avancement planning

2026-05-26 11:58:39 +02:00
parent 619a2b240a
commit 150b97cd2e
4892 changed files with 99214 additions and 429382 deletions
@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=cli.d.ts.map
@@ -1 +0,0 @@
-{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":""}
@@ -1,135 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ws_1 = __importDefault(require("ws"));
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-global.WebSocket = ws_1.default;
-const express_1 = __importDefault(require("express"));
-const index_js_1 = require("./client/index.js");
-const sse_js_1 = require("./client/sse.js");
-const stdio_js_1 = require("./client/stdio.js");
-const websocket_js_1 = require("./client/websocket.js");
-const index_js_2 = require("./server/index.js");
-const sse_js_2 = require("./server/sse.js");
-const stdio_js_2 = require("./server/stdio.js");
-const types_js_1 = require("./types.js");
-async function runClient(url_or_command, args) {
-    const client = new index_js_1.Client({
-        name: "mcp-typescript test client",
-        version: "0.1.0",
-    }, {
-        capabilities: {
-            sampling: {},
-        },
-    });
-    let clientTransport;
-    let url = undefined;
-    try {
-        url = new URL(url_or_command);
-    }
-    catch (_a) {
-        // Ignore
-    }
-    if ((url === null || url === void 0 ? void 0 : url.protocol) === "http:" || (url === null || url === void 0 ? void 0 : url.protocol) === "https:") {
-        clientTransport = new sse_js_1.SSEClientTransport(new URL(url_or_command));
-    }
-    else if ((url === null || url === void 0 ? void 0 : url.protocol) === "ws:" || (url === null || url === void 0 ? void 0 : url.protocol) === "wss:") {
-        clientTransport = new websocket_js_1.WebSocketClientTransport(new URL(url_or_command));
-    }
-    else {
-        clientTransport = new stdio_js_1.StdioClientTransport({
-            command: url_or_command,
-            args,
-        });
-    }
-    console.log("Connected to server.");
-    await client.connect(clientTransport);
-    console.log("Initialized.");
-    await client.request({ method: "resources/list" }, types_js_1.ListResourcesResultSchema);
-    await client.close();
-    console.log("Closed.");
-}
-async function runServer(port) {
-    if (port !== null) {
-        const app = (0, express_1.default)();
-        let servers = [];
-        app.get("/sse", async (req, res) => {
-            console.log("Got new SSE connection");
-            const transport = new sse_js_2.SSEServerTransport("/message", res);
-            const server = new index_js_2.Server({
-                name: "mcp-typescript test server",
-                version: "0.1.0",
-            }, {
-                capabilities: {},
-            });
-            servers.push(server);
-            server.onclose = () => {
-                console.log("SSE connection closed");
-                servers = servers.filter((s) => s !== server);
-            };
-            await server.connect(transport);
-        });
-        app.post("/message", async (req, res) => {
-            console.log("Received message");
-            const sessionId = req.query.sessionId;
-            const transport = servers
-                .map((s) => s.transport)
-                .find((t) => t.sessionId === sessionId);
-            if (!transport) {
-                res.status(404).send("Session not found");
-                return;
-            }
-            await transport.handlePostMessage(req, res);
-        });
-        app.listen(port, (error) => {
-            if (error) {
-                console.error('Failed to start server:', error);
-                process.exit(1);
-            }
-            console.log(`Server running on http://localhost:${port}/sse`);
-        });
-    }
-    else {
-        const server = new index_js_2.Server({
-            name: "mcp-typescript test server",
-            version: "0.1.0",
-        }, {
-            capabilities: {
-                prompts: {},
-                resources: {},
-                tools: {},
-                logging: {},
-            },
-        });
-        const transport = new stdio_js_2.StdioServerTransport();
-        await server.connect(transport);
-        console.log("Server running on stdio");
-    }
-}
-const args = process.argv.slice(2);
-const command = args[0];
-switch (command) {
-    case "client":
-        if (args.length < 2) {
-            console.error("Usage: client <server_url_or_command> [args...]");
-            process.exit(1);
-        }
-        runClient(args[1], args.slice(2)).catch((error) => {
-            console.error(error);
-            process.exit(1);
-        });
-        break;
-    case "server": {
-        const port = args[1] ? parseInt(args[1]) : null;
-        runServer(port).catch((error) => {
-            console.error(error);
-            process.exit(1);
-        });
-        break;
-    }
-    default:
-        console.error("Unrecognized command:", command);
-}
-//# sourceMappingURL=cli.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;;;AAAA,4CAA2B;AAE3B,8DAA8D;AAC7D,MAAc,CAAC,SAAS,GAAG,YAAS,CAAC;AAEtC,sDAA8B;AAC9B,gDAA2C;AAC3C,4CAAqD;AACrD,gDAAyD;AACzD,wDAAiE;AACjE,gDAA2C;AAC3C,4CAAqD;AACrD,gDAAyD;AACzD,yCAAuD;AAEvD,KAAK,UAAU,SAAS,CAAC,cAAsB,EAAE,IAAc;IAC7D,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,QAAQ,EAAE,EAAE;SACb;KACF,CACF,CAAC;IAEF,IAAI,eAAe,CAAC;IAEpB,IAAI,GAAG,GAAoB,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;IAChC,CAAC;IAAC,WAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,OAAO,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,QAAQ,EAAE,CAAC;QAC5D,eAAe,GAAG,IAAI,2BAAkB,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,KAAK,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,GAAG,IAAI,uCAAwB,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,eAAe,GAAG,IAAI,+BAAoB,CAAC;YACzC,OAAO,EAAE,cAAc;YACvB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAEpC,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE5B,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,EAAE,oCAAyB,CAAC,CAAC;IAE9E,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAmB;IAC1C,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;QAEtB,IAAI,OAAO,GAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YAEtC,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;gBACE,IAAI,EAAE,4BAA4B;gBAClC,OAAO,EAAE,OAAO;aACjB,EACD;gBACE,YAAY,EAAE,EAAE;aACjB,CACF,CAAC;YAEF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,MAAM,CAAC,OAAO,GAAG,GAAG,EAAE;gBACpB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YAChD,CAAC,CAAC;YAEF,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACtC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAEhC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAmB,CAAC;YAChD,MAAM,SAAS,GAAG,OAAO;iBACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAA+B,CAAC;iBAC7C,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;YACzB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,MAAM,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;YACE,IAAI,EAAE,4BAA4B;YAClC,OAAO,EAAE,OAAO;SACjB,EACD;YACE,YAAY,EAAE;gBACZ,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE;aACZ;SACF,CACF,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACxB,QAAQ,OAAO,EAAE,CAAC;IAChB,KAAK,QAAQ;QACX,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM;IAER,KAAK,QAAQ,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM;IACR,CAAC;IAED;QACE,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC"}
@@ -1,6 +1,10 @@
-import { OAuthClientMetadata, OAuthClientInformation, OAuthTokens, OAuthMetadata, OAuthClientInformationFull, OAuthProtectedResourceMetadata, AuthorizationServerMetadata } from "../shared/auth.js";
-import { OAuthError } from "../server/auth/errors.js";
-import { FetchLike } from "../shared/transport.js";
+import { OAuthClientMetadata, OAuthClientInformationMixed, OAuthTokens, OAuthMetadata, OAuthClientInformationFull, OAuthProtectedResourceMetadata, AuthorizationServerMetadata } from '../shared/auth.js';
+import { OAuthError } from '../server/auth/errors.js';
+import { FetchLike } from '../shared/transport.js';
+/**
+ * Function type for adding client authentication to token requests.
+ */
+export type AddClientAuthentication = (headers: Headers, params: URLSearchParams, url: string | URL, metadata?: AuthorizationServerMetadata) => void | Promise<void>;
 /**
 * Implements an end-to-end OAuth client to be used with one MCP server.
 *
@@ -11,8 +15,14 @@ import { FetchLike } from "../shared/transport.js";
 export interface OAuthClientProvider {
    /**
     * The URL to redirect the user agent to after authorization.
+     * Return undefined for non-interactive flows that don't require user interaction
+     * (e.g., client_credentials, jwt-bearer).
     */
-    get redirectUrl(): string | URL;
+    get redirectUrl(): string | URL | undefined;
+    /**
+     * External URL the server should use to fetch client metadata document
+     */
+    clientMetadataUrl?: string;
    /**
     * Metadata about this OAuth client.
     */
@@ -26,7 +36,7 @@ export interface OAuthClientProvider {
     * server, or returns `undefined` if the client is not registered with the
     * server.
     */
-    clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
+    clientInformation(): OAuthClientInformationMixed | undefined | Promise<OAuthClientInformationMixed | undefined>;
    /**
     * If implemented, this permits the OAuth client to dynamically register with
     * the server. Client information saved this way should later be read via
@@ -35,7 +45,7 @@ export interface OAuthClientProvider {
     * This method is not required to be implemented if client information is
     * statically known (e.g., pre-registered).
     */
-    saveClientInformation?(clientInformation: OAuthClientInformationFull): void | Promise<void>;
+    saveClientInformation?(clientInformation: OAuthClientInformationMixed): void | Promise<void>;
    /**
     * Loads any existing OAuth tokens for the current session, or returns
     * `undefined` if there are no saved tokens.
@@ -78,7 +88,7 @@ export interface OAuthClientProvider {
     * @param url - The token endpoint URL being called
     * @param metadata - Optional OAuth metadata for the server, which may include supported authentication methods
     */
-    addClientAuthentication?(headers: Headers, params: URLSearchParams, url: string | URL, metadata?: AuthorizationServerMetadata): void | Promise<void>;
+    addClientAuthentication?: AddClientAuthentication;
    /**
     * If defined, overrides the selection and validation of the
     * RFC 8707 Resource Indicator. If left undefined, default
@@ -93,11 +103,62 @@ export interface OAuthClientProvider {
     * This avoids requiring the user to intervene manually.
     */
    invalidateCredentials?(scope: 'all' | 'client' | 'tokens' | 'verifier'): void | Promise<void>;
+    /**
+     * Prepares grant-specific parameters for a token request.
+     *
+     * This optional method allows providers to customize the token request based on
+     * the grant type they support. When implemented, it returns the grant type and
+     * any grant-specific parameters needed for the token exchange.
