n expect(error).toBeInstanceOf(ProtocolError);\n expect(error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(error.message).toContain('Invalid cursor');\n return true;\n });\n });\n\n it('should ensure tasks accessible via tasks/get are also accessible via tasks/list', async () => {\n // Create a task\n const task = await taskStore.createTask({}, 1, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n\n // Verify it's accessible via tasks/get\n const getResult = await client.experimental.tasks.getTask(task.taskId);\n expect(getResult.taskId).toBe(task.taskId);\n\n // Verify it's also accessible via tasks/list\n const listResult = await client.experimental.tasks.listTasks();\n expect(listResult.tasks).toHaveLength(1);\n expect(listResult.tasks[0]!.taskId).toBe(task.taskId);\n });\n\n it('should not include related-task metadata in list response', async () => {\n // Create a task\n await taskStore.createTask({}, 1, {\n method: 'tools/call',\n params: { name: 'test-tool' }\n });\n\n const result = await client.experimental.tasks.listTasks();\n\n // The response should have _meta but not include related-task metadata\n expect(result._meta).toBeDefined();\n expect(result._meta?.['io.modelcontextprotocol/related-task']).toBeUndefined();\n });\n});\n" }, { "path": "test/integration/test/helpers/mcp.ts", "content": "import { Client } from '@modelcontextprotocol/client';\nimport { InMemoryTransport } from '@modelcontextprotocol/core';\nimport type { ClientCapabilities, ServerCapabilities } from '@modelcontextprotocol/server';\nimport { InMemoryTaskMessageQueue, InMemoryTaskStore, Server } from '@modelcontextprotocol/server';\n\nexport interface InMemoryTaskEnvironment {\n client: Client;\n server: Server;\n taskStore: InMemoryTaskStore;\n clientTransport: InMemoryTransport;\n serverTransport: InMemoryTransport;\n}\n\nexport async function createInMemoryTaskEnvironment(options?: {\n clientCapabilities?: ClientCapabilities;\n serverCapabilities?: ServerCapabilities;\n}): Promise {\n const taskStore = new InMemoryTaskStore();\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: options?.clientCapabilities ?? {\n tasks: {\n list: {},\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: options?.serverCapabilities ?? {\n tasks: {\n list: {},\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore,\n taskMessageQueue: new InMemoryTaskMessageQueue()\n }\n );\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n return {\n client,\n server,\n taskStore,\n clientTransport,\n serverTransport\n };\n}\n" }, { "path": "test/integration/test/issues/test1277.zod.v4.description.test.ts", "content": "/**\n * Regression test for https://github.com/modelcontextprotocol/typescript-sdk/issues/1277\n *\n * Zod v4 stores `.describe()` descriptions directly on the schema object,\n * not in `._zod.def.description`. This test verifies that descriptions are\n * correctly extracted for prompt arguments.\n */\n\nimport { Client } from '@modelcontextprotocol/client';\nimport { InMemoryTransport } from '@modelcontextprotocol/core';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\ndescribe('Issue #1277: Zod v4', () => {\n test('should preserve argument descriptions from .describe()', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test',\n {\n argsSchema: z.object({\n name: z.string().describe('The user name'),\n value: z.string().describe('The value to set')\n })\n },\n async ({ name, value }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `${name}: ${value}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/list'\n });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('test');\n expect(result.prompts[0]!.arguments).toEqual([\n { name: 'name', required: true, description: 'The user name' },\n { name: 'value', required: true, description: 'The value to set' }\n ]);\n });\n});\n" }, { "path": "test/integration/test/issues/test400.optional-tool-params.test.ts", "content": "/**\n * Regression test for https://github.com/modelcontextprotocol/typescript-sdk/issues/400\n *\n * When a tool has all optional parameters, some LLM models call the tool without\n * providing an `arguments` field. This test verifies that undefined arguments are\n * handled correctly by defaulting to an empty object.\n */\n\nimport { Client } from '@modelcontextprotocol/client';\nimport { InMemoryTransport } from '@modelcontextprotocol/core';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\ndescribe('Issue #400: Zod v4', () => {\n test('should accept undefined arguments when all tool params are optional', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'optional-params-tool',\n {\n inputSchema: z.object({\n limit: z.number().optional(),\n offset: z.number().optional()\n })\n },\n async ({ limit, offset }) => ({\n content: [\n {\n type: 'text',\n text: `limit: ${limit ?? 'default'}, offset: ${offset ?? 'default'}`\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call tool without arguments (arguments is undefined)\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'optional-params-tool'\n // arguments is intentionally omitted (undefined)\n }\n });\n\n expect(result.isError).toBeUndefined();\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'limit: default, offset: default'\n }\n ]);\n });\n});\n" }, { "path": "test/integration/test/issues/test_1342OauthErrorHttp200.test.ts", "content": "/**\n * Regression test for https://github.com/modelcontextprotocol/typescript-sdk/issues/1342\n *\n * Some OAuth servers (e.g., GitHub) return error responses with HTTP 200 status\n * instead of 4xx. Previously, the SDK would try to parse these as tokens and fail\n * with a confusing Zod validation error. This test verifies that the SDK properly\n * detects the error field and surfaces the actual OAuth error message.\n */\n\nimport { exchangeAuthorization } from '@modelcontextprotocol/client';\nimport { describe, expect, it, vi } from 'vitest';\n\nconst mockFetch = vi.fn();\nvi.stubGlobal('fetch', mockFetch);\n\ndescribe('Issue #1342: OAuth error response with HTTP 200 status', () => {\n const validClientInfo = {\n client_id: 'test-client',\n client_secret: 'test-secret',\n redirect_uris: ['http://localhost:3000/callback'],\n token_endpoint_auth_method: 'client_secret_post' as const\n };\n\n it('should throw OAuth error when server returns error with HTTP 200', async () => {\n // GitHub returns errors with HTTP 200 instead of 4xx\n mockFetch.mockResolvedValueOnce({\n ok: true,\n status: 200,\n json: async () => ({\n error: 'invalid_client',\n error_description: 'The client_id and/or client_secret passed are incorrect.'\n })\n });\n\n await expect(\n exchangeAuthorization('https://auth.example.com', {\n clientInformation: validClientInfo,\n authorizationCode: 'code123',\n codeVerifier: 'verifier123',\n redirectUri: 'http://localhost:3000/callback'\n })\n ).rejects.toThrow('The client_id and/or client_secret passed are incorrect.');\n });\n});\n" }, { "path": "test/integration/test/processCleanup.test.ts", "content": "import path from 'node:path';\nimport { Readable, Writable } from 'node:stream';\n\nimport { Client, StdioClientTransport } from '@modelcontextprotocol/client';\nimport { Server, StdioServerTransport } from '@modelcontextprotocol/server';\n\n// Use the local fixtures directory alongside this test file\nconst FIXTURES_DIR = path.resolve(__dirname, './__fixtures__');\n\ndescribe('Process cleanup', () => {\n vi.setConfig({ testTimeout: 15_000 }); // 15 second timeout (needs margin for CI; close() alone can take ~4s for hanging servers)\n\n it('server should exit cleanly after closing transport', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {}\n }\n );\n\n const mockReadable = new Readable({\n read() {\n this.push(null); // signal EOF\n }\n }),\n mockWritable = new Writable({\n write(chunk, encoding, callback) {\n callback();\n }\n });\n\n // Attach mock streams to process for the server transport\n const transport = new StdioServerTransport(mockReadable, mockWritable);\n await server.connect(transport);\n\n // Close the transport\n await transport.close();\n\n // ensure a proper disposal mock streams\n mockReadable.destroy();\n mockWritable.destroy();\n\n // If we reach here without hanging, the test passes\n // The test runner will fail if the process hangs\n expect(true).toBe(true);\n });\n\n it('onclose should be called exactly once', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StdioClientTransport({\n command: 'node',\n args: ['--import', 'tsx', 'testServer.ts'],\n cwd: FIXTURES_DIR\n });\n\n await client.connect(transport);\n\n let onCloseWasCalled = 0;\n client.onclose = () => {\n onCloseWasCalled++;\n };\n\n await client.close();\n\n // A short delay to allow the close event to propagate\n await new Promise(resolve => setTimeout(resolve, 50));\n\n expect(onCloseWasCalled).toBe(1);\n });\n\n it('should exit cleanly for a server that hangs', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StdioClientTransport({\n command: 'node',\n args: ['--import', 'tsx', 'serverThatHangs.ts'],\n cwd: FIXTURES_DIR\n });\n\n await client.connect(transport);\n await client.setLoggingLevel('debug');\n client.setNotificationHandler('notifications/message', notification => {\n console.debug('server log: ' + notification.params.data);\n });\n const serverPid = transport.pid!;\n\n await client.close();\n\n // A short delay to allow the close event to propagate\n await new Promise(resolve => setTimeout(resolve, 50));\n\n try {\n process.kill(serverPid, 9);\n throw new Error('Expected server to be dead but it is alive');\n } catch (error: unknown) {\n // 'ESRCH' the process doesn't exist\n if (error && typeof error === 'object' && 'code' in error && error.code === 'ESRCH') {\n // success\n } else throw error;\n }\n });\n});\n" }, { "path": "test/integration/test/server/bun.test.ts", "content": "/**\n * Bun integration test\n *\n * Verifies the MCP server and client packages work natively on Bun.\n * Run with: bun test test/server/bun.test.ts\n */\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { McpServer, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\n// eslint-disable-next-line import/no-unresolved\nimport { afterAll, beforeAll, describe, expect, it } from 'bun:test';\nimport * as z from 'zod/v4';\n\ndescribe('MCP on Bun', () => {\n let httpServer: ReturnType;\n let transport: WebStandardStreamableHTTPServerTransport;\n\n beforeAll(async () => {\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' });\n\n mcpServer.registerTool(\n 'greet',\n {\n description: 'Greet someone',\n inputSchema: z.object({ name: z.string() })\n },\n async ({ name }) => ({\n content: [{ type: 'text' as const, text: `Hello, ${name}!` }]\n })\n );\n\n transport = new WebStandardStreamableHTTPServerTransport();\n await mcpServer.connect(transport);\n\n httpServer = Bun.serve({\n port: 0,\n fetch: req => transport.handleRequest(req)\n });\n });\n\n afterAll(async () => {\n await transport?.close();\n httpServer?.stop();\n });\n\n it('should handle MCP tool calls', async () => {\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n const clientTransport = new StreamableHTTPClientTransport(new URL(`http://localhost:${httpServer.port}`));\n\n await client.connect(clientTransport);\n\n const result = await client.callTool({ name: 'greet', arguments: { name: 'Bun' } });\n expect(result.content).toEqual([{ type: 'text', text: 'Hello, Bun!' }]);\n\n await client.close();\n });\n});\n" }, { "path": "test/integration/test/server/cloudflareWorkers.test.ts", "content": "/**\n * Cloudflare Workers integration test\n *\n * Verifies the MCP server package works in Cloudflare Workers\n * WITHOUT nodejs_compat, using runtime shims for cross-platform compatibility.\n */\n\nimport type { ChildProcess } from 'node:child_process';\nimport { execSync, spawn } from 'node:child_process';\nimport * as fs from 'node:fs';\nimport * as os from 'node:os';\nimport path from 'node:path';\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { afterAll, beforeAll, describe, expect, it } from 'vitest';\n\nconst PORT = 8787;\n\ninterface TestEnv {\n tempDir: string;\n process: ChildProcess;\n cleanup: () => Promise;\n}\n\ndescribe('Cloudflare Workers compatibility (no nodejs_compat)', () => {\n let env: TestEnv | null = null;\n\n beforeAll(async () => {\n const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'cf-worker-test-'));\n\n // Pack server package\n const serverPkgPath = path.resolve(__dirname, '../../../../packages/server');\n const packOutput = execSync(`pnpm pack --pack-destination ${tempDir}`, {\n cwd: serverPkgPath,\n encoding: 'utf8'\n });\n const tarballName = path.basename(packOutput.trim().split('\\n').pop()!);\n\n // Write package.json\n const pkgJson = {\n name: 'cf-worker-test',\n private: true,\n type: 'module',\n dependencies: {\n '@modelcontextprotocol/server': `file:./${tarballName}`,\n '@cfworker/json-schema': '^4.1.1'\n },\n devDependencies: {\n wrangler: '^4.14.4'\n }\n };\n fs.writeFileSync(path.join(tempDir, 'package.json'), JSON.stringify(pkgJson, null, 2));\n\n // Write wrangler config\n const wranglerConfig = {\n $schema: 'node_modules/wrangler/config-schema.json',\n name: 'cf-worker-test',\n main: 'server.ts',\n compatibility_date: '2025-01-01'\n };\n fs.writeFileSync(path.join(tempDir, 'wrangler.jsonc'), JSON.stringify(wranglerConfig, null, 2));\n\n // Write server source\n const serverSource = `\nimport { McpServer, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\n\nconst server = new McpServer({ name: \"test-server\", version: \"1.0.0\" });\n\nserver.registerTool(\"greet\", {\n description: \"Greet someone\"\n}, async (args) => ({\n content: [{ type: \"text\", text: \"Hello, \" + (args.name || \"World\") + \"!\" }]\n}));\n\nconst transport = new WebStandardStreamableHTTPServerTransport();\nawait server.connect(transport);\n\nexport default {\n fetch: (request) => transport.handleRequest(request)\n};\n`;\n fs.writeFileSync(path.join(tempDir, 'server.ts'), serverSource);\n\n // Install dependencies\n execSync('npm install', { cwd: tempDir, stdio: 'pipe', timeout: 60_000 });\n\n // Start wrangler dev server\n const proc = spawn('npx', ['wrangler', 'dev', '--local', '--port', String(PORT)], {\n cwd: tempDir,\n shell: true,\n stdio: 'pipe'\n });\n\n // Wait for server to be ready\n await new Promise((resolve, reject) => {\n const timeout = setTimeout(() => reject(new Error('Wrangler startup timeout')), 60_000);\n let stderrData = '';\n\n proc.stdout?.on('data', data => {\n const output = data.toString();\n if (/Ready on|Listening on/.test(output)) {\n clearTimeout(timeout);\n // Extra delay for wrangler to fully initialize\n setTimeout(resolve, 1000);\n }\n });\n\n proc.stderr?.on('data', data => {\n stderrData += data.toString();\n // Check for fatal errors like missing node: modules\n if (/No such module \"node:/.test(stderrData)) {\n clearTimeout(timeout);\n reject(new Error(`Wrangler fatal error: ${stderrData}`));\n }\n });\n\n proc.on('error', err => {\n clearTimeout(timeout);\n reject(err);\n });\n\n proc.on('close', code => {\n if (code !== 0 && code !== null) {\n clearTimeout(timeout);\n reject(new Error(`Wrangler exited with code ${code}. stderr: ${stderrData}`));\n }\n });\n });\n\n const cleanup = async () => {\n proc.kill('SIGTERM');\n await new Promise(resolve => {\n proc.on('close', () => resolve());\n setTimeout(resolve, 5000);\n });\n try {\n fs.rmSync(tempDir, { recursive: true, force: true });\n } catch {\n // Ignore cleanup errors\n }\n };\n\n env = { tempDir, process: proc, cleanup };\n }, 120_000);\n\n afterAll(async () => {\n await env?.cleanup();\n });\n\n it('should handle MCP requests', async () => {\n expect(env).not.toBeNull();\n\n // Retry connection — wrangler may report \"Ready\" before it can handle requests\n let client!: Client;\n let lastError: unknown;\n for (let attempt = 0; attempt < 5; attempt++) {\n try {\n client = new Client({ name: 'test-client', version: '1.0.0' });\n const transport = new StreamableHTTPClientTransport(new URL(`http://127.0.0.1:${PORT}/`));\n await client.connect(transport);\n lastError = undefined;\n break;\n } catch (error) {\n lastError = error;\n await new Promise(resolve => setTimeout(resolve, 1000));\n }\n }\n if (lastError) {\n throw lastError;\n }\n\n const result = await client.callTool({ name: 'greet', arguments: { name: 'World' } });\n expect(result.content).toEqual([{ type: 'text', text: 'Hello, World!' }]);\n\n await client.close();\n }, 30_000);\n});\n" }, { "path": "test/integration/test/server/deno.test.ts", "content": "/**\n * Deno integration test\n *\n * Verifies the MCP server and client packages work natively on Deno.\n * Run with: deno test --no-check --allow-net --allow-read --allow-env test/server/deno.test.ts\n */\n\nimport assert from 'node:assert/strict';\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { McpServer, WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\nDeno.test({\n name: 'MCP tool calls work on Deno',\n sanitizeOps: false,\n sanitizeResources: false,\n async fn() {\n const mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' });\n\n mcpServer.registerTool(\n 'greet',\n {\n description: 'Greet someone',\n inputSchema: z.object({ name: z.string() })\n },\n async ({ name }) => ({\n content: [{ type: 'text' as const, text: `Hello, ${name}!` }]\n })\n );\n\n const transport = new WebStandardStreamableHTTPServerTransport();\n await mcpServer.connect(transport);\n\n const httpServer = Deno.serve({ port: 0 }, req => transport.handleRequest(req));\n const port = httpServer.addr.port;\n\n try {\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n const clientTransport = new StreamableHTTPClientTransport(new URL(`http://localhost:${port}`));\n\n await client.connect(clientTransport);\n\n const result = await client.callTool({ name: 'greet', arguments: { name: 'Deno' } });\n assert.deepStrictEqual(result.content, [{ type: 'text', text: 'Hello, Deno!' }]);\n\n await client.close();\n } finally {\n await transport.close();\n await httpServer.shutdown();\n }\n }\n});\n" }, { "path": "test/integration/test/server/elicitation.test.ts", "content": "/**\n * Comprehensive elicitation flow tests with validator integration\n *\n * These tests verify the end-to-end elicitation flow from server requesting\n * input to client responding and validation of the response against schemas.\n *\n * Per the MCP spec, elicitation only supports object schemas, not primitives.\n */\n\nimport { Client } from '@modelcontextprotocol/client';\nimport type { ElicitRequestFormParams } from '@modelcontextprotocol/core';\nimport { AjvJsonSchemaValidator, CfWorkerJsonSchemaValidator, InMemoryTransport } from '@modelcontextprotocol/core';\nimport { Server } from '@modelcontextprotocol/server';\n\nconst ajvProvider = new AjvJsonSchemaValidator();\nconst cfWorkerProvider = new CfWorkerJsonSchemaValidator();\n\nlet server: Server;\nlet client: Client;\n\ndescribe('Elicitation Flow', () => {\n describe('with AJV validator', () => {\n beforeEach(async () => {\n server = new Server(\n { name: 'test-server', version: '1.0.0' },\n {\n capabilities: {},\n jsonSchemaValidator: ajvProvider\n }\n );\n\n client = new Client({ name: 'test-client', version: '1.0.0' }, { capabilities: { elicitation: {} } });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n });\n\n testElicitationFlow(ajvProvider, 'AJV');\n });\n\n describe('with CfWorker validator', () => {\n beforeEach(async () => {\n server = new Server(\n { name: 'test-server', version: '1.0.0' },\n {\n capabilities: {},\n jsonSchemaValidator: cfWorkerProvider\n }\n );\n\n client = new Client({ name: 'test-client', version: '1.0.0' }, { capabilities: { elicitation: {} } });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n });\n\n testElicitationFlow(cfWorkerProvider, 'CfWorker');\n });\n});\n\nfunction testElicitationFlow(validatorProvider: typeof ajvProvider | typeof cfWorkerProvider, validatorName: string) {\n test(`${validatorName}: should elicit simple object with string field`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { name: 'John Doe' }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'What is your name?',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 1 }\n },\n required: ['name']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { name: 'John Doe' }\n });\n });\n\n test(`${validatorName}: should elicit object with integer field`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { age: 42 }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'What is your age?',\n requestedSchema: {\n type: 'object',\n properties: {\n age: { type: 'integer', minimum: 0, maximum: 150 }\n },\n required: ['age']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { age: 42 }\n });\n });\n\n test(`${validatorName}: should elicit object with boolean field`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { agree: true }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Do you agree?',\n requestedSchema: {\n type: 'object',\n properties: {\n agree: { type: 'boolean' }\n },\n required: ['agree']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { agree: true }\n });\n });\n\n test(`${validatorName}: should elicit complex object with multiple fields`, async () => {\n const userData = {\n name: 'Jane Smith',\n email: 'jane@example.com',\n age: 28,\n street: '123 Main St',\n city: 'San Francisco',\n zipCode: '94105',\n newsletter: true,\n notifications: false\n };\n\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: userData\n }));\n\n const formRequestParams: ElicitRequestFormParams = {\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 1 },\n email: { type: 'string', format: 'email' },\n age: { type: 'integer', minimum: 0, maximum: 150 },\n street: { type: 'string' },\n city: { type: 'string' },\n // @ts-expect-error - pattern is not a valid property by MCP spec, however it is making use of the Ajv validator\n zipCode: { type: 'string', pattern: '^[0-9]{5}$' },\n newsletter: { type: 'boolean' },\n notifications: { type: 'boolean' }\n },\n required: ['name', 'email', 'age', 'street', 'city', 'zipCode']\n }\n };\n const result = await server.elicitInput(formRequestParams);\n\n expect(result).toEqual({\n action: 'accept',\n content: userData\n });\n });\n\n test(`${validatorName}: should reject invalid object (missing required field)`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n email: 'user@example.com'\n // Missing required 'name' field\n }\n }));\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' },\n email: { type: 'string' }\n },\n required: ['name', 'email']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid field type`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n name: 'John Doe',\n age: 'thirty' // Wrong type - should be integer\n }\n }));\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' },\n age: { type: 'integer' }\n },\n required: ['name', 'age']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid string (too short)`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { name: '' } // Too short\n }));\n\n await expect(\n server.elicitInput({\n message: 'What is your name?',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 1 }\n },\n required: ['name']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid integer (out of range)`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { age: 200 } // Too high\n }));\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'What is your age?',\n requestedSchema: {\n type: 'object',\n properties: {\n age: { type: 'integer', minimum: 0, maximum: 150 }\n },\n required: ['age']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid pattern`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { zipCode: 'ABC123' } // Doesn't match pattern\n }));\n\n const formRequestParams: ElicitRequestFormParams = {\n mode: 'form',\n message: 'Enter a 5-digit zip code',\n requestedSchema: {\n type: 'object',\n properties: {\n // @ts-expect-error - pattern is not a valid property by MCP spec, however it is making use of the Ajv validator\n zipCode: { type: 'string', pattern: '^[0-9]{5}$' }\n },\n required: ['zipCode']\n }\n };\n\n await expect(server.elicitInput(formRequestParams)).rejects.toThrow(/does not match requested schema/);\n });\n\n test(`${validatorName}: should allow decline action without validation`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'decline'\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n required: ['name']\n }\n });\n\n expect(result).toEqual({\n action: 'decline'\n });\n });\n\n test(`${validatorName}: should allow cancel action without validation`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'cancel'\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string' }\n },\n required: ['name']\n }\n });\n\n expect(result).toEqual({\n action: 'cancel'\n });\n });\n\n test(`${validatorName}: should handle multiple sequential elicitation requests`, async () => {\n let requestCount = 0;\n client.setRequestHandler('elicitation/create', request => {\n requestCount++;\n if (request.params.message.includes('name')) {\n return { action: 'accept', content: { name: 'Alice' } };\n } else if (request.params.message.includes('age')) {\n return { action: 'accept', content: { age: 30 } };\n } else if (request.params.message.includes('city')) {\n return { action: 'accept', content: { city: 'New York' } };\n }\n return { action: 'decline' };\n });\n\n const nameResult = await server.elicitInput({\n mode: 'form',\n message: 'What is your name?',\n requestedSchema: {\n type: 'object',\n properties: { name: { type: 'string', minLength: 1 } },\n required: ['name']\n }\n });\n\n const ageResult = await server.elicitInput({\n message: 'What is your age?',\n requestedSchema: {\n type: 'object',\n properties: { age: { type: 'integer', minimum: 0 } },\n required: ['age']\n }\n });\n\n const cityResult = await server.elicitInput({\n message: 'What is your city?',\n requestedSchema: {\n type: 'object',\n properties: { city: { type: 'string', minLength: 1 } },\n required: ['city']\n }\n });\n\n expect(requestCount).toBe(3);\n expect(nameResult).toEqual({\n action: 'accept',\n content: { name: 'Alice' }\n });\n expect(ageResult).toEqual({ action: 'accept', content: { age: 30 } });\n expect(cityResult).toEqual({\n action: 'accept',\n content: { city: 'New York' }\n });\n });\n\n test(`${validatorName}: should validate with optional fields present`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { name: 'John', nickname: 'Johnny' }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Enter your name',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 1 },\n nickname: { type: 'string' }\n },\n required: ['name']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { name: 'John', nickname: 'Johnny' }\n });\n });\n\n test(`${validatorName}: should validate with optional fields absent`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { name: 'John' }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Enter your name',\n requestedSchema: {\n type: 'object',\n properties: {\n name: { type: 'string', minLength: 1 },\n nickname: { type: 'string' }\n },\n required: ['name']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { name: 'John' }\n });\n });\n\n test(`${validatorName}: should validate email format`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { email: 'user@example.com' }\n }));\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Enter your email',\n requestedSchema: {\n type: 'object',\n properties: {\n email: { type: 'string', format: 'email' }\n },\n required: ['email']\n }\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: { email: 'user@example.com' }\n });\n });\n\n test(`${validatorName}: should default missing fields from schema defaults`, async () => {\n const server = new Server(\n { name: 'test-server', version: '1.0.0' },\n {\n capabilities: {},\n jsonSchemaValidator: validatorProvider\n }\n );\n\n const client = new Client(\n { name: 'test-client', version: '1.0.0' },\n {\n capabilities: {\n elicitation: {\n form: {\n applyDefaults: true\n }\n }\n }\n }\n );\n\n const testSchemaProperties: ElicitRequestFormParams['requestedSchema'] = {\n type: 'object',\n properties: {\n subscribe: { type: 'boolean', default: true },\n nickname: { type: 'string', default: 'Guest' },\n age: { type: 'integer', minimum: 0, maximum: 150, default: 18 },\n color: { type: 'string', enum: ['red', 'green'], default: 'green' },\n untitledSingleSelectEnum: {\n type: 'string',\n title: 'Untitled Single Select Enum',\n description: 'Choose your favorite color',\n enum: ['red', 'green', 'blue'],\n default: 'green'\n },\n untitledMultipleSelectEnum: {\n type: 'array',\n title: 'Untitled Multiple Select Enum',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: { type: 'string', enum: ['red', 'green', 'blue'] },\n default: ['green', 'blue']\n },\n titledSingleSelectEnum: {\n type: 'string',\n title: 'Single Select Enum',\n description: 'Choose your favorite color',\n oneOf: [\n { const: 'red', title: 'Red' },\n { const: 'green', title: 'Green' },\n { const: 'blue', title: 'Blue' }\n ],\n default: 'green'\n },\n titledMultipleSelectEnum: {\n type: 'array',\n title: 'Multiple Select Enum',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: {\n anyOf: [\n { const: 'red', title: 'Red' },\n { const: 'green', title: 'Green' },\n { const: 'blue', title: 'Blue' }\n ]\n },\n default: ['green', 'blue']\n },\n legacyTitledEnum: {\n type: 'string',\n title: 'Legacy Titled Enum',\n description: 'Choose your favorite color',\n enum: ['red', 'green', 'blue'],\n enumNames: ['Red', 'Green', 'Blue'],\n default: 'green'\n },\n optionalWithADefault: { type: 'string', default: 'default value' }\n },\n required: [\n 'subscribe',\n 'nickname',\n 'age',\n 'color',\n 'titledSingleSelectEnum',\n 'titledMultipleSelectEnum',\n 'untitledSingleSelectEnum',\n 'untitledMultipleSelectEnum'\n ]\n };\n\n // Client returns no values; SDK should apply defaults automatically (and validate)\n client.setRequestHandler('elicitation/create', request => {\n expect(request.params.mode).toEqual('form');\n expect((request.params as ElicitRequestFormParams).requestedSchema).toEqual(testSchemaProperties);\n return {\n action: 'accept',\n content: {}\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const result = await server.elicitInput({\n mode: 'form',\n message: 'Provide your preferences',\n requestedSchema: testSchemaProperties\n });\n\n expect(result).toEqual({\n action: 'accept',\n content: {\n subscribe: true,\n nickname: 'Guest',\n age: 18,\n color: 'green',\n untitledSingleSelectEnum: 'green',\n untitledMultipleSelectEnum: ['green', 'blue'],\n titledSingleSelectEnum: 'green',\n titledMultipleSelectEnum: ['green', 'blue'],\n legacyTitledEnum: 'green',\n optionalWithADefault: 'default value'\n }\n });\n });\n\n test(`${validatorName}: should reject invalid email format`, async () => {\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: { email: 'not-an-email' }\n }));\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Enter your email',\n requestedSchema: {\n type: 'object',\n properties: {\n email: { type: 'string', format: 'email' }\n },\n required: ['email']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n });\n\n // Enums - Valid - Single Select - Untitled / Titled\n\n test(`${validatorName}: should succeed with valid selection in single-select untitled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: 'Red'\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n enum: ['Red', 'Green', 'Blue'],\n default: 'Green'\n }\n },\n required: ['color']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n color: 'Red'\n }\n });\n });\n\n test(`${validatorName}: should succeed with valid selection in single-select titled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: '#FF0000'\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n oneOf: [\n { const: '#FF0000', title: 'Red' },\n { const: '#00FF00', title: 'Green' },\n { const: '#0000FF', title: 'Blue' }\n ],\n default: '#00FF00'\n }\n },\n required: ['color']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n color: '#FF0000'\n }\n });\n });\n\n test(`${validatorName}: should succeed with valid selection in single-select titled legacy enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: '#FF0000'\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n enum: ['#FF0000', '#00FF00', '#0000FF'],\n enumNames: ['Red', 'Green', 'Blue'],\n default: '#00FF00'\n }\n },\n required: ['color']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n color: '#FF0000'\n }\n });\n });\n\n // Enums - Valid - Multi Select - Untitled / Titled\n\n test(`${validatorName}: should succeed with valid selection in multi-select untitled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n colors: ['Red', 'Blue']\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n colors: {\n type: 'array',\n title: 'Color Selection',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: {\n type: 'string',\n enum: ['Red', 'Green', 'Blue']\n }\n }\n },\n required: ['colors']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n colors: ['Red', 'Blue']\n }\n });\n });\n\n test(`${validatorName}: should succeed with valid selection in multi-select titled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n colors: ['#FF0000', '#0000FF']\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n colors: {\n type: 'array',\n title: 'Color Selection',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: {\n anyOf: [\n { const: '#FF0000', title: 'Red' },\n { const: '#00FF00', title: 'Green' },\n { const: '#0000FF', title: 'Blue' }\n ]\n }\n }\n },\n required: ['colors']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n colors: ['#FF0000', '#0000FF']\n }\n });\n });\n\n // Enums - Invalid - Single Select - Untitled / Titled\n\n test(`${validatorName}: should reject invalid selection in single-select untitled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: 'Black' // Color not in enum list\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n enum: ['Red', 'Green', 'Blue'],\n default: 'Green'\n }\n },\n required: ['color']\n }\n })\n ).rejects.toThrow(/^MCP error -32602: Elicitation response content does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid selection in single-select titled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: 'Red' // Should be \"#FF0000\" (const not title)\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n oneOf: [\n { const: '#FF0000', title: 'Red' },\n { const: '#00FF00', title: 'Green' },\n { const: '#0000FF', title: 'Blue' }\n ],\n default: '#00FF00'\n }\n },\n required: ['color']\n }\n })\n ).rejects.toThrow(/^MCP error -32602: Elicitation response content does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid selection in single-select titled legacy enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: 'Red' // Should be \"#FF0000\" (enum not enumNames)\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'string',\n title: 'Color Selection',\n description: 'Choose your favorite color',\n enum: ['#FF0000', '#00FF00', '#0000FF'],\n enumNames: ['Red', 'Green', 'Blue'],\n default: '#00FF00'\n }\n },\n required: ['color']\n }\n })\n ).rejects.toThrow(/^MCP error -32602: Elicitation response content does not match requested schema/);\n });\n\n // Enums - Invalid - Multi Select - Untitled / Titled\n\n test(`${validatorName}: should reject invalid selection in multi-select untitled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n color: 'Red' // Should be array, not string\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n color: {\n type: 'array',\n title: 'Color Selection',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: {\n type: 'string',\n enum: ['Red', 'Green', 'Blue']\n }\n }\n },\n required: ['color']\n }\n })\n ).rejects.toThrow(/^MCP error -32602: Elicitation response content does not match requested schema/);\n });\n\n test(`${validatorName}: should reject invalid selection in multi-select titled enum`, async () => {\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n colors: ['Red', 'Blue'] // Should be [\"#FF0000\", \"#0000FF\"] (const not title)\n }\n }));\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n colors: {\n type: 'array',\n title: 'Color Selection',\n description: 'Choose your favorite colors',\n minItems: 1,\n maxItems: 3,\n items: {\n anyOf: [\n { const: '#FF0000', title: 'Red' },\n { const: '#00FF00', title: 'Green' },\n { const: '#0000FF', title: 'Blue' }\n ]\n }\n }\n },\n required: ['colors']\n }\n })\n ).rejects.toThrow(/^MCP error -32602: Elicitation response content does not match requested schema/);\n });\n}\n" }, { "path": "test/integration/test/server/mcp.test.ts", "content": "import { Client } from '@modelcontextprotocol/client';\nimport type { CallToolResult, Notification, TextContent } from '@modelcontextprotocol/core';\nimport {\n getDisplayName,\n InMemoryTaskStore,\n InMemoryTransport,\n ProtocolErrorCode,\n UriTemplate,\n UrlElicitationRequiredError\n} from '@modelcontextprotocol/core';\nimport { completable, McpServer, ResourceTemplate } from '@modelcontextprotocol/server';\nimport { afterEach, beforeEach, describe, expect, test } from 'vitest';\nimport * as z from 'zod/v4';\n\nfunction createLatch() {\n let latch = false;\n const waitForLatch = async () => {\n while (!latch) {\n await new Promise(resolve => setTimeout(resolve, 0));\n }\n };\n\n return {\n releaseLatch: () => {\n latch = true;\n },\n waitForLatch\n };\n}\n\ndescribe('Zod v4', () => {\n describe('McpServer', () => {\n /***\n * Test: Basic Server Instance\n */\n test('should expose underlying Server instance', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n expect(mcpServer.server).toBeDefined();\n });\n\n /***\n * Test: Notification Sending via Server\n */\n test('should allow sending notifications via Server', async () => {\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n { capabilities: { logging: {} } }\n );\n\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // This should work because we're using the underlying server\n await expect(\n mcpServer.server.sendLoggingMessage({\n level: 'info',\n data: 'Test log message'\n })\n ).resolves.not.toThrow();\n\n expect(notifications).toMatchObject([\n {\n method: 'notifications/message',\n params: {\n level: 'info',\n data: 'Test log message'\n }\n }\n ]);\n });\n\n /***\n * Test: ctx.mcpReq.log convenience method\n */\n test('should send logging messages via ctx.mcpReq.log() convenience method', async () => {\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n { capabilities: { logging: {} } }\n );\n\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n mcpServer.registerTool(\n 'log-test',\n {\n description: 'A tool that logs via ctx.mcpReq.log()'\n },\n async ctx => {\n await ctx.mcpReq.log('info', 'Log from convenience method', 'test-logger');\n return {\n content: [{ type: 'text' as const, text: 'done' }]\n };\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await client.callTool({ name: 'log-test' });\n\n expect(notifications).toMatchObject([\n {\n method: 'notifications/message',\n params: {\n level: 'info',\n data: 'Log from convenience method',\n logger: 'test-logger'\n }\n }\n ]);\n });\n\n /***\n * Test: ctx.mcpReq.elicitInput convenience method\n */\n test('should elicit input via ctx.mcpReq.elicitInput() convenience method', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n let elicitResult: unknown = null;\n\n mcpServer.registerTool(\n 'elicit-test',\n {\n description: 'A tool that elicits input via ctx.mcpReq.elicitInput()'\n },\n async ctx => {\n elicitResult = await ctx.mcpReq.elicitInput({\n message: 'Please confirm',\n requestedSchema: {\n type: 'object',\n properties: {\n confirmed: { type: 'boolean' }\n }\n }\n });\n return {\n content: [{ type: 'text' as const, text: 'done' }]\n };\n }\n );\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { elicitation: {} } });\n\n client.setRequestHandler('elicitation/create', async () => ({\n action: 'accept',\n content: { confirmed: true }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await client.callTool({ name: 'elicit-test' });\n\n expect(elicitResult).toMatchObject({\n action: 'accept',\n content: { confirmed: true }\n });\n });\n\n /***\n * Test: ctx.mcpReq.requestSampling convenience method\n */\n test('should request sampling via ctx.mcpReq.requestSampling() convenience method', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n let samplingResult: unknown = null;\n\n mcpServer.registerTool(\n 'sampling-test',\n {\n description: 'A tool that requests sampling via ctx.mcpReq.requestSampling()'\n },\n async ctx => {\n samplingResult = await ctx.mcpReq.requestSampling({\n messages: [\n {\n role: 'user',\n content: { type: 'text', text: 'Hello' }\n }\n ],\n maxTokens: 100\n });\n return {\n content: [{ type: 'text' as const, text: 'done' }]\n };\n }\n );\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant' as const,\n content: { type: 'text' as const, text: 'Hello back' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await client.callTool({ name: 'sampling-test' });\n\n expect(samplingResult).toMatchObject({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Hello back' }\n });\n });\n\n /***\n * Test: Progress Notification with Message Field\n */\n test('should send progress notifications with message field', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // Create a tool that sends progress updates\n mcpServer.registerTool(\n 'long-operation',\n {\n description: 'A long running operation with progress updates',\n inputSchema: z.object({\n steps: z.number().min(1).describe('Number of steps to perform')\n })\n },\n async ({ steps }, ctx) => {\n const progressToken = ctx.mcpReq._meta?.progressToken;\n\n if (progressToken) {\n // Send progress notification for each step\n for (let i = 1; i <= steps; i++) {\n await ctx.mcpReq.notify({\n method: 'notifications/progress',\n params: {\n progressToken,\n progress: i,\n total: steps,\n message: `Completed step ${i} of ${steps}`\n }\n });\n }\n }\n\n return {\n content: [\n {\n type: 'text' as const,\n text: `Operation completed with ${steps} steps`\n }\n ]\n };\n }\n );\n\n const progressUpdates: Array<{\n progress: number;\n total?: number;\n message?: string;\n }> = [];\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool with progress tracking\n await client.request(\n {\n method: 'tools/call',\n params: {\n name: 'long-operation',\n arguments: { steps: 3 },\n _meta: {\n progressToken: 'progress-test-1'\n }\n }\n },\n {\n onprogress: progress => {\n progressUpdates.push(progress);\n }\n }\n );\n\n // Verify progress notifications were received with message field\n expect(progressUpdates).toHaveLength(3);\n expect(progressUpdates[0]).toMatchObject({\n progress: 1,\n total: 3,\n message: 'Completed step 1 of 3'\n });\n expect(progressUpdates[1]).toMatchObject({\n progress: 2,\n total: 3,\n message: 'Completed step 2 of 3'\n });\n expect(progressUpdates[2]).toMatchObject({\n progress: 3,\n total: 3,\n message: 'Completed step 3 of 3'\n });\n });\n });\n\n describe('ResourceTemplate', () => {\n /***\n * Test: ResourceTemplate Creation with String Pattern\n */\n test('should create ResourceTemplate with string pattern', () => {\n const template = new ResourceTemplate('test://{category}/{id}', {\n list: undefined\n });\n expect(template.uriTemplate.toString()).toBe('test://{category}/{id}');\n expect(template.listCallback).toBeUndefined();\n });\n\n /***\n * Test: ResourceTemplate Creation with UriTemplate Instance\n */\n test('should create ResourceTemplate with UriTemplate', () => {\n const uriTemplate = new UriTemplate('test://{category}/{id}');\n const template = new ResourceTemplate(uriTemplate, { list: undefined });\n expect(template.uriTemplate).toBe(uriTemplate);\n expect(template.listCallback).toBeUndefined();\n });\n\n /***\n * Test: ResourceTemplate with List Callback\n */\n test('should create ResourceTemplate with list callback', async () => {\n const list = vi.fn().mockResolvedValue({\n resources: [{ name: 'Test', uri: 'test://example' }]\n });\n\n const template = new ResourceTemplate('test://{id}', { list });\n expect(template.listCallback).toBe(list);\n\n const abortController = new AbortController();\n const result = await template.listCallback?.({\n signal: abortController.signal,\n requestId: 'not-implemented',\n sendRequest: () => {\n throw new Error('Not implemented');\n },\n sendNotification: () => {\n throw new Error('Not implemented');\n }\n });\n expect(result?.resources).toHaveLength(1);\n expect(list).toHaveBeenCalled();\n });\n });\n\n describe('tool()', () => {\n afterEach(() => {\n vi.restoreAllMocks();\n });\n\n /***\n * Test: Zero-Argument Tool Registration\n */\n test('should register zero-argument tool', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n mcpServer.registerTool('test', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/list'\n });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.inputSchema).toEqual({\n type: 'object',\n properties: {}\n });\n\n // Adding the tool before the connection was established means no notification was sent\n expect(notifications).toHaveLength(0);\n\n // Adding another tool triggers the update notification\n mcpServer.registerTool('test2', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([\n {\n method: 'notifications/tools/list_changed'\n }\n ]);\n });\n\n /***\n * Test: Updating Existing Tool\n */\n test('should update existing tool', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial tool\n const tool = mcpServer.registerTool('test', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Initial response'\n }\n ]\n }));\n\n // Update the tool\n tool.update({\n callback: async () => ({\n content: [\n {\n type: 'text',\n text: 'Updated response'\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool and verify we get the updated response\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'test'\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Updated response'\n }\n ]);\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Updating Tool with Schema\n */\n test('should update tool with schema', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial tool\n const tool = mcpServer.registerTool(\n 'test',\n {\n inputSchema: z.object({\n name: z.string()\n })\n },\n async ({ name }) => ({\n content: [\n {\n type: 'text',\n text: `Initial: ${name}`\n }\n ]\n })\n );\n\n // Update the tool with a different schema\n tool.update({\n paramsSchema: z.object({\n name: z.string(),\n value: z.number()\n }),\n callback: async ({ name, value }) => ({\n content: [\n {\n type: 'text',\n text: `Updated: ${name}, ${value}`\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify the schema was updated\n const listResult = await client.request({\n method: 'tools/list'\n });\n\n expect(listResult.tools[0]!.inputSchema).toMatchObject({\n properties: {\n name: { type: 'string' },\n value: { type: 'number' }\n }\n });\n\n // Call the tool with the new schema\n const callResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {\n name: 'test',\n value: 42\n }\n }\n });\n\n expect(callResult.content).toEqual([\n {\n type: 'text',\n text: 'Updated: test, 42'\n }\n ]);\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Updating Tool with outputSchema\n */\n test('should update tool with outputSchema', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial tool\n const tool = mcpServer.registerTool(\n 'test',\n {\n outputSchema: z.object({\n result: z.number()\n })\n },\n async () => ({\n content: [{ type: 'text', text: '' }],\n structuredContent: {\n result: 42\n }\n })\n );\n\n // Update the tool with a different outputSchema\n tool.update({\n outputSchema: z.object({\n result: z.number(),\n sum: z.number()\n }),\n callback: async () => ({\n content: [{ type: 'text', text: '' }],\n structuredContent: {\n result: 42,\n sum: 100\n }\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify the outputSchema was updated\n const listResult = await client.request({\n method: 'tools/list'\n });\n\n expect(listResult.tools[0]!.outputSchema).toMatchObject({\n type: 'object',\n properties: {\n result: { type: 'number' },\n sum: { type: 'number' }\n }\n });\n\n // Call the tool to verify it works with the updated outputSchema\n const callResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {}\n }\n });\n\n expect(callResult.structuredContent).toEqual({\n result: 42,\n sum: 100\n });\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Tool List Changed Notifications\n */\n test('should send tool list changed notifications when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial tool\n const tool = mcpServer.registerTool('test', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n expect(notifications).toHaveLength(0);\n\n // Now update the tool\n tool.update({\n callback: async () => ({\n content: [\n {\n type: 'text',\n text: 'Updated response'\n }\n ]\n })\n });\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([{ method: 'notifications/tools/list_changed' }]);\n\n // Now delete the tool\n tool.remove();\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([\n { method: 'notifications/tools/list_changed' },\n { method: 'notifications/tools/list_changed' }\n ]);\n });\n\n /***\n * Test: listChanged capability should default to true when not specified\n */\n test('should default tools.listChanged to true when not explicitly set', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool('test', {}, async () => ({\n content: [{ type: 'text', text: 'Test' }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const capabilities = client.getServerCapabilities();\n expect(capabilities?.tools?.listChanged).toBe(true);\n });\n\n /***\n * Test: listChanged capability should respect explicit false setting\n */\n test('should respect tools.listChanged: false when explicitly set', async () => {\n const mcpServer = new McpServer({ name: 'test server', version: '1.0' }, { capabilities: { tools: { listChanged: false } } });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool('test', {}, async () => ({\n content: [{ type: 'text', text: 'Test' }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const capabilities = client.getServerCapabilities();\n expect(capabilities?.tools?.listChanged).toBe(false);\n });\n\n /***\n * Test: resources.listChanged should respect explicit false setting\n */\n test('should respect resources.listChanged: false when explicitly set', async () => {\n const mcpServer = new McpServer(\n { name: 'test server', version: '1.0' },\n { capabilities: { resources: { listChanged: false } } }\n );\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('test://resource', 'Test Resource', async () => ({\n contents: [{ uri: 'test://resource', text: 'Test' }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const capabilities = client.getServerCapabilities();\n expect(capabilities?.resources?.listChanged).toBe(false);\n });\n\n /***\n * Test: prompts.listChanged should respect explicit false setting\n */\n test('should respect prompts.listChanged: false when explicitly set', async () => {\n const mcpServer = new McpServer({ name: 'test server', version: '1.0' }, { capabilities: { prompts: { listChanged: false } } });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt('test-prompt', async () => ({\n messages: [{ role: 'assistant', content: { type: 'text', text: 'Test' } }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const capabilities = client.getServerCapabilities();\n expect(capabilities?.prompts?.listChanged).toBe(false);\n });\n\n /***\n * Test: Tool Registration with Parameters\n */\n test('should register tool with params', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n inputSchema: z.object({ name: z.string(), value: z.number() })\n },\n async ({ name, value }) => ({\n content: [{ type: 'text', text: `${name}: ${value}` }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/list'\n });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.inputSchema).toMatchObject({\n type: 'object',\n properties: {\n name: { type: 'string' },\n value: { type: 'number' }\n }\n });\n });\n\n /***\n * Test: Tool Registration with Description\n */\n test('should register tool with description', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool('test', { description: 'Test description' }, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n // new api\n mcpServer.registerTool(\n 'test (new api)',\n {\n description: 'Test description'\n },\n async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/list'\n });\n\n expect(result.tools).toHaveLength(2);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.description).toBe('Test description');\n expect(result.tools[1]!.name).toBe('test (new api)');\n expect(result.tools[1]!.description).toBe('Test description');\n });\n\n /***\n * Test: Tool Registration with Annotations\n */\n test('should register tool with annotations', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n annotations: { title: 'Test Tool', readOnlyHint: true }\n },\n async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/list'\n });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.annotations).toEqual({\n title: 'Test Tool',\n readOnlyHint: true\n });\n });\n\n /***\n * Test: Tool Registration with Parameters and Annotations\n */\n test('should register tool with params and annotations', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n inputSchema: z.object({ name: z.string() }),\n annotations: { title: 'Test Tool', readOnlyHint: true }\n },\n async ({ name }) => ({\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.inputSchema).toMatchObject({\n type: 'object',\n properties: { name: { type: 'string' } }\n });\n expect(result.tools[0]!.annotations).toEqual({\n title: 'Test Tool',\n readOnlyHint: true\n });\n });\n\n /***\n * Test: Tool Registration with Description, Parameters, and Annotations\n */\n test('should register tool with description, params, and annotations', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n description: 'A tool with everything',\n inputSchema: z.object({ name: z.string() }),\n annotations: {\n title: 'Complete Test Tool',\n readOnlyHint: true,\n openWorldHint: false\n }\n },\n async ({ name }) => ({\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.description).toBe('A tool with everything');\n expect(result.tools[0]!.inputSchema).toMatchObject({\n type: 'object',\n properties: { name: { type: 'string' } }\n });\n expect(result.tools[0]!.annotations).toEqual({\n title: 'Complete Test Tool',\n readOnlyHint: true,\n openWorldHint: false\n });\n });\n\n /***\n * Test: Tool Registration with Description, Empty Parameters, and Annotations\n */\n test('should register tool with description, empty params, and annotations', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n description: 'A tool with everything but empty params',\n annotations: {\n title: 'Complete Test Tool with empty params',\n readOnlyHint: true,\n openWorldHint: false\n }\n },\n async () => ({\n content: [{ type: 'text', text: 'Test response' }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test');\n expect(result.tools[0]!.description).toBe('A tool with everything but empty params');\n expect(result.tools[0]!.inputSchema).toMatchObject({\n type: 'object',\n properties: {}\n });\n expect(result.tools[0]!.annotations).toEqual({\n title: 'Complete Test Tool with empty params',\n readOnlyHint: true,\n openWorldHint: false\n });\n });\n\n /***\n * Test: Tool Argument Validation\n */\n test('should validate tool args', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n inputSchema: z.object({\n name: z.string(),\n value: z.number()\n })\n },\n async ({ name, value }) => ({\n content: [\n {\n type: 'text',\n text: `${name}: ${value}`\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {\n name: 'test',\n value: 'not a number'\n }\n }\n });\n\n expect(result.isError).toBe(true);\n expect(result.content).toEqual(\n expect.arrayContaining([\n {\n type: 'text',\n text: expect.stringContaining('Input validation error: Invalid arguments for tool test')\n }\n ])\n );\n });\n\n /***\n * Test: Preventing Duplicate Tool Registration\n */\n test('should prevent duplicate tool registration', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n mcpServer.registerTool('test', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n expect(() => {\n mcpServer.registerTool('test', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response 2'\n }\n ]\n }));\n }).toThrow(/already registered/);\n });\n\n /***\n * Test: Multiple Tool Registration\n */\n test('should allow registering multiple tools', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // This should succeed\n mcpServer.registerTool('tool1', {}, () => ({ content: [] }));\n\n // This should also succeed and not throw about request handlers\n mcpServer.registerTool('tool2', {}, () => ({ content: [] }));\n });\n\n /***\n * Test: Tool with Output Schema and Structured Content\n */\n test('should support tool with outputSchema and structuredContent', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Register a tool with outputSchema\n mcpServer.registerTool(\n 'test',\n {\n description: 'Test tool with structured output',\n inputSchema: z.object({\n input: z.string()\n }),\n outputSchema: z.object({\n processedInput: z.string(),\n resultType: z.string(),\n timestamp: z.string()\n })\n },\n async ({ input }) => ({\n structuredContent: {\n processedInput: input,\n resultType: 'structured',\n timestamp: '2023-01-01T00:00:00Z'\n },\n content: [\n {\n type: 'text',\n text: JSON.stringify({\n processedInput: input,\n resultType: 'structured',\n timestamp: '2023-01-01T00:00:00Z'\n })\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Verify the tool registration includes outputSchema\n const listResult = await client.request({\n method: 'tools/list'\n });\n\n expect(listResult.tools).toHaveLength(1);\n expect(listResult.tools[0]!.outputSchema).toMatchObject({\n type: 'object',\n properties: {\n processedInput: { type: 'string' },\n resultType: { type: 'string' },\n timestamp: { type: 'string' }\n },\n required: ['processedInput', 'resultType', 'timestamp']\n });\n\n // Call the tool and verify it returns valid structuredContent\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {\n input: 'hello'\n }\n }\n });\n\n expect(result.structuredContent).toBeDefined();\n const structuredContent = result.structuredContent as {\n processedInput: string;\n resultType: string;\n timestamp: string;\n };\n expect(structuredContent.processedInput).toBe('hello');\n expect(structuredContent.resultType).toBe('structured');\n expect(structuredContent.timestamp).toBe('2023-01-01T00:00:00Z');\n\n // For backward compatibility, content is auto-generated from structuredContent\n expect(result.content).toBeDefined();\n expect(result.content!).toHaveLength(1);\n expect(result.content![0]).toMatchObject({ type: 'text' });\n const textContent = result.content![0] as TextContent;\n expect(JSON.parse(textContent.text)).toEqual(result.structuredContent);\n });\n\n /***\n * Test: Tool with Output Schema Must Provide Structured Content\n */\n test('should throw error when tool with outputSchema returns no structuredContent', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Register a tool with outputSchema that returns only content without structuredContent\n mcpServer.registerTool(\n 'test',\n {\n description: 'Test tool with output schema but missing structured content',\n inputSchema: z.object({\n input: z.string()\n }),\n outputSchema: z.object({\n processedInput: z.string(),\n resultType: z.string()\n })\n },\n async ({ input }) => ({\n // Only return content without structuredContent\n content: [\n {\n type: 'text',\n text: `Processed: ${input}`\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool and expect it to throw an error\n const result = await client.callTool({\n name: 'test',\n arguments: {\n input: 'hello'\n }\n });\n\n expect(result.isError).toBe(true);\n expect(result.content).toEqual(\n expect.arrayContaining([\n {\n type: 'text',\n text: expect.stringContaining(\n 'Output validation error: Tool test has an output schema but no structured content was provided'\n )\n }\n ])\n );\n });\n /***\n * Test: Tool with Output Schema Must Provide Structured Content\n */\n test('should skip outputSchema validation when isError is true', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n description: 'Test tool with output schema but missing structured content',\n inputSchema: z.object({\n input: z.string()\n }),\n outputSchema: z.object({\n processedInput: z.string(),\n resultType: z.string()\n })\n },\n async ({ input }) => ({\n content: [\n {\n type: 'text',\n text: `Processed: ${input}`\n }\n ],\n isError: true\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.callTool({\n name: 'test',\n arguments: {\n input: 'hello'\n }\n })\n ).resolves.toStrictEqual({\n content: [\n {\n type: 'text',\n text: `Processed: hello`\n }\n ],\n isError: true\n });\n });\n\n /***\n * Test: Schema Validation Failure for Invalid Structured Content\n */\n test('should fail schema validation when tool returns invalid structuredContent', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Register a tool with outputSchema that returns invalid data\n mcpServer.registerTool(\n 'test',\n {\n description: 'Test tool with invalid structured output',\n inputSchema: z.object({\n input: z.string()\n }),\n outputSchema: z.object({\n processedInput: z.string(),\n resultType: z.string(),\n timestamp: z.string()\n })\n },\n async ({ input }) => ({\n content: [\n {\n type: 'text',\n text: JSON.stringify({\n processedInput: input,\n resultType: 'structured',\n // Missing required 'timestamp' field\n someExtraField: 'unexpected' // Extra field not in schema\n })\n }\n ],\n structuredContent: {\n processedInput: input,\n resultType: 'structured',\n // Missing required 'timestamp' field\n someExtraField: 'unexpected' // Extra field not in schema\n }\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool and expect it to throw a server-side validation error\n const result = await client.callTool({\n name: 'test',\n arguments: {\n input: 'hello'\n }\n });\n\n expect(result.isError).toBe(true);\n expect(result.content).toEqual(\n expect.arrayContaining([\n {\n type: 'text',\n text: expect.stringContaining('Output validation error: Invalid structured content for tool test')\n }\n ])\n );\n });\n\n /***\n * Test: Pass Session ID to Tool Callback\n */\n test('should pass sessionId to tool callback via ServerContext', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n let receivedSessionId: string | undefined;\n mcpServer.registerTool('test-tool', {}, async ctx => {\n receivedSessionId = ctx.sessionId;\n return {\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n // Set a test sessionId on the server transport\n serverTransport.sessionId = 'test-session-123';\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await client.request({\n method: 'tools/call',\n params: {\n name: 'test-tool'\n }\n });\n\n expect(receivedSessionId).toBe('test-session-123');\n });\n\n /***\n * Test: Pass Request ID to Tool Callback\n */\n test('should pass requestId to tool callback via ServerContext', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n let receivedRequestId: string | number | undefined;\n mcpServer.registerTool('request-id-test', {}, async ctx => {\n receivedRequestId = ctx.mcpReq.id;\n return {\n content: [\n {\n type: 'text',\n text: `Received request ID: ${ctx.mcpReq.id}`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'request-id-test'\n }\n });\n\n expect(receivedRequestId).toBeDefined();\n expect(typeof receivedRequestId === 'string' || typeof receivedRequestId === 'number').toBe(true);\n expect(result.content).toEqual(\n expect.arrayContaining([\n {\n type: 'text',\n text: expect.stringContaining('Received request ID:')\n }\n ])\n );\n });\n\n /***\n * Test: Send Notification within Tool Call\n */\n test('should provide sendNotification within tool call', async () => {\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n { capabilities: { logging: {} } }\n );\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n let receivedLogMessage: string | undefined;\n const loggingMessage = 'hello here is log message 1';\n\n client.setNotificationHandler('notifications/message', notification => {\n receivedLogMessage = notification.params.data as string;\n });\n\n mcpServer.registerTool('test-tool', {}, async ctx => {\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: { level: 'debug', data: loggingMessage }\n });\n return {\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n await client.request({\n method: 'tools/call',\n params: {\n name: 'test-tool'\n }\n });\n expect(receivedLogMessage).toBe(loggingMessage);\n });\n\n /***\n * Test: Client to Server Tool Call\n */\n test('should allow client to call server tools', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test',\n {\n description: 'Test tool',\n inputSchema: z.object({\n input: z.string()\n })\n },\n async ({ input }) => ({\n content: [\n {\n type: 'text',\n text: `Processed: ${input}`\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'test',\n arguments: {\n input: 'hello'\n }\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Processed: hello'\n }\n ]);\n });\n\n /***\n * Test: Graceful Tool Error Handling\n */\n test('should handle server tool errors gracefully', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool('error-test', {}, async () => {\n throw new Error('Tool execution failed');\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'tools/call',\n params: {\n name: 'error-test'\n }\n });\n\n expect(result.isError).toBe(true);\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Tool execution failed'\n }\n ]);\n });\n\n /***\n * Test: ProtocolError for Invalid Tool Name\n */\n test('should throw ProtocolError for invalid tool name', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool('test-tool', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'tools/call',\n params: {\n name: 'nonexistent-tool'\n }\n })\n ).rejects.toMatchObject({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('nonexistent-tool')\n });\n });\n\n /***\n * Test: ProtocolError for Disabled Tool\n */\n test('should throw ProtocolError for disabled tool', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const tool = mcpServer.registerTool('test-tool', {}, async () => ({\n content: [\n {\n type: 'text',\n text: 'Test response'\n }\n ]\n }));\n\n tool.disable();\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'tools/call',\n params: {\n name: 'test-tool'\n }\n })\n ).rejects.toMatchObject({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('disabled')\n });\n });\n\n /***\n * Test: URL Elicitation Required Error Propagation\n */\n test('should propagate UrlElicitationRequiredError to client callers', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const elicitationParams = {\n mode: 'url' as const,\n elicitationId: 'elicitation-123',\n url: 'https://mcp.example.com/connect',\n message: 'Authorization required'\n };\n\n mcpServer.registerTool('needs-authorization', {}, async () => {\n throw new UrlElicitationRequiredError([elicitationParams], 'Confirmation required');\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await client\n .callTool({\n name: 'needs-authorization'\n })\n .then(() => {\n throw new Error('Expected callTool to throw UrlElicitationRequiredError');\n })\n .catch(error => {\n expect(error).toBeInstanceOf(UrlElicitationRequiredError);\n if (error instanceof UrlElicitationRequiredError) {\n expect(error.code).toBe(ProtocolErrorCode.UrlElicitationRequired);\n expect(error.elicitations).toEqual([elicitationParams]);\n }\n });\n });\n\n /***\n * Test: Tool Registration with _meta field\n */\n test('should register tool with _meta field