+     *
+     * If not implemented, the default behavior depends on the flow:
+     * - For authorization code flow: uses code, code_verifier, and redirect_uri
+     * - For client_credentials: detected via grant_types in clientMetadata
+     *
+     * @param scope - Optional scope to request
+     * @returns Grant type and parameters, or undefined to use default behavior
+     *
+     * @example
+     * // For client_credentials grant:
+     * prepareTokenRequest(scope) {
+     *   return {
+     *     grantType: 'client_credentials',
+     *     params: scope ? { scope } : {}
+     *   };
+     * }
+     *
+     * @example
+     * // For authorization_code grant (default behavior):
+     * async prepareTokenRequest() {
+     *   return {
+     *     grantType: 'authorization_code',
+     *     params: {
+     *       code: this.authorizationCode,
+     *       code_verifier: await this.codeVerifier(),
+     *       redirect_uri: String(this.redirectUrl)
+     *     }
+     *   };
+     * }
+     */
+    prepareTokenRequest?(scope?: string): URLSearchParams | Promise<URLSearchParams | undefined> | undefined;
 }
-export type AuthResult = "AUTHORIZED" | "REDIRECT";
+export type AuthResult = 'AUTHORIZED' | 'REDIRECT';
 export declare class UnauthorizedError extends Error {
    constructor(message?: string);
 }
+type ClientAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'none';
+/**
+ * Determines the best client authentication method to use based on server support and client configuration.
+ *
+ * Priority order (highest to lowest):
+ * 1. client_secret_basic (if client secret is available)
+ * 2. client_secret_post (if client secret is available)
+ * 3. none (for public clients)
+ *
+ * @param clientInformation - OAuth client information containing credentials
+ * @param supportedMethods - Authentication methods supported by the authorization server
+ * @returns The selected authentication method
+ */
+export declare function selectClientAuthMethod(clientInformation: OAuthClientInformationMixed, supportedMethods: string[]): ClientAuthMethod;
 /**
 * Parses an OAuth error response from a string or Response object.
 *
@@ -123,9 +184,23 @@ export declare function auth(provider: OAuthClientProvider, options: {
    resourceMetadataUrl?: URL;
    fetchFn?: FetchLike;
 }): Promise<AuthResult>;
+/**
+ * SEP-991: URL-based Client IDs
+ * Validate that the client_id is a valid URL with https scheme
+ */
+export declare function isHttpsUrl(value?: string): boolean;
 export declare function selectResourceURL(serverUrl: string | URL, provider: OAuthClientProvider, resourceMetadata?: OAuthProtectedResourceMetadata): Promise<URL | undefined>;
+/**
+ * Extract resource_metadata, scope, and error from WWW-Authenticate header.
+ */
+export declare function extractWWWAuthenticateParams(res: Response): {
+    resourceMetadataUrl?: URL;
+    scope?: string;
+    error?: string;
+};
 /**
 * Extract resource_metadata from response header.
+ * @deprecated Use `extractWWWAuthenticateParams` instead.
 */
 export declare function extractResourceMetadataUrl(res: Response): URL | undefined;
 /**
@@ -146,7 +221,7 @@ export declare function discoverOAuthProtectedResourceMetadata(serverUrl: string
 *
 * @deprecated This function is deprecated in favor of `discoverAuthorizationServerMetadata`.
 */
-export declare function discoverOAuthMetadata(issuer: string | URL, { authorizationServerUrl, protocolVersion, }?: {
+export declare function discoverOAuthMetadata(issuer: string | URL, { authorizationServerUrl, protocolVersion }?: {
    authorizationServerUrl?: string | URL;
    protocolVersion?: string;
 }, fetchFn?: FetchLike): Promise<OAuthMetadata | undefined>;
@@ -154,8 +229,7 @@ export declare function discoverOAuthMetadata(issuer: string | URL, { authorizat
 * Builds a list of discovery URLs to try for authorization server metadata.
 * URLs are returned in priority order:
 * 1. OAuth metadata at the given URL
- * 2. OAuth metadata at root (if URL has path)
- * 3. OIDC metadata endpoints
+ * 2. OIDC metadata endpoints at the given URL
 */
 export declare function buildDiscoveryUrls(authorizationServerUrl: string | URL): {
    url: URL;
@@ -177,16 +251,16 @@ export declare function buildDiscoveryUrls(authorizationServerUrl: string | URL)
 * @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION
 * @returns Promise resolving to authorization server metadata, or undefined if discovery fails
 */
-export declare function discoverAuthorizationServerMetadata(authorizationServerUrl: string | URL, { fetchFn, protocolVersion, }?: {
+export declare function discoverAuthorizationServerMetadata(authorizationServerUrl: string | URL, { fetchFn, protocolVersion }?: {
    fetchFn?: FetchLike;
    protocolVersion?: string;
 }): Promise<AuthorizationServerMetadata | undefined>;
 /**
 * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
 */
-export declare function startAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, redirectUrl, scope, state, resource, }: {
+export declare function startAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, redirectUrl, scope, state, resource }: {
    metadata?: AuthorizationServerMetadata;
-    clientInformation: OAuthClientInformation;
+    clientInformation: OAuthClientInformationMixed;
    redirectUrl: string | URL;
    scope?: string;
    state?: string;
@@ -195,6 +269,18 @@ export declare function startAuthorization(authorizationServerUrl: string | URL,
    authorizationUrl: URL;
    codeVerifier: string;
 }>;
+/**
+ * Prepares token request parameters for an authorization code exchange.
+ *
+ * This is the default implementation used by fetchToken when the provider
+ * doesn't implement prepareTokenRequest.
+ *
+ * @param authorizationCode - The authorization code received from the authorization endpoint
+ * @param codeVerifier - The PKCE code verifier
+ * @param redirectUri - The redirect URI used in the authorization request
+ * @returns URLSearchParams for the authorization_code grant
+ */
+export declare function prepareAuthorizationCodeRequest(authorizationCode: string, codeVerifier: string, redirectUri: string | URL): URLSearchParams;
 /**
 * Exchanges an authorization code for an access token with the given server.
 *
@@ -207,14 +293,14 @@ export declare function startAuthorization(authorizationServerUrl: string | URL,
 * @returns Promise resolving to OAuth tokens
 * @throws {Error} When token exchange fails or authentication is invalid
 */
-export declare function exchangeAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn, }: {
+export declare function exchangeAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn }: {
    metadata?: AuthorizationServerMetadata;
-    clientInformation: OAuthClientInformation;
+    clientInformation: OAuthClientInformationMixed;
    authorizationCode: string;
    codeVerifier: string;
    redirectUri: string | URL;
    resource?: URL;
-    addClientAuthentication?: OAuthClientProvider["addClientAuthentication"];
+    addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];
    fetchFn?: FetchLike;
 }): Promise<OAuthTokens>;
 /**
@@ -229,20 +315,54 @@ export declare function exchangeAuthorization(authorizationServerUrl: string | U
 * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced)
 * @throws {Error} When token refresh fails or authentication is invalid
 */
-export declare function refreshAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn, }: {
+export declare function refreshAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn }: {
    metadata?: AuthorizationServerMetadata;
-    clientInformation: OAuthClientInformation;
+    clientInformation: OAuthClientInformationMixed;
    refreshToken: string;
    resource?: URL;
-    addClientAuthentication?: OAuthClientProvider["addClientAuthentication"];
+    addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];
+    fetchFn?: FetchLike;
+}): Promise<OAuthTokens>;
+/**
+ * Unified token fetching that works with any grant type via provider.prepareTokenRequest().
+ *
+ * This function provides a single entry point for obtaining tokens regardless of the
+ * OAuth grant type. The provider's prepareTokenRequest() method determines which grant
+ * to use and supplies the grant-specific parameters.
+ *
+ * @param provider - OAuth client provider that implements prepareTokenRequest()
+ * @param authorizationServerUrl - The authorization server's base URL
+ * @param options - Configuration for the token request
+ * @returns Promise resolving to OAuth tokens
+ * @throws {Error} When provider doesn't implement prepareTokenRequest or token fetch fails
+ *
+ * @example
+ * // Provider for client_credentials:
+ * class MyProvider implements OAuthClientProvider {
+ *   prepareTokenRequest(scope) {
+ *     const params = new URLSearchParams({ grant_type: 'client_credentials' });
+ *     if (scope) params.set('scope', scope);
+ *     return params;
+ *   }
+ *   // ... other methods
+ * }
+ *
+ * const tokens = await fetchToken(provider, authServerUrl, { metadata });
+ */
+export declare function fetchToken(provider: OAuthClientProvider, authorizationServerUrl: string | URL, { metadata, resource, authorizationCode, fetchFn }?: {
+    metadata?: AuthorizationServerMetadata;
+    resource?: URL;
+    /** Authorization code for the default authorization_code grant flow */
+    authorizationCode?: string;
    fetchFn?: FetchLike;
 }): Promise<OAuthTokens>;
 /**
 * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.
 */
-export declare function registerClient(authorizationServerUrl: string | URL, { metadata, clientMetadata, fetchFn, }: {
+export declare function registerClient(authorizationServerUrl: string | URL, { metadata, clientMetadata, fetchFn }: {
    metadata?: AuthorizationServerMetadata;
    clientMetadata: OAuthClientMetadata;
    fetchFn?: FetchLike;
 }): Promise<OAuthClientInformationFull>;
+export {};
 //# sourceMappingURL=auth.d.ts.map
@@ -4,17 +4,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UnauthorizedError = void 0;
+exports.selectClientAuthMethod = selectClientAuthMethod;
 exports.parseErrorResponse = parseErrorResponse;
 exports.auth = auth;
+exports.isHttpsUrl = isHttpsUrl;
 exports.selectResourceURL = selectResourceURL;
+exports.extractWWWAuthenticateParams = extractWWWAuthenticateParams;
 exports.extractResourceMetadataUrl = extractResourceMetadataUrl;
 exports.discoverOAuthProtectedResourceMetadata = discoverOAuthProtectedResourceMetadata;
 exports.discoverOAuthMetadata = discoverOAuthMetadata;
 exports.buildDiscoveryUrls = buildDiscoveryUrls;
 exports.discoverAuthorizationServerMetadata = discoverAuthorizationServerMetadata;
 exports.startAuthorization = startAuthorization;
+exports.prepareAuthorizationCodeRequest = prepareAuthorizationCodeRequest;
 exports.exchangeAuthorization = exchangeAuthorization;
 exports.refreshAuthorization = refreshAuthorization;
+exports.fetchToken = fetchToken;
 exports.registerClient = registerClient;
 const pkce_challenge_1 = __importDefault(require("pkce-challenge"));
 const types_js_1 = require("../types.js");
@@ -24,10 +29,15 @@ const auth_utils_js_1 = require("../shared/auth-utils.js");
 const errors_js_1 = require("../server/auth/errors.js");
 class UnauthorizedError extends Error {
    constructor(message) {
-        super(message !== null && message !== void 0 ? message : "Unauthorized");
+        super(message ?? 'Unauthorized');
    }
 }
 exports.UnauthorizedError = UnauthorizedError;
+function isClientAuthMethod(method) {
+    return ['client_secret_basic', 'client_secret_post', 'none'].includes(method);
+}
+const AUTHORIZATION_CODE_RESPONSE_TYPE = 'code';
+const AUTHORIZATION_CODE_CHALLENGE_METHOD = 'S256';
 /**
 * Determines the best client authentication method to use based on server support and client configuration.