and include it in list response', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const metaData = {\n author: 'test-author',\n version: '1.2.3',\n category: 'utility',\n tags: ['test', 'example']\n };\n\n mcpServer.registerTool(\n 'test-with-meta',\n {\n description: 'A tool with _meta field',\n inputSchema: z.object({ name: z.string() }),\n _meta: metaData\n },\n async ({ name }) => ({\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test-with-meta');\n expect(result.tools[0]!.description).toBe('A tool with _meta field');\n expect(result.tools[0]!._meta).toEqual(metaData);\n });\n\n /***\n * Test: Tool Registration without _meta field should have undefined _meta\n */\n test('should register tool without _meta field and have undefined _meta in response', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerTool(\n 'test-without-meta',\n {\n description: 'A tool without _meta field',\n inputSchema: z.object({ name: z.string() })\n },\n async ({ name }) => ({\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('test-without-meta');\n expect(result.tools[0]!._meta).toBeUndefined();\n });\n\n test('should include execution field in listTools response when tool has execution settings', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Register a tool with execution.taskSupport\n mcpServer.experimental.tasks.registerToolTask(\n 'task-tool',\n {\n description: 'A tool with task support',\n inputSchema: z.object({ input: z.string() }),\n execution: {\n taskSupport: 'required'\n }\n },\n {\n createTask: async (_args, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000 });\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) throw new Error('Task not found');\n return task;\n },\n getTaskResult: async (_args, ctx) => {\n return (await ctx.task.store.getTaskResult(ctx.task.id)) as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('task-tool');\n expect(result.tools[0]!.execution).toEqual({\n taskSupport: 'required'\n });\n\n taskStore.cleanup();\n });\n\n test('should include execution field with taskSupport optional in listTools response', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Register a tool with execution.taskSupport optional\n mcpServer.experimental.tasks.registerToolTask(\n 'optional-task-tool',\n {\n description: 'A tool with optional task support',\n inputSchema: z.object({ input: z.string() }),\n execution: {\n taskSupport: 'optional'\n }\n },\n {\n createTask: async (_args, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000 });\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) throw new Error('Task not found');\n return task;\n },\n getTaskResult: async (_args, ctx) => {\n return (await ctx.task.store.getTaskResult(ctx.task.id)) as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(1);\n expect(result.tools[0]!.name).toBe('optional-task-tool');\n expect(result.tools[0]!.execution).toEqual({\n taskSupport: 'optional'\n });\n\n taskStore.cleanup();\n });\n\n test('should validate tool names according to SEP specification', () => {\n // Create a new server instance for this test\n const testServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // Spy on console.warn to verify warnings are logged\n const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});\n\n // Test valid tool names\n testServer.registerTool(\n 'valid-tool-name',\n {\n description: 'A valid tool name'\n },\n async () => ({ content: [{ type: 'text', text: 'Success' }] })\n );\n\n // Test tool name with warnings (starts with dash)\n testServer.registerTool(\n '-warning-tool',\n {\n description: 'A tool name that generates warnings'\n },\n async () => ({ content: [{ type: 'text', text: 'Success' }] })\n );\n\n // Test invalid tool name (contains spaces)\n testServer.registerTool(\n 'invalid tool name',\n {\n description: 'An invalid tool name'\n },\n async () => ({ content: [{ type: 'text', text: 'Success' }] })\n );\n\n // Verify that warnings were issued (both for warnings and validation failures)\n expect(warnSpy).toHaveBeenCalled();\n\n // Verify specific warning content\n const warningCalls = warnSpy.mock.calls.map(call => call.join(' '));\n expect(warningCalls.some(call => call.includes('Tool name starts or ends with a dash'))).toBe(true);\n expect(warningCalls.some(call => call.includes('Tool name contains spaces'))).toBe(true);\n expect(warningCalls.some(call => call.includes('Tool name contains invalid characters'))).toBe(true);\n\n // Clean up spies\n warnSpy.mockRestore();\n });\n });\n\n describe('resource()', () => {\n /***\n * Test: Resource Registration with URI and Read Callback\n */\n test('should register resource with uri and readCallback', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(1);\n expect(result.resources[0]!.name).toBe('test');\n expect(result.resources[0]!.uri).toBe('test://resource');\n });\n\n /***\n * Test: Update Resource with URI\n */\n test('should update resource with uri', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial resource\n const resource = mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Initial content'\n }\n ]\n }));\n\n // Update the resource\n resource.update({\n callback: async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Updated content'\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Read the resource and verify we get the updated content\n const result = await client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource'\n }\n });\n\n expect(result.contents).toHaveLength(1);\n expect(result.contents).toEqual(\n expect.arrayContaining([\n {\n text: expect.stringContaining('Updated content'),\n uri: 'test://resource'\n }\n ])\n );\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Update Resource Template\n */\n test('should update resource template', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial resource template\n const resourceTemplate = mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', { list: undefined }),\n {},\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Initial content'\n }\n ]\n })\n );\n\n // Update the resource template\n resourceTemplate.update({\n callback: async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Updated content'\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Read the resource and verify we get the updated content\n const result = await client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource/123'\n }\n });\n\n expect(result.contents).toHaveLength(1);\n expect(result.contents).toEqual(\n expect.arrayContaining([\n {\n text: expect.stringContaining('Updated content'),\n uri: 'test://resource/123'\n }\n ])\n );\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Resource List Changed Notification\n */\n test('should send resource list changed notification when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial resource\n const resource = mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n expect(notifications).toHaveLength(0);\n\n // Now update the resource while connected\n resource.update({\n callback: async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Updated content'\n }\n ]\n })\n });\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([{ method: 'notifications/resources/list_changed' }]);\n });\n\n /***\n * Test: Remove Resource and Send Notification\n */\n test('should remove resource and send notification when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial resources\n const resource1 = mcpServer.registerResource('resource1', 'test://resource1', {}, async () => ({\n contents: [{ uri: 'test://resource1', text: 'Resource 1 content' }]\n }));\n\n mcpServer.registerResource('resource2', 'test://resource2', {}, async () => ({\n contents: [{ uri: 'test://resource2', text: 'Resource 2 content' }]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify both resources are registered\n let result = await client.request({ method: 'resources/list' });\n\n expect(result.resources).toHaveLength(2);\n\n expect(notifications).toHaveLength(0);\n\n // Remove a resource\n resource1.remove();\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n // Should have sent notification\n expect(notifications).toMatchObject([{ method: 'notifications/resources/list_changed' }]);\n\n // Verify the resource was removed\n result = await client.request({ method: 'resources/list' });\n\n expect(result.resources).toHaveLength(1);\n expect(result.resources[0]!.uri).toBe('test://resource2');\n });\n\n /***\n * Test: Remove Resource Template and Send Notification\n */\n test('should remove resource template and send notification when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register resource template\n const resourceTemplate = mcpServer.registerResource(\n 'template',\n new ResourceTemplate('test://resource/{id}', { list: undefined }),\n {},\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Template content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify template is registered\n const result = await client.request({ method: 'resources/templates/list' });\n\n expect(result.resourceTemplates).toHaveLength(1);\n expect(notifications).toHaveLength(0);\n\n // Remove the template\n resourceTemplate.remove();\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n // Should have sent notification\n expect(notifications).toMatchObject([{ method: 'notifications/resources/list_changed' }]);\n\n // Verify the template was removed\n const result2 = await client.request({ method: 'resources/templates/list' });\n\n expect(result2.resourceTemplates).toHaveLength(0);\n });\n\n /***\n * Test: Resource Registration with Metadata\n */\n test('should register resource with metadata', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const mockDate = new Date().toISOString();\n mcpServer.registerResource(\n 'test',\n 'test://resource',\n {\n description: 'Test resource',\n mimeType: 'text/plain',\n annotations: {\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n }\n },\n async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(1);\n expect(result.resources[0]!.description).toBe('Test resource');\n expect(result.resources[0]!.mimeType).toBe('text/plain');\n expect(result.resources[0]!.annotations).toEqual({\n audience: ['user'],\n priority: 0.5,\n lastModified: mockDate\n });\n });\n\n /***\n * Test: Resource Template Registration\n */\n test('should register resource template', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', new ResourceTemplate('test://resource/{id}', { list: undefined }), {}, async () => ({\n contents: [\n {\n uri: 'test://resource/123',\n text: 'Test content'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/templates/list'\n });\n\n expect(result.resourceTemplates).toHaveLength(1);\n expect(result.resourceTemplates[0]!.name).toBe('test');\n expect(result.resourceTemplates[0]!.uriTemplate).toBe('test://resource/{id}');\n });\n\n /***\n * Test: Resource Template with List Callback\n */\n test('should register resource template with listCallback', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', {\n list: async () => ({\n resources: [\n {\n name: 'Resource 1',\n uri: 'test://resource/1'\n },\n {\n name: 'Resource 2',\n uri: 'test://resource/2'\n }\n ]\n })\n }),\n {},\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(2);\n expect(result.resources[0]!.name).toBe('Resource 1');\n expect(result.resources[0]!.uri).toBe('test://resource/1');\n expect(result.resources[1]!.name).toBe('Resource 2');\n expect(result.resources[1]!.uri).toBe('test://resource/2');\n });\n\n /***\n * Test: Template Variables to Read Callback\n */\n test('should pass template variables to readCallback', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}/{id}', {\n list: undefined\n }),\n {},\n async (uri, { category, id }) => ({\n contents: [\n {\n uri: uri.href,\n text: `Category: ${category}, ID: ${id}`\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource/books/123'\n }\n });\n\n expect(result.contents).toEqual(\n expect.arrayContaining([\n {\n text: expect.stringContaining('Category: books, ID: 123'),\n uri: 'test://resource/books/123'\n }\n ])\n );\n });\n\n /***\n * Test: Preventing Duplicate Resource Registration\n */\n test('should prevent duplicate resource registration', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n expect(() => {\n mcpServer.registerResource('test2', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content 2'\n }\n ]\n }));\n }).toThrow(/already registered/);\n });\n\n /***\n * Test: Multiple Resource Registration\n */\n test('should allow registering multiple resources', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // This should succeed\n mcpServer.registerResource('resource1', 'test://resource1', {}, async () => ({\n contents: [\n {\n uri: 'test://resource1',\n text: 'Test content 1'\n }\n ]\n }));\n\n // This should also succeed and not throw about request handlers\n mcpServer.registerResource('resource2', 'test://resource2', {}, async () => ({\n contents: [\n {\n uri: 'test://resource2',\n text: 'Test content 2'\n }\n ]\n }));\n });\n\n /***\n * Test: Preventing Duplicate Resource Template Registration\n */\n test('should prevent duplicate resource template registration', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', new ResourceTemplate('test://resource/{id}', { list: undefined }), {}, async () => ({\n contents: [\n {\n uri: 'test://resource/123',\n text: 'Test content'\n }\n ]\n }));\n\n expect(() => {\n mcpServer.registerResource('test', new ResourceTemplate('test://resource/{id}', { list: undefined }), {}, async () => ({\n contents: [\n {\n uri: 'test://resource/123',\n text: 'Test content 2'\n }\n ]\n }));\n }).toThrow(/already registered/);\n });\n\n /***\n * Test: Graceful Resource Read Error Handling\n */\n test('should handle resource read errors gracefully', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('error-test', 'test://error', {}, async () => {\n throw new Error('Resource read failed');\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'resources/read',\n params: {\n uri: 'test://error'\n }\n })\n ).rejects.toThrow(/Resource read failed/);\n });\n\n /***\n * Test: ProtocolError for Invalid Resource URI\n */\n test('should throw ProtocolError for invalid resource URI', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'resources/read',\n params: {\n uri: 'test://nonexistent'\n }\n })\n ).rejects.toMatchObject({\n code: ProtocolErrorCode.ResourceNotFound,\n message: expect.stringContaining('not found')\n });\n });\n\n /***\n * Test: ProtocolError for Disabled Resource\n */\n test('should throw ProtocolError for disabled resource', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const resource = mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n resource.disable();\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource'\n }\n })\n ).rejects.toMatchObject({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('disabled')\n });\n });\n\n /***\n * Test: Registering a resource template without a complete callback should not update server capabilities to advertise support for completion\n */\n test('should not advertise support for completion when a resource template without a complete callback is defined', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}', {\n list: undefined\n }),\n {},\n async () => ({\n contents: [\n {\n uri: 'test://resource/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n expect(client.getServerCapabilities()).not.toHaveProperty('completions');\n });\n\n /***\n * Test: Registering a resource template with a complete callback should update server capabilities to advertise support for completion\n */\n test('should advertise support for completion when a resource template with a complete callback is defined', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}', {\n list: undefined,\n complete: {\n category: () => ['books', 'movies', 'music']\n }\n }),\n {},\n async () => ({\n contents: [\n {\n uri: 'test://resource/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n expect(client.getServerCapabilities()).toMatchObject({ completions: {} });\n });\n\n /***\n * Test: Resource Template Parameter Completion\n */\n test('should support completion of resource template parameters', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}', {\n list: undefined,\n complete: {\n category: () => ['books', 'movies', 'music']\n }\n }),\n {},\n async () => ({\n contents: [\n {\n uri: 'test://resource/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'test://resource/{category}'\n },\n argument: {\n name: 'category',\n value: ''\n }\n }\n });\n\n expect(result.completion.values).toEqual(['books', 'movies', 'music']);\n expect(result.completion.total).toBe(3);\n });\n\n /***\n * Test: Filtered Resource Template Parameter Completion\n */\n test('should support filtered completion of resource template parameters', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}', {\n list: undefined,\n complete: {\n category: (test: string) => ['books', 'movies', 'music'].filter(value => value.startsWith(test))\n }\n }),\n {},\n async () => ({\n contents: [\n {\n uri: 'test://resource/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'test://resource/{category}'\n },\n argument: {\n name: 'category',\n value: 'm'\n }\n }\n });\n\n expect(result.completion.values).toEqual(['movies', 'music']);\n expect(result.completion.total).toBe(2);\n });\n\n /***\n * Test: Pass Request ID to Resource Callback\n */\n test('should pass requestId to resource callback via ServerContext', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n let receivedRequestId: string | number | undefined;\n mcpServer.registerResource('request-id-test', 'test://resource', {}, async (_uri, ctx) => {\n receivedRequestId = ctx.mcpReq.id;\n return {\n contents: [\n {\n uri: 'test://resource',\n text: `Received request ID: ${ctx.mcpReq.id}`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource'\n }\n });\n\n expect(receivedRequestId).toBeDefined();\n expect(typeof receivedRequestId === 'string' || typeof receivedRequestId === 'number').toBe(true);\n expect(result.contents).toEqual(\n expect.arrayContaining([\n {\n text: expect.stringContaining(`Received request ID:`),\n uri: 'test://resource'\n }\n ])\n );\n });\n });\n\n describe('prompt()', () => {\n /***\n * Test: Zero-Argument Prompt Registration\n */\n test('should register zero-argument prompt', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt('test', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/list'\n });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('test');\n expect(result.prompts[0]!.arguments).toBeUndefined();\n });\n /***\n * Test: Updating Existing Prompt\n */\n test('should update existing prompt', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial prompt\n const prompt = mcpServer.registerPrompt('test', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Initial response'\n }\n }\n ]\n }));\n\n // Update the prompt\n prompt.update({\n callback: async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Updated response'\n }\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the prompt and verify we get the updated response\n const result = await client.request({\n method: 'prompts/get',\n params: {\n name: 'test'\n }\n });\n\n expect(result.messages).toHaveLength(1);\n expect(result.messages).toEqual(\n expect.arrayContaining([\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Updated response'\n }\n }\n ])\n );\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Updating Prompt with Schema\n */\n test('should update prompt with schema', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial prompt\n const prompt = mcpServer.registerPrompt(\n 'test',\n {\n argsSchema: z.object({\n name: z.string()\n })\n },\n async ({ name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Initial: ${name}`\n }\n }\n ]\n })\n );\n\n // Update the prompt with a different schema\n prompt.update({\n argsSchema: z.object({\n name: z.string(),\n value: z.string()\n }),\n callback: async ({ name, value }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Updated: ${name}, ${value}`\n }\n }\n ]\n })\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify the schema was updated\n const listResult = await client.request({\n method: 'prompts/list'\n });\n\n expect(listResult.prompts[0]!.arguments).toHaveLength(2);\n expect(listResult.prompts[0]!.arguments!.map(a => a.name).toSorted()).toEqual(['name', 'value']);\n\n // Call the prompt with the new schema\n const getResult = await client.request({\n method: 'prompts/get',\n params: {\n name: 'test',\n arguments: {\n name: 'test',\n value: 'value'\n }\n }\n });\n\n expect(getResult.messages).toHaveLength(1);\n expect(getResult.messages).toEqual(\n expect.arrayContaining([\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Updated: test, value'\n }\n }\n ])\n );\n\n // Update happened before transport was connected, so no notifications should be expected\n expect(notifications).toHaveLength(0);\n });\n\n /***\n * Test: Prompt List Changed Notification\n */\n test('should send prompt list changed notification when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial prompt\n const prompt = mcpServer.registerPrompt('test', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n expect(notifications).toHaveLength(0);\n\n // Now update the prompt while connected\n prompt.update({\n callback: async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Updated response'\n }\n }\n ]\n })\n });\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([{ method: 'notifications/prompts/list_changed' }]);\n });\n\n /***\n * Test: Remove Prompt and Send Notification\n */\n test('should remove prompt and send notification when connected', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial prompts\n const prompt1 = mcpServer.registerPrompt('prompt1', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Prompt 1 response'\n }\n }\n ]\n }));\n\n mcpServer.registerPrompt('prompt2', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Prompt 2 response'\n }\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Verify both prompts are registered\n let result = await client.request({ method: 'prompts/list' });\n\n expect(result.prompts).toHaveLength(2);\n expect(result.prompts.map(p => p.name).toSorted()).toEqual(['prompt1', 'prompt2']);\n\n expect(notifications).toHaveLength(0);\n\n // Remove a prompt\n prompt1.remove();\n\n // Yield event loop to let the notification fly\n await new Promise(process.nextTick);\n\n // Should have sent notification\n expect(notifications).toMatchObject([{ method: 'notifications/prompts/list_changed' }]);\n\n // Verify the prompt was removed\n result = await client.request({ method: 'prompts/list' });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('prompt2');\n });\n\n /***\n * Test: Prompt Registration with Arguments Schema\n */\n test('should register prompt with args schema', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test',\n {\n argsSchema: z.object({\n name: z.string(),\n value: z.string()\n })\n },\n async ({ name, value }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `${name}: ${value}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/list'\n });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('test');\n expect(result.prompts[0]!.arguments).toEqual([\n { name: 'name', required: true },\n { name: 'value', required: true }\n ]);\n });\n\n /***\n * Test: Prompt Registration with Description\n */\n test('should register prompt with description', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt('test', { description: 'Test description' }, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/list'\n });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('test');\n expect(result.prompts[0]!.description).toBe('Test description');\n });\n\n /***\n * Test: Prompt Argument Validation\n */\n test('should validate prompt args', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test',\n {\n argsSchema: z.object({\n name: z.string(),\n value: z.string().min(3)\n })\n },\n async ({ name, value }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `${name}: ${value}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'prompts/get',\n params: {\n name: 'test',\n arguments: {\n name: 'test',\n value: 'ab' // Too short\n }\n }\n })\n ).rejects.toThrow(/Invalid arguments/);\n });\n\n /***\n * Test: Preventing Duplicate Prompt Registration\n */\n test('should prevent duplicate prompt registration', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n mcpServer.registerPrompt('test', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }\n ]\n }));\n\n expect(() => {\n mcpServer.registerPrompt('test', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response 2'\n }\n }\n ]\n }));\n }).toThrow(/already registered/);\n });\n\n /***\n * Test: Multiple Prompt Registration\n */\n test('should allow registering multiple prompts', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // This should succeed\n mcpServer.registerPrompt('prompt1', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response 1'\n }\n }\n ]\n }));\n\n // This should also succeed and not throw about request handlers\n mcpServer.registerPrompt('prompt2', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response 2'\n }\n }\n ]\n }));\n });\n\n /***\n * Test: Prompt Registration with Arguments\n */\n test('should allow registering prompts with arguments', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // This should succeed\n mcpServer.registerPrompt('echo', { argsSchema: z.object({ message: z.string() }) }, ({ message }) => ({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please process this message: ${message}`\n }\n }\n ]\n }));\n });\n\n /***\n * Test: Resources and Prompts with Completion Handlers\n */\n test('should allow registering both resources and prompts with completion handlers', () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n // Register a resource with completion\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{category}', {\n list: undefined,\n complete: {\n category: () => ['books', 'movies', 'music']\n }\n }),\n {},\n async () => ({\n contents: [\n {\n uri: 'test://resource/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n // Register a prompt with completion\n mcpServer.registerPrompt(\n 'echo',\n { argsSchema: z.object({ message: completable(z.string(), () => ['hello', 'world']) }) },\n ({ message }) => ({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: `Please process this message: ${message}`\n }\n }\n ]\n })\n );\n });\n\n /***\n * Test: ProtocolError for Invalid Prompt Name\n */\n test('should throw ProtocolError for invalid prompt name', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt('test-prompt', {}, async () => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n await expect(\n client.request({\n method: 'prompts/get',\n params: {\n name: 'nonexistent-prompt'\n }\n })\n ).rejects.toMatchObject({\n code: ProtocolErrorCode.InvalidParams,\n message: expect.stringContaining('not found')\n });\n });\n\n /***\n * Test: Registering a prompt without a completable argument should not update server capabilities to advertise support for completion\n */\n test('should not advertise support for completion when a prompt without a completable argument is defined', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n argsSchema: z.object({\n name: z.string()\n })\n },\n async ({ name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const capabilities = client.getServerCapabilities() || {};\n const keys = Object.keys(capabilities);\n expect(keys).not.toContain('completions');\n });\n\n /***\n * Test: Registering a prompt with a completable argument should update server capabilities to advertise support for completion\n */\n test('should advertise support for completion when a prompt with a completable argument is defined', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n argsSchema: z.object({\n name: completable(z.string(), () => ['Alice', 'Bob', 'Charlie'])\n })\n },\n async ({ name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n expect(client.getServerCapabilities()).toMatchObject({ completions: {} });\n });\n\n /***\n * Test: Prompt Argument Completion\n */\n test('should support completion of prompt arguments', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n argsSchema: z.object({\n name: completable(z.string(), () => ['Alice', 'Bob', 'Charlie'])\n })\n },\n async ({ name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: ''\n }\n }\n });\n\n expect(result.completion.values).toEqual(['Alice', 'Bob', 'Charlie']);\n expect(result.completion.total).toBe(3);\n });\n\n /***\n * Test: Filtered Prompt Argument Completion\n */\n test('should support filtered completion of prompt arguments', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n argsSchema: z.object({\n name: completable(z.string(), test => ['Alice', 'Bob', 'Charlie'].filter(value => value.startsWith(test)))\n })\n },\n async ({ name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'A'\n }\n }\n });\n\n expect(result.completion.values).toEqual(['Alice']);\n expect(result.completion.total).toBe(1);\n });\n\n /***\n * Test: Pass Request ID to Prompt Callback\n */\n test('should pass requestId to prompt callback via ServerContext', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n let receivedRequestId: string | number | undefined;\n mcpServer.registerPrompt('request-id-test', {}, async ctx => {\n receivedRequestId = ctx.mcpReq.id;\n return {\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Received request ID: ${ctx.mcpReq.id}`\n }\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/get',\n params: {\n name: 'request-id-test'\n }\n });\n\n expect(receivedRequestId).toBeDefined();\n expect(typeof receivedRequestId === 'string' || typeof receivedRequestId === 'number').toBe(true);\n expect(result.messages).toEqual(\n expect.arrayContaining([\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: expect.stringContaining(`Received request ID:`)\n }\n }\n ])\n );\n });\n\n /***\n * Test: Resource Template Metadata Priority\n */\n test('should prioritize individual resource metadata over template metadata', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', {\n list: async () => ({\n resources: [\n {\n name: 'Resource 1',\n uri: 'test://resource/1',\n description: 'Individual resource description',\n mimeType: 'text/plain'\n },\n {\n name: 'Resource 2',\n uri: 'test://resource/2'\n // This resource has no description or mimeType\n }\n ]\n })\n }),\n {\n description: 'Template description',\n mimeType: 'application/json'\n },\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(2);\n\n // Resource 1 should have its own metadata\n expect(result.resources[0]!.name).toBe('Resource 1');\n expect(result.resources[0]!.description).toBe('Individual resource description');\n expect(result.resources[0]!.mimeType).toBe('text/plain');\n\n // Resource 2 should inherit template metadata\n expect(result.resources[1]!.name).toBe('Resource 2');\n expect(result.resources[1]!.description).toBe('Template description');\n expect(result.resources[1]!.mimeType).toBe('application/json');\n });\n\n /***\n * Test: Resource Template Metadata Overrides All Fields\n */\n test('should allow resource to override all template metadata fields', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', {\n list: async () => ({\n resources: [\n {\n name: 'Overridden Name',\n uri: 'test://resource/1',\n description: 'Overridden description',\n mimeType: 'text/markdown'\n // Add any other metadata fields if they exist\n }\n ]\n })\n }),\n {\n title: 'Template Name',\n description: 'Template description',\n mimeType: 'application/json'\n },\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(1);\n\n // All fields should be from the individual resource, not the template\n expect(result.resources[0]!.name).toBe('Overridden Name');\n expect(result.resources[0]!.description).toBe('Overridden description');\n expect(result.resources[0]!.mimeType).toBe('text/markdown');\n });\n\n test('should support optional prompt arguments', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n argsSchema: z.object({\n name: z.string().optional()\n })\n },\n () => ({\n messages: []\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'prompts/list'\n });\n\n expect(result.prompts).toHaveLength(1);\n expect(result.prompts[0]!.name).toBe('test-prompt');\n expect(result.prompts[0]!.arguments).toEqual([\n {\n name: 'name',\n description: undefined,\n required: false\n }\n ]);\n });\n });\n\n describe('Tool title precedence', () => {\n test('should follow correct title precedence: title → annotations.title → name', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Tool 1: Only name\n mcpServer.registerTool('tool_name_only', {}, async () => ({\n content: [{ type: 'text', text: 'Response' }]\n }));\n\n // Tool 2: Name and annotations.title\n mcpServer.registerTool(\n 'tool_with_annotations_title',\n {\n description: 'Tool with annotations title',\n annotations: {\n title: 'Annotations Title'\n }\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n // Tool 3: Name and title (using registerTool)\n mcpServer.registerTool(\n 'tool_with_title',\n {\n title: 'Regular Title',\n description: 'Tool with regular title'\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n // Tool 4: All three - title should win\n mcpServer.registerTool(\n 'tool_with_all_titles',\n {\n title: 'Regular Title Wins',\n description: 'Tool with all titles',\n annotations: {\n title: 'Annotations Title Should Not Show'\n }\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(4);\n\n // Tool 1: Only name - should display name\n const tool1 = result.tools.find(t => t.name === 'tool_name_only');\n expect(tool1).toBeDefined();\n expect(getDisplayName(tool1!)).toBe('tool_name_only');\n\n // Tool 2: Name and annotations.title - should display annotations.title\n const tool2 = result.tools.find(t => t.name === 'tool_with_annotations_title');\n expect(tool2).toBeDefined();\n expect(tool2!.annotations?.title).toBe('Annotations Title');\n expect(getDisplayName(tool2!)).toBe('Annotations Title');\n\n // Tool 3: Name and title - should display title\n const tool3 = result.tools.find(t => t.name === 'tool_with_title');\n expect(tool3).toBeDefined();\n expect(tool3!.title).toBe('Regular Title');\n expect(getDisplayName(tool3!)).toBe('Regular Title');\n\n // Tool 4: All three - title should take precedence\n const tool4 = result.tools.find(t => t.name === 'tool_with_all_titles');\n expect(tool4).toBeDefined();\n expect(tool4!.title).toBe('Regular Title Wins');\n expect(tool4!.annotations?.title).toBe('Annotations Title Should Not Show');\n expect(getDisplayName(tool4!)).toBe('Regular Title Wins');\n });\n\n test('getDisplayName unit tests for title precedence', () => {\n // Test 1: Only name\n expect(getDisplayName({ name: 'tool_name' })).toBe('tool_name');\n\n // Test 2: Name and title - title wins\n expect(\n getDisplayName({\n name: 'tool_name',\n title: 'Tool Title'\n })\n ).toBe('Tool Title');\n\n // Test 3: Name and annotations.title - annotations.title wins\n expect(\n getDisplayName({\n name: 'tool_name',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n\n // Test 4: All three - title wins (correct precedence)\n expect(\n getDisplayName({\n name: 'tool_name',\n title: 'Regular Title',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Regular Title');\n\n // Test 5: Empty title should not be used\n expect(\n getDisplayName({\n name: 'tool_name',\n title: '',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n\n // Test 6: Undefined vs null handling\n expect(\n getDisplayName({\n name: 'tool_name',\n title: undefined,\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n });\n\n test('should support resource template completion with resolved context', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('github://repos/{owner}/{repo}', {\n list: undefined,\n complete: {\n repo: (value, context) => {\n if (context?.arguments?.['owner'] === 'org1') {\n return ['project1', 'project2', 'project3'].filter(r => r.startsWith(value));\n } else if (context?.arguments?.['owner'] === 'org2') {\n return ['repo1', 'repo2', 'repo3'].filter(r => r.startsWith(value));\n }\n return [];\n }\n }\n }),\n {\n title: 'GitHub Repository',\n description: 'Repository information'\n },\n async () => ({\n contents: [\n {\n uri: 'github://repos/test/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Test with microsoft owner\n const result1 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 'p'\n },\n context: {\n arguments: {\n owner: 'org1'\n }\n }\n }\n });\n\n expect(result1.completion.values).toEqual(['project1', 'project2', 'project3']);\n expect(result1.completion.total).toBe(3);\n\n // Test with facebook owner\n const result2 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 'r'\n },\n context: {\n arguments: {\n owner: 'org2'\n }\n }\n }\n });\n\n expect(result2.completion.values).toEqual(['repo1', 'repo2', 'repo3']);\n expect(result2.completion.total).toBe(3);\n\n // Test with no resolved context\n const result3 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 't'\n }\n }\n });\n\n expect(result3.completion.values).toEqual([]);\n expect(result3.completion.total).toBe(0);\n });\n\n test('should support prompt argument completion with resolved context', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n title: 'Team Greeting',\n description: 'Generate a greeting for team members',\n argsSchema: z.object({\n department: completable(z.string(), value => {\n return ['engineering', 'sales', 'marketing', 'support'].filter(d => d.startsWith(value));\n }),\n name: completable(z.string(), (value, context) => {\n const department = context?.arguments?.['department'];\n switch (department) {\n case 'engineering': {\n return ['Alice', 'Bob', 'Charlie'].filter(n => n.startsWith(value));\n }\n case 'sales': {\n return ['David', 'Eve', 'Frank'].filter(n => n.startsWith(value));\n }\n case 'marketing': {\n return ['Grace', 'Henry', 'Iris'].filter(n => n.startsWith(value));\n }\n // No default\n }\n return ['Guest'].filter(n => n.startsWith(value));\n })\n })\n },\n async ({ department, name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}, welcome to the ${department} team!`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Test with engineering department\n const result1 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'A'\n },\n context: {\n arguments: {\n department: 'engineering'\n }\n }\n }\n });\n\n expect(result1.completion.values).toEqual(['Alice']);\n\n // Test with sales department\n const result2 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'D'\n },\n context: {\n arguments: {\n department: 'sales'\n }\n }\n }\n });\n\n expect(result2.completion.values).toEqual(['David']);\n\n // Test with marketing department\n const result3 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'G'\n },\n context: {\n arguments: {\n department: 'marketing'\n }\n }\n }\n });\n\n expect(result3.completion.values).toEqual(['Grace']);\n\n // Test with no resolved context\n const result4 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'G'\n }\n }\n });\n\n expect(result4.completion.values).toEqual(['Guest']);\n });\n });\n\n describe('elicitInput()', () => {\n const checkAvailability = vi.fn().mockResolvedValue(false);\n const findAlternatives = vi.fn().mockResolvedValue([]);\n const makeBooking = vi.fn().mockResolvedValue('BOOKING-123');\n\n let mcpServer: McpServer;\n let client: Client;\n\n beforeEach(() => {\n vi.clearAllMocks();\n\n // Create server with restaurant booking tool\n mcpServer = new McpServer({\n name: 'restaurant-booking-server',\n version: '1.0.0'\n });\n\n // Register the restaurant booking tool from README example\n mcpServer.registerTool(\n 'book-restaurant',\n {\n inputSchema: z.object({\n restaurant: z.string(),\n date: z.string(),\n partySize: z.number()\n })\n },\n async ({ restaurant, date, partySize }) => {\n // Check availability\n const available = await checkAvailability(restaurant, date, partySize);\n\n if (!available) {\n // Ask user if they want to try alternative dates\n const result = await mcpServer.server.elicitInput({\n message: `No tables available at ${restaurant} on ${date}. Would you like to check alternative dates?`,\n requestedSchema: {\n type: 'object',\n properties: {\n checkAlternatives: {\n type: 'boolean',\n title: 'Check alternative dates',\n description: 'Would you like me to check other dates?'\n },\n flexibleDates: {\n type: 'string',\n title: 'Date flexibility',\n description: 'How flexible are your dates?',\n enum: ['next_day', 'same_week', 'next_week'],\n enumNames: ['Next day', 'Same week', 'Next week']\n }\n },\n required: ['checkAlternatives']\n }\n });\n\n if (result.action === 'accept' && result.content?.checkAlternatives) {\n const alternatives = await findAlternatives(\n restaurant,\n date,\n partySize,\n result.content.flexibleDates as string\n );\n return {\n content: [\n {\n type: 'text',\n text: `Found these alternatives: ${alternatives.join(', ')}`\n }\n ]\n };\n }\n\n return {\n content: [\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]\n };\n }\n\n await makeBooking(restaurant, date, partySize);\n return {\n content: [\n {\n type: 'text',\n text: `Booked table for ${partySize} at ${restaurant} on ${date}`\n }\n ]\n };\n }\n );\n\n // Create client with elicitation capability\n client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n });\n\n test('should successfully elicit additional information', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n findAlternatives.mockResolvedValue(['2024-12-26', '2024-12-27', '2024-12-28']);\n\n // Set up client to accept alternative date checking\n client.setRequestHandler('elicitation/create', async request => {\n expect(request.params.message).toContain('No tables available at ABC Restaurant on 2024-12-25');\n return {\n action: 'accept',\n content: {\n checkAlternatives: true,\n flexibleDates: 'same_week'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2, 'same_week');\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Found these alternatives: 2024-12-26, 2024-12-27, 2024-12-28'\n }\n ]);\n });\n\n test('should handle user declining to elicitation request', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n\n // Set up client to reject alternative date checking\n client.setRequestHandler('elicitation/create', async () => {\n return {\n action: 'accept',\n content: {\n checkAlternatives: false\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).not.toHaveBeenCalled();\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]);\n });\n\n test('should handle user cancelling the elicitation', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n\n // Set up client to cancel the elicitation\n client.setRequestHandler('elicitation/create', async () => {\n return {\n action: 'cancel'\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).not.toHaveBeenCalled();\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]);\n });\n });\n\n describe('Tools with union and intersection schemas', () => {\n test('should support union schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const unionSchema = z.union([\n z.object({ type: z.literal('email'), email: z.string().email() }),\n z.object({ type: z.literal('phone'), phone: z.string() })\n ]);\n\n server.registerTool('contact', { inputSchema: unionSchema }, async args => {\n return args.type === 'email'\n ? {\n content: [{ type: 'text' as const, text: `Email contact: ${args.email}` }]\n }\n : {\n content: [{ type: 'text' as const, text: `Phone contact: ${args.phone}` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const emailResult = await client.callTool({\n name: 'contact',\n arguments: {\n type: 'email',\n email: 'test@example.com'\n }\n });\n\n expect(emailResult.content).toEqual([\n {\n type: 'text',\n text: 'Email contact: test@example.com'\n }\n ]);\n\n const phoneResult = await client.callTool({\n name: 'contact',\n arguments: {\n type: 'phone',\n phone: '+1234567890'\n }\n });\n\n expect(phoneResult.content).toEqual([\n {\n type: 'text',\n text: 'Phone contact: +1234567890'\n }\n ]);\n });\n\n test('should support intersection schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const baseSchema = z.object({ id: z.string() });\n const extendedSchema = z.object({ name: z.string(), age: z.number() });\n const intersectionSchema = z.intersection(baseSchema, extendedSchema);\n\n server.registerTool('user', { inputSchema: intersectionSchema }, async args => {\n return {\n content: [\n {\n type: 'text',\n text: `User: ${args.id}, ${args.name}, ${args.age} years old`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'user',\n arguments: {\n id: '123',\n name: 'John Doe',\n age: 30\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'User: 123, John Doe, 30 years old'\n }\n ]);\n });\n\n test('should support complex nested schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const schema = z.object({\n items: z.array(\n z.union([\n z.object({ type: z.literal('text'), content: z.string() }),\n z.object({ type: z.literal('number'), value: z.number() })\n ])\n )\n });\n\n server.registerTool('process', { inputSchema: schema }, async args => {\n const processed = args.items.map(item => {\n return item.type === 'text' ? item.content.toUpperCase() : item.value * 2;\n });\n return {\n content: [\n {\n type: 'text',\n text: `Processed: ${processed.join(', ')}`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'process',\n arguments: {\n items: [\n { type: 'text', content: 'hello' },\n { type: 'number', value: 5 },\n { type: 'text', content: 'world' }\n ]\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Processed: HELLO, 10, WORLD'\n }\n ]);\n });\n\n test('should validate union schema inputs correctly', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const unionSchema = z.union([\n z.object({ type: z.literal('a'), value: z.string() }),\n z.object({ type: z.literal('b'), value: z.number() })\n ]);\n\n server.registerTool('union-test', { inputSchema: unionSchema }, async () => {\n return {\n content: [{ type: 'text' as const, text: 'Success' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const invalidTypeResult = await client.callTool({\n name: 'union-test',\n arguments: {\n type: 'a',\n value: 123\n }\n });\n\n expect(invalidTypeResult.isError).toBe(true);\n expect(invalidTypeResult.content).toEqual(\n expect.arrayContaining([\n expect.objectContaining({\n type: 'text',\n text: expect.stringContaining('Input validation error')\n })\n ])\n );\n });\n });\n\n describe('Tools with transformation schemas', () => {\n test('should support z.preprocess() schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n // z.preprocess() allows transforming input before validation\n const preprocessSchema = z.preprocess(\n input => {\n // Normalize input by trimming strings\n if (typeof input === 'object' && input !== null) {\n const obj = input as Record;\n if (typeof obj.name === 'string') {\n return { ...obj, name: obj.name.trim() };\n }\n }\n return input;\n },\n z.object({ name: z.string() })\n );\n\n server.registerTool('preprocess-test', { inputSchema: preprocessSchema }, async args => {\n return {\n content: [{ type: 'text' as const, text: `Hello, ${args.name}!` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n // Test with input that has leading/trailing whitespace\n const result = await client.callTool({\n name: 'preprocess-test',\n arguments: { name: ' World ' }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Hello, World!'\n }\n ]);\n });\n\n test('should support z.transform() schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n // z.transform() allows transforming validated output\n const transformSchema = z\n .object({\n firstName: z.string(),\n lastName: z.string()\n })\n .transform(data => ({\n ...data,\n fullName: `${data.firstName} ${data.lastName}`\n }));\n\n server.registerTool('transform-test', { inputSchema: transformSchema }, async args => {\n return {\n content: [{ type: 'text' as const, text: `Full name: ${args.fullName}` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'transform-test',\n arguments: { firstName: 'John', lastName: 'Doe' }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Full name: John Doe'\n }\n ]);\n });\n\n test('should support z.pipe() schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n // z.pipe() chains multiple schemas together\n const pipeSchema = z\n .object({ value: z.string() })\n .transform(data => ({ ...data, processed: true }))\n .pipe(z.object({ value: z.string(), processed: z.boolean() }));\n\n server.registerTool('pipe-test', { inputSchema: pipeSchema }, async args => {\n return {\n content: [{ type: 'text' as const, text: `Value: ${args.value}, Processed: ${args.processed}` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'pipe-test',\n arguments: { value: 'test' }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Value: test, Processed: true'\n }\n ]);\n });\n\n test('should support nested transformation schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n // Complex schema with both preprocess and transform\n const complexSchema = z.preprocess(\n input => {\n if (typeof input === 'object' && input !== null) {\n const obj = input as Record;\n // Convert string numbers to actual numbers\n if (typeof obj.count === 'string') {\n return { ...obj, count: Number.parseInt(obj.count, 10) };\n }\n }\n return input;\n },\n z\n .object({\n name: z.string(),\n count: z.number()\n })\n .transform(data => ({\n ...data,\n doubled: data.count * 2\n }))\n );\n\n server.registerTool('complex-transform', { inputSchema: complexSchema }, async args => {\n return {\n content: [{ type: 'text' as const, text: `${args.name}: ${args.count} -> ${args.doubled}` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n // Pass count as string, preprocess will convert it\n const result = await client.callTool({\n name: 'complex-transform',\n arguments: { name: 'items', count: '5' }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'items: 5 -> 10'\n }\n ]);\n });\n });\n\n describe('resource()', () => {\n /***\n * Test: Resource Registration with URI and Read Callback\n */\n test('should register resource with uri and readCallback', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Test content'\n }\n ]\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(1);\n expect(result.resources[0]!.name).toBe('test');\n expect(result.resources[0]!.uri).toBe('test://resource');\n });\n\n /***\n * Test: Update Resource with URI\n */\n test('should update resource with uri', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const notifications: Notification[] = [];\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n client.fallbackNotificationHandler = async notification => {\n notifications.push(notification);\n };\n\n // Register initial resource\n const resource = mcpServer.registerResource('test', 'test://resource', {}, async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Initial content'\n }\n ]\n }));\n\n // Update the resource\n resource.update({\n callback: async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Updated content'\n }\n ]\n })\n });\n\n // Updates before connection should not trigger notifications\n expect(notifications).toHaveLength(0);\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/read',\n params: {\n uri: 'test://resource'\n }\n });\n\n expect(result.contents).toEqual([\n {\n uri: 'test://resource',\n text: 'Updated content'\n }\n ]);\n\n // Now update again after connection\n resource.update({\n callback: async () => ({\n contents: [\n {\n uri: 'test://resource',\n text: 'Another update'\n }\n ]\n })\n });\n\n // Yield to event loop for notification to fly\n await new Promise(process.nextTick);\n\n expect(notifications).toMatchObject([{ method: 'notifications/resources/list_changed' }]);\n });\n\n /***\n * Test: Resource Template Metadata Priority\n */\n test('should prioritize individual resource metadata over template metadata', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', {\n list: async () => ({\n resources: [\n {\n name: 'Resource 1',\n uri: 'test://resource/1',\n description: 'Individual resource description',\n mimeType: 'text/plain'\n },\n {\n name: 'Resource 2',\n uri: 'test://resource/2'\n // This resource has no description or mimeType\n }\n ]\n })\n }),\n {\n description: 'Template description',\n mimeType: 'application/json'\n },\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(2);\n\n // Resource 1 should have its own metadata\n expect(result.resources[0]!.name).toBe('Resource 1');\n expect(result.resources[0]!.description).toBe('Individual resource description');\n expect(result.resources[0]!.mimeType).toBe('text/plain');\n\n // Resource 2 should inherit template metadata\n expect(result.resources[1]!.name).toBe('Resource 2');\n expect(result.resources[1]!.description).toBe('Template description');\n expect(result.resources[1]!.mimeType).toBe('application/json');\n });\n\n /***\n * Test: Resource Template Metadata Overrides All Fields\n */\n test('should allow resource to override all template metadata fields', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('test://resource/{id}', {\n list: async () => ({\n resources: [\n {\n name: 'Overridden Name',\n uri: 'test://resource/1',\n description: 'Overridden description',\n mimeType: 'text/markdown'\n // Add any other metadata fields if they exist\n }\n ]\n })\n }),\n {\n title: 'Template Name',\n description: 'Template description',\n mimeType: 'application/json'\n },\n async uri => ({\n contents: [\n {\n uri: uri.href,\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n const result = await client.request({\n method: 'resources/list'\n });\n\n expect(result.resources).toHaveLength(1);\n\n // All fields should be from the individual resource, not the template\n expect(result.resources[0]!.name).toBe('Overridden Name');\n expect(result.resources[0]!.description).toBe('Overridden description');\n expect(result.resources[0]!.mimeType).toBe('text/markdown');\n });\n });\n\n describe('Tool title precedence', () => {\n test('should follow correct title precedence: title → annotations.title → name', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n // Tool 1: Only name\n mcpServer.registerTool('tool_name_only', {}, async () => ({\n content: [{ type: 'text', text: 'Response' }]\n }));\n\n // Tool 2: Name and annotations.title\n mcpServer.registerTool(\n 'tool_with_annotations_title',\n {\n description: 'Tool with annotations title',\n annotations: {\n title: 'Annotations Title'\n }\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n // Tool 3: Name and title (using registerTool)\n mcpServer.registerTool(\n 'tool_with_title',\n {\n title: 'Regular Title',\n description: 'Tool with regular title'\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n // Tool 4: All three - title should win\n mcpServer.registerTool(\n 'tool_with_all_titles',\n {\n title: 'Regular Title Wins',\n description: 'Tool with all titles',\n annotations: {\n title: 'Annotations Title Should Not Show'\n }\n },\n async () => ({\n content: [{ type: 'text', text: 'Response' }]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n const result = await client.request({ method: 'tools/list' });\n\n expect(result.tools).toHaveLength(4);\n\n // Tool 1: Only name - should display name\n const tool1 = result.tools.find(t => t.name === 'tool_name_only');\n expect(tool1).toBeDefined();\n expect(getDisplayName(tool1!)).toBe('tool_name_only');\n\n // Tool 2: Name and annotations.title - should display annotations.title\n const tool2 = result.tools.find(t => t.name === 'tool_with_annotations_title');\n expect(tool2).toBeDefined();\n expect(tool2!.annotations?.title).toBe('Annotations Title');\n expect(getDisplayName(tool2!)).toBe('Annotations Title');\n\n // Tool 3: Name and title - should display title\n const tool3 = result.tools.find(t => t.name === 'tool_with_title');\n expect(tool3).toBeDefined();\n expect(tool3!.title).toBe('Regular Title');\n expect(getDisplayName(tool3!)).toBe('Regular Title');\n\n // Tool 4: All three - title should take precedence\n const tool4 = result.tools.find(t => t.name === 'tool_with_all_titles');\n expect(tool4).toBeDefined();\n expect(tool4!.title).toBe('Regular Title Wins');\n expect(tool4!.annotations?.title).toBe('Annotations Title Should Not Show');\n expect(getDisplayName(tool4!)).toBe('Regular Title Wins');\n });\n\n test('getDisplayName unit tests for title precedence', () => {\n // Test 1: Only name\n expect(getDisplayName({ name: 'tool_name' })).toBe('tool_name');\n\n // Test 2: Name and title - title wins\n expect(\n getDisplayName({\n name: 'tool_name',\n title: 'Tool Title'\n })\n ).toBe('Tool Title');\n\n // Test 3: Name and annotations.title - annotations.title wins\n expect(\n getDisplayName({\n name: 'tool_name',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n\n // Test 4: All three - title wins (correct precedence)\n expect(\n getDisplayName({\n name: 'tool_name',\n title: 'Regular Title',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Regular Title');\n\n // Test 5: Empty title should not be used\n expect(\n getDisplayName({\n name: 'tool_name',\n title: '',\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n\n // Test 6: Undefined vs null handling\n expect(\n getDisplayName({\n name: 'tool_name',\n title: undefined,\n annotations: { title: 'Annotations Title' }\n })\n ).toBe('Annotations Title');\n });\n\n test('should support resource template completion with resolved context', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerResource(\n 'test',\n new ResourceTemplate('github://repos/{owner}/{repo}', {\n list: undefined,\n complete: {\n repo: (value, context) => {\n if (context?.arguments?.['owner'] === 'org1') {\n return ['project1', 'project2', 'project3'].filter(r => r.startsWith(value));\n } else if (context?.arguments?.['owner'] === 'org2') {\n return ['repo1', 'repo2', 'repo3'].filter(r => r.startsWith(value));\n }\n return [];\n }\n }\n }),\n {\n title: 'GitHub Repository',\n description: 'Repository information'\n },\n async () => ({\n contents: [\n {\n uri: 'github://repos/test/test',\n text: 'Test content'\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Test with microsoft owner\n const result1 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 'p'\n },\n context: {\n arguments: {\n owner: 'org1'\n }\n }\n }\n });\n\n expect(result1.completion.values).toEqual(['project1', 'project2', 'project3']);\n expect(result1.completion.total).toBe(3);\n\n // Test with facebook owner\n const result2 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 'r'\n },\n context: {\n arguments: {\n owner: 'org2'\n }\n }\n }\n });\n\n expect(result2.completion.values).toEqual(['repo1', 'repo2', 'repo3']);\n expect(result2.completion.total).toBe(3);\n\n // Test with no resolved context\n const result3 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/resource',\n uri: 'github://repos/{owner}/{repo}'\n },\n argument: {\n name: 'repo',\n value: 't'\n }\n }\n });\n\n expect(result3.completion.values).toEqual([]);\n expect(result3.completion.total).toBe(0);\n });\n\n test('should support prompt argument completion with resolved context', async () => {\n const mcpServer = new McpServer({\n name: 'test server',\n version: '1.0'\n });\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n mcpServer.registerPrompt(\n 'test-prompt',\n {\n title: 'Team Greeting',\n description: 'Generate a greeting for team members',\n argsSchema: z.object({\n department: completable(z.string(), value => {\n return ['engineering', 'sales', 'marketing', 'support'].filter(d => d.startsWith(value));\n }),\n name: completable(z.string(), (value, context) => {\n const department = context?.arguments?.['department'];\n switch (department) {\n case 'engineering': {\n return ['Alice', 'Bob', 'Charlie'].filter(n => n.startsWith(value));\n }\n case 'sales': {\n return ['David', 'Eve', 'Frank'].filter(n => n.startsWith(value));\n }\n case 'marketing': {\n return ['Grace', 'Henry', 'Iris'].filter(n => n.startsWith(value));\n }\n // No default\n }\n return ['Guest'].filter(n => n.startsWith(value));\n })\n })\n },\n async ({ department, name }) => ({\n messages: [\n {\n role: 'assistant',\n content: {\n type: 'text',\n text: `Hello ${name}, welcome to the ${department} team!`\n }\n }\n ]\n })\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Test with engineering department\n const result1 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'A'\n },\n context: {\n arguments: {\n department: 'engineering'\n }\n }\n }\n });\n\n expect(result1.completion.values).toEqual(['Alice']);\n\n // Test with sales department\n const result2 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'D'\n },\n context: {\n arguments: {\n department: 'sales'\n }\n }\n }\n });\n\n expect(result2.completion.values).toEqual(['David']);\n\n // Test with marketing department\n const result3 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'G'\n },\n context: {\n arguments: {\n department: 'marketing'\n }\n }\n }\n });\n\n expect(result3.completion.values).toEqual(['Grace']);\n\n // Test with no resolved context\n const result4 = await client.request({\n method: 'completion/complete',\n params: {\n ref: {\n type: 'ref/prompt',\n name: 'test-prompt'\n },\n argument: {\n name: 'name',\n value: 'G'\n }\n }\n });\n\n expect(result4.completion.values).toEqual(['Guest']);\n });\n });\n\n describe('elicitInput()', () => {\n const checkAvailability = vi.fn().mockResolvedValue(false);\n const findAlternatives = vi.fn().mockResolvedValue([]);\n const makeBooking = vi.fn().mockResolvedValue('BOOKING-123');\n\n let mcpServer: McpServer;\n let client: Client;\n\n beforeEach(() => {\n vi.clearAllMocks();\n\n // Create server with restaurant booking tool\n mcpServer = new McpServer({\n name: 'restaurant-booking-server',\n version: '1.0.0'\n });\n\n // Register the restaurant booking tool from README example\n mcpServer.registerTool(\n 'book-restaurant',\n {\n inputSchema: z.object({\n restaurant: z.string(),\n date: z.string(),\n partySize: z.number()\n })\n },\n async ({ restaurant, date, partySize }) => {\n // Check availability\n const available = await checkAvailability(restaurant, date, partySize);\n\n if (!available) {\n // Ask user if they want to try alternative dates\n const result = await mcpServer.server.elicitInput({\n mode: 'form',\n message: `No tables available at ${restaurant} on ${date}. Would you like to check alternative dates?`,\n requestedSchema: {\n type: 'object',\n properties: {\n checkAlternatives: {\n type: 'boolean',\n title: 'Check alternative dates',\n description: 'Would you like me to check other dates?'\n },\n flexibleDates: {\n type: 'string',\n title: 'Date flexibility',\n description: 'How flexible are your dates?',\n enum: ['next_day', 'same_week', 'next_week'],\n enumNames: ['Next day', 'Same week', 'Next week']\n }\n },\n required: ['checkAlternatives']\n }\n });\n\n if (result.action === 'accept' && result.content?.checkAlternatives) {\n const alternatives = await findAlternatives(\n restaurant,\n date,\n partySize,\n result.content.flexibleDates as string\n );\n return {\n content: [\n {\n type: 'text',\n text: `Found these alternatives: ${alternatives.join(', ')}`\n }\n ]\n };\n }\n\n return {\n content: [\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]\n };\n }\n\n await makeBooking(restaurant, date, partySize);\n return {\n content: [\n {\n type: 'text',\n text: `Booked table for ${partySize} at ${restaurant} on ${date}`\n }\n ]\n };\n }\n );\n\n // Create client with elicitation capability\n client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n });\n\n test('should successfully elicit additional information', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n findAlternatives.mockResolvedValue(['2024-12-26', '2024-12-27', '2024-12-28']);\n\n // Set up client to accept alternative date checking\n client.setRequestHandler('elicitation/create', async request => {\n expect(request.params.message).toContain('No tables available at ABC Restaurant on 2024-12-25');\n return {\n action: 'accept',\n content: {\n checkAlternatives: true,\n flexibleDates: 'same_week'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2, 'same_week');\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Found these alternatives: 2024-12-26, 2024-12-27, 2024-12-28'\n }\n ]);\n });\n\n test('should handle user declining to elicitation request', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n\n // Set up client to reject alternative date checking\n client.setRequestHandler('elicitation/create', async () => {\n return {\n action: 'accept',\n content: {\n checkAlternatives: false\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).not.toHaveBeenCalled();\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]);\n });\n\n test('should handle user cancelling the elicitation', async () => {\n // Mock availability check to return false\n checkAvailability.mockResolvedValue(false);\n\n // Set up client to cancel the elicitation\n client.setRequestHandler('elicitation/create', async () => {\n return {\n action: 'cancel'\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.server.connect(serverTransport)]);\n\n // Call the tool\n const result = await client.callTool({\n name: 'book-restaurant',\n arguments: {\n restaurant: 'ABC Restaurant',\n date: '2024-12-25',\n partySize: 2\n }\n });\n\n expect(checkAvailability).toHaveBeenCalledWith('ABC Restaurant', '2024-12-25', 2);\n expect(findAlternatives).not.toHaveBeenCalled();\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'No booking made. Original date not available.'