 *
@@ -44,20 +54,27 @@ function selectClientAuthMethod(clientInformation, supportedMethods) {
    const hasClientSecret = clientInformation.client_secret !== undefined;
    // If server doesn't specify supported methods, use RFC 6749 defaults
    if (supportedMethods.length === 0) {
-        return hasClientSecret ? "client_secret_post" : "none";
+        return hasClientSecret ? 'client_secret_post' : 'none';
+    }
+    // Prefer the method returned by the server during client registration if valid and supported
+    if ('token_endpoint_auth_method' in clientInformation &&
+        clientInformation.token_endpoint_auth_method &&
+        isClientAuthMethod(clientInformation.token_endpoint_auth_method) &&
+        supportedMethods.includes(clientInformation.token_endpoint_auth_method)) {
+        return clientInformation.token_endpoint_auth_method;
    }
    // Try methods in priority order (most secure first)
-    if (hasClientSecret && supportedMethods.includes("client_secret_basic")) {
-        return "client_secret_basic";
+    if (hasClientSecret && supportedMethods.includes('client_secret_basic')) {
+        return 'client_secret_basic';
    }
-    if (hasClientSecret && supportedMethods.includes("client_secret_post")) {
-        return "client_secret_post";
+    if (hasClientSecret && supportedMethods.includes('client_secret_post')) {
+        return 'client_secret_post';
    }
-    if (supportedMethods.includes("none")) {
-        return "none";
+    if (supportedMethods.includes('none')) {
+        return 'none';
    }
    // Fallback: use what we have
-    return hasClientSecret ? "client_secret_post" : "none";
+    return hasClientSecret ? 'client_secret_post' : 'none';
 }
 /**
 * Applies client authentication to the request based on the specified method.
@@ -76,13 +93,13 @@ function selectClientAuthMethod(clientInformation, supportedMethods) {
 function applyClientAuthentication(method, clientInformation, headers, params) {
    const { client_id, client_secret } = clientInformation;
    switch (method) {
-        case "client_secret_basic":
+        case 'client_secret_basic':
            applyBasicAuth(client_id, client_secret, headers);
            return;
-        case "client_secret_post":
+        case 'client_secret_post':
            applyPostAuth(client_id, client_secret, params);
            return;
-        case "none":
+        case 'none':
            applyPublicAuth(client_id, params);
            return;
        default:
@@ -94,25 +111,25 @@ function applyClientAuthentication(method, clientInformation, headers, params) {
 */
 function applyBasicAuth(clientId, clientSecret, headers) {
    if (!clientSecret) {
-        throw new Error("client_secret_basic authentication requires a client_secret");
+        throw new Error('client_secret_basic authentication requires a client_secret');
    }
    const credentials = btoa(`${clientId}:${clientSecret}`);
-    headers.set("Authorization", `Basic ${credentials}`);
+    headers.set('Authorization', `Basic ${credentials}`);
 }
 /**
 * Applies POST body authentication (RFC 6749 Section 2.3.1)
 */
 function applyPostAuth(clientId, clientSecret, params) {
-    params.set("client_id", clientId);
+    params.set('client_id', clientId);
    if (clientSecret) {
-        params.set("client_secret", clientSecret);
+        params.set('client_secret', clientSecret);
    }
 }
 /**
 * Applies public client authentication (RFC 6749 Section 2.1)
 */
 function applyPublicAuth(clientId, params) {
-    params.set("client_id", clientId);
+    params.set('client_id', clientId);
 }
 /**
 * Parses an OAuth error response from a string or Response object.
@@ -147,25 +164,24 @@ async function parseErrorResponse(input) {
 * instead of linking together the other lower-level functions in this module.
 */
 async function auth(provider, options) {
-    var _a, _b;
    try {
        return await authInternal(provider, options);
    }
    catch (error) {
        // Handle recoverable error types by invalidating credentials and retrying
        if (error instanceof errors_js_1.InvalidClientError || error instanceof errors_js_1.UnauthorizedClientError) {
-            await ((_a = provider.invalidateCredentials) === null || _a === void 0 ? void 0 : _a.call(provider, 'all'));
+            await provider.invalidateCredentials?.('all');
            return await authInternal(provider, options);
        }
        else if (error instanceof errors_js_1.InvalidGrantError) {
-            await ((_b = provider.invalidateCredentials) === null || _b === void 0 ? void 0 : _b.call(provider, 'tokens'));
+            await provider.invalidateCredentials?.('tokens');
            return await authInternal(provider, options);
        }
        // Throw otherwise
        throw error;
    }
 }
-async function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl, fetchFn, }) {
+async function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl, fetchFn }) {
    let resourceMetadata;
    let authorizationServerUrl;
    try {
@@ -174,56 +190,69 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope, res
            authorizationServerUrl = resourceMetadata.authorization_servers[0];
        }
    }
-    catch (_a) {
+    catch {
        // Ignore errors and fall back to /.well-known/oauth-authorization-server
    }
    /**
     * If we don't get a valid authorization server metadata from protected resource metadata,
-     * fallback to the legacy MCP spec's implementation (version 2025-03-26): MCP server acts as the Authorization server.
+     * fallback to the legacy MCP spec's implementation (version 2025-03-26): MCP server base URL acts as the Authorization server.
     */
    if (!authorizationServerUrl) {
-        authorizationServerUrl = serverUrl;
+        authorizationServerUrl = new URL('/', serverUrl);
    }
    const resource = await selectResourceURL(serverUrl, provider, resourceMetadata);
    const metadata = await discoverAuthorizationServerMetadata(authorizationServerUrl, {
-        fetchFn,
+        fetchFn
    });
    // Handle client registration if needed
    let clientInformation = await Promise.resolve(provider.clientInformation());
    if (!clientInformation) {
        if (authorizationCode !== undefined) {
-            throw new Error("Existing OAuth client information is required when exchanging an authorization code");
+            throw new Error('Existing OAuth client information is required when exchanging an authorization code');
        }
-        if (!provider.saveClientInformation) {
-            throw new Error("OAuth client information must be saveable for dynamic registration");
+        const supportsUrlBasedClientId = metadata?.client_id_metadata_document_supported === true;
+        const clientMetadataUrl = provider.clientMetadataUrl;
+        if (clientMetadataUrl && !isHttpsUrl(clientMetadataUrl)) {
+            throw new errors_js_1.InvalidClientMetadataError(`clientMetadataUrl must be a valid HTTPS URL with a non-root pathname, got: ${clientMetadataUrl}`);
+        }
+        const shouldUseUrlBasedClientId = supportsUrlBasedClientId && clientMetadataUrl;
+        if (shouldUseUrlBasedClientId) {
+            // SEP-991: URL-based Client IDs
+            clientInformation = {
+                client_id: clientMetadataUrl
+            };
+            await provider.saveClientInformation?.(clientInformation);
+        }
+        else {
+            // Fallback to dynamic registration
+            if (!provider.saveClientInformation) {
+                throw new Error('OAuth client information must be saveable for dynamic registration');
+            }
+            const fullInformation = await registerClient(authorizationServerUrl, {
+                metadata,
+                clientMetadata: provider.clientMetadata,
+                fetchFn
+            });
+            await provider.saveClientInformation(fullInformation);
+            clientInformation = fullInformation;
        }
-        const fullInformation = await registerClient(authorizationServerUrl, {
-            metadata,
-            clientMetadata: provider.clientMetadata,
-            fetchFn,
-        });
-        await provider.saveClientInformation(fullInformation);
-        clientInformation = fullInformation;
    }
-    // Exchange authorization code for tokens
-    if (authorizationCode !== undefined) {
-        const codeVerifier = await provider.codeVerifier();
-        const tokens = await exchangeAuthorization(authorizationServerUrl, {
+    // Non-interactive flows (e.g., client_credentials, jwt-bearer) don't need a redirect URL
+    const nonInteractiveFlow = !provider.redirectUrl;
+    // Exchange authorization code for tokens, or fetch tokens directly for non-interactive flows
+    if (authorizationCode !== undefined || nonInteractiveFlow) {
+        const tokens = await fetchToken(provider, authorizationServerUrl, {
            metadata,
-            clientInformation,
-            authorizationCode,
-            codeVerifier,
-            redirectUri: provider.redirectUrl,
            resource,
-            addClientAuthentication: provider.addClientAuthentication,
-            fetchFn: fetchFn,
+            authorizationCode,
+            fetchFn
        });
        await provider.saveTokens(tokens);
-        return "AUTHORIZED";
+        return 'AUTHORIZED';
    }
    const tokens = await provider.tokens();
    // Handle token refresh or new authorization
-    if (tokens === null || tokens === void 0 ? void 0 : tokens.refresh_token) {
+    if (tokens?.refresh_token) {
        try {
            // Attempt to refresh the token
            const newTokens = await refreshAuthorization(authorizationServerUrl, {
@@ -232,10 +261,10 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope, res
                refreshToken: tokens.refresh_token,
                resource,
                addClientAuthentication: provider.addClientAuthentication,
-                fetchFn,
+                fetchFn
            });
            await provider.saveTokens(newTokens);
-            return "AUTHORIZED";
+            return 'AUTHORIZED';
        }
        catch (error) {
            // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry.