\n }\n ]);\n });\n });\n\n describe('Tools with union and intersection schemas', () => {\n test('should support union schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const unionSchema = z.union([\n z.object({ type: z.literal('email'), email: z.string().email() }),\n z.object({ type: z.literal('phone'), phone: z.string() })\n ]);\n\n server.registerTool('contact', { inputSchema: unionSchema }, async args => {\n return args.type === 'email'\n ? {\n content: [{ type: 'text', text: `Email contact: ${args.email}` }]\n }\n : {\n content: [{ type: 'text', text: `Phone contact: ${args.phone}` }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const emailResult = await client.callTool({\n name: 'contact',\n arguments: {\n type: 'email',\n email: 'test@example.com'\n }\n });\n\n expect(emailResult.content).toEqual([\n {\n type: 'text',\n text: 'Email contact: test@example.com'\n }\n ]);\n\n const phoneResult = await client.callTool({\n name: 'contact',\n arguments: {\n type: 'phone',\n phone: '+1234567890'\n }\n });\n\n expect(phoneResult.content).toEqual([\n {\n type: 'text',\n text: 'Phone contact: +1234567890'\n }\n ]);\n });\n\n test('should support intersection schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const baseSchema = z.object({ id: z.string() });\n const extendedSchema = z.object({ name: z.string(), age: z.number() });\n const intersectionSchema = z.intersection(baseSchema, extendedSchema);\n\n server.registerTool('user', { inputSchema: intersectionSchema }, async args => {\n return {\n content: [\n {\n type: 'text',\n text: `User: ${args.id}, ${args.name}, ${args.age} years old`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'user',\n arguments: {\n id: '123',\n name: 'John Doe',\n age: 30\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'User: 123, John Doe, 30 years old'\n }\n ]);\n });\n\n test('should support complex nested schemas', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const schema = z.object({\n items: z.array(\n z.union([\n z.object({ type: z.literal('text'), content: z.string() }),\n z.object({ type: z.literal('number'), value: z.number() })\n ])\n )\n });\n\n server.registerTool('process', { inputSchema: schema }, async args => {\n const processed = args.items.map(item => {\n return item.type === 'text' ? item.content.toUpperCase() : item.value * 2;\n });\n return {\n content: [\n {\n type: 'text',\n text: `Processed: ${processed.join(', ')}`\n }\n ]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const result = await client.callTool({\n name: 'process',\n arguments: {\n items: [\n { type: 'text', content: 'hello' },\n { type: 'number', value: 5 },\n { type: 'text', content: 'world' }\n ]\n }\n });\n\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Processed: HELLO, 10, WORLD'\n }\n ]);\n });\n\n test('should validate union schema inputs correctly', async () => {\n const server = new McpServer({\n name: 'test',\n version: '1.0.0'\n });\n\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const unionSchema = z.union([\n z.object({ type: z.literal('a'), value: z.string() }),\n z.object({ type: z.literal('b'), value: z.number() })\n ]);\n\n server.registerTool('union-test', { inputSchema: unionSchema }, async () => {\n return {\n content: [{ type: 'text', text: 'Success' }]\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const invalidTypeResult = await client.callTool({\n name: 'union-test',\n arguments: {\n type: 'a',\n value: 123\n }\n });\n\n expect(invalidTypeResult.isError).toBe(true);\n expect(invalidTypeResult.content).toEqual(\n expect.arrayContaining([\n expect.objectContaining({\n type: 'text',\n text: expect.stringContaining('Input validation error')\n })\n ])\n );\n\n const invalidDiscriminatorResult = await client.callTool({\n name: 'union-test',\n arguments: {\n type: 'c',\n value: 'test'\n }\n });\n\n expect(invalidDiscriminatorResult.isError).toBe(true);\n expect(invalidDiscriminatorResult.content).toEqual(\n expect.arrayContaining([\n expect.objectContaining({\n type: 'text',\n text: expect.stringContaining('Input validation error')\n })\n ])\n );\n });\n });\n\n describe('Tool-level task hints with automatic polling wrapper', () => {\n test('should return error for tool with taskSupport \"required\" called without task augmentation', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n // Register a task-based tool with taskSupport \"required\"\n mcpServer.experimental.tasks.registerToolTask(\n 'long-running-task',\n {\n description: 'A long running task',\n inputSchema: z.object({\n input: z.string()\n }),\n execution: {\n taskSupport: 'required'\n }\n },\n {\n createTask: async ({ input }, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n\n // Capture taskStore for use in setTimeout\n const store = ctx.task.store;\n\n // Simulate async work\n setTimeout(async () => {\n await store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text' as const, text: `Processed: ${input}` }]\n });\n }, 200);\n\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async (_input, ctx) => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool WITHOUT task augmentation - should return error\n const result = await client.callTool({\n name: 'long-running-task',\n arguments: { input: 'test data' }\n });\n\n // Should receive error result\n expect(result.isError).toBe(true);\n const content = result.content as TextContent[];\n expect(content[0]!.text).toContain('requires task augmentation');\n\n taskStore.cleanup();\n });\n\n test('should automatically poll and return CallToolResult for tool with taskSupport \"optional\" called without task augmentation', async () => {\n const taskStore = new InMemoryTaskStore();\n const { releaseLatch, waitForLatch } = createLatch();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n // Register a task-based tool with taskSupport \"optional\"\n mcpServer.experimental.tasks.registerToolTask(\n 'optional-task',\n {\n description: 'An optional task',\n inputSchema: z.object({\n value: z.number()\n }),\n execution: {\n taskSupport: 'optional'\n }\n },\n {\n createTask: async ({ value }, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n\n // Capture taskStore for use in setTimeout\n const store = ctx.task.store;\n\n // Simulate async work\n setTimeout(async () => {\n await store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text' as const, text: `Result: ${value * 2}` }]\n });\n releaseLatch();\n }, 150);\n\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async (_value, ctx) => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool WITHOUT task augmentation\n const result = await client.callTool({\n name: 'optional-task',\n arguments: { value: 21 }\n });\n\n // Should receive CallToolResult directly, not CreateTaskResult\n expect(result).toHaveProperty('content');\n expect(result.content).toEqual([{ type: 'text' as const, text: 'Result: 42' }]);\n expect(result).not.toHaveProperty('task');\n\n // Wait for async operations to complete\n await waitForLatch();\n taskStore.cleanup();\n });\n\n test('should return CreateTaskResult when tool with taskSupport \"required\" is called WITH task augmentation', async () => {\n const taskStore = new InMemoryTaskStore();\n const { releaseLatch, waitForLatch } = createLatch();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n // Register a task-based tool with taskSupport \"required\"\n mcpServer.experimental.tasks.registerToolTask(\n 'task-tool',\n {\n description: 'A task tool',\n inputSchema: z.object({\n data: z.string()\n }),\n execution: {\n taskSupport: 'required'\n }\n },\n {\n createTask: async ({ data }, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n\n // Capture taskStore for use in setTimeout\n const store = ctx.task.store;\n\n // Simulate async work\n setTimeout(async () => {\n await store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text' as const, text: `Completed: ${data}` }]\n });\n releaseLatch();\n }, 200);\n\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async (_data, ctx) => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool WITH task augmentation\n const result = await client.request(\n {\n method: 'tools/call',\n params: {\n name: 'task-tool',\n arguments: { data: 'test' },\n task: { ttl: 60_000 }\n }\n },\n z.object({\n task: z.object({\n taskId: z.string(),\n status: z.string(),\n ttl: z.union([z.number(), z.null()]),\n createdAt: z.string(),\n pollInterval: z.number().optional()\n })\n })\n );\n\n // Should receive CreateTaskResult with task field\n expect(result).toHaveProperty('task');\n expect(result.task).toHaveProperty('taskId');\n expect(result.task.status).toBe('working');\n\n // Wait for async operations to complete\n await waitForLatch();\n taskStore.cleanup();\n });\n\n test('should handle task failures during automatic polling', async () => {\n const taskStore = new InMemoryTaskStore();\n const { releaseLatch, waitForLatch } = createLatch();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n // Register a task-based tool that fails\n mcpServer.experimental.tasks.registerToolTask(\n 'failing-task',\n {\n description: 'A failing task',\n execution: {\n taskSupport: 'optional'\n }\n },\n {\n createTask: async ctx => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n\n // Capture taskStore for use in setTimeout\n const store = ctx.task.store;\n\n // Simulate async failure\n setTimeout(async () => {\n await store.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text' as const, text: 'Error occurred' }],\n isError: true\n });\n releaseLatch();\n }, 150);\n\n return { task };\n },\n getTask: async ctx => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async ctx => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool WITHOUT task augmentation\n const result = await client.callTool({\n name: 'failing-task',\n arguments: {}\n });\n\n // Should receive the error result\n expect(result).toHaveProperty('content');\n expect(result.content).toEqual([{ type: 'text' as const, text: 'Error occurred' }]);\n expect(result.isError).toBe(true);\n\n // Wait for async operations to complete\n await waitForLatch();\n taskStore.cleanup();\n });\n\n test('should handle task cancellation during automatic polling', async () => {\n const taskStore = new InMemoryTaskStore();\n const { releaseLatch, waitForLatch } = createLatch();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n // Register a task-based tool that gets cancelled\n mcpServer.experimental.tasks.registerToolTask(\n 'cancelled-task',\n {\n description: 'A task that gets cancelled',\n execution: {\n taskSupport: 'optional'\n }\n },\n {\n createTask: async ctx => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n\n // Capture taskStore for use in setTimeout\n const store = ctx.task.store;\n\n // Simulate async cancellation\n setTimeout(async () => {\n await store.updateTaskStatus(task.taskId, 'cancelled', 'Task was cancelled');\n releaseLatch();\n }, 150);\n\n return { task };\n },\n getTask: async ctx => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async ctx => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), mcpServer.connect(serverTransport)]);\n\n // Call the tool WITHOUT task augmentation\n const result = await client.callTool({\n name: 'cancelled-task',\n arguments: {}\n });\n\n // Should receive an error since cancelled tasks don't have results\n expect(result).toHaveProperty('content');\n expect(result.content).toEqual([{ type: 'text' as const, text: expect.stringContaining('has no result stored') }]);\n\n // Wait for async operations to complete\n await waitForLatch();\n taskStore.cleanup();\n });\n\n test('should raise error when registerToolTask is called with taskSupport \"forbidden\"', () => {\n const taskStore = new InMemoryTaskStore();\n\n const mcpServer = new McpServer(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n // Attempt to register a task-based tool with taskSupport \"forbidden\" (cast to bypass type checking)\n expect(() => {\n mcpServer.experimental.tasks.registerToolTask(\n 'invalid-task',\n {\n description: 'A task with forbidden support',\n inputSchema: z.object({\n input: z.string()\n }),\n execution: {\n taskSupport: 'forbidden' as unknown as 'required'\n }\n },\n {\n createTask: async (_args, ctx) => {\n const task = await ctx.task.store.createTask({ ttl: 60_000, pollInterval: 100 });\n return { task };\n },\n getTask: async (_args, ctx) => {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error('Task not found');\n }\n return task;\n },\n getTaskResult: async (_args, ctx) => {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as CallToolResult;\n }\n }\n );\n }).toThrow();\n\n taskStore.cleanup();\n });\n });\n});\n" }, { "path": "test/integration/test/server.test.ts", "content": "/* eslint-disable @typescript-eslint/no-unused-vars */\nimport { Client } from '@modelcontextprotocol/client';\nimport type {\n CreateMessageResult,\n ElicitRequestSchema,\n ElicitResult,\n JsonSchemaType,\n JsonSchemaValidator,\n jsonSchemaValidator,\n LoggingMessageNotification,\n ResponseMessage,\n Task,\n Transport\n} from '@modelcontextprotocol/core';\nimport {\n CallToolResultSchema,\n ElicitResultSchema,\n InMemoryTransport,\n LATEST_PROTOCOL_VERSION,\n SdkError,\n SdkErrorCode,\n SUPPORTED_PROTOCOL_VERSIONS,\n toArrayAsync\n} from '@modelcontextprotocol/core';\nimport { createMcpExpressApp } from '@modelcontextprotocol/express';\nimport { InMemoryTaskStore, McpServer, Server } from '@modelcontextprotocol/server';\nimport type { Request, Response } from 'express';\nimport supertest from 'supertest';\nimport * as z from 'zod/v4';\n\ndescribe('Server with standard protocol methods', () => {\n /*\n Test that Server class works with standard protocol method handlers.\n */\n test('should typecheck with standard protocol methods', () => {\n // Create a Server with default types\n const server = new Server(\n {\n name: 'TestServer',\n version: '1.0.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n // Register handlers using method strings\n server.setRequestHandler('ping', _request => {\n return {};\n });\n\n server.setNotificationHandler('notifications/initialized', () => {\n console.log('Client initialized');\n });\n });\n});\n\ndescribe('Server with tools capability', () => {\n test('should register tools/list handler', () => {\n const server = new Server(\n {\n name: 'ToolServer',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n }\n );\n\n // Register handler using method string\n server.setRequestHandler('tools/list', _request => {\n return {\n tools: []\n };\n });\n });\n});\n\ntest('should accept latest protocol version', async () => {\n let sendPromiseResolve: (value: unknown) => void;\n const sendPromise = new Promise(resolve => {\n sendPromiseResolve = resolve;\n });\n\n const serverTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.id === 1 && message.result) {\n expect(message.result).toEqual({\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: expect.any(Object),\n serverInfo: {\n name: 'test server',\n version: '1.0'\n },\n instructions: 'Test instructions'\n });\n sendPromiseResolve(undefined);\n }\n return Promise.resolve();\n })\n };\n\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n instructions: 'Test instructions'\n }\n );\n\n await server.connect(serverTransport);\n\n // Simulate initialize request with latest version\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 1,\n method: 'initialize',\n params: {\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: {},\n clientInfo: {\n name: 'test client',\n version: '1.0'\n }\n }\n });\n\n await expect(sendPromise).resolves.toBeUndefined();\n});\n\ntest('should accept supported older protocol version', async () => {\n const OLD_VERSION = SUPPORTED_PROTOCOL_VERSIONS[1];\n let sendPromiseResolve: (value: unknown) => void;\n const sendPromise = new Promise(resolve => {\n sendPromiseResolve = resolve;\n });\n\n const serverTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.id === 1 && message.result) {\n expect(message.result).toEqual({\n protocolVersion: OLD_VERSION,\n capabilities: expect.any(Object),\n serverInfo: {\n name: 'test server',\n version: '1.0'\n }\n });\n sendPromiseResolve(undefined);\n }\n return Promise.resolve();\n })\n };\n\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n await server.connect(serverTransport);\n\n // Simulate initialize request with older version\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 1,\n method: 'initialize',\n params: {\n protocolVersion: OLD_VERSION,\n capabilities: {},\n clientInfo: {\n name: 'test client',\n version: '1.0'\n }\n }\n });\n\n await expect(sendPromise).resolves.toBeUndefined();\n});\n\ntest('should handle unsupported protocol version', async () => {\n let sendPromiseResolve: (value: unknown) => void;\n const sendPromise = new Promise(resolve => {\n sendPromiseResolve = resolve;\n });\n\n const serverTransport: Transport = {\n start: vi.fn().mockResolvedValue(undefined),\n close: vi.fn().mockResolvedValue(undefined),\n send: vi.fn().mockImplementation(message => {\n if (message.id === 1 && message.result) {\n expect(message.result).toEqual({\n protocolVersion: LATEST_PROTOCOL_VERSION,\n capabilities: expect.any(Object),\n serverInfo: {\n name: 'test server',\n version: '1.0'\n }\n });\n sendPromiseResolve(undefined);\n }\n return Promise.resolve();\n })\n };\n\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n await server.connect(serverTransport);\n\n // Simulate initialize request with unsupported version\n serverTransport.onmessage?.({\n jsonrpc: '2.0',\n id: 1,\n method: 'initialize',\n params: {\n protocolVersion: 'invalid-version',\n capabilities: {},\n clientInfo: {\n name: 'test client',\n version: '1.0'\n }\n }\n });\n\n await expect(sendPromise).resolves.toBeUndefined();\n});\n\ntest('should respect client capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n // Implement request handler for sampling/createMessage\n client.setRequestHandler('sampling/createMessage', async _request => {\n // Mock implementation of createMessage\n return {\n model: 'test-model',\n role: 'assistant',\n content: {\n type: 'text',\n text: 'This is a test response'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(server.getClientCapabilities()).toEqual({ sampling: {} });\n\n // This should work because sampling is supported by the client\n await expect(\n server.createMessage({\n messages: [],\n maxTokens: 10\n })\n ).resolves.not.toThrow();\n\n // This should still throw because roots are not supported by the client\n await expect(server.listRoots()).rejects.toThrow(/Client does not support/);\n});\n\ntest('should respect client elicitation capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', params => ({\n action: 'accept',\n content: {\n username: params.params.message.includes('username') ? 'test-user' : undefined,\n confirmed: true\n }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // After schema parsing, empty elicitation object should have form capability injected\n expect(server.getClientCapabilities()).toEqual({ elicitation: { form: {} } });\n\n // This should work because elicitation is supported by the client\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string',\n title: 'Username',\n description: 'Your username'\n },\n confirmed: {\n type: 'boolean',\n title: 'Confirm',\n description: 'Please confirm',\n default: false\n }\n },\n required: ['username']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n username: 'test-user',\n confirmed: true\n }\n });\n\n // This should still throw because sampling is not supported by the client\n await expect(\n server.createMessage({\n messages: [],\n maxTokens: 10\n })\n ).rejects.toThrow(/^Client does not support/);\n});\n\ntest('should use elicitInput with mode: \"form\" by default for backwards compatibility', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', params => ({\n action: 'accept',\n content: {\n username: params.params.message.includes('username') ? 'test-user' : undefined,\n confirmed: true\n }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // After schema parsing, empty elicitation object should have form capability injected\n expect(server.getClientCapabilities()).toEqual({ elicitation: { form: {} } });\n\n // This should work because elicitation is supported by the client\n await expect(\n server.elicitInput({\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string',\n title: 'Username',\n description: 'Your username'\n },\n confirmed: {\n type: 'boolean',\n title: 'Confirm',\n description: 'Please confirm',\n default: false\n }\n },\n required: ['username']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n username: 'test-user',\n confirmed: true\n }\n });\n\n // This should still throw because sampling is not supported by the client\n await expect(\n server.createMessage({\n messages: [],\n maxTokens: 10\n })\n ).rejects.toThrow(/Client does not support/);\n});\n\ntest('should throw when elicitInput is called without client form capability', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {} // No form mode capability\n }\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', () => ({\n action: 'cancel'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string'\n }\n }\n }\n })\n ).rejects.toThrow('Client does not support form elicitation.');\n});\n\ntest('should throw when elicitInput is called without client URL capability', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {} // No URL mode capability\n }\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', () => ({\n action: 'cancel'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n mode: 'url',\n message: 'Open the authorization URL',\n elicitationId: 'elicitation-001',\n url: 'https://example.com/auth'\n })\n ).rejects.toThrow('Client does not support url elicitation.');\n});\n\ntest('should include form mode when sending elicitation form requests', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n const receivedModes: string[] = [];\n client.setRequestHandler('elicitation/create', request => {\n receivedModes.push(request.params.mode ?? '');\n return {\n action: 'accept',\n content: {\n confirmation: true\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n message: 'Confirm action',\n requestedSchema: {\n type: 'object',\n properties: {\n confirmation: {\n type: 'boolean'\n }\n },\n required: ['confirmation']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n confirmation: true\n }\n });\n\n expect(receivedModes).toEqual(['form']);\n});\n\ntest('should include url mode when sending elicitation URL requests', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const receivedModes: string[] = [];\n const receivedIds: string[] = [];\n client.setRequestHandler('elicitation/create', request => {\n receivedModes.push(request.params.mode ?? '');\n if (request.params.mode === 'url') {\n receivedIds.push(request.params.elicitationId);\n }\n return {\n action: 'decline'\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n mode: 'url',\n message: 'Complete verification',\n elicitationId: 'elicitation-xyz',\n url: 'https://example.com/verify'\n })\n ).resolves.toEqual({\n action: 'decline'\n });\n\n expect(receivedModes).toEqual(['url']);\n expect(receivedIds).toEqual(['elicitation-xyz']);\n});\n\ntest('should reject elicitInput when client response violates requested schema', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', () => ({\n action: 'accept',\n\n // Bad response: missing required field `username`\n content: {}\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: {\n type: 'string'\n }\n },\n required: ['username']\n }\n })\n ).rejects.toThrow('Elicitation response content does not match requested schema');\n});\n\ntest('should wrap unexpected validator errors during elicitInput', async () => {\n class ThrowingValidator implements jsonSchemaValidator {\n getValidator(_schema: JsonSchemaType): JsonSchemaValidator {\n throw new Error('boom - validator exploded');\n }\n }\n\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {},\n jsonSchemaValidator: new ThrowingValidator()\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n client.setRequestHandler('elicitation/create', () => ({\n action: 'accept',\n content: {\n username: 'ignored'\n }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Provide any data',\n requestedSchema: {\n type: 'object',\n properties: {},\n required: []\n }\n })\n ).rejects.toThrow('MCP error -32603: Error validating elicitation response: boom - validator exploded');\n});\n\ntest('should forward notification options when using elicitation completion notifier', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n client.setNotificationHandler('notifications/elicitation/complete', () => {});\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const notificationSpy = vi.spyOn(server, 'notification');\n\n const notifier = server.createElicitationCompletionNotifier('elicitation-789', { relatedRequestId: 42 });\n await notifier();\n\n expect(notificationSpy).toHaveBeenCalledWith(\n {\n method: 'notifications/elicitation/complete',\n params: {\n elicitationId: 'elicitation-789'\n }\n },\n expect.objectContaining({ relatedRequestId: 42 })\n );\n});\n\ntest('should create notifier that emits elicitation completion notification', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const receivedIds: string[] = [];\n client.setNotificationHandler('notifications/elicitation/complete', notification => {\n receivedIds.push(notification.params.elicitationId);\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const notifier = server.createElicitationCompletionNotifier('elicitation-123');\n await notifier();\n\n await new Promise(resolve => setTimeout(resolve, 0));\n\n expect(receivedIds).toEqual(['elicitation-123']);\n});\n\ntest('should throw when creating notifier if client lacks URL elicitation support', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(() => server.createElicitationCompletionNotifier('elicitation-123')).toThrow(\n 'Client does not support URL elicitation (required for notifications/elicitation/complete)'\n );\n});\n\ntest('should apply back-compat form capability injection when client sends empty elicitation object', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify that the schema preprocessing injected form capability\n const clientCapabilities = server.getClientCapabilities();\n expect(clientCapabilities).toBeDefined();\n expect(clientCapabilities?.elicitation).toBeDefined();\n expect(clientCapabilities?.elicitation?.form).toBeDefined();\n expect(clientCapabilities?.elicitation?.form).toEqual({});\n expect(clientCapabilities?.elicitation?.url).toBeUndefined();\n});\n\ntest('should preserve form capability configuration when client enables applyDefaults', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {\n form: {\n applyDefaults: true\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Verify that the schema preprocessing preserved the form capability configuration\n const clientCapabilities = server.getClientCapabilities();\n expect(clientCapabilities).toBeDefined();\n expect(clientCapabilities?.elicitation).toBeDefined();\n expect(clientCapabilities?.elicitation?.form).toBeDefined();\n expect(clientCapabilities?.elicitation?.form).toEqual({ applyDefaults: true });\n expect(clientCapabilities?.elicitation?.url).toBeUndefined();\n});\n\ntest('should validate elicitation response against requested schema', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // Set up client to return valid response\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n name: 'John Doe',\n email: 'john@example.com',\n age: 30\n }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Test with valid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: {\n type: 'string',\n minLength: 1\n },\n email: {\n type: 'string',\n minLength: 1\n },\n age: {\n type: 'integer',\n minimum: 0,\n maximum: 150\n }\n },\n required: ['name', 'email']\n }\n })\n ).resolves.toEqual({\n action: 'accept',\n content: {\n name: 'John Doe',\n email: 'john@example.com',\n age: 30\n }\n });\n});\n\ntest('should reject elicitation response with invalid data', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // Set up client to return invalid response (missing required field, invalid age)\n client.setRequestHandler('elicitation/create', _request => ({\n action: 'accept',\n content: {\n email: '', // Invalid - too short\n age: -5 // Invalid age\n }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Test with invalid response\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your information',\n requestedSchema: {\n type: 'object',\n properties: {\n name: {\n type: 'string',\n minLength: 1\n },\n email: {\n type: 'string',\n minLength: 1\n },\n age: {\n type: 'integer',\n minimum: 0,\n maximum: 150\n }\n },\n required: ['name', 'email']\n }\n })\n ).rejects.toThrow(/does not match requested schema/);\n});\n\ntest('should allow elicitation reject and cancel without validation', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n let requestCount = 0;\n client.setRequestHandler('elicitation/create', _request => {\n requestCount++;\n return requestCount === 1 ? { action: 'decline' } : { action: 'cancel' };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const schema = {\n type: 'object' as const,\n properties: {\n name: { type: 'string' as const }\n },\n required: ['name']\n };\n\n // Test reject - should not validate\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your name',\n requestedSchema: schema\n })\n ).resolves.toEqual({\n action: 'decline'\n });\n\n // Test cancel - should not validate\n await expect(\n server.elicitInput({\n mode: 'form',\n message: 'Please provide your name',\n requestedSchema: schema\n })\n ).resolves.toEqual({\n action: 'cancel'\n });\n});\n\ntest('should respect server notification capabilities', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const [_clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await server.connect(serverTransport);\n\n // This should work because logging is supported by the server\n await expect(\n server.sendLoggingMessage({\n level: 'info',\n data: 'Test log message'\n })\n ).resolves.not.toThrow();\n\n // This should throw because resource notificaitons are not supported by the server\n await expect(server.sendResourceUpdated({ uri: 'test://resource' })).rejects.toThrow(/^Server does not support/);\n});\n\ntest('should only allow setRequestHandler for declared capabilities', () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {}\n }\n }\n );\n\n // These should work because the capabilities are declared\n expect(() => {\n server.setRequestHandler('prompts/list', () => ({ prompts: [] }));\n }).not.toThrow();\n\n expect(() => {\n server.setRequestHandler('resources/list', () => ({\n resources: []\n }));\n }).not.toThrow();\n\n // These should throw because the capabilities are not declared\n expect(() => {\n server.setRequestHandler('tools/list', () => ({ tools: [] }));\n }).toThrow(/^Server does not support tools/);\n\n expect(() => {\n server.setRequestHandler('logging/setLevel', () => ({}));\n }).toThrow(/^Server does not support logging/);\n});\n\ntest('should handle server cancelling a request', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n // Set up client to delay responding to createMessage\n client.setRequestHandler('sampling/createMessage', async (_request, _extra) => {\n await new Promise(resolve => setTimeout(resolve, 1000));\n return {\n model: 'test',\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Set up abort controller\n const controller = new AbortController();\n\n // Issue request but cancel it immediately\n const createMessagePromise = server.createMessage(\n {\n messages: [],\n maxTokens: 10\n },\n {\n signal: controller.signal\n }\n );\n controller.abort('Cancelled by test');\n\n // Request should be rejected with an SdkError (local timeout/cancellation)\n await expect(createMessagePromise).rejects.toThrow(SdkError);\n});\n\ntest('should handle request timeout', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {}\n }\n );\n\n // Set up client that delays responses\n const client = new Client(\n {\n name: 'test client',\n version: '1.0'\n },\n {\n capabilities: {\n sampling: {}\n }\n }\n );\n\n client.setRequestHandler('sampling/createMessage', async (_request, ctx) => {\n await new Promise((resolve, reject) => {\n const timeout = setTimeout(resolve, 100);\n ctx.mcpReq.signal.addEventListener('abort', () => {\n clearTimeout(timeout);\n reject(ctx.mcpReq.signal.reason);\n });\n });\n\n return {\n model: 'test',\n role: 'assistant',\n content: {\n type: 'text',\n text: 'Test response'\n }\n };\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Request with 0 msec timeout should fail immediately\n await expect(\n server.createMessage(\n {\n messages: [],\n maxTokens: 10\n },\n { timeout: 0 }\n )\n ).rejects.toMatchObject({\n code: SdkErrorCode.RequestTimeout\n });\n});\n\n/*\n Test automatic log level handling for transports with and without sessionId\n */\ntest('should respect log level for transport without sessionId', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(clientTransport.sessionId).toEqual(undefined);\n\n // Client sets logging level to warning\n await client.setLoggingLevel('warning');\n\n // This one will make it through\n const warningParams: LoggingMessageNotification['params'] = {\n level: 'warning',\n logger: 'test server',\n data: 'Warning message'\n };\n\n // This one will not\n const debugParams: LoggingMessageNotification['params'] = {\n level: 'debug',\n logger: 'test server',\n data: 'Debug message'\n };\n\n // Test the one that makes it through\n clientTransport.onmessage = vi.fn().mockImplementation(message => {\n expect(message).toEqual({\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: warningParams\n });\n });\n\n // This one will not make it through\n await server.sendLoggingMessage(debugParams);\n expect(clientTransport.onmessage).not.toHaveBeenCalled();\n\n // This one will, triggering the above test in clientTransport.onmessage\n await server.sendLoggingMessage(warningParams);\n expect(clientTransport.onmessage).toHaveBeenCalled();\n});\n\ndescribe('createMessage validation', () => {\n test('should throw when tools are provided without sampling.tools capability', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client(\n { name: 'test client', version: '1.0' },\n { capabilities: { sampling: {} } } // No tools capability\n );\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).rejects.toThrow('Client does not support sampling tools capability.');\n });\n\n test('should throw when toolChoice is provided without sampling.tools capability', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client(\n { name: 'test client', version: '1.0' },\n { capabilities: { sampling: {} } } // No tools capability\n );\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n toolChoice: { mode: 'auto' }\n })\n ).rejects.toThrow('Client does not support sampling tools capability.');\n });\n\n test('should throw when tool_result is mixed with other content', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n {\n role: 'user',\n content: [\n { type: 'tool_result', toolUseId: 'call_1', content: [] },\n { type: 'text', text: 'mixed content' } // Mixed!