@@ -255,18 +284,33 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope, res
        clientInformation,
        state,
        redirectUrl: provider.redirectUrl,
-        scope: scope || provider.clientMetadata.scope,
-        resource,
+        scope: scope || resourceMetadata?.scopes_supported?.join(' ') || provider.clientMetadata.scope,
+        resource
    });
    await provider.saveCodeVerifier(codeVerifier);
    await provider.redirectToAuthorization(authorizationUrl);
-    return "REDIRECT";
+    return 'REDIRECT';
+}
+/**
+ * SEP-991: URL-based Client IDs
+ * Validate that the client_id is a valid URL with https scheme
+ */
+function isHttpsUrl(value) {
+    if (!value)
+        return false;
+    try {
+        const url = new URL(value);
+        return url.protocol === 'https:' && url.pathname !== '/';
+    }
+    catch {
+        return false;
+    }
 }
 async function selectResourceURL(serverUrl, provider, resourceMetadata) {
    const defaultResource = (0, auth_utils_js_1.resourceUrlFromServerUrl)(serverUrl);
    // If provider has custom validation, delegate to it
    if (provider.validateResourceURL) {
-        return await provider.validateResourceURL(defaultResource, resourceMetadata === null || resourceMetadata === void 0 ? void 0 : resourceMetadata.resource);
+        return await provider.validateResourceURL(defaultResource, resourceMetadata?.resource);
    }
    // Only include resource parameter when Protected Resource Metadata is present
    if (!resourceMetadata) {
@@ -279,11 +323,62 @@ async function selectResourceURL(serverUrl, provider, resourceMetadata) {
    // Prefer the resource from metadata since it's what the server is telling us to request
    return new URL(resourceMetadata.resource);
 }
+/**
+ * Extract resource_metadata, scope, and error from WWW-Authenticate header.
+ */
+function extractWWWAuthenticateParams(res) {
+    const authenticateHeader = res.headers.get('WWW-Authenticate');
+    if (!authenticateHeader) {
+        return {};
+    }
+    const [type, scheme] = authenticateHeader.split(' ');
+    if (type.toLowerCase() !== 'bearer' || !scheme) {
+        return {};
+    }
+    const resourceMetadataMatch = extractFieldFromWwwAuth(res, 'resource_metadata') || undefined;
+    let resourceMetadataUrl;
+    if (resourceMetadataMatch) {
+        try {
+            resourceMetadataUrl = new URL(resourceMetadataMatch);
+        }
+        catch {
+            // Ignore invalid URL
+        }
+    }
+    const scope = extractFieldFromWwwAuth(res, 'scope') || undefined;
+    const error = extractFieldFromWwwAuth(res, 'error') || undefined;
+    return {
+        resourceMetadataUrl,
+        scope,
+        error
+    };
+}
+/**
+ * Extracts a specific field's value from the WWW-Authenticate header string.
+ *
+ * @param response The HTTP response object containing the headers.
+ * @param fieldName The name of the field to extract (e.g., "realm", "nonce").
+ * @returns The field value
+ */
+function extractFieldFromWwwAuth(response, fieldName) {
+    const wwwAuthHeader = response.headers.get('WWW-Authenticate');
+    if (!wwwAuthHeader) {
+        return null;
+    }
+    const pattern = new RegExp(`${fieldName}=(?:"([^"]+)"|([^\\s,]+))`);
+    const match = wwwAuthHeader.match(pattern);
+    if (match) {
+        // Pattern matches: field_name="value" or field_name=value (unquoted)
+        return match[1] || match[2];
+    }
+    return null;
+}
 /**
 * Extract resource_metadata from response header.
+ * @deprecated Use `extractWWWAuthenticateParams` instead.
 */
 function extractResourceMetadataUrl(res) {
-    const authenticateHeader = res.headers.get("WWW-Authenticate");
+    const authenticateHeader = res.headers.get('WWW-Authenticate');
    if (!authenticateHeader) {
        return undefined;
    }
@@ -299,7 +394,7 @@ function extractResourceMetadataUrl(res) {
    try {
        return new URL(match[1]);
    }
-    catch (_a) {
+    catch {
        return undefined;
    }
 }
@@ -311,13 +406,15 @@ function extractResourceMetadataUrl(res) {
 */
 async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn = fetch) {
    const response = await discoverMetadataWithFallback(serverUrl, 'oauth-protected-resource', fetchFn, {
-        protocolVersion: opts === null || opts === void 0 ? void 0 : opts.protocolVersion,
-        metadataUrl: opts === null || opts === void 0 ? void 0 : opts.resourceMetadataUrl,
+        protocolVersion: opts?.protocolVersion,
+        metadataUrl: opts?.resourceMetadataUrl
    });
    if (!response || response.status === 404) {
+        await response?.body?.cancel();
        throw new Error(`Resource server does not implement OAuth 2.0 Protected Resource Metadata.`);
    }
    if (!response.ok) {
+        await response.body?.cancel();
        throw new Error(`HTTP ${response.status} trying to load well-known OAuth protected resource metadata.`);
    }
    return auth_js_2.OAuthProtectedResourceMetadataSchema.parse(await response.json());
@@ -351,16 +448,14 @@ function buildWellKnownPath(wellKnownPrefix, pathname = '', options = {}) {
    if (pathname.endsWith('/')) {
        pathname = pathname.slice(0, -1);
    }
-    return options.prependPathname
-        ? `${pathname}/.well-known/${wellKnownPrefix}`
-        : `/.well-known/${wellKnownPrefix}${pathname}`;
+    return options.prependPathname ? `${pathname}/.well-known/${wellKnownPrefix}` : `/.well-known/${wellKnownPrefix}${pathname}`;
 }
 /**
 * Tries to discover OAuth metadata at a specific URL
 */
 async function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {
    const headers = {
-        "MCP-Protocol-Version": protocolVersion
+        'MCP-Protocol-Version': protocolVersion
    };
    return await fetchWithCorsRetry(url, headers, fetchFn);
 }
@@ -368,28 +463,27 @@ async function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {
 * Determines if fallback to root discovery should be attempted
 */
 function shouldAttemptFallback(response, pathname) {
-    return !response || response.status === 404 && pathname !== '/';
+    return !response || (response.status >= 400 && response.status < 500 && pathname !== '/');
 }
 /**
 * Generic function for discovering OAuth metadata with fallback support
 */
 async function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, opts) {
-    var _a, _b;
    const issuer = new URL(serverUrl);
-    const protocolVersion = (_a = opts === null || opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a !== void 0 ? _a : types_js_1.LATEST_PROTOCOL_VERSION;
+    const protocolVersion = opts?.protocolVersion ?? types_js_1.LATEST_PROTOCOL_VERSION;
    let url;
-    if (opts === null || opts === void 0 ? void 0 : opts.metadataUrl) {
+    if (opts?.metadataUrl) {
        url = new URL(opts.metadataUrl);
    }
    else {
        // Try path-aware discovery first
        const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname);
-        url = new URL(wellKnownPath, (_b = opts === null || opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b !== void 0 ? _b : issuer);
+        url = new URL(wellKnownPath, opts?.metadataServerUrl ?? issuer);
        url.search = issuer.search;
    }
    let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn);
    // If path-aware discovery fails with 404 and we're not already at root, try fallback to root discovery
-    if (!(opts === null || opts === void 0 ? void 0 : opts.metadataUrl) && shouldAttemptFallback(response, issuer.pathname)) {
+    if (!opts?.metadataUrl && shouldAttemptFallback(response, issuer.pathname)) {
        const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer);
        response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn);
    }
@@ -403,7 +497,7 @@ async function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, o
 *
 * @deprecated This function is deprecated in favor of `discoverAuthorizationServerMetadata`.
 */
-async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolVersion, } = {}, fetchFn = fetch) {
+async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolVersion } = {}, fetchFn = fetch) {
    if (typeof issuer === 'string') {
        issuer = new URL(issuer);
    }
@@ -413,15 +507,17 @@ async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolV
    if (typeof authorizationServerUrl === 'string') {
        authorizationServerUrl = new URL(authorizationServerUrl);
    }
-    protocolVersion !== null && protocolVersion !== void 0 ? protocolVersion : (protocolVersion = types_js_1.LATEST_PROTOCOL_VERSION);
+    protocolVersion ?? (protocolVersion = types_js_1.LATEST_PROTOCOL_VERSION);
    const response = await discoverMetadataWithFallback(authorizationServerUrl, 'oauth-authorization-server', fetchFn, {
        protocolVersion,
-        metadataServerUrl: authorizationServerUrl,
+        metadataServerUrl: authorizationServerUrl
    });
    if (!response || response.status === 404) {
+        await response?.body?.cancel();
        return undefined;
    }
    if (!response.ok) {
+        await response.body?.cancel();
        throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`);
    }
    return auth_js_2.OAuthMetadataSchema.parse(await response.json());
@@ -430,8 +526,7 @@ async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolV
 * Builds a list of discovery URLs to try for authorization server metadata.
 * URLs are returned in priority order:
 * 1. OAuth metadata at the given URL
- * 2. OAuth metadata at root (if URL has path)
- * 3. OIDC metadata endpoints
+ * 2. OIDC metadata endpoints at the given URL
 */
 function buildDiscoveryUrls(authorizationServerUrl) {
    const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl;
@@ -461,12 +556,7 @@ function buildDiscoveryUrls(authorizationServerUrl) {
        url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin),
        type: 'oauth'
    });
-    // Root path: https://example.com/.well-known/oauth-authorization-server
-    urlsToTry.push({
-        url: new URL('/.well-known/oauth-authorization-server', url.origin),
-        type: 'oauth'
-    });
-    // 3. OIDC metadata endpoints
+    // 2. OIDC metadata endpoints
    // RFC 8414 style: Insert /.well-known/openid-configuration before the path
    urlsToTry.push({
        url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin),
@@ -495,9 +585,11 @@ function buildDiscoveryUrls(authorizationServerUrl) {
 * @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION
 * @returns Promise resolving to authorization server metadata, or undefined if discovery fails
 */
-async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn = fetch, protocolVersion = types_js_1.LATEST_PROTOCOL_VERSION, } = {}) {
-    var _a;
-    const headers = { 'MCP-Protocol-Version': protocolVersion };
+async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn = fetch, protocolVersion = types_js_1.LATEST_PROTOCOL_VERSION } = {}) {
+    const headers = {
+        'MCP-Protocol-Version': protocolVersion,
+        Accept: 'application/json'
+    };
    // Get the list of URLs to try
    const urlsToTry = buildDiscoveryUrls(authorizationServerUrl);
    // Try each URL in order
@@ -511,6 +603,7 @@ async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fet
            continue;
        }
        if (!response.ok) {
+            await response.body?.cancel();
            // Continue looking for any 4xx response code.
            if (response.status >= 400 && response.status < 500) {
                continue; // Try next URL
@@ -522,12 +615,7 @@ async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fet
            return auth_js_2.OAuthMetadataSchema.parse(await response.json());
        }
        else {
-            const metadata = auth_js_1.OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());
-            // MCP spec requires OIDC providers to support S256 PKCE
-            if (!((_a = metadata.code_challenge_methods_supported) === null || _a === void 0 ? void 0 : _a.includes('S256'))) {
-                throw new Error(`Incompatible OIDC provider at ${endpointUrl}: does not support S256 code challenge method required by MCP specification`);
-            }
-            return metadata;
+            return auth_js_1.OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());
        }
    }
    return undefined;
@@ -535,49 +623,97 @@ async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fet
 /**
 * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
 */
-async function startAuthorization(authorizationServerUrl, { metadata, clientInformation, redirectUrl, scope, state, resource, }) {
-    const responseType = "code";
-    const codeChallengeMethod = "S256";
+async function startAuthorization(authorizationServerUrl, { metadata, clientInformation, redirectUrl, scope, state, resource }) {
    let authorizationUrl;
    if (metadata) {
        authorizationUrl = new URL(metadata.authorization_endpoint);
-        if (!metadata.response_types_supported.includes(responseType)) {
-            throw new Error(`Incompatible auth server: does not support response type ${responseType}`);
+        if (!metadata.response_types_supported.includes(AUTHORIZATION_CODE_RESPONSE_TYPE)) {
+            throw new Error(`Incompatible auth server: does not support response type ${AUTHORIZATION_CODE_RESPONSE_TYPE}`);
        }
-        if (!metadata.code_challenge_methods_supported ||
-            !metadata.code_challenge_methods_supported.includes(codeChallengeMethod)) {
-            throw new Error(`Incompatible auth server: does not support code challenge method ${codeChallengeMethod}`);
+        if (metadata.code_challenge_methods_supported &&
+            !metadata.code_challenge_methods_supported.includes(AUTHORIZATION_CODE_CHALLENGE_METHOD)) {
+            throw new Error(`Incompatible auth server: does not support code challenge method ${AUTHORIZATION_CODE_CHALLENGE_METHOD}`);
        }
    }
    else {
-        authorizationUrl = new URL("/authorize", authorizationServerUrl);
+        authorizationUrl = new URL('/authorize', authorizationServerUrl);
    }
    // Generate PKCE challenge
    const challenge = await (0, pkce_challenge_1.default)();
    const codeVerifier = challenge.code_verifier;
    const codeChallenge = challenge.code_challenge;
-    authorizationUrl.searchParams.set("response_type", responseType);
-    authorizationUrl.searchParams.set("client_id", clientInformation.client_id);
-    authorizationUrl.searchParams.set("code_challenge", codeChallenge);
-    authorizationUrl.searchParams.set("code_challenge_method", codeChallengeMethod);
-    authorizationUrl.searchParams.set("redirect_uri", String(redirectUrl));
+    authorizationUrl.searchParams.set('response_type', AUTHORIZATION_CODE_RESPONSE_TYPE);
+    authorizationUrl.searchParams.set('client_id', clientInformation.client_id);
+    authorizationUrl.searchParams.set('code_challenge', codeChallenge);
+    authorizationUrl.searchParams.set('code_challenge_method', AUTHORIZATION_CODE_CHALLENGE_METHOD);
+    authorizationUrl.searchParams.set('redirect_uri', String(redirectUrl));
    if (state) {
-        authorizationUrl.searchParams.set("state", state);
+        authorizationUrl.searchParams.set('state', state);
    }
    if (scope) {
-        authorizationUrl.searchParams.set("scope", scope);
+        authorizationUrl.searchParams.set('scope', scope);
    }
-    if (scope === null || scope === void 0 ? void 0 : scope.includes("offline_access")) {
+    if (scope?.includes('offline_access')) {
        // if the request includes the OIDC-only "offline_access" scope,
        // we need to set the prompt to "consent" to ensure the user is prompted to grant offline access
        // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
-        authorizationUrl.searchParams.append("prompt", "consent");
+        authorizationUrl.searchParams.append('prompt', 'consent');
    }
    if (resource) {
-        authorizationUrl.searchParams.set("resource", resource.href);
+        authorizationUrl.searchParams.set('resource', resource.href);
    }
    return { authorizationUrl, codeVerifier };
 }
+/**
+ * Prepares token request parameters for an authorization code exchange.
+ *
+ * This is the default implementation used by fetchToken when the provider
+ * doesn't implement prepareTokenRequest.
+ *
+ * @param authorizationCode - The authorization code received from the authorization endpoint
+ * @param codeVerifier - The PKCE code verifier
+ * @param redirectUri - The redirect URI used in the authorization request
+ * @returns URLSearchParams for the authorization_code grant
+ */
+function prepareAuthorizationCodeRequest(authorizationCode, codeVerifier, redirectUri) {
+    return new URLSearchParams({
+        grant_type: 'authorization_code',
+        code: authorizationCode,
+        code_verifier: codeVerifier,
+        redirect_uri: String(redirectUri)
+    });
+}
+/**
+ * Internal helper to execute a token request with the given parameters.
+ * Used by exchangeAuthorization, refreshAuthorization, and fetchToken.
+ */
+async function executeTokenRequest(authorizationServerUrl, { metadata, tokenRequestParams, clientInformation, addClientAuthentication, resource, fetchFn }) {
+    const tokenUrl = metadata?.token_endpoint ? new URL(metadata.token_endpoint) : new URL('/token', authorizationServerUrl);
+    const headers = new Headers({
+        'Content-Type': 'application/x-www-form-urlencoded',
+        Accept: 'application/json'
+    });
+    if (resource) {
+        tokenRequestParams.set('resource', resource.href);
+    }
+    if (addClientAuthentication) {
+        await addClientAuthentication(headers, tokenRequestParams, tokenUrl, metadata);
+    }
+    else if (clientInformation) {
+        const supportedMethods = metadata?.token_endpoint_auth_methods_supported ?? [];
+        const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);
+        applyClientAuthentication(authMethod, clientInformation, headers, tokenRequestParams);
+    }
+    const response = await (fetchFn ?? fetch)(tokenUrl, {
+        method: 'POST',
+        headers,
+        body: tokenRequestParams
+    });
+    if (!response.ok) {
+        throw await parseErrorResponse(response);
+    }
+    return auth_js_2.OAuthTokensSchema.parse(await response.json());
+}
 /**
 * Exchanges an authorization code for an access token with the given server.
 *
@@ -590,48 +726,16 @@ async function startAuthorization(authorizationServerUrl, { metadata, clientInfo
 * @returns Promise resolving to OAuth tokens
 * @throws {Error} When token exchange fails or authentication is invalid
 */
-async function exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn, }) {
-    var _a;
-    const grantType = "authorization_code";
-    const tokenUrl = (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint)
-        ? new URL(metadata.token_endpoint)
-        : new URL("/token", authorizationServerUrl);
-    if ((metadata === null || metadata === void 0 ? void 0 : metadata.grant_types_supported) &&
-        !metadata.grant_types_supported.includes(grantType)) {
-        throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);
-    }
-    // Exchange code for tokens
-    const headers = new Headers({
-        "Content-Type": "application/x-www-form-urlencoded",
-        "Accept": "application/json",
+async function exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn }) {
+    const tokenRequestParams = prepareAuthorizationCodeRequest(authorizationCode, codeVerifier, redirectUri);
+    return executeTokenRequest(authorizationServerUrl, {
+        metadata,
+        tokenRequestParams,
+        clientInformation,
+        addClientAuthentication,
+        resource,
+        fetchFn
    });
-    const params = new URLSearchParams({
-        grant_type: grantType,
-        code: authorizationCode,
-        code_verifier: codeVerifier,
-        redirect_uri: String(redirectUri),
-    });
-    if (addClientAuthentication) {
-        addClientAuthentication(headers, params, authorizationServerUrl, metadata);
-    }
-    else {
-        // Determine and apply client authentication method
-        const supportedMethods = (_a = metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];
-        const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);
-        applyClientAuthentication(authMethod, clientInformation, headers, params);
-    }
-    if (resource) {
-        params.set("resource", resource.href);
-    }
-    const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {
-        method: "POST",
-        headers,
-        body: params,
-    });
-    if (!response.ok) {
-        throw await parseErrorResponse(response);
-    }
-    return auth_js_2.OAuthTokensSchema.parse(await response.json());
 }
 /**
 * Exchange a refresh token for an updated access token.
@@ -645,70 +749,96 @@ async function exchangeAuthorization(authorizationServerUrl, { metadata, clientI
 * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced)
 * @throws {Error} When token refresh fails or authentication is invalid
 */
-async function refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn, }) {
-    var _a;
-    const grantType = "refresh_token";
-    let tokenUrl;
-    if (metadata) {
-        tokenUrl = new URL(metadata.token_endpoint);
-        if (metadata.grant_types_supported &&
-            !metadata.grant_types_supported.includes(grantType)) {
-            throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);
+async function refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn }) {
+    const tokenRequestParams = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken
+    });
+    const tokens = await executeTokenRequest(authorizationServerUrl, {
+        metadata,
+        tokenRequestParams,
+        clientInformation,
+        addClientAuthentication,
+        resource,
+        fetchFn
+    });
+    // Preserve original refresh token if server didn't return a new one
+    return { refresh_token: refreshToken, ...tokens };
+}
+/**
+ * Unified token fetching that works with any grant type via provider.prepareTokenRequest().
+ *
+ * This function provides a single entry point for obtaining tokens regardless of the
+ * OAuth grant type. The provider's prepareTokenRequest() method determines which grant
+ * to use and supplies the grant-specific parameters.