\n ]\n }\n ],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).rejects.toThrow('The last message must contain only tool_result content if any is present');\n });\n\n test('should throw when tool_result has no matching tool_use in previous message', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // tool_result without previous tool_use\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'call_1', content: [] } }\n ],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).rejects.toThrow('tool_result blocks are not matching any tool_use from the previous message');\n });\n\n test('should throw when tool_result IDs do not match tool_use IDs', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'wrong_id', content: [] } }\n ],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).rejects.toThrow('ids of tool_result blocks and tool_use blocks from previous message do not match');\n });\n\n test('should allow text-only messages with tools (no tool_results)', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).resolves.toMatchObject({ model: 'test-model' });\n });\n\n test('should allow valid matching tool_result/tool_use IDs', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'call_1', content: [] } }\n ],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).resolves.toMatchObject({ model: 'test-model' });\n });\n\n test('should throw when user sends text instead of tool_result after tool_use', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // User ignores tool_use and sends text instead\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n { role: 'user', content: { type: 'text', text: 'actually nevermind' } }\n ],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n })\n ).rejects.toThrow('ids of tool_result blocks and tool_use blocks from previous message do not match');\n });\n\n test('should throw when only some tool_results are provided for parallel tool_use', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Parallel tool_use but only one tool_result provided\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n {\n role: 'assistant',\n content: [\n { type: 'tool_use', id: 'call_1', name: 'tool_a', input: {} },\n { type: 'tool_use', id: 'call_2', name: 'tool_b', input: {} }\n ]\n },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'call_1', content: [] } }\n ],\n maxTokens: 100,\n tools: [\n { name: 'tool_a', inputSchema: { type: 'object' } },\n { name: 'tool_b', inputSchema: { type: 'object' } }\n ]\n })\n ).rejects.toThrow('ids of tool_result blocks and tool_use blocks from previous message do not match');\n });\n\n test('should validate tool_use/tool_result even without tools in current request', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Previous request returned tool_use, now sending tool_result without tools param\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'wrong_id', content: [] } }\n ],\n maxTokens: 100\n // Note: no tools param - this is a follow-up request after tool execution\n })\n ).rejects.toThrow('ids of tool_result blocks and tool_use blocks from previous message do not match');\n });\n\n test('should allow valid tool_use/tool_result without tools in current request', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Previous request returned tool_use, now sending matching tool_result without tools param\n await expect(\n server.createMessage({\n messages: [\n { role: 'user', content: { type: 'text', text: 'hello' } },\n { role: 'assistant', content: { type: 'tool_use', id: 'call_1', name: 'test_tool', input: {} } },\n { role: 'user', content: { type: 'tool_result', toolUseId: 'call_1', content: [] } }\n ],\n maxTokens: 100\n // Note: no tools param - this is a follow-up request after tool execution\n })\n ).resolves.toMatchObject({ model: 'test-model' });\n });\n\n test('should handle empty messages array', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Empty messages array should not crash\n await expect(\n server.createMessage({\n messages: [],\n maxTokens: 100\n })\n ).resolves.toMatchObject({ model: 'test-model' });\n });\n});\n\ndescribe('createMessageStream', () => {\n test('should throw when tools are provided without sampling.tools capability', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n role: 'assistant',\n content: { type: 'text', text: 'Response' },\n model: 'test-model'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(() => {\n server.experimental.tasks.createMessageStream({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n maxTokens: 100,\n tools: [{ name: 'test_tool', inputSchema: { type: 'object' } }]\n });\n }).toThrow('Client does not support sampling tools capability');\n });\n\n test('should throw when tool_result has no matching tool_use in previous message', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n role: 'assistant',\n content: { type: 'text', text: 'Response' },\n model: 'test-model'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n expect(() => {\n server.experimental.tasks.createMessageStream({\n messages: [\n { role: 'user', content: { type: 'text', text: 'Hello' } },\n {\n role: 'user',\n content: [{ type: 'tool_result', toolUseId: 'test-id', content: [{ type: 'text', text: 'result' }] }]\n }\n ],\n maxTokens: 100\n });\n }).toThrow('tool_result blocks are not matching any tool_use from the previous message');\n });\n\n describe('terminal message guarantees', () => {\n test('should yield exactly one terminal message for successful request', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => ({\n role: 'assistant',\n content: { type: 'text', text: 'Response' },\n model: 'test-model'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.createMessageStream({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n maxTokens: 100\n });\n\n const allMessages = await toArrayAsync(stream);\n\n expect(allMessages.length).toBe(1);\n expect(allMessages[0].type).toBe('result');\n\n const taskMessages = allMessages.filter(m => m.type === 'taskCreated' || m.type === 'taskStatus');\n expect(taskMessages.length).toBe(0);\n });\n\n test('should yield error as terminal message when client returns error', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', async () => {\n throw new Error('Simulated client error');\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.createMessageStream({\n messages: [{ role: 'user', content: { type: 'text', text: 'Hello' } }],\n maxTokens: 100\n });\n\n const allMessages = await toArrayAsync(stream);\n\n expect(allMessages.length).toBe(1);\n expect(allMessages[0].type).toBe('error');\n });\n\n test('should yield exactly one terminal message with result', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', () => ({\n model: 'test-model',\n role: 'assistant' as const,\n content: { type: 'text' as const, text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.createMessageStream({\n messages: [{ role: 'user', content: { type: 'text', text: 'Message' } }],\n maxTokens: 100\n });\n\n const messages = await toArrayAsync(stream);\n const terminalMessages = messages.filter(m => m.type === 'result' || m.type === 'error');\n\n expect(terminalMessages.length).toBe(1);\n\n const lastMessage = messages.at(-1);\n expect(lastMessage.type === 'result' || lastMessage.type === 'error').toBe(true);\n\n if (lastMessage.type === 'result') {\n expect((lastMessage.result as CreateMessageResult).content).toBeDefined();\n }\n });\n });\n\n describe('non-task request minimality', () => {\n test('should yield only result message for non-task request', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n client.setRequestHandler('sampling/createMessage', () => ({\n model: 'test-model',\n role: 'assistant' as const,\n content: { type: 'text' as const, text: 'Response' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.createMessageStream({\n messages: [{ role: 'user', content: { type: 'text', text: 'Message' } }],\n maxTokens: 100\n });\n\n const messages = await toArrayAsync(stream);\n\n const taskMessages = messages.filter(m => m.type === 'taskCreated' || m.type === 'taskStatus');\n expect(taskMessages.length).toBe(0);\n\n const resultMessages = messages.filter(m => m.type === 'result');\n expect(resultMessages.length).toBe(1);\n\n expect(messages.length).toBe(1);\n });\n });\n\n describe('task-augmented request handling', () => {\n test('should yield taskCreated and result for task-augmented request', async () => {\n const clientTaskStore = new InMemoryTaskStore();\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n const client = new Client(\n { name: 'test client', version: '1.0' },\n {\n capabilities: {\n sampling: {},\n tasks: {\n requests: {\n sampling: { createMessage: {} }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('sampling/createMessage', async (request, extra) => {\n const result = {\n model: 'test-model',\n role: 'assistant' as const,\n content: { type: 'text' as const, text: 'Task response' }\n };\n\n if (request.params.task && extra.task?.store) {\n const task = await extra.task.store.createTask({ ttl: extra.task.requestedTtl });\n await extra.task.store.storeTaskResult(task.taskId, 'completed', result);\n return { task };\n }\n return result;\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.createMessageStream(\n {\n messages: [{ role: 'user', content: { type: 'text', text: 'Task-augmented message' } }],\n maxTokens: 100\n },\n { task: { ttl: 60_000 } }\n );\n\n const messages = await toArrayAsync(stream);\n\n // Should have taskCreated and result\n expect(messages.length).toBeGreaterThanOrEqual(2);\n\n // First message should be taskCreated\n expect(messages[0].type).toBe('taskCreated');\n const taskCreated = messages[0] as { type: 'taskCreated'; task: Task };\n expect(taskCreated.task.taskId).toBeDefined();\n\n // Last message should be result\n const lastMessage = messages.at(-1);\n expect(lastMessage.type).toBe('result');\n if (lastMessage.type === 'result') {\n expect((lastMessage.result as CreateMessageResult).model).toBe('test-model');\n }\n\n clientTaskStore.cleanup();\n });\n });\n});\n\ndescribe('createMessage backwards compatibility', () => {\n test('createMessage without tools returns single content (backwards compat)', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: {} } });\n\n // Mock client returns single text content\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'Hello from LLM' }\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Call createMessage WITHOUT tools\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100\n });\n\n // Backwards compat: result.content should be single (not array)\n expect(result.model).toBe('test-model');\n expect(Array.isArray(result.content)).toBe(false);\n expect(result.content.type).toBe('text');\n if (result.content.type === 'text') {\n expect(result.content.text).toBe('Hello from LLM');\n }\n });\n\n test('createMessage with tools accepts request and returns result', async () => {\n const server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n const client = new Client({ name: 'test client', version: '1.0' }, { capabilities: { sampling: { tools: {} } } });\n\n // Mock client returns text content (tool_use schema validation is tested in types.test.ts)\n client.setRequestHandler('sampling/createMessage', async () => ({\n model: 'test-model',\n role: 'assistant',\n content: { type: 'text', text: 'I will use the weather tool' },\n stopReason: 'endTurn'\n }));\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Call createMessage WITH tools - verifies the overload works\n const result = await server.createMessage({\n messages: [{ role: 'user', content: { type: 'text', text: 'hello' } }],\n maxTokens: 100,\n tools: [{ name: 'get_weather', inputSchema: { type: 'object' } }]\n });\n\n // Verify result is returned correctly\n expect(result.model).toBe('test-model');\n expect(result.content).toMatchObject({ type: 'text', text: 'I will use the weather tool' });\n expect(result.content).not.toBeInstanceOf(Array);\n });\n});\n\ntest('should respect log level for transport with sessionId', async () => {\n const server = new Server(\n {\n name: 'test server',\n version: '1.0'\n },\n {\n capabilities: {\n prompts: {},\n resources: {},\n tools: {},\n logging: {}\n },\n enforceStrictCapabilities: true\n }\n );\n\n const client = new Client({\n name: 'test client',\n version: '1.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n // Add a session id to the transports\n const SESSION_ID = 'test-session-id';\n clientTransport.sessionId = SESSION_ID;\n serverTransport.sessionId = SESSION_ID;\n\n expect(clientTransport.sessionId).toBeDefined();\n expect(serverTransport.sessionId).toBeDefined();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Client sets logging level to warning\n await client.setLoggingLevel('warning');\n\n // This one will make it through\n const warningParams: LoggingMessageNotification['params'] = {\n level: 'warning',\n logger: 'test server',\n data: 'Warning message'\n };\n\n // This one will not\n const debugParams: LoggingMessageNotification['params'] = {\n level: 'debug',\n logger: 'test server',\n data: 'Debug message'\n };\n\n // Test the one that makes it through\n clientTransport.onmessage = vi.fn().mockImplementation(message => {\n expect(message).toEqual({\n jsonrpc: '2.0',\n method: 'notifications/message',\n params: warningParams\n });\n });\n\n // This one will not make it through\n await server.sendLoggingMessage(debugParams, SESSION_ID);\n expect(clientTransport.onmessage).not.toHaveBeenCalled();\n\n // This one will, triggering the above test in clientTransport.onmessage\n await server.sendLoggingMessage(warningParams, SESSION_ID);\n expect(clientTransport.onmessage).toHaveBeenCalled();\n});\n\ndescribe('createMcpExpressApp', () => {\n test('should create an Express app', () => {\n const app = createMcpExpressApp();\n expect(app).toBeDefined();\n });\n\n test('should parse JSON bodies', async () => {\n const app = createMcpExpressApp({ host: '0.0.0.0' }); // Disable host validation for this test\n app.post('/test', (req: Request, res: Response) => {\n res.json({ received: req.body });\n });\n\n const response = await supertest(app).post('/test').send({ hello: 'world' }).set('Content-Type', 'application/json');\n\n expect(response.status).toBe(200);\n expect(response.body).toEqual({ received: { hello: 'world' } });\n });\n\n test('should reject requests with invalid Host header by default', async () => {\n const app = createMcpExpressApp();\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n const response = await supertest(app).post('/test').set('Host', 'evil.com:3000').send({});\n\n expect(response.status).toBe(403);\n expect(response.body).toEqual({\n jsonrpc: '2.0',\n error: {\n code: -32_000,\n message: 'Invalid Host: evil.com'\n },\n id: null\n });\n });\n\n test('should allow requests with localhost Host header', async () => {\n const app = createMcpExpressApp();\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n const response = await supertest(app).post('/test').set('Host', 'localhost:3000').send({});\n\n expect(response.status).toBe(200);\n expect(response.body).toEqual({ success: true });\n });\n\n test('should allow requests with 127.0.0.1 Host header', async () => {\n const app = createMcpExpressApp();\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n const response = await supertest(app).post('/test').set('Host', '127.0.0.1:3000').send({});\n\n expect(response.status).toBe(200);\n expect(response.body).toEqual({ success: true });\n });\n\n test('should not apply host validation when host is 0.0.0.0', async () => {\n const app = createMcpExpressApp({ host: '0.0.0.0' });\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n // Should allow any host when bound to 0.0.0.0\n const response = await supertest(app).post('/test').set('Host', 'any-host.com:3000').send({});\n\n expect(response.status).toBe(200);\n expect(response.body).toEqual({ success: true });\n });\n\n test('should apply host validation when host is explicitly localhost', async () => {\n const app = createMcpExpressApp({ host: 'localhost' });\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n // Should reject non-localhost hosts\n const response = await supertest(app).post('/test').set('Host', 'evil.com:3000').send({});\n\n expect(response.status).toBe(403);\n });\n\n test('should allow requests with IPv6 localhost Host header', async () => {\n const app = createMcpExpressApp();\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n const response = await supertest(app).post('/test').set('Host', '[::1]:3000').send({});\n\n expect(response.status).toBe(200);\n expect(response.body).toEqual({ success: true });\n });\n\n test('should apply host validation when host is ::1 (IPv6 localhost)', async () => {\n const app = createMcpExpressApp({ host: '::1' });\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n // Should reject non-localhost hosts\n const response = await supertest(app).post('/test').set('Host', 'evil.com:3000').send({});\n\n expect(response.status).toBe(403);\n });\n\n test('should warn when binding to 0.0.0.0', () => {\n const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});\n createMcpExpressApp({ host: '0.0.0.0' });\n expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining('0.0.0.0'));\n warnSpy.mockRestore();\n });\n\n test('should warn when binding to :: (IPv6 all interfaces)', () => {\n const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});\n createMcpExpressApp({ host: '::' });\n expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining('::'));\n warnSpy.mockRestore();\n });\n\n test('should use custom allowedHosts when provided', async () => {\n const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});\n const app = createMcpExpressApp({ host: '0.0.0.0', allowedHosts: ['myapp.local', 'localhost'] });\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n // Should not warn when allowedHosts is provided\n expect(warnSpy).not.toHaveBeenCalled();\n warnSpy.mockRestore();\n\n // Should allow myapp.local\n const allowedResponse = await supertest(app).post('/test').set('Host', 'myapp.local:3000').send({});\n expect(allowedResponse.status).toBe(200);\n\n // Should reject other hosts\n const rejectedResponse = await supertest(app).post('/test').set('Host', 'evil.com:3000').send({});\n expect(rejectedResponse.status).toBe(403);\n });\n\n test('should override default localhost validation when allowedHosts is provided', async () => {\n // Even though host is localhost, we're using custom allowedHosts\n const app = createMcpExpressApp({ host: 'localhost', allowedHosts: ['custom.local'] });\n app.post('/test', (_req: Request, res: Response) => {\n res.json({ success: true });\n });\n\n // Should reject localhost since it's not in allowedHosts\n const response = await supertest(app).post('/test').set('Host', 'localhost:3000').send({});\n expect(response.status).toBe(403);\n\n // Should allow custom.local\n const allowedResponse = await supertest(app).post('/test').set('Host', 'custom.local:3000').send({});\n expect(allowedResponse.status).toBe(200);\n });\n});\n\ndescribe('Task-based execution', () => {\n test('server with TaskStore should handle task-based tool execution', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n // Register a tool using registerToolTask\n server.experimental.tasks.registerToolTask(\n 'test-tool',\n {\n description: 'A test tool',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n // Simulate some async work\n (async () => {\n await new Promise(resolve => setTimeout(resolve, 10));\n const result = {\n content: [{ type: 'text', text: 'Tool executed successfully!' }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Use callToolStream to create a task and capture the task ID\n let taskId: string | undefined;\n const stream = client.experimental.tasks.callToolStream(\n { name: 'test-tool', arguments: {} },\n {\n task: {\n ttl: 60_000\n }\n }\n );\n\n for await (const message of stream) {\n if (message.type === 'taskCreated') {\n taskId = message.task.taskId;\n }\n }\n\n expect(taskId).toBeDefined();\n\n // Wait for the task to complete\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify we can retrieve the task\n const task = await client.experimental.tasks.getTask(taskId!);\n expect(task).toBeDefined();\n expect(task.status).toBe('completed');\n\n // Verify we can retrieve the result\n const result = await client.experimental.tasks.getTaskResult(taskId!, CallToolResultSchema);\n expect(result.content).toEqual([{ type: 'text', text: 'Tool executed successfully!' }]);\n\n // Cleanup\n taskStore.cleanup();\n });\n\n test('server without TaskStore should reject task-based requests', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {}\n }\n // No taskStore configured\n }\n );\n\n server.setRequestHandler('tools/call', async request => {\n if (request.params.name === 'test-tool') {\n return {\n content: [{ type: 'text', text: 'Success!' }]\n };\n }\n throw new Error('Unknown tool');\n });\n\n server.setRequestHandler('tools/list', async () => ({\n tools: [\n {\n name: 'test-tool',\n description: 'A test tool',\n inputSchema: {\n type: 'object',\n properties: {}\n }\n }\n ]\n }));\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to get a task when server doesn't have TaskStore\n // The server will return a \"Method not found\" error\n await expect(client.experimental.tasks.getTask('non-existent')).rejects.toThrow('Method not found');\n });\n\n test('should automatically attach related-task metadata to nested requests during tool execution', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n // Track the elicitation request to verify related-task metadata\n let capturedElicitRequest: z.infer | null = null;\n\n // Set up client elicitation handler\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n let taskId: string | undefined;\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const createdTask = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n taskId = createdTask.taskId;\n }\n\n // Capture the request to verify metadata later\n capturedElicitRequest = request;\n\n return {\n action: 'accept',\n content: {\n username: 'test-user'\n }\n };\n });\n\n // Register a tool using registerToolTask that makes a nested elicitation request\n server.experimental.tasks.registerToolTask(\n 'collect-info',\n {\n description: 'Collects user info via elicitation',\n inputSchema: z.object({})\n },\n {\n async createTask(_args, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n // Perform async work that makes a nested request\n (async () => {\n // During tool execution, make a nested request to the client using ctx.mcpReq.send\n const elicitResult = await ctx.mcpReq.send({\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: { type: 'string' }\n },\n required: ['username']\n }\n }\n });\n\n const result = {\n content: [\n {\n type: 'text',\n text: `Collected username: ${elicitResult.action === 'accept' && elicitResult.content ? (elicitResult.content as Record).username : 'none'}`\n }\n ]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Call tool WITH task creation using callToolStream to capture task ID\n let taskId: string | undefined;\n const stream = client.experimental.tasks.callToolStream(\n { name: 'collect-info', arguments: {} },\n {\n task: {\n ttl: 60_000\n }\n }\n );\n\n for await (const message of stream) {\n if (message.type === 'taskCreated') {\n taskId = message.task.taskId;\n }\n }\n\n expect(taskId).toBeDefined();\n\n // Wait for completion\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Verify the nested elicitation request was made (related-task metadata is no longer automatically attached)\n expect(capturedElicitRequest).toBeDefined();\n\n // Verify tool result was correct\n const result = await client.experimental.tasks.getTaskResult(taskId!, CallToolResultSchema);\n expect(result.content).toEqual([\n {\n type: 'text',\n text: 'Collected username: test-user'\n }\n ]);\n\n // Cleanup\n taskStore.cleanup();\n });\n\n describe('Server calling client via elicitation', () => {\n let clientTaskStore: InMemoryTaskStore;\n\n beforeEach(() => {\n clientTaskStore = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n clientTaskStore?.cleanup();\n });\n\n test('should create task on client via elicitation', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'server-test-user', confirmed: true }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server({\n name: 'test-server',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Server creates task on client via elicitation\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Please provide your username',\n requestedSchema: {\n type: 'object',\n properties: {\n username: { type: 'string' },\n confirmed: { type: 'boolean' }\n },\n required: ['username']\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Verify task was created\n const task = await server.experimental.tasks.getTask(taskId);\n expect(task.status).toBe('completed');\n });\n\n test('should query task from client using getTask', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'list-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server({\n name: 'test-server',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create task\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Provide info',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Query task\n const task = await server.experimental.tasks.getTask(taskId);\n expect(task).toBeDefined();\n expect(task.taskId).toBe(taskId);\n expect(task.status).toBe('completed');\n });\n\n test('should query task result from client using getTaskResult', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'result-user', confirmed: true }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server({\n name: 'test-server',\n version: '1.0.0'\n });\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create task\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Provide info',\n requestedSchema: {\n type: 'object',\n properties: {\n username: { type: 'string' },\n confirmed: { type: 'boolean' }\n }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n // Query result\n const result = await server.experimental.tasks.getTaskResult(taskId, ElicitResultSchema);\n expect(result.action).toBe('accept');\n expect(result.content).toEqual({ username: 'result-user', confirmed: true });\n });\n\n test('should query task list from client using listTasks', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'list-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create multiple tasks\n const createdTaskIds: string[] = [];\n for (let i = 0; i < 2; i++) {\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Provide info',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure and capture taskId\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n createdTaskIds.push(createTaskResult.task.taskId);\n }\n\n // Query task list\n const taskList = await server.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThanOrEqual(2);\n for (const taskId of createdTaskIds) {\n expect(taskList.tasks).toContainEqual(\n expect.objectContaining({\n taskId,\n status: 'completed'\n })\n );\n }\n });\n });\n\n test('should handle multiple concurrent task-based tool calls', async () => {\n const taskStore = new InMemoryTaskStore();\n\n const server = new McpServer(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n // Register a tool using registerToolTask with variable delay\n server.experimental.tasks.registerToolTask(\n 'async-tool',\n {\n description: 'An async test tool',\n inputSchema: z.object({\n delay: z.number().optional().default(10),\n taskNum: z.number().optional()\n })\n },\n {\n async createTask({ delay, taskNum }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n\n // Simulate async work\n (async () => {\n await new Promise(resolve => setTimeout(resolve, delay));\n const result = {\n content: [{ type: 'text', text: `Completed task ${taskNum || 'unknown'}` }]\n };\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Create multiple tasks concurrently\n const pendingRequests = Array.from({ length: 4 }, (_, index) =>\n client.callTool(\n { name: 'async-tool', arguments: { delay: 10 + index * 5, taskNum: index + 1 } },\n {\n task: { ttl: 60_000 }\n }\n )\n );\n\n // Wait for all tasks to complete\n await Promise.all(pendingRequests);\n\n // Wait a bit more to ensure all tasks are completed\n await new Promise(resolve => setTimeout(resolve, 50));\n\n // Get all task IDs from the task list\n const taskList = await client.experimental.tasks.listTasks();\n expect(taskList.tasks.length).toBeGreaterThanOrEqual(4);\n const taskIds = taskList.tasks.map(t => t.taskId);\n\n // Verify all tasks completed successfully\n for (const [i, taskId] of taskIds.entries()) {\n const task = await client.experimental.tasks.getTask(taskId!);\n expect(task.status).toBe('completed');\n expect(task.taskId).toBe(taskId!);\n\n const result = await client.experimental.tasks.getTaskResult(taskId!, CallToolResultSchema);\n expect(result.content).toEqual([{ type: 'text', text: `Completed task ${i + 1}` }]);\n }\n\n // Verify listTasks returns all tasks\n const finalTaskList = await client.experimental.tasks.listTasks();\n for (const taskId of taskIds) {\n expect(finalTaskList.tasks).toContainEqual(expect.objectContaining({ taskId }));\n }\n\n // Cleanup\n taskStore.cleanup();\n });\n\n describe('Error scenarios', () => {\n let taskStore: InMemoryTaskStore;\n let clientTaskStore: InMemoryTaskStore;\n\n beforeEach(() => {\n taskStore = new InMemoryTaskStore();\n clientTaskStore = new InMemoryTaskStore();\n });\n\n afterEach(() => {\n taskStore?.cleanup();\n clientTaskStore?.cleanup();\n });\n\n test('should throw error when client queries non-existent task from server', async () => {\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tools: {},\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n },\n taskStore\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to query a task that doesn't exist\n await expect(client.experimental.tasks.getTask('non-existent-task')).rejects.toThrow();\n });\n\n test('should throw error when server queries non-existent task from client', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async () => ({\n action: 'accept',\n content: { username: 'test' }\n }));\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n }\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Try to query a task that doesn't exist on client\n await expect(server.experimental.tasks.getTask('non-existent-task')).rejects.toThrow();\n });\n });\n});\n\ntest('should respect client task capabilities', async () => {\n const clientTaskStore = new InMemoryTaskStore();\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n sampling: {},\n elicitation: {},\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n client.setRequestHandler('elicitation/create', async (request, ctx) => {\n const result = {\n action: 'accept',\n content: { username: 'test-user' }\n };\n\n // Check if task creation is requested\n if (request.params.task && ctx.task?.store) {\n const task = await ctx.task.store.createTask({\n ttl: ctx.task.requestedTtl\n });\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', result);\n // Return CreateTaskResult when task creation is requested\n return { task };\n }\n\n // Return ElicitResult for non-task requests\n return result;\n });\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0'\n },\n {\n capabilities: {\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n },\n enforceStrictCapabilities: true\n }\n );\n\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Client supports task creation for elicitation/create and task methods\n expect(server.getClientCapabilities()).toEqual({\n sampling: {},\n elicitation: {\n form: {}\n },\n tasks: {\n requests: {\n elicitation: {\n create: {}\n }\n }\n }\n });\n\n // These should work because client supports tasks\n const createTaskResult = await server.request(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'Test',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } }\n }\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n // Verify CreateTaskResult structure\n expect(createTaskResult.task).toBeDefined();\n expect(createTaskResult.task.taskId).toBeDefined();\n const taskId = createTaskResult.task.taskId;\n\n await expect(server.experimental.tasks.listTasks()).resolves.not.toThrow();\n await expect(server.experimental.tasks.getTask(taskId)).resolves.not.toThrow();\n\n // This should throw because client doesn't support task creation for sampling/createMessage\n await expect(\n server.request(\n {\n method: 'sampling/createMessage',\n params: {\n messages: [],\n maxTokens: 10\n }\n },\n { task: { taskId: 'test-task-2', keepAlive: 60_000 } }\n )\n ).rejects.toThrow('Client does not support task creation for sampling/createMessage');\n\n clientTaskStore.cleanup();\n});\n\ndescribe('elicitInputStream', () => {\n let server: Server;\n let client: Client;\n let clientTransport: ReturnType[0];\n let serverTransport: ReturnType[1];\n\n beforeEach(async () => {\n server = new Server({ name: 'test server', version: '1.0' }, { capabilities: {} });\n\n client = new Client(\n { name: 'test client', version: '1.0' },\n {\n capabilities: {\n elicitation: {\n form: {},\n url: {}\n }\n }\n }\n );\n\n [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n });\n\n afterEach(async () => {\n await server.close().catch(() => {});\n await client.close().catch(() => {});\n });\n\n test('should throw when client does not support form elicitation', async () => {\n // Create client without form elicitation capability\n const noFormClient = new Client(\n { name: 'test client', version: '1.0' },\n {\n capabilities: {\n elicitation: {\n url: {}\n }\n }\n }\n );\n\n const [noFormClientTransport, noFormServerTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([noFormClient.connect(noFormClientTransport), server.connect(noFormServerTransport)]);\n\n expect(() => {\n server.experimental.tasks.elicitInputStream({\n mode: 'form',\n message: 'Enter data',\n requestedSchema: { type: 'object', properties: {} }\n });\n }).toThrow('Client does not support form elicitation.');\n\n await noFormClient.close().catch(() => {});\n });\n\n test('should throw when client does not support url elicitation', async () => {\n // Create client without url elicitation capability\n const noUrlClient = new Client(\n { name: 'test client', version: '1.0' },\n {\n capabilities: {\n elicitation: {\n form: {}\n }\n }\n }\n );\n\n const [noUrlClientTransport, noUrlServerTransport] = InMemoryTransport.createLinkedPair();\n\n await Promise.all([noUrlClient.connect(noUrlClientTransport), server.connect(noUrlServerTransport)]);\n\n expect(() => {\n server.experimental.tasks.elicitInputStream({\n mode: 'url',\n message: 'Open URL',\n elicitationId: 'test-123',\n url: 'https://example.com/auth'\n });\n }).toThrow('Client does not support url elicitation.');\n\n await noUrlClient.close().catch(() => {});\n });\n\n test('should default to form mode when mode is not specified', async () => {\n const requestStreamSpy = vi.spyOn(server.experimental.tasks, 'requestStream');\n\n client.setRequestHandler('elicitation/create', () => ({\n action: 'accept',\n content: { value: 'test' }\n }));\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Call without explicit mode\n const params = {\n message: 'Enter value',\n requestedSchema: {\n type: 'object' as const,\n properties: { value: { type: 'string' as const } }\n }\n };\n\n const stream = server.experimental.tasks.elicitInputStream(\n params as Parameters[0]\n );\n await toArrayAsync(stream);\n\n // Verify mode was normalized to 'form'\n expect(requestStreamSpy).toHaveBeenCalledWith(\n expect.objectContaining({\n method: 'elicitation/create',\n params: expect.objectContaining({ mode: 'form' })\n }),\n undefined\n );\n });\n\n test('should yield error as terminal message when client returns error', async () => {\n client.setRequestHandler('elicitation/create', () => {\n throw new Error('Simulated client error');\n });\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.elicitInputStream({\n mode: 'form',\n message: 'Enter data',\n requestedSchema: {\n type: 'object',\n properties: { value: { type: 'string' } }\n }\n });\n\n const allMessages = await toArrayAsync(stream);\n\n expect(allMessages.length).toBe(1);\n expect(allMessages[0].type).toBe('error');\n });\n\n // For any streaming elicitation request, the AsyncGenerator yields exactly one terminal\n // message (either 'result' or 'error') as its final message.