+ *
+ * @param provider - OAuth client provider that implements prepareTokenRequest()
+ * @param authorizationServerUrl - The authorization server's base URL
+ * @param options - Configuration for the token request
+ * @returns Promise resolving to OAuth tokens
+ * @throws {Error} When provider doesn't implement prepareTokenRequest or token fetch fails
+ *
+ * @example
+ * // Provider for client_credentials:
+ * class MyProvider implements OAuthClientProvider {
+ *   prepareTokenRequest(scope) {
+ *     const params = new URLSearchParams({ grant_type: 'client_credentials' });
+ *     if (scope) params.set('scope', scope);
+ *     return params;
+ *   }
+ *   // ... other methods
+ * }
+ *
+ * const tokens = await fetchToken(provider, authServerUrl, { metadata });
+ */
+async function fetchToken(provider, authorizationServerUrl, { metadata, resource, authorizationCode, fetchFn } = {}) {
+    const scope = provider.clientMetadata.scope;
+    // Use provider's prepareTokenRequest if available, otherwise fall back to authorization_code
+    let tokenRequestParams;
+    if (provider.prepareTokenRequest) {
+        tokenRequestParams = await provider.prepareTokenRequest(scope);
+    }
+    // Default to authorization_code grant if no custom prepareTokenRequest
+    if (!tokenRequestParams) {
+        if (!authorizationCode) {
+            throw new Error('Either provider.prepareTokenRequest() or authorizationCode is required');
        }
+        if (!provider.redirectUrl) {
+            throw new Error('redirectUrl is required for authorization_code flow');
+        }
+        const codeVerifier = await provider.codeVerifier();
+        tokenRequestParams = prepareAuthorizationCodeRequest(authorizationCode, codeVerifier, provider.redirectUrl);
    }
-    else {
-        tokenUrl = new URL("/token", authorizationServerUrl);
-    }
-    // Exchange refresh token
-    const headers = new Headers({
-        "Content-Type": "application/x-www-form-urlencoded",
+    const clientInformation = await provider.clientInformation();
+    return executeTokenRequest(authorizationServerUrl, {
+        metadata,
+        tokenRequestParams,
+        clientInformation: clientInformation ?? undefined,
+        addClientAuthentication: provider.addClientAuthentication,
+        resource,
+        fetchFn
    });
-    const params = new URLSearchParams({
-        grant_type: grantType,
-        refresh_token: refreshToken,
-    });
-    if (addClientAuthentication) {
-        addClientAuthentication(headers, params, authorizationServerUrl, metadata);
-    }
-    else {
-        // Determine and apply client authentication method
-        const supportedMethods = (_a = metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : [];
-        const authMethod = selectClientAuthMethod(clientInformation, supportedMethods);
-        applyClientAuthentication(authMethod, clientInformation, headers, params);
-    }
-    if (resource) {
-        params.set("resource", resource.href);
-    }
-    const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, {
-        method: "POST",
-        headers,
-        body: params,
-    });
-    if (!response.ok) {
-        throw await parseErrorResponse(response);
-    }
-    return auth_js_2.OAuthTokensSchema.parse({ refresh_token: refreshToken, ...(await response.json()) });
 }
 /**
 * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.
 */
-async function registerClient(authorizationServerUrl, { metadata, clientMetadata, fetchFn, }) {
+async function registerClient(authorizationServerUrl, { metadata, clientMetadata, fetchFn }) {
    let registrationUrl;
    if (metadata) {
        if (!metadata.registration_endpoint) {
-            throw new Error("Incompatible auth server: does not support dynamic client registration");
+            throw new Error('Incompatible auth server: does not support dynamic client registration');
        }
        registrationUrl = new URL(metadata.registration_endpoint);
    }
    else {
-        registrationUrl = new URL("/register", authorizationServerUrl);
+        registrationUrl = new URL('/register', authorizationServerUrl);
    }
-    const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(registrationUrl, {
-        method: "POST",
+    const response = await (fetchFn ?? fetch)(registrationUrl, {
+        method: 'POST',
        headers: {
-            "Content-Type": "application/json",
+            'Content-Type': 'application/json'
        },
-        body: JSON.stringify(clientMetadata),
+        body: JSON.stringify(clientMetadata)
    });
    if (!response.ok) {
        throw await parseErrorResponse(response);
@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,QAAQ,EACR,eAAe,EACf,cAAc,EACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,iCAAiC,EACjC,eAAe,EAGf,gBAAgB,EAEhB,cAAc,EAGd,kBAAkB,EAElB,oBAAoB,EAEpB,4BAA4B,EAE5B,gBAAgB,EAEhB,YAAY,EACZ,YAAY,EACZ,mBAAmB,EAEnB,OAAO,EACP,MAAM,EACN,kBAAkB,EAClB,gBAAgB,EAEhB,kBAAkB,EAInB,MAAM,aAAa,CAAC;AAIrB,MAAM,MAAM,aAAa,GAAG,eAAe,GAAG;IAC5C;;OAEG;IACH,YAAY,CAAC,EAAE,kBAAkB,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,MAAM,CACjB,QAAQ,SAAS,OAAO,GAAG,OAAO,EAClC,aAAa,SAAS,YAAY,GAAG,YAAY,EACjD,OAAO,SAAS,MAAM,GAAG,MAAM,CAC/B,SAAQ,QAAQ,CAChB,aAAa,GAAG,QAAQ,EACxB,kBAAkB,GAAG,aAAa,EAClC,YAAY,GAAG,OAAO,CACvB;IAYG,OAAO,CAAC,WAAW;IAXrB,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IACjD,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,2BAA2B,CAA4C;IAC/E,OAAO,CAAC,IAAI,CAA2B;IAEvC;;OAEG;gBAEO,WAAW,EAAE,cAAc,EACnC,OAAO,CAAC,EAAE,aAAa;IAOzB;;;;OAIG;IACI,oBAAoB,CAAC,YAAY,EAAE,kBAAkB,GAAG,IAAI;IAUnE,SAAS,CAAC,gBAAgB,CACxB,UAAU,EAAE,MAAM,kBAAkB,EACpC,MAAM,EAAE,MAAM,GACb,IAAI;IAQQ,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkDrF;;OAEG;IACH,qBAAqB,IAAI,kBAAkB,GAAG,SAAS;IAIvD;;OAEG;IACH,gBAAgB,IAAI,cAAc,GAAG,SAAS;IAI9C;;OAEG;IACH,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC,SAAS,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI;IAoErE,SAAS,CAAC,4BAA4B,CACpC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,GAC9B,IAAI;IAwBP,SAAS,CAAC,8BAA8B,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAgCxD,IAAI,CAAC,OAAO,CAAC,EAAE,cAAc;;;IAI7B,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;IAQpE,eAAe,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc;;;IAQ7D,SAAS,CACb,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAClC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IASpB,WAAW,CACf,MAAM,CAAC,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EACrC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IASpB,aAAa,CACjB,MAAM,CAAC,EAAE,oBAAoB,CAAC,QAAQ,CAAC,EACvC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IASpB,qBAAqB,CACzB,MAAM,CAAC,EAAE,4BAA4B,CAAC,QAAQ,CAAC,EAC/C,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IASpB,YAAY,CAChB,MAAM,EAAE,mBAAmB,CAAC,QAAQ,CAAC,EACrC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IASpB,iBAAiB,CACrB,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAClC,OAAO,CAAC,EAAE,cAAc;;;IASpB,mBAAmB,CACvB,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EACpC,OAAO,CAAC,EAAE,cAAc;;;IASpB,QAAQ,CACZ,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,EACjC,YAAY,GACR,OAAO,oBAAoB,GAC3B,OAAO,iCAAwD,EACnE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA8C1B,OAAO,CAAC,sBAAsB;IAgB9B,OAAO,CAAC,sBAAsB;IAIxB,SAAS,CACb,MAAM,CAAC,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EACnC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAcpB,oBAAoB;CAG3B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC/G,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAExD,OAAO,EACH,KAAK,eAAe,EACpB,oBAAoB,EACpB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,iCAAiC,EACtC,KAAK,eAAe,EAIpB,KAAK,gBAAgB,EAErB,KAAK,cAAc,EAGnB,KAAK,kBAAkB,EAEvB,KAAK,oBAAoB,EAEzB,KAAK,4BAA4B,EAEjC,KAAK,gBAAgB,EAErB,KAAK,YAAY,EAEjB,KAAK,mBAAmB,EAExB,KAAK,kBAAkB,EAEvB,KAAK,gBAAgB,EAErB,KAAK,kBAAkB,EAYvB,KAAK,mBAAmB,EACxB,KAAK,OAAO,EACZ,KAAK,YAAY,EACjB,KAAK,MAAM,EACd,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAuC,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AACvG,OAAO,EACH,eAAe,EACf,YAAY,EAMf,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAiD1E;;;;;;;;;GASG;AACH,wBAAgB,4BAA4B,CAAC,YAAY,EAAE,kBAAkB,CAAC,aAAa,CAAC,GAAG;IAC3F,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;CAC5B,CAaA;AAED,MAAM,MAAM,aAAa,GAAG,eAAe,GAAG;IAC1C;;OAEG;IACH,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAElC;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAE1C;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,WAAW,CAAC,EAAE,mBAAmB,CAAC;CACrC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,MAAM,CACf,QAAQ,SAAS,OAAO,GAAG,OAAO,EAClC,aAAa,SAAS,YAAY,GAAG,YAAY,EACjD,OAAO,SAAS,MAAM,GAAG,MAAM,CACjC,SAAQ,QAAQ,CAAC,aAAa,GAAG,QAAQ,EAAE,kBAAkB,GAAG,aAAa,EAAE,YAAY,GAAG,OAAO,CAAC;IAiBhG,OAAO,CAAC,WAAW;IAhBvB,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IACjD,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,oBAAoB,CAAsB;IAClD,OAAO,CAAC,2BAA2B,CAAwD;IAC3F,OAAO,CAAC,qBAAqB,CAA0B;IACvD,OAAO,CAAC,wBAAwB,CAA0B;IAC1D,OAAO,CAAC,aAAa,CAAC,CAAuE;IAC7F,OAAO,CAAC,0BAA0B,CAAyD;IAC3F,OAAO,CAAC,yBAAyB,CAAC,CAAsB;IAExD;;OAEG;gBAES,WAAW,EAAE,cAAc,EACnC,OAAO,CAAC,EAAE,aAAa;IAY3B;;;;;OAKG;IACH,OAAO,CAAC,yBAAyB;IAuBjC;;;;;;OAMG;IACH,IAAI,YAAY,IAAI;QAAE,KAAK,EAAE,uBAAuB,CAAC,QAAQ,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;KAAE,CAOvF;IAED;;;;OAIG;IACI,oBAAoB,CAAC,YAAY,EAAE,kBAAkB,GAAG,IAAI;IAQnE;;OAEG;IACa,iBAAiB,CAAC,CAAC,SAAS,eAAe,EACvD,aAAa,EAAE,CAAC,EAChB,OAAO,EAAE,CACL,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,EACxB,KAAK,EAAE,mBAAmB,CAAC,aAAa,GAAG,QAAQ,EAAE,kBAAkB,GAAG,aAAa,CAAC,KACvF,YAAY,GAAG,OAAO,GAAG,OAAO,CAAC,YAAY,GAAG,OAAO,CAAC,GAC9D,IAAI;IA8IP,SAAS,CAAC,gBAAgB,CAAC,UAAU,EAAE,MAAM,kBAAkB,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAMvE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDrF;;OAEG;IACH,qBAAqB,IAAI,kBAAkB,GAAG,SAAS;IAIvD;;OAEG;IACH,gBAAgB,IAAI,cAAc,GAAG,SAAS;IAI9C;;OAEG;IACH,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC,SAAS,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI;IAqDrE,SAAS,CAAC,4BAA4B,CAAC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG,IAAI;IAsB7E,SAAS,CAAC,8BAA8B,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAyC9D,SAAS,CAAC,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIpD,SAAS,CAAC,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAUrD,IAAI,CAAC,OAAO,CAAC,EAAE,cAAc;;;;;;;;;IAI7B,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;IAIpE,eAAe,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;IAI7D,SAAS,CAAC,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAItE,WAAW,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI3E,aAAa,CAAC,MAAM,CAAC,EAAE,oBAAoB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI/E,qBAAqB,CAAC,MAAM,CAAC,EAAE,4BAA4B,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI/F,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;IAI5E,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;IAI9E,mBAAmB,CAAC,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;IAIxF;;;;OAIG;IACG,QAAQ,CACV,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,EACjC,YAAY,GAAE,OAAO,oBAAoB,GAAG,OAAO,iCAAwD,EAC3G,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAkD5B,OAAO,CAAC,UAAU;IAQlB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAI1B;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAIxB,SAAS,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAS7E;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAwD1B,oBAAoB;CAG7B"}
@@ -1,12 +1,77 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Client = void 0;
+exports.getSupportedElicitationModes = getSupportedElicitationModes;
 const protocol_js_1 = require("../shared/protocol.js");
 const types_js_1 = require("../types.js");
-const ajv_1 = __importDefault(require("ajv"));
+const ajv_provider_js_1 = require("../validation/ajv-provider.js");
+const zod_compat_js_1 = require("../server/zod-compat.js");
+const client_js_1 = require("../experimental/tasks/client.js");
+const helpers_js_1 = require("../experimental/tasks/helpers.js");
+/**
+ * Elicitation default application helper. Applies defaults to the data based on the schema.