\n describe('terminal message guarantees', () => {\n test.each([\n { action: 'accept' as const, content: { data: 'test-value' } },\n { action: 'decline' as const, content: undefined },\n { action: 'cancel' as const, content: undefined }\n ])('should yield exactly one terminal message for action: $action', async ({ action, content }) => {\n client.setRequestHandler('elicitation/create', () => ({\n action,\n content\n }));\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n const stream = server.experimental.tasks.elicitInputStream({\n mode: 'form',\n message: 'Test message',\n requestedSchema: {\n type: 'object',\n properties: { data: { type: 'string' } }\n }\n });\n\n const messages = await toArrayAsync(stream);\n\n // Count terminal messages (result or error)\n const terminalMessages = messages.filter(m => m.type === 'result' || m.type === 'error');\n\n expect(terminalMessages.length).toBe(1);\n\n // Verify terminal message is the last message\n const lastMessage = messages.at(-1);\n expect(lastMessage.type === 'result' || lastMessage.type === 'error').toBe(true);\n\n // Verify result content matches expected action\n if (lastMessage.type === 'result') {\n expect((lastMessage.result as ElicitResult).action).toBe(action);\n }\n });\n });\n\n // For any non-task elicitation request, the generator yields exactly one 'result' message\n // (or 'error' if the request fails), with no 'taskCreated' or 'taskStatus' messages.\n describe('non-task request minimality', () => {\n test.each([\n { action: 'accept' as const, content: { value: 'test' } },\n { action: 'decline' as const, content: undefined },\n { action: 'cancel' as const, content: undefined }\n ])('should yield only result message for non-task request with action: $action', async ({ action, content }) => {\n client.setRequestHandler('elicitation/create', () => ({\n action,\n content\n }));\n\n await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);\n\n // Non-task request (no task option)\n const stream = server.experimental.tasks.elicitInputStream({\n mode: 'form',\n message: 'Non-task request',\n requestedSchema: {\n type: 'object',\n properties: { value: { type: 'string' } }\n }\n });\n\n const messages = await toArrayAsync(stream);\n\n // Verify no taskCreated or taskStatus messages\n const taskMessages = messages.filter(m => m.type === 'taskCreated' || m.type === 'taskStatus');\n expect(taskMessages.length).toBe(0);\n\n // Verify exactly one result message\n const resultMessages = messages.filter(m => m.type === 'result');\n expect(resultMessages.length).toBe(1);\n\n // Verify total message count is 1\n expect(messages.length).toBe(1);\n });\n });\n\n // For any task-augmented elicitation request, the generator should yield at least one\n // 'taskCreated' message followed by 'taskStatus' messages before yielding the final\n // result or error.\n describe('task-augmented request handling', () => {\n test('should yield taskCreated and result for task-augmented request', async () => {\n const clientTaskStore = new InMemoryTaskStore();\n const taskClient = new Client(\n { name: 'test client', version: '1.0' },\n {\n capabilities: {\n elicitation: { form: {} },\n tasks: {\n requests: {\n elicitation: { create: {} }\n }\n }\n },\n taskStore: clientTaskStore\n }\n );\n\n taskClient.setRequestHandler('elicitation/create', async (request, extra) => {\n const result = {\n action: 'accept' as const,\n content: { username: 'task-user' }\n };\n\n if (request.params.task && extra.task?.store) {\n const task = await extra.task.store.createTask({ ttl: extra.task.requestedTtl });\n await extra.task.store.storeTaskResult(task.taskId, 'completed', result);\n return { task };\n }\n return result;\n });\n\n const [taskClientTransport, taskServerTransport] = InMemoryTransport.createLinkedPair();\n await Promise.all([taskClient.connect(taskClientTransport), server.connect(taskServerTransport)]);\n\n const stream = server.experimental.tasks.elicitInputStream(\n {\n mode: 'form',\n message: 'Task-augmented request',\n requestedSchema: {\n type: 'object',\n properties: { username: { type: 'string' } },\n required: ['username']\n }\n },\n { task: { ttl: 60_000 } }\n );\n\n const messages = await toArrayAsync(stream);\n\n // Should have taskCreated and result\n expect(messages.length).toBeGreaterThanOrEqual(2);\n\n // First message should be taskCreated\n expect(messages[0].type).toBe('taskCreated');\n const taskCreated = messages[0] as { type: 'taskCreated'; task: Task };\n expect(taskCreated.task.taskId).toBeDefined();\n\n // Last message should be result\n const lastMessage = messages.at(-1);\n expect(lastMessage.type).toBe('result');\n if (lastMessage.type === 'result') {\n expect((lastMessage.result as ElicitResult).action).toBe('accept');\n expect((lastMessage.result as ElicitResult).content).toEqual({ username: 'task-user' });\n }\n\n clientTaskStore.cleanup();\n await taskClient.close().catch(() => {});\n });\n });\n});\n\ndescribe('Server registerCapabilities with logging', () => {\n test('registerCapabilities should register logging/setLevel handler', async () => {\n const server = new Server({ name: 'test-server', version: '1.0.0' });\n server.registerCapabilities({ logging: {} });\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n // logging/setLevel should succeed, not throw \"Method not found\"\n await expect(client.setLoggingLevel('error')).resolves.not.toThrow();\n\n await client.close();\n await server.close();\n });\n\n test('logging in constructor capabilities should register logging/setLevel handler', async () => {\n const server = new Server({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n await expect(client.setLoggingLevel('error')).resolves.not.toThrow();\n\n await client.close();\n await server.close();\n });\n});\n" }, { "path": "test/integration/test/stateManagementStreamableHttp.test.ts", "content": "import { randomUUID } from 'node:crypto';\nimport type { Server } from 'node:http';\nimport { createServer } from 'node:http';\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport { LATEST_PROTOCOL_VERSION, McpServer } from '@modelcontextprotocol/server';\nimport { listenOnRandomPort } from '@modelcontextprotocol/test-helpers';\nimport * as z from 'zod/v4';\n\nasync function setupServer(withSessionManagement: boolean) {\n const server: Server = createServer();\n const mcpServer = new McpServer(\n { name: 'test-server', version: '1.0.0' },\n {\n capabilities: {\n logging: {},\n tools: {},\n resources: {},\n prompts: {}\n }\n }\n );\n\n // Add a simple resource\n mcpServer.registerResource('test-resource', '/test', { description: 'A test resource' }, async () => ({\n contents: [\n {\n uri: '/test',\n text: 'This is a test resource content'\n }\n ]\n }));\n\n mcpServer.registerPrompt('test-prompt', { description: 'A test prompt' }, async () => ({\n messages: [\n {\n role: 'user',\n content: {\n type: 'text',\n text: 'This is a test prompt'\n }\n }\n ]\n }));\n\n mcpServer.registerTool(\n 'greet',\n {\n description: 'A simple greeting tool',\n inputSchema: z.object({\n name: z.string().describe('Name to greet').default('World')\n })\n },\n async ({ name }) => {\n return {\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n };\n }\n );\n\n // Create transport with or without session management\n const serverTransport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: withSessionManagement\n ? () => randomUUID() // With session management, generate UUID\n : undefined // Without session management, return undefined\n });\n\n await mcpServer.connect(serverTransport);\n\n server.on('request', async (req, res) => {\n await serverTransport.handleRequest(req, res);\n });\n\n // Start the server on a random port\n const baseUrl = await listenOnRandomPort(server);\n\n return { server, mcpServer, serverTransport, baseUrl };\n}\n\ndescribe('Zod v4', () => {\n describe('Streamable HTTP Transport Session Management', () => {\n // Function to set up the server with optional session management\n describe('Stateless Mode', () => {\n let server: Server;\n let mcpServer: McpServer;\n let serverTransport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n\n beforeEach(async () => {\n const setup = await setupServer(false);\n server = setup.server;\n mcpServer = setup.mcpServer;\n serverTransport = setup.serverTransport;\n baseUrl = setup.baseUrl;\n });\n\n afterEach(async () => {\n // Clean up resources\n await mcpServer.close().catch(() => {});\n await serverTransport.close().catch(() => {});\n server.close();\n });\n\n it('should support multiple client connections', async () => {\n // Create and connect a client\n const client1 = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport1 = new StreamableHTTPClientTransport(baseUrl);\n await client1.connect(transport1);\n\n // Verify that no session ID was set\n expect(transport1.sessionId).toBeUndefined();\n\n // List available tools\n await client1.request({\n method: 'tools/list',\n params: {}\n });\n\n const client2 = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport2 = new StreamableHTTPClientTransport(baseUrl);\n await client2.connect(transport2);\n\n // Verify that no session ID was set\n expect(transport2.sessionId).toBeUndefined();\n\n // List available tools\n await client2.request({\n method: 'tools/list',\n params: {}\n });\n });\n it('should operate without session management', async () => {\n // Create and connect a client\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Verify that no session ID was set\n expect(transport.sessionId).toBeUndefined();\n\n // List available tools\n const toolsResult = await client.request({\n method: 'tools/list',\n params: {}\n });\n\n // Verify tools are accessible\n expect(toolsResult.tools).toContainEqual(\n expect.objectContaining({\n name: 'greet'\n })\n );\n\n // List available resources\n const resourcesResult = await client.request({\n method: 'resources/list',\n params: {}\n });\n\n // Verify resources result structure\n expect(resourcesResult).toHaveProperty('resources');\n\n // List available prompts\n const promptsResult = await client.request({\n method: 'prompts/list',\n params: {}\n });\n\n // Verify prompts result structure\n expect(promptsResult).toHaveProperty('prompts');\n expect(promptsResult.prompts).toContainEqual(\n expect.objectContaining({\n name: 'test-prompt'\n })\n );\n\n // Call the greeting tool\n const greetingResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: {\n name: 'Stateless Transport'\n }\n }\n });\n\n // Verify tool result\n expect(greetingResult.content).toEqual([{ type: 'text', text: 'Hello, Stateless Transport!' }]);\n\n // Clean up\n await transport.close();\n });\n\n it('should set protocol version after connecting', async () => {\n // Create and connect a client\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n\n // Verify protocol version is not set before connecting\n expect(transport.protocolVersion).toBeUndefined();\n\n await client.connect(transport);\n\n // Verify protocol version is set after connecting\n expect(transport.protocolVersion).toBe(LATEST_PROTOCOL_VERSION);\n\n // Clean up\n await transport.close();\n });\n });\n\n describe('Stateful Mode', () => {\n let server: Server;\n let mcpServer: McpServer;\n let serverTransport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n\n beforeEach(async () => {\n const setup = await setupServer(true);\n server = setup.server;\n mcpServer = setup.mcpServer;\n serverTransport = setup.serverTransport;\n baseUrl = setup.baseUrl;\n });\n\n afterEach(async () => {\n // Clean up resources\n await mcpServer.close().catch(() => {});\n await serverTransport.close().catch(() => {});\n server.close();\n });\n\n it('should operate with session management', async () => {\n // Create and connect a client\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Verify that a session ID was set\n expect(transport.sessionId).toBeDefined();\n expect(typeof transport.sessionId).toBe('string');\n\n // List available tools\n const toolsResult = await client.request({\n method: 'tools/list',\n params: {}\n });\n\n // Verify tools are accessible\n expect(toolsResult.tools).toContainEqual(\n expect.objectContaining({\n name: 'greet'\n })\n );\n\n // List available resources\n const resourcesResult = await client.request({\n method: 'resources/list',\n params: {}\n });\n\n // Verify resources result structure\n expect(resourcesResult).toHaveProperty('resources');\n\n // List available prompts\n const promptsResult = await client.request({\n method: 'prompts/list',\n params: {}\n });\n\n // Verify prompts result structure\n expect(promptsResult).toHaveProperty('prompts');\n expect(promptsResult.prompts).toContainEqual(\n expect.objectContaining({\n name: 'test-prompt'\n })\n );\n\n // Call the greeting tool\n const greetingResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'greet',\n arguments: {\n name: 'Stateful Transport'\n }\n }\n });\n\n // Verify tool result\n expect(greetingResult.content).toEqual([{ type: 'text', text: 'Hello, Stateful Transport!' }]);\n\n // Clean up\n await transport.close();\n });\n });\n });\n});\n" }, { "path": "test/integration/test/taskLifecycle.test.ts", "content": "import { randomUUID } from 'node:crypto';\nimport type { Server } from 'node:http';\nimport { createServer } from 'node:http';\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { TaskRequestOptions } from '@modelcontextprotocol/server';\nimport {\n InMemoryTaskMessageQueue,\n InMemoryTaskStore,\n McpServer,\n ProtocolError,\n ProtocolErrorCode,\n RELATED_TASK_META_KEY\n} from '@modelcontextprotocol/server';\nimport { listenOnRandomPort, waitForTaskStatus } from '@modelcontextprotocol/test-helpers';\nimport * as z from 'zod/v4';\n\ndescribe('Task Lifecycle Integration Tests', () => {\n let server: Server;\n let mcpServer: McpServer;\n let serverTransport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let taskStore: InMemoryTaskStore;\n\n beforeEach(async () => {\n // Create task store\n taskStore = new InMemoryTaskStore();\n\n // Create MCP server with task support\n mcpServer = new McpServer(\n { name: 'test-server', version: '1.0.0' },\n {\n capabilities: {\n tasks: {\n requests: {\n tools: {\n call: {}\n }\n },\n list: {},\n cancel: {}\n }\n },\n taskStore,\n taskMessageQueue: new InMemoryTaskMessageQueue()\n }\n );\n\n // Register a long-running tool using registerToolTask\n mcpServer.experimental.tasks.registerToolTask(\n 'long-task',\n {\n title: 'Long Running Task',\n description: 'A tool that takes time to complete',\n inputSchema: z.object({\n duration: z.number().describe('Duration in milliseconds').default(1000),\n shouldFail: z.boolean().describe('Whether the task should fail').default(false)\n })\n },\n {\n async createTask({ duration, shouldFail }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Simulate async work\n (async () => {\n await new Promise(resolve => setTimeout(resolve, duration));\n\n try {\n await (shouldFail\n ? ctx.task.store.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text', text: 'Task failed as requested' }],\n isError: true\n })\n : ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Completed after ${duration}ms` }]\n }));\n } catch {\n // Task may have been cleaned up if test ended\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n // Register a tool that requires input via elicitation\n mcpServer.experimental.tasks.registerToolTask(\n 'input-task',\n {\n title: 'Input Required Task',\n description: 'A tool that requires user input',\n inputSchema: z.object({\n userName: z.string().describe('User name').optional()\n })\n },\n {\n async createTask({ userName }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Perform async work that requires elicitation\n (async () => {\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // If userName not provided, request it via elicitation\n if (userName) {\n // Complete immediately if userName was provided\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Hello, ${userName}!` }]\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n } else {\n const elicitationResult = await ctx.mcpReq.send(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: 'What is your name?',\n requestedSchema: {\n type: 'object',\n properties: {\n userName: { type: 'string' }\n },\n required: ['userName']\n }\n }\n },\n { relatedTask: { taskId: task.taskId } } as unknown as TaskRequestOptions\n );\n\n // Complete with the elicited name\n const name =\n elicitationResult.action === 'accept' && elicitationResult.content\n ? elicitationResult.content.userName\n : 'Unknown';\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Hello, ${name}!` }]\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n // Create transport\n serverTransport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID()\n });\n\n await mcpServer.connect(serverTransport);\n\n // Create HTTP server\n server = createServer(async (req, res) => {\n await serverTransport.handleRequest(req, res);\n });\n\n // Start server\n baseUrl = await listenOnRandomPort(server);\n });\n\n afterEach(async () => {\n taskStore.cleanup();\n await mcpServer.close().catch(() => {});\n await serverTransport.close().catch(() => {});\n server.close();\n });\n\n describe('Task Creation and Completion', () => {\n it('should create a task and return CreateTaskResult', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 500,\n shouldFail: false\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n // Verify CreateTaskResult structure\n expect(createResult).toHaveProperty('task');\n expect(createResult.task).toHaveProperty('taskId');\n expect(createResult.task.status).toBe('working');\n expect(createResult.task.ttl).toBe(60_000);\n expect(createResult.task.createdAt).toBeDefined();\n expect(createResult.task.pollInterval).toBe(100);\n\n // Verify task is stored in taskStore\n const taskId = createResult.task.taskId;\n const storedTask = await taskStore.getTask(taskId);\n expect(storedTask).toBeDefined();\n expect(storedTask?.taskId).toBe(taskId);\n expect(storedTask?.status).toBe('working');\n\n // Wait for completion\n const completedTask = await waitForTaskStatus(id => taskStore.getTask(id), taskId, 'completed');\n\n // Verify task completed\n expect(completedTask.status).toBe('completed');\n\n // Verify result is stored\n const result = await taskStore.getTaskResult(taskId);\n expect(result).toBeDefined();\n expect(result.content).toEqual([{ type: 'text', text: 'Completed after 500ms' }]);\n\n await transport.close();\n });\n\n it('should handle task failure correctly', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task that will fail\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 300,\n shouldFail: true\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Wait for failure\n const task = await waitForTaskStatus(id => taskStore.getTask(id), taskId, 'failed');\n\n // Verify task failed\n expect(task.status).toBe('failed');\n\n // Verify error result is stored\n const result = await taskStore.getTaskResult(taskId);\n expect(result.content).toEqual([{ type: 'text', text: 'Task failed as requested' }]);\n expect(result.isError).toBe(true);\n\n await transport.close();\n });\n });\n\n describe('Task Cancellation', () => {\n it('should cancel a working task and return the cancelled task', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a long-running task\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 5000\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Verify task is working\n let task = await taskStore.getTask(taskId);\n expect(task?.status).toBe('working');\n\n // Cancel the task via client.experimental.tasks.cancelTask - per spec, returns Result & Task\n const cancelResult = await client.experimental.tasks.cancelTask(taskId);\n\n // Verify the cancel response includes the cancelled task (per MCP spec CancelTaskResult is Result & Task)\n expect(cancelResult.taskId).toBe(taskId);\n expect(cancelResult.status).toBe('cancelled');\n expect(cancelResult.createdAt).toBeDefined();\n expect(cancelResult.lastUpdatedAt).toBeDefined();\n expect(cancelResult.ttl).toBeDefined();\n\n // Verify task is cancelled in store as well\n task = await taskStore.getTask(taskId);\n expect(task?.status).toBe('cancelled');\n\n await transport.close();\n });\n\n it('should reject cancellation of completed task with error code -32602', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a quick task\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 100\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Wait for completion\n const task = await waitForTaskStatus(id => taskStore.getTask(id), taskId, 'completed');\n\n // Verify task is completed\n expect(task.status).toBe('completed');\n\n // Try to cancel via tasks/cancel request (should fail with -32602)\n await expect(client.experimental.tasks.cancelTask(taskId)).rejects.toSatisfy((error: ProtocolError) => {\n expect(error).toBeInstanceOf(ProtocolError);\n expect(error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(error.message).toContain('Cannot cancel task in terminal status');\n return true;\n });\n\n await transport.close();\n });\n });\n\n describe('Multiple Queued Messages', () => {\n it('should deliver multiple queued messages in order', async () => {\n // Register a tool that sends multiple server requests during execution\n mcpServer.experimental.tasks.registerToolTask(\n 'multi-request-task',\n {\n title: 'Multi Request Task',\n description: 'A tool that sends multiple server requests',\n inputSchema: z.object({\n requestCount: z.number().describe('Number of requests to send').default(3)\n })\n },\n {\n async createTask({ requestCount }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Perform async work that sends multiple requests\n (async () => {\n await new Promise(resolve => setTimeout(resolve, 100));\n\n const responses: string[] = [];\n\n // Send multiple elicitation requests\n for (let i = 0; i < requestCount; i++) {\n const elicitationResult = await ctx.mcpReq.send(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: `Request ${i + 1} of ${requestCount}`,\n requestedSchema: {\n type: 'object',\n properties: {\n response: { type: 'string' }\n },\n required: ['response']\n }\n }\n },\n { relatedTask: { taskId: task.taskId } } as unknown as TaskRequestOptions\n );\n\n if (elicitationResult.action === 'accept' && elicitationResult.content) {\n responses.push(elicitationResult.content.response as string);\n }\n }\n\n // Complete with all responses\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Received responses: ${responses.join(', ')}` }]\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n const receivedMessages: Array<{ method: string; message: string }> = [];\n\n // Set up elicitation handler on client to track message order\n client.setRequestHandler('elicitation/create', async request => {\n // Track the message\n receivedMessages.push({\n method: request.method,\n message: request.params.message\n });\n\n // Extract the request number from the message\n const match = request.params.message.match(/Request (\\d+) of (\\d+)/);\n const requestNum = match ? match[1] : 'unknown';\n\n // Respond with the request number\n return {\n action: 'accept' as const,\n content: {\n response: `Response ${requestNum}`\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task that will send 3 requests\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'multi-request-task',\n arguments: {\n requestCount: 3\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Wait for messages to be queued\n await new Promise(resolve => setTimeout(resolve, 200));\n\n // Call tasks/result to receive all queued messages\n // This should deliver all 3 elicitation requests in order\n const result = await client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n\n // Verify all messages were delivered in order\n expect(receivedMessages.length).toBe(3);\n expect(receivedMessages[0]!.message).toBe('Request 1 of 3');\n expect(receivedMessages[1]!.message).toBe('Request 2 of 3');\n expect(receivedMessages[2]!.message).toBe('Request 3 of 3');\n\n // Verify final result includes all responses\n expect(result.content).toEqual([{ type: 'text', text: 'Received responses: Response 1, Response 2, Response 3' }]);\n\n // Verify task is completed\n const task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task.status).toBe('completed');\n\n await transport.close();\n }, 10_000);\n });\n\n describe('Input Required Flow', () => {\n it('should handle elicitation during tool execution', async () => {\n // Complete flow phases:\n // 1. Client creates task\n // 2. Server queues elicitation request and sets status to input_required\n // 3. Client polls tasks/get, sees input_required status\n // 4. Client calls tasks/result to dequeue elicitation request\n // 5. Client responds to elicitation\n // 6. Server receives response, completes task\n // 7. Client receives final result\n\n const elicitClient = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // Track elicitation request receipt\n let elicitationReceived = false;\n let elicitationRequestMeta: Record | undefined;\n\n // Set up elicitation handler on client\n elicitClient.setRequestHandler('elicitation/create', async request => {\n elicitationReceived = true;\n elicitationRequestMeta = request.params._meta;\n\n return {\n action: 'accept' as const,\n content: {\n userName: 'TestUser'\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await elicitClient.connect(transport);\n\n // Phase 1: Create task\n const createResult = await elicitClient.request({\n method: 'tools/call',\n params: {\n name: 'input-task',\n arguments: {},\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n expect(createResult.task.status).toBe('working');\n\n // Phase 2: Wait for server to queue elicitation and update status\n const task = await waitForTaskStatus(\n id =>\n elicitClient.request({\n method: 'tasks/get',\n params: { taskId: id }\n }),\n taskId,\n 'input_required',\n {\n intervalMs: createResult.task.pollInterval ?? 100\n }\n );\n\n // Verify we saw input_required status (not completed or failed)\n expect(task.status).toBe('input_required');\n\n // Phase 3: Call tasks/result to dequeue messages and get final result\n // This should:\n // - Deliver the queued elicitation request via SSE\n // - Client handler responds\n // - Server receives response, completes task\n // - Return final result\n const result = await elicitClient.request({\n method: 'tasks/result',\n params: { taskId }\n });\n\n // Verify elicitation was received and processed\n expect(elicitationReceived).toBe(true);\n\n // Verify the elicitation request had related-task metadata\n expect(elicitationRequestMeta).toBeDefined();\n expect(elicitationRequestMeta?.[RELATED_TASK_META_KEY]).toEqual({ taskId });\n\n // Verify final result\n expect(result.content).toEqual([{ type: 'text', text: 'Hello, TestUser!' }]);\n\n // Verify task is now completed\n const finalTask = await elicitClient.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(finalTask.status).toBe('completed');\n\n await transport.close();\n }, 15_000);\n });\n\n describe('Task Listing and Pagination', () => {\n it('should list tasks', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create multiple tasks\n const taskIds: string[] = [];\n for (let i = 0; i < 3; i++) {\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 1000\n },\n task: {\n ttl: 60_000\n }\n }\n });\n taskIds.push(createResult.task.taskId);\n }\n\n // List tasks using taskStore\n const listResult = await taskStore.listTasks();\n\n expect(listResult.tasks.length).toBeGreaterThanOrEqual(3);\n expect(listResult.tasks.some(t => taskIds.includes(t.taskId))).toBe(true);\n\n await transport.close();\n });\n\n it('should handle pagination with large datasets', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create 15 tasks (more than page size of 10)\n for (let i = 0; i < 15; i++) {\n await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 5000\n },\n task: {\n ttl: 60_000\n }\n }\n });\n }\n\n // Get first page using taskStore\n const page1 = await taskStore.listTasks();\n\n expect(page1.tasks.length).toBe(10);\n expect(page1.nextCursor).toBeDefined();\n\n // Get second page\n const page2 = await taskStore.listTasks(page1.nextCursor);\n\n expect(page2.tasks.length).toBeGreaterThanOrEqual(5);\n\n await transport.close();\n });\n });\n\n describe('Error Handling', () => {\n it('should return error code -32602 for non-existent task in tasks/get', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Try to get non-existent task via tasks/get request\n await expect(client.experimental.tasks.getTask('non-existent-task-id')).rejects.toSatisfy((error: ProtocolError) => {\n expect(error).toBeInstanceOf(ProtocolError);\n expect(error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(error.message).toContain('Task not found');\n return true;\n });\n\n await transport.close();\n });\n\n it('should return error code -32602 for non-existent task in tasks/cancel', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Try to cancel non-existent task via tasks/cancel request\n await expect(client.experimental.tasks.cancelTask('non-existent-task-id')).rejects.toSatisfy((error: ProtocolError) => {\n expect(error).toBeInstanceOf(ProtocolError);\n expect(error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(error.message).toContain('Task not found');\n return true;\n });\n\n await transport.close();\n });\n\n it('should return error code -32602 for non-existent task in tasks/result', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Try to get result of non-existent task via tasks/result request\n await expect(\n client.request({\n method: 'tasks/result',\n params: { taskId: 'non-existent-task-id' }\n })\n ).rejects.toSatisfy((error: ProtocolError) => {\n expect(error).toBeInstanceOf(ProtocolError);\n expect(error.code).toBe(ProtocolErrorCode.InvalidParams);\n expect(error.message).toContain('Task not found');\n return true;\n });\n\n await transport.close();\n });\n });\n\n describe('TTL and Cleanup', () => {\n it('should respect TTL in task creation', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task with specific TTL\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 100\n },\n task: {\n ttl: 5000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Verify TTL is set correctly\n expect(createResult.task.ttl).toBe(60_000); // The task store uses 60000 as default\n\n // Task should exist\n const task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task).toBeDefined();\n expect(task.ttl).toBe(60_000);\n\n await transport.close();\n });\n });\n\n describe('Task Cancellation with Queued Messages', () => {\n it('should clear queue and deliver no messages when task is cancelled before tasks/result', async () => {\n // Register a tool that queues messages but doesn't complete immediately\n mcpServer.experimental.tasks.registerToolTask(\n 'cancellable-task',\n {\n title: 'Cancellable Task',\n description: 'A tool that queues messages and can be cancelled',\n inputSchema: z.object({\n messageCount: z.number().describe('Number of messages to queue').default(2)\n })\n },\n {\n async createTask({ messageCount }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Perform async work that queues messages\n (async () => {\n try {\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Queue multiple elicitation requests\n for (let i = 0; i < messageCount; i++) {\n // Send request but don't await - let it queue\n ctx.mcpReq\n .send(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: `Message ${i + 1} of ${messageCount}`,\n requestedSchema: {\n type: 'object',\n properties: {\n response: { type: 'string' }\n },\n required: ['response']\n }\n }\n },\n { relatedTask: { taskId: task.taskId } } as unknown as TaskRequestOptions\n )\n .catch(() => {\n // Ignore errors from cancelled requests\n });\n }\n\n // Don't complete - let the task be cancelled\n // Wait indefinitely (or until cancelled)\n await new Promise(() => {});\n } catch {\n // Ignore errors - task was cancelled\n }\n })().catch(() => {\n // Catch any unhandled errors from the async execution\n });\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n let elicitationCallCount = 0;\n\n // Set up elicitation handler to track if any messages are delivered\n client.setRequestHandler('elicitation/create', async () => {\n elicitationCallCount++;\n return {\n action: 'accept' as const,\n content: {\n response: 'Should not be called'\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task that will queue messages\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'cancellable-task',\n arguments: {\n messageCount: 2\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Wait for messages to be queued\n await new Promise(resolve => setTimeout(resolve, 200));\n\n // Verify task is in input_required state and messages are queued\n let task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task.status).toBe('input_required');\n\n // Cancel the task before calling tasks/result using the proper tasks/cancel request\n // This will trigger queue cleanup via _clearTaskQueue in the handler\n await client.request({\n method: 'tasks/cancel',\n params: { taskId }\n });\n\n // Verify task is cancelled\n task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task.status).toBe('cancelled');\n\n // Attempt to call tasks/result\n // When a task is cancelled, the system needs to clear the message queue\n // and reject any pending message delivery promises, meaning no further\n // messages should be delivered for a cancelled task.