+ *
+ * @param schema - The schema to apply defaults to.
+ * @param data - The data to apply defaults to.
+ */
+function applyElicitationDefaults(schema, data) {
+    if (!schema || data === null || typeof data !== 'object')
+        return;
+    // Handle object properties
+    if (schema.type === 'object' && schema.properties && typeof schema.properties === 'object') {
+        const obj = data;
+        const props = schema.properties;
+        for (const key of Object.keys(props)) {
+            const propSchema = props[key];
+            // If missing or explicitly undefined, apply default if present
+            if (obj[key] === undefined && Object.prototype.hasOwnProperty.call(propSchema, 'default')) {
+                obj[key] = propSchema.default;
+            }
+            // Recurse into existing nested objects/arrays
+            if (obj[key] !== undefined) {
+                applyElicitationDefaults(propSchema, obj[key]);
+            }
+        }
+    }
+    if (Array.isArray(schema.anyOf)) {
+        for (const sub of schema.anyOf) {
+            // Skip boolean schemas (true/false are valid JSON Schemas but have no defaults)
+            if (typeof sub !== 'boolean') {
+                applyElicitationDefaults(sub, data);
+            }
+        }
+    }
+    // Combine schemas
+    if (Array.isArray(schema.oneOf)) {
+        for (const sub of schema.oneOf) {
+            // Skip boolean schemas (true/false are valid JSON Schemas but have no defaults)
+            if (typeof sub !== 'boolean') {
+                applyElicitationDefaults(sub, data);
+            }
+        }
+    }
+}
+/**
+ * Determines which elicitation modes are supported based on declared client capabilities.
+ *
+ * According to the spec:
+ * - An empty elicitation capability object defaults to form mode support (backwards compatibility)
+ * - URL mode is only supported if explicitly declared
+ *
+ * @param capabilities - The client's elicitation capabilities
+ * @returns An object indicating which modes are supported
+ */
+function getSupportedElicitationModes(capabilities) {
+    if (!capabilities) {
+        return { supportsFormMode: false, supportsUrlMode: false };
+    }
+    const hasFormCapability = capabilities.form !== undefined;
+    const hasUrlCapability = capabilities.url !== undefined;
+    // If neither form nor url are explicitly declared, form mode is supported (backwards compatibility)
+    const supportsFormMode = hasFormCapability || (!hasFormCapability && !hasUrlCapability);
+    const supportsUrlMode = hasUrlCapability;
+    return { supportsFormMode, supportsUrlMode };
+}
 /**
 * An MCP client on top of a pluggable transport.
 *
@@ -37,12 +102,59 @@ class Client extends protocol_js_1.Protocol {
     * Initializes this client with the given name and version information.
     */
    constructor(_clientInfo, options) {
-        var _a;
        super(options);
        this._clientInfo = _clientInfo;
        this._cachedToolOutputValidators = new Map();
-        this._capabilities = (_a = options === null || options === void 0 ? void 0 : options.capabilities) !== null && _a !== void 0 ? _a : {};
-        this._ajv = new ajv_1.default();
+        this._cachedKnownTaskTools = new Set();
+        this._cachedRequiredTaskTools = new Set();
+        this._listChangedDebounceTimers = new Map();
+        this._capabilities = options?.capabilities ?? {};
+        this._jsonSchemaValidator = options?.jsonSchemaValidator ?? new ajv_provider_js_1.AjvJsonSchemaValidator();
+        // Store list changed config for setup after connection (when we know server capabilities)
+        if (options?.listChanged) {
+            this._pendingListChangedConfig = options.listChanged;
+        }
+    }
+    /**
+     * Set up handlers for list changed notifications based on config and server capabilities.
+     * This should only be called after initialization when server capabilities are known.
+     * Handlers are silently skipped if the server doesn't advertise the corresponding listChanged capability.
+     * @internal
+     */
+    _setupListChangedHandlers(config) {
+        if (config.tools && this._serverCapabilities?.tools?.listChanged) {
+            this._setupListChangedHandler('tools', types_js_1.ToolListChangedNotificationSchema, config.tools, async () => {
+                const result = await this.listTools();
+                return result.tools;
+            });
+        }
+        if (config.prompts && this._serverCapabilities?.prompts?.listChanged) {
+            this._setupListChangedHandler('prompts', types_js_1.PromptListChangedNotificationSchema, config.prompts, async () => {
+                const result = await this.listPrompts();
+                return result.prompts;
+            });
+        }
+        if (config.resources && this._serverCapabilities?.resources?.listChanged) {
+            this._setupListChangedHandler('resources', types_js_1.ResourceListChangedNotificationSchema, config.resources, async () => {
+                const result = await this.listResources();
+                return result.resources;
+            });
+        }
+    }
+    /**
+     * Access experimental features.
+     *
+     * WARNING: These APIs are experimental and may change without notice.
+     *
+     * @experimental
+     */
+    get experimental() {
+        if (!this._experimental) {
+            this._experimental = {
+                tasks: new client_js_1.ExperimentalClientTasks(this)
+            };
+        }
+        return this._experimental;
    }
    /**
     * Registers new capabilities. This can only be called before connecting to a transport.
@@ -51,13 +163,126 @@ class Client extends protocol_js_1.Protocol {
     */
    registerCapabilities(capabilities) {
        if (this.transport) {
-            throw new Error("Cannot register capabilities after connecting to transport");
+            throw new Error('Cannot register capabilities after connecting to transport');
        }
        this._capabilities = (0, protocol_js_1.mergeCapabilities)(this._capabilities, capabilities);
    }
+    /**
+     * Override request handler registration to enforce client-side validation for elicitation.