\n try {\n await client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n } catch {\n // tasks/result might throw an error for cancelled tasks without a result\n // This is acceptable behavior\n }\n\n // Verify no elicitation messages were delivered, as the queue should be cleared immediately on cancellation\n expect(elicitationCallCount).toBe(0);\n\n // Verify queue remains cleared on subsequent calls\n try {\n await client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n } catch {\n // Expected - task is cancelled\n }\n\n // Still no messages should have been delivered\n expect(elicitationCallCount).toBe(0);\n\n await transport.close();\n }, 10_000);\n });\n\n describe('Continuous Message Delivery', () => {\n it('should deliver messages immediately while tasks/result is blocking', async () => {\n // Register a tool that queues messages over time\n mcpServer.experimental.tasks.registerToolTask(\n 'streaming-task',\n {\n title: 'Streaming Task',\n description: 'A tool that sends messages over time',\n inputSchema: z.object({\n messageCount: z.number().describe('Number of messages to send').default(3),\n delayBetweenMessages: z.number().describe('Delay between messages in ms').default(200)\n })\n },\n {\n async createTask({ messageCount, delayBetweenMessages }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Perform async work that sends messages over time\n (async () => {\n try {\n // Wait a bit before starting to send messages\n await new Promise(resolve => setTimeout(resolve, 100));\n\n const responses: string[] = [];\n\n // Send messages with delays between them\n for (let i = 0; i < messageCount; i++) {\n const elicitationResult = await ctx.mcpReq.send(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: `Streaming message ${i + 1} of ${messageCount}`,\n requestedSchema: {\n type: 'object',\n properties: {\n response: { type: 'string' }\n },\n required: ['response']\n }\n }\n },\n { relatedTask: { taskId: task.taskId } } as unknown as TaskRequestOptions\n );\n\n if (elicitationResult.action === 'accept' && elicitationResult.content) {\n responses.push(elicitationResult.content.response as string);\n }\n\n // Wait before sending next message (if not the last one)\n if (i < messageCount - 1) {\n await new Promise(resolve => setTimeout(resolve, delayBetweenMessages));\n }\n }\n\n // Complete with all responses\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: `Received all responses: ${responses.join(', ')}` }]\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n } catch (error) {\n // Handle errors\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text', text: `Error: ${error}` }],\n isError: true\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n const receivedMessages: Array<{ message: string; timestamp: number }> = [];\n let tasksResultStartTime = 0;\n\n // Set up elicitation handler to track when messages arrive\n client.setRequestHandler('elicitation/create', async request => {\n const timestamp = Date.now();\n receivedMessages.push({\n message: request.params.message,\n timestamp\n });\n\n // Extract the message number\n const match = request.params.message.match(/Streaming message (\\d+) of (\\d+)/);\n const messageNum = match ? match[1] : 'unknown';\n\n // Respond immediately\n return {\n action: 'accept' as const,\n content: {\n response: `Response ${messageNum}`\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task that will send messages over time\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'streaming-task',\n arguments: {\n messageCount: 3,\n delayBetweenMessages: 300\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Verify task is in working status\n let task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task.status).toBe('working');\n\n // Call tasks/result immediately (before messages are queued)\n // This should block and deliver messages as they arrive\n tasksResultStartTime = Date.now();\n const resultPromise = client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n\n // Wait for the task to complete and get the result\n const result = await resultPromise;\n\n // Verify all 3 messages were delivered\n expect(receivedMessages.length).toBe(3);\n expect(receivedMessages[0]!.message).toBe('Streaming message 1 of 3');\n expect(receivedMessages[1]!.message).toBe('Streaming message 2 of 3');\n expect(receivedMessages[2]!.message).toBe('Streaming message 3 of 3');\n\n // Verify messages were delivered over time (not all at once)\n // The delay between messages should be approximately 300ms\n const timeBetweenFirstAndSecond = receivedMessages[1]!.timestamp - receivedMessages[0]!.timestamp;\n const timeBetweenSecondAndThird = receivedMessages[2]!.timestamp - receivedMessages[1]!.timestamp;\n\n // Allow some tolerance for timing (messages should be at least 200ms apart)\n expect(timeBetweenFirstAndSecond).toBeGreaterThan(200);\n expect(timeBetweenSecondAndThird).toBeGreaterThan(200);\n\n // Verify messages were delivered while tasks/result was blocking\n // (all messages should arrive after tasks/result was called)\n for (const msg of receivedMessages) {\n expect(msg.timestamp).toBeGreaterThanOrEqual(tasksResultStartTime);\n }\n\n // Verify final result is correct\n expect(result.content).toEqual([{ type: 'text', text: 'Received all responses: Response 1, Response 2, Response 3' }]);\n\n // Verify task is now completed\n task = await client.request({\n method: 'tasks/get',\n params: { taskId }\n });\n expect(task.status).toBe('completed');\n\n await transport.close();\n }, 15_000); // Increase timeout to 15 seconds to allow for message delays\n });\n\n describe('Terminal Task with Queued Messages', () => {\n it('should deliver queued messages followed by final result for terminal task', async () => {\n // Register a tool that completes quickly and queues messages before completion\n mcpServer.experimental.tasks.registerToolTask(\n 'quick-complete-task',\n {\n title: 'Quick Complete Task',\n description: 'A tool that queues messages and completes quickly',\n inputSchema: z.object({\n messageCount: z.number().describe('Number of messages to queue').default(2)\n })\n },\n {\n async createTask({ messageCount }, ctx) {\n const task = await ctx.task.store.createTask({\n ttl: 60_000,\n pollInterval: 100\n });\n\n // Perform async work that queues messages and completes quickly\n (async () => {\n try {\n // Queue messages - these will be queued before the task completes\n // We await each one starting to ensure they're queued before completing\n for (let i = 0; i < messageCount; i++) {\n // Start the request but don't wait for response\n // The request gets queued when sendRequest is called\n ctx.mcpReq\n .send(\n {\n method: 'elicitation/create',\n params: {\n mode: 'form',\n message: `Quick message ${i + 1} of ${messageCount}`,\n requestedSchema: {\n type: 'object',\n properties: {\n response: { type: 'string' }\n },\n required: ['response']\n }\n }\n },\n { relatedTask: { taskId: task.taskId } } as unknown as TaskRequestOptions\n )\n .catch(() => {});\n // Small delay to ensure message is queued before next iteration\n await new Promise(resolve => setTimeout(resolve, 10));\n }\n\n // Complete the task after all messages are queued\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'completed', {\n content: [{ type: 'text', text: 'Task completed quickly' }]\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n } catch (error) {\n // Handle errors\n try {\n await ctx.task.store.storeTaskResult(task.taskId, 'failed', {\n content: [{ type: 'text', text: `Error: ${error}` }],\n isError: true\n });\n } catch {\n // Task may have been cleaned up if test ended\n }\n }\n })();\n\n return { task };\n },\n async getTask(_args, ctx) {\n const task = await ctx.task.store.getTask(ctx.task.id);\n if (!task) {\n throw new Error(`Task ${ctx.task.id} not found`);\n }\n return task;\n },\n async getTaskResult(_args, ctx) {\n const result = await ctx.task.store.getTaskResult(ctx.task.id);\n return result as { content: Array<{ type: 'text'; text: string }> };\n }\n }\n );\n\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n const receivedMessages: Array<{ type: string; message?: string; content?: unknown }> = [];\n\n // Set up elicitation handler to track message order\n client.setRequestHandler('elicitation/create', async request => {\n receivedMessages.push({\n type: 'elicitation',\n message: request.params.message\n });\n\n // Extract the message number\n const match = request.params.message.match(/Quick message (\\d+) of (\\d+)/);\n const messageNum = match ? match[1] : 'unknown';\n\n return {\n action: 'accept' as const,\n content: {\n response: `Response ${messageNum}`\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task that will complete quickly with queued messages\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'quick-complete-task',\n arguments: {\n messageCount: 2\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Wait for task to complete and messages to be queued\n const task = await waitForTaskStatus(id => taskStore.getTask(id), taskId, 'completed');\n\n // Verify task is in terminal status (completed)\n expect(task.status).toBe('completed');\n\n // Call tasks/result - should deliver queued messages followed by final result\n const result = await client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n\n // Verify all queued messages were delivered before the final result\n expect(receivedMessages.length).toBe(2);\n expect(receivedMessages[0]!.message).toBe('Quick message 1 of 2');\n expect(receivedMessages[1]!.message).toBe('Quick message 2 of 2');\n\n // Verify final result is correct\n expect(result.content).toEqual([{ type: 'text', text: 'Task completed quickly' }]);\n\n // Verify queue is cleaned up - calling tasks/result again should only return the result\n receivedMessages.length = 0; // Clear the array\n\n const result2 = await client.request({\n method: 'tasks/result',\n params: { taskId }\n });\n\n // No messages should be delivered on second call (queue was cleaned up)\n expect(receivedMessages.length).toBe(0);\n expect(result2.content).toEqual([{ type: 'text', text: 'Task completed quickly' }]);\n\n await transport.close();\n }, 10_000);\n });\n\n describe('Concurrent Operations', () => {\n it('should handle multiple concurrent task creations', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create multiple tasks concurrently\n const promises = Array.from({ length: 5 }, () =>\n client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 500\n },\n task: {\n ttl: 60_000\n }\n }\n })\n );\n\n const results = await Promise.all(promises);\n\n // Verify all tasks were created with unique IDs\n const taskIds = results.map(r => r.task.taskId);\n expect(new Set(taskIds).size).toBe(5);\n\n // Verify all tasks are in working status\n for (const result of results) {\n expect(result.task.status).toBe('working');\n }\n\n await transport.close();\n });\n\n it('should handle concurrent operations on same task', async () => {\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Create a task\n const createResult = await client.request({\n method: 'tools/call',\n params: {\n name: 'long-task',\n arguments: {\n duration: 2000\n },\n task: {\n ttl: 60_000\n }\n }\n });\n\n const taskId = createResult.task.taskId;\n\n // Perform multiple concurrent gets\n const getPromises = Array.from({ length: 5 }, () =>\n client.request({\n method: 'tasks/get',\n params: { taskId }\n })\n );\n\n const tasks = await Promise.all(getPromises);\n\n // All should return the same task\n for (const task of tasks) {\n expect(task.taskId).toBe(taskId);\n expect(task.status).toBe('working');\n }\n\n await transport.close();\n });\n });\n\n describe('callToolStream with elicitation', () => {\n it('should deliver elicitation via callToolStream and complete task', async () => {\n const client = new Client(\n {\n name: 'test-client',\n version: '1.0.0'\n },\n {\n capabilities: {\n elicitation: {}\n }\n }\n );\n\n // Track elicitation request receipt\n let elicitationReceived = false;\n let elicitationMessage = '';\n\n // Set up elicitation handler on client\n client.setRequestHandler('elicitation/create', async request => {\n elicitationReceived = true;\n elicitationMessage = request.params.message;\n\n return {\n action: 'accept' as const,\n content: {\n userName: 'StreamUser'\n }\n };\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Use callToolStream instead of raw request()\n const stream = client.experimental.tasks.callToolStream(\n { name: 'input-task', arguments: {} },\n {\n task: { ttl: 60_000 }\n }\n );\n\n // Collect all stream messages\n const messages: Array<{ type: string; task?: unknown; result?: unknown; error?: unknown }> = [];\n for await (const message of stream) {\n messages.push(message);\n }\n\n // Verify stream yielded expected message types\n expect(messages.length).toBeGreaterThanOrEqual(2);\n\n // First message should be taskCreated\n expect(messages[0]!.type).toBe('taskCreated');\n expect(messages[0]!.task).toBeDefined();\n\n // Should have a taskStatus message\n const statusMessages = messages.filter(m => m.type === 'taskStatus');\n expect(statusMessages.length).toBeGreaterThanOrEqual(1);\n\n // Last message should be result\n const lastMessage = messages.at(-1)!;\n expect(lastMessage.type).toBe('result');\n expect(lastMessage.result).toBeDefined();\n\n // Verify elicitation was received and processed\n expect(elicitationReceived).toBe(true);\n expect(elicitationMessage).toContain('What is your name?');\n\n // Verify result content\n const result = lastMessage.result as { content: Array<{ type: string; text: string }> };\n expect(result.content).toEqual([{ type: 'text', text: 'Hello, StreamUser!' }]);\n\n await transport.close();\n }, 15_000);\n });\n});\n" }, { "path": "test/integration/test/taskResumability.test.ts", "content": "import { randomUUID } from 'node:crypto';\nimport type { Server } from 'node:http';\nimport { createServer } from 'node:http';\n\nimport { Client, StreamableHTTPClientTransport } from '@modelcontextprotocol/client';\nimport { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';\nimport type { EventStore, JSONRPCMessage } from '@modelcontextprotocol/server';\nimport { McpServer } from '@modelcontextprotocol/server';\nimport { listenOnRandomPort } from '@modelcontextprotocol/test-helpers';\nimport * as z from 'zod/v4';\n\n/**\n * Simple in-memory EventStore for testing resumability.\n */\nclass InMemoryEventStore implements EventStore {\n private events = new Map();\n\n async storeEvent(streamId: string, message: JSONRPCMessage): Promise {\n const eventId = `${streamId}_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;\n this.events.set(eventId, { streamId, message });\n return eventId;\n }\n\n async replayEventsAfter(\n lastEventId: string,\n { send }: { send: (eventId: string, message: JSONRPCMessage) => Promise }\n ): Promise {\n if (!lastEventId || !this.events.has(lastEventId)) return '';\n const streamId = lastEventId.split('_')[0] ?? '';\n if (!streamId) return '';\n\n let found = false;\n const sorted = [...this.events.entries()].toSorted((a, b) => a[0].localeCompare(b[0]));\n for (const [eventId, { streamId: sid, message }] of sorted) {\n if (sid !== streamId) continue;\n if (eventId === lastEventId) {\n found = true;\n continue;\n }\n if (found) await send(eventId, message);\n }\n return streamId;\n }\n}\n\ndescribe('Zod v4', () => {\n describe('Transport resumability', () => {\n let server: Server;\n let mcpServer: McpServer;\n let serverTransport: NodeStreamableHTTPServerTransport;\n let baseUrl: URL;\n let eventStore: InMemoryEventStore;\n\n beforeEach(async () => {\n // Create event store for resumability\n eventStore = new InMemoryEventStore();\n\n // Create a simple MCP server\n mcpServer = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: { logging: {} } });\n\n // Add a simple notification tool that completes quickly\n mcpServer.registerTool(\n 'send-notification',\n {\n description: 'Sends a single notification',\n inputSchema: z.object({\n message: z.string().describe('Message to send').default('Test notification')\n })\n },\n async ({ message }, ctx) => {\n // Send notification immediately\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: {\n level: 'info',\n data: message\n }\n });\n\n return {\n content: [{ type: 'text', text: 'Notification sent' }]\n };\n }\n );\n\n // Add a long-running tool that sends multiple notifications\n mcpServer.registerTool(\n 'run-notifications',\n {\n description: 'Sends multiple notifications over time',\n inputSchema: z.object({\n count: z.number().describe('Number of notifications to send').default(10),\n interval: z.number().describe('Interval between notifications in ms').default(50)\n })\n },\n async ({ count, interval }, ctx) => {\n // Send notifications at specified intervals\n for (let i = 0; i < count; i++) {\n await ctx.mcpReq.notify({\n method: 'notifications/message',\n params: {\n level: 'info',\n data: `Notification ${i + 1} of ${count}`\n }\n });\n\n // Wait for the specified interval before sending next notification\n if (i < count - 1) {\n await new Promise(resolve => setTimeout(resolve, interval));\n }\n }\n\n return {\n content: [{ type: 'text', text: `Sent ${count} notifications` }]\n };\n }\n );\n\n // Create a transport with the event store\n serverTransport = new NodeStreamableHTTPServerTransport({\n sessionIdGenerator: () => randomUUID(),\n eventStore\n });\n\n // Connect the transport to the MCP server\n await mcpServer.connect(serverTransport);\n\n // Create and start an HTTP server\n server = createServer(async (req, res) => {\n await serverTransport.handleRequest(req, res);\n });\n\n // Start the server on a random port\n baseUrl = await listenOnRandomPort(server);\n });\n\n afterEach(async () => {\n // Clean up resources\n await mcpServer.close().catch(() => {});\n await serverTransport.close().catch(() => {});\n server.close();\n });\n\n it('should store session ID when client connects', async () => {\n // Create and connect a client\n const client = new Client({\n name: 'test-client',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n await client.connect(transport);\n\n // Verify session ID was generated\n expect(transport.sessionId).toBeDefined();\n\n // Clean up\n await transport.close();\n });\n\n it('should have session ID functionality', async () => {\n // The ability to store a session ID when connecting\n const client = new Client({\n name: 'test-client-reconnection',\n version: '1.0.0'\n });\n\n const transport = new StreamableHTTPClientTransport(baseUrl);\n\n // Make sure the client can connect and get a session ID\n await client.connect(transport);\n expect(transport.sessionId).toBeDefined();\n\n // Clean up\n await transport.close();\n });\n\n // This test demonstrates the capability to resume long-running tools\n // across client disconnection/reconnection\n it('should resume long-running notifications with lastEventId', async () => {\n // Create unique client ID for this test\n const clientTitle = 'test-client-long-running';\n const notifications = [];\n let lastEventId: string | undefined;\n\n // Create first client\n const client1 = new Client({\n title: clientTitle,\n name: 'test-client',\n version: '1.0.0'\n });\n\n // Set up notification handler for first client\n client1.setNotificationHandler('notifications/message', notification => {\n if (notification.method === 'notifications/message') {\n notifications.push(notification.params);\n }\n });\n\n // Connect first client\n const transport1 = new StreamableHTTPClientTransport(baseUrl);\n await client1.connect(transport1);\n const sessionId = transport1.sessionId;\n expect(sessionId).toBeDefined();\n\n // Start a long-running notification stream with tracking of lastEventId\n const onLastEventIdUpdate = vi.fn((eventId: string) => {\n lastEventId = eventId;\n });\n expect(lastEventId).toBeUndefined();\n // Start the notification tool with event tracking using request\n const toolPromise = client1.request(\n {\n method: 'tools/call',\n params: {\n name: 'run-notifications',\n arguments: {\n count: 3,\n interval: 10\n }\n }\n },\n {\n resumptionToken: lastEventId,\n onresumptiontoken: onLastEventIdUpdate\n }\n );\n\n // Fix for node 18 test failures, allow some time for notifications to arrive\n const maxWaitTime = 2000; // 2 seconds max wait\n const pollInterval = 10; // Check every 10ms\n const startTime = Date.now();\n while (notifications.length === 0 && Date.now() - startTime < maxWaitTime) {\n // Wait for some notifications to arrive (not all) - shorter wait time\n await new Promise(resolve => setTimeout(resolve, pollInterval));\n }\n\n // Verify we received some notifications and lastEventId was updated\n expect(notifications.length).toBeGreaterThan(0);\n expect(notifications.length).toBeLessThan(4);\n expect(onLastEventIdUpdate).toHaveBeenCalled();\n expect(lastEventId).toBeDefined();\n\n // Disconnect first client without waiting for completion\n // When we close the connection, it will cause a ConnectionClosed error for\n // any in-progress requests, which is expected behavior\n await transport1.close();\n // Save the promise so we can catch it after closing\n const catchPromise = toolPromise.catch(error => {\n // This error is expected - the connection was intentionally closed\n if (error?.code !== -32_000) {\n // ConnectionClosed error code\n console.error('Unexpected error type during transport close:', error);\n }\n });\n\n // Add a short delay to ensure clean disconnect before reconnecting\n await new Promise(resolve => setTimeout(resolve, 10));\n\n // Wait for the rejection to be handled\n await catchPromise;\n\n // Create second client with same client ID\n const client2 = new Client({\n title: clientTitle,\n name: 'test-client',\n version: '1.0.0'\n });\n\n // Track replayed notifications separately\n const replayedNotifications: unknown[] = [];\n client2.setNotificationHandler('notifications/message', notification => {\n if (notification.method === 'notifications/message') {\n replayedNotifications.push(notification.params);\n }\n });\n\n // Connect second client with same session ID\n const transport2 = new StreamableHTTPClientTransport(baseUrl, {\n sessionId\n });\n await client2.connect(transport2);\n\n // Resume GET SSE stream with Last-Event-ID to replay missed events\n // Per spec, resumption uses GET with Last-Event-ID header\n await transport2.resumeStream(lastEventId!, { onresumptiontoken: onLastEventIdUpdate });\n\n // Wait for replayed events to arrive via SSE\n await new Promise(resolve => setTimeout(resolve, 100));\n\n // Verify the test infrastructure worked - we received notifications in first session\n // and captured the lastEventId for potential replay\n expect(notifications.length).toBeGreaterThan(0);\n expect(lastEventId).toBeDefined();\n\n // Clean up\n await transport2.close();\n });\n });\n});\n" }, { "path": "test/integration/test/title.test.ts", "content": "import { Client } from '@modelcontextprotocol/client';\nimport { InMemoryTransport } from '@modelcontextprotocol/core';\nimport { McpServer, ResourceTemplate, Server } from '@modelcontextprotocol/server';\nimport * as z from 'zod/v4';\n\ndescribe('Zod v4', () => {\n describe('Title field backwards compatibility', () => {\n it('should work with tools that have title', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register tool with title\n server.registerTool(\n 'test-tool',\n {\n title: 'Test Tool Display Name',\n description: 'A test tool',\n inputSchema: z.object({\n value: z.string()\n })\n },\n async () => ({ content: [{ type: 'text', text: 'result' }] })\n );\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const tools = await client.listTools();\n expect(tools.tools).toHaveLength(1);\n expect(tools.tools[0]!.name).toBe('test-tool');\n expect(tools.tools[0]!.title).toBe('Test Tool Display Name');\n expect(tools.tools[0]!.description).toBe('A test tool');\n });\n\n it('should work with tools without title', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register tool without title\n server.registerTool('test-tool', { description: 'A test tool', inputSchema: z.object({ value: z.string() }) }, async () => ({\n content: [{ type: 'text', text: 'result' }]\n }));\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const tools = await client.listTools();\n expect(tools.tools).toHaveLength(1);\n expect(tools.tools[0]!.name).toBe('test-tool');\n expect(tools.tools[0]!.title).toBeUndefined();\n expect(tools.tools[0]!.description).toBe('A test tool');\n });\n\n it('should work with prompts that have title using update', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register prompt with title by updating after creation\n const prompt = server.registerPrompt('test-prompt', { description: 'A test prompt' }, async () => ({\n messages: [{ role: 'user', content: { type: 'text', text: 'test' } }]\n }));\n prompt.update({ title: 'Test Prompt Display Name' });\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const prompts = await client.listPrompts();\n expect(prompts.prompts).toHaveLength(1);\n expect(prompts.prompts[0]!.name).toBe('test-prompt');\n expect(prompts.prompts[0]!.title).toBe('Test Prompt Display Name');\n expect(prompts.prompts[0]!.description).toBe('A test prompt');\n });\n\n it('should work with prompts using registerPrompt', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register prompt with title using registerPrompt\n server.registerPrompt(\n 'test-prompt',\n {\n title: 'Test Prompt Display Name',\n description: 'A test prompt',\n argsSchema: z.object({ input: z.string() })\n },\n async ({ input }) => ({\n messages: [\n {\n role: 'user',\n content: { type: 'text', text: `test: ${input}` }\n }\n ]\n })\n );\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const prompts = await client.listPrompts();\n expect(prompts.prompts).toHaveLength(1);\n expect(prompts.prompts[0]!.name).toBe('test-prompt');\n expect(prompts.prompts[0]!.title).toBe('Test Prompt Display Name');\n expect(prompts.prompts[0]!.description).toBe('A test prompt');\n expect(prompts.prompts[0]!.arguments).toHaveLength(1);\n });\n\n it('should work with resources using registerResource', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register resource with title using registerResource\n server.registerResource(\n 'test-resource',\n 'https://example.com/test',\n {\n title: 'Test Resource Display Name',\n description: 'A test resource',\n mimeType: 'text/plain'\n },\n async () => ({\n contents: [\n {\n uri: 'https://example.com/test',\n text: 'test content'\n }\n ]\n })\n );\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const resources = await client.listResources();\n expect(resources.resources).toHaveLength(1);\n expect(resources.resources[0]!.name).toBe('test-resource');\n expect(resources.resources[0]!.title).toBe('Test Resource Display Name');\n expect(resources.resources[0]!.description).toBe('A test resource');\n expect(resources.resources[0]!.mimeType).toBe('text/plain');\n });\n\n it('should work with dynamic resources using registerResource', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new McpServer({ name: 'test-server', version: '1.0.0' }, { capabilities: {} });\n\n // Register dynamic resource with title using registerResource\n server.registerResource(\n 'user-profile',\n new ResourceTemplate('users://{userId}/profile', { list: undefined }),\n {\n title: 'User Profile',\n description: 'User profile information'\n },\n async (uri, { userId }, _extra) => ({\n contents: [\n {\n uri: uri.href,\n text: `Profile data for user ${userId}`\n }\n ]\n })\n );\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const resourceTemplates = await client.listResourceTemplates();\n expect(resourceTemplates.resourceTemplates).toHaveLength(1);\n expect(resourceTemplates.resourceTemplates[0]!.name).toBe('user-profile');\n expect(resourceTemplates.resourceTemplates[0]!.title).toBe('User Profile');\n expect(resourceTemplates.resourceTemplates[0]!.description).toBe('User profile information');\n expect(resourceTemplates.resourceTemplates[0]!.uriTemplate).toBe('users://{userId}/profile');\n\n // Test reading the resource\n const readResult = await client.readResource({ uri: 'users://123/profile' });\n expect(readResult.contents).toHaveLength(1);\n expect(readResult.contents).toEqual(\n expect.arrayContaining([\n {\n text: expect.stringContaining('Profile data for user 123'),\n uri: 'users://123/profile'\n }\n ])\n );\n });\n\n it('should support serverInfo with title', async () => {\n const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();\n\n const server = new Server(\n {\n name: 'test-server',\n version: '1.0.0',\n title: 'Test Server Display Name'\n },\n { capabilities: {} }\n );\n\n const client = new Client({ name: 'test-client', version: '1.0.0' });\n\n await server.connect(serverTransport);\n await client.connect(clientTransport);\n\n const serverInfo = client.getServerVersion();\n expect(serverInfo?.name).toBe('test-server');\n expect(serverInfo?.version).toBe('1.0.0');\n expect(serverInfo?.title).toBe('Test Server Display Name');\n });\n });\n});\n" }, { "path": "test/integration/tsconfig.json", "content": "{\n \"extends\": \"@modelcontextprotocol/tsconfig\",\n \"include\": [\"./\"],\n \"exclude\": [\"node_modules\", \"dist\", \"test/server/bun.test.ts\", \"test/server/deno.test.ts\"],\n \"compilerOptions\": {\n \"paths\": {\n \"*\": [\"./*\"],\n \"@modelcontextprotocol/core\": [\"./node_modules/@modelcontextprotocol/core/src/index.ts\"],\n \"@modelcontextprotocol/client\": [\"./node_modules/@modelcontextprotocol/client/src/index.ts\"],\n \"@modelcontextprotocol/client/_shims\": [\"./node_modules/@modelcontextprotocol/client/src/shimsNode.ts\"],\n \"@modelcontextprotocol/server\": [\"./node_modules/@modelcontextprotocol/server/src/index.ts\"],\n \"@modelcontextprotocol/server/_shims\": [\"./node_modules/@modelcontextprotocol/server/src/shimsNode.ts\"],\n \"@modelcontextprotocol/express\": [\"./node_modules/@modelcontextprotocol/express/src/index.ts\"],\n \"@modelcontextprotocol/node\": [\"./node_modules/@modelcontextprotocol/node/src/index.ts\"],\n \"@modelcontextprotocol/vitest-config\": [\"./node_modules/@modelcontextprotocol/vitest-config/tsconfig.json\"],\n \"@modelcontextprotocol/test-helpers\": [\"./node_modules/@modelcontextprotocol/test-helpers/src/index.ts\"]\n }\n }\n}\n" }, { "path": "test/integration/vitest.config.js", "content": "import { defineConfig, mergeConfig } from 'vitest/config';\nimport baseConfig from '../../common/vitest-config/vitest.config.js';\n\nexport default mergeConfig(\n baseConfig,\n defineConfig({\n test: {\n exclude: ['**/dist/**', '**/bun.test.ts', '**/deno.test.ts']\n }\n })\n);\n" }, { "path": "typedoc.config.mjs", "content": "import { OptionDefaults } from 'typedoc';\nimport fg from 'fast-glob';\nimport { readFileSync } from 'node:fs';\nimport { join } from 'node:path';\n\n// Find all package.json files under packages/ and build package list\nconst packageJsonPaths = await fg('packages/**/package.json', {\n cwd: process.cwd(),\n ignore: ['**/node_modules/**']\n});\nconst packages = packageJsonPaths.map(p => {\n const rootDir = join(process.cwd(), p.replace('/package.json', ''));\n const manifest = JSON.parse(readFileSync(join(process.cwd(), p), 'utf8'));\n return { rootDir, manifest };\n});\n\nconst publicPackages = packages.filter(p => p.manifest.private !== true);\nconst entryPoints = publicPackages.map(p => p.rootDir);\n\nconsole.log(\n 'Typedoc selected public packages:',\n publicPackages.map(p => p.manifest.name)\n);\n\n/** @type {Partial} */\nexport default {\n name: 'MCP TypeScript SDK (V2)',\n entryPointStrategy: 'packages',\n entryPoints,\n packageOptions: {\n blockTags: [...OptionDefaults.blockTags, '@format'],\n exclude: ['**/*.examples.ts']\n },\n highlightLanguages: [...OptionDefaults.highlightLanguages, 'powershell'],\n projectDocuments: [\n 'docs/documents.md',\n 'packages/middleware/README.md',\n 'examples/server/README.md',\n 'examples/client/README.md',\n ],\n hostedBaseUrl: 'https://ts.sdk.modelcontextprotocol.io/v2/',\n navigationLinks: {\n 'V1 Docs': '/'\n },\n navigation: {\n compactFolders: true,\n includeFolders: false\n },\n headings: {\n readme: false\n },\n customJs: 'docs/v2-banner.js',\n treatWarningsAsErrors: true,\n out: 'tmp/docs/',\n};\n" }, { "path": "vitest.workspace.js", "content": "import { defineWorkspace } from 'vitest/config';\n\nexport default defineWorkspace(['packages/**/vitest.config.js']);\n" } ]