+     */
+    setRequestHandler(requestSchema, handler) {
+        const shape = (0, zod_compat_js_1.getObjectShape)(requestSchema);
+        const methodSchema = shape?.method;
+        if (!methodSchema) {
+            throw new Error('Schema is missing a method literal');
+        }
+        // Extract literal value using type-safe property access
+        let methodValue;
+        if ((0, zod_compat_js_1.isZ4Schema)(methodSchema)) {
+            const v4Schema = methodSchema;
+            const v4Def = v4Schema._zod?.def;
+            methodValue = v4Def?.value ?? v4Schema.value;
+        }
+        else {
+            const v3Schema = methodSchema;
+            const legacyDef = v3Schema._def;
+            methodValue = legacyDef?.value ?? v3Schema.value;
+        }
+        if (typeof methodValue !== 'string') {
+            throw new Error('Schema method literal must be a string');
+        }
+        const method = methodValue;
+        if (method === 'elicitation/create') {
+            const wrappedHandler = async (request, extra) => {
+                const validatedRequest = (0, zod_compat_js_1.safeParse)(types_js_1.ElicitRequestSchema, request);
+                if (!validatedRequest.success) {
+                    // Type guard: if success is false, error is guaranteed to exist
+                    const errorMessage = validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid elicitation request: ${errorMessage}`);
+                }
+                const { params } = validatedRequest.data;
+                params.mode = params.mode ?? 'form';
+                const { supportsFormMode, supportsUrlMode } = getSupportedElicitationModes(this._capabilities.elicitation);
+                if (params.mode === 'form' && !supportsFormMode) {
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, 'Client does not support form-mode elicitation requests');
+                }
+                if (params.mode === 'url' && !supportsUrlMode) {
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, 'Client does not support URL-mode elicitation requests');
+                }
+                const result = await Promise.resolve(handler(request, extra));
+                // When task creation is requested, validate and return CreateTaskResult
+                if (params.task) {
+                    const taskValidationResult = (0, zod_compat_js_1.safeParse)(types_js_1.CreateTaskResultSchema, result);
+                    if (!taskValidationResult.success) {
+                        const errorMessage = taskValidationResult.error instanceof Error
+                            ? taskValidationResult.error.message
+                            : String(taskValidationResult.error);
+                        throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid task creation result: ${errorMessage}`);
+                    }
+                    return taskValidationResult.data;
+                }
+                // For non-task requests, validate against ElicitResultSchema
+                const validationResult = (0, zod_compat_js_1.safeParse)(types_js_1.ElicitResultSchema, result);
+                if (!validationResult.success) {
+                    // Type guard: if success is false, error is guaranteed to exist
+                    const errorMessage = validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid elicitation result: ${errorMessage}`);
+                }
+                const validatedResult = validationResult.data;
+                const requestedSchema = params.mode === 'form' ? params.requestedSchema : undefined;
+                if (params.mode === 'form' && validatedResult.action === 'accept' && validatedResult.content && requestedSchema) {
+                    if (this._capabilities.elicitation?.form?.applyDefaults) {
+                        try {
+                            applyElicitationDefaults(requestedSchema, validatedResult.content);
+                        }
+                        catch {
+                            // gracefully ignore errors in default application
+                        }
+                    }
+                }
+                return validatedResult;
+            };
+            // Install the wrapped handler
+            return super.setRequestHandler(requestSchema, wrappedHandler);
+        }
+        if (method === 'sampling/createMessage') {
+            const wrappedHandler = async (request, extra) => {
+                const validatedRequest = (0, zod_compat_js_1.safeParse)(types_js_1.CreateMessageRequestSchema, request);
+                if (!validatedRequest.success) {
+                    const errorMessage = validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid sampling request: ${errorMessage}`);
+                }
+                const { params } = validatedRequest.data;
+                const result = await Promise.resolve(handler(request, extra));
+                // When task creation is requested, validate and return CreateTaskResult
+                if (params.task) {
+                    const taskValidationResult = (0, zod_compat_js_1.safeParse)(types_js_1.CreateTaskResultSchema, result);
+                    if (!taskValidationResult.success) {
+                        const errorMessage = taskValidationResult.error instanceof Error
+                            ? taskValidationResult.error.message
+                            : String(taskValidationResult.error);
+                        throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid task creation result: ${errorMessage}`);
+                    }
+                    return taskValidationResult.data;
+                }
+                // For non-task requests, validate against appropriate schema based on tools presence
+                const hasTools = params.tools || params.toolChoice;
+                const resultSchema = hasTools ? types_js_1.CreateMessageResultWithToolsSchema : types_js_1.CreateMessageResultSchema;
+                const validationResult = (0, zod_compat_js_1.safeParse)(resultSchema, result);
+                if (!validationResult.success) {
+                    const errorMessage = validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);
+                    throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Invalid sampling result: ${errorMessage}`);
+                }
+                return validationResult.data;
+            };
+            // Install the wrapped handler
+            return super.setRequestHandler(requestSchema, wrappedHandler);
+        }
+        // Other handlers use default behavior
+        return super.setRequestHandler(requestSchema, handler);
+    }
    assertCapability(capability, method) {
-        var _a;
-        if (!((_a = this._serverCapabilities) === null || _a === void 0 ? void 0 : _a[capability])) {
+        if (!this._serverCapabilities?.[capability]) {
            throw new Error(`Server does not support ${capability} (required for ${method})`);
        }
    }
@@ -70,12 +295,12 @@ class Client extends protocol_js_1.Protocol {
        }
        try {
            const result = await this.request({
-                method: "initialize",
+                method: 'initialize',
                params: {
                    protocolVersion: types_js_1.LATEST_PROTOCOL_VERSION,
                    capabilities: this._capabilities,
-                    clientInfo: this._clientInfo,
-                },
+                    clientInfo: this._clientInfo
+                }
            }, types_js_1.InitializeResultSchema, options);
            if (result === undefined) {
                throw new Error(`Server sent invalid initialize result: ${result}`);
@@ -91,8 +316,13 @@ class Client extends protocol_js_1.Protocol {
            }
            this._instructions = result.instructions;
            await this.notification({
-                method: "notifications/initialized",
+                method: 'notifications/initialized'
            });
+            // Set up list changed handlers now that we know server capabilities
+            if (this._pendingListChangedConfig) {
+                this._setupListChangedHandlers(this._pendingListChangedConfig);
+                this._pendingListChangedConfig = undefined;
+            }
        }
        catch (error) {
            // Disconnect if initialization fails.
@@ -119,124 +349,154 @@ class Client extends protocol_js_1.Protocol {
        return this._instructions;
    }
    assertCapabilityForMethod(method) {
-        var _a, _b, _c, _d, _e;
        switch (method) {
-            case "logging/setLevel":
-                if (!((_a = this._serverCapabilities) === null || _a === void 0 ? void 0 : _a.logging)) {
+            case 'logging/setLevel':
+                if (!this._serverCapabilities?.logging) {
                    throw new Error(`Server does not support logging (required for ${method})`);
                }
                break;
-            case "prompts/get":
-            case "prompts/list":
-                if (!((_b = this._serverCapabilities) === null || _b === void 0 ? void 0 : _b.prompts)) {
+            case 'prompts/get':
+            case 'prompts/list':
+                if (!this._serverCapabilities?.prompts) {
                    throw new Error(`Server does not support prompts (required for ${method})`);
                }
                break;
-            case "resources/list":
-            case "resources/templates/list":
-            case "resources/read":
-            case "resources/subscribe":
-            case "resources/unsubscribe":
-                if (!((_c = this._serverCapabilities) === null || _c === void 0 ? void 0 : _c.resources)) {
+            case 'resources/list':
+            case 'resources/templates/list':
+            case 'resources/read':
+            case 'resources/subscribe':
+            case 'resources/unsubscribe':
+                if (!this._serverCapabilities?.resources) {
                    throw new Error(`Server does not support resources (required for ${method})`);
                }
-                if (method === "resources/subscribe" &&
-                    !this._serverCapabilities.resources.subscribe) {
+                if (method === 'resources/subscribe' && !this._serverCapabilities.resources.subscribe) {
                    throw new Error(`Server does not support resource subscriptions (required for ${method})`);
                }
                break;
-            case "tools/call":
-            case "tools/list":
-                if (!((_d = this._serverCapabilities) === null || _d === void 0 ? void 0 : _d.tools)) {
+            case 'tools/call':
+            case 'tools/list':
+                if (!this._serverCapabilities?.tools) {
                    throw new Error(`Server does not support tools (required for ${method})`);
                }
                break;
-            case "completion/complete":
-                if (!((_e = this._serverCapabilities) === null || _e === void 0 ? void 0 : _e.completions)) {
+            case 'completion/complete':
+                if (!this._serverCapabilities?.completions) {
                    throw new Error(`Server does not support completions (required for ${method})`);
                }
                break;
-            case "initialize":
+            case 'initialize':
                // No specific capability required for initialize
                break;
-            case "ping":
+            case 'ping':
                // No specific capability required for ping
                break;
        }
    }
    assertNotificationCapability(method) {
-        var _a;
        switch (method) {
-            case "notifications/roots/list_changed":
-                if (!((_a = this._capabilities.roots) === null || _a === void 0 ? void 0 : _a.listChanged)) {
+            case 'notifications/roots/list_changed':
+                if (!this._capabilities.roots?.listChanged) {
                    throw new Error(`Client does not support roots list changed notifications (required for ${method})`);
                }
                break;
-            case "notifications/initialized":
+            case 'notifications/initialized':
                // No specific capability required for initialized
                break;
-            case "notifications/cancelled":
+            case 'notifications/cancelled':
                // Cancellation notifications are always allowed
                break;
-            case "notifications/progress":
+            case 'notifications/progress':
                // Progress notifications are always allowed
                break;
        }
    }
    assertRequestHandlerCapability(method) {
+        // Task handlers are registered in Protocol constructor before _capabilities is initialized
+        // Skip capability check for task methods during initialization
+        if (!this._capabilities) {
+            return;
+        }
        switch (method) {
-            case "sampling/createMessage":
+            case 'sampling/createMessage':
                if (!this._capabilities.sampling) {
                    throw new Error(`Client does not support sampling capability (required for ${method})`);
                }
                break;
-            case "elicitation/create":
+            case 'elicitation/create':
                if (!this._capabilities.elicitation) {
                    throw new Error(`Client does not support elicitation capability (required for ${method})`);
                }
                break;
-            case "roots/list":
+            case 'roots/list':
                if (!this._capabilities.roots) {
                    throw new Error(`Client does not support roots capability (required for ${method})`);
                }
                break;
-            case "ping":
+            case 'tasks/get':
+            case 'tasks/list':
+            case 'tasks/result':
+            case 'tasks/cancel':
+                if (!this._capabilities.tasks) {
+                    throw new Error(`Client does not support tasks capability (required for ${method})`);
+                }
+                break;
+            case 'ping':
                // No specific capability required for ping
                break;
        }
    }
+    assertTaskCapability(method) {
+        (0, helpers_js_1.assertToolsCallTaskCapability)(this._serverCapabilities?.tasks?.requests, method, 'Server');
+    }
+    assertTaskHandlerCapability(method) {
+        // Task handlers are registered in Protocol constructor before _capabilities is initialized
+        // Skip capability check for task methods during initialization
+        if (!this._capabilities) {
+            return;
+        }
+        (0, helpers_js_1.assertClientRequestTaskCapability)(this._capabilities.tasks?.requests, method, 'Client');
+    }
    async ping(options) {
-        return this.request({ method: "ping" }, types_js_1.EmptyResultSchema, options);
+        return this.request({ method: 'ping' }, types_js_1.EmptyResultSchema, options);
    }
    async complete(params, options) {
-        return this.request({ method: "completion/complete", params }, types_js_1.CompleteResultSchema, options);
+        return this.request({ method: 'completion/complete', params }, types_js_1.CompleteResultSchema, options);
    }
    async setLoggingLevel(level, options) {
-        return this.request({ method: "logging/setLevel", params: { level } }, types_js_1.EmptyResultSchema, options);
+        return this.request({ method: 'logging/setLevel', params: { level } }, types_js_1.EmptyResultSchema, options);
    }
    async getPrompt(params, options) {
-        return this.request({ method: "prompts/get", params }, types_js_1.GetPromptResultSchema, options);
+        return this.request({ method: 'prompts/get', params }, types_js_1.GetPromptResultSchema, options);
    }
    async listPrompts(params, options) {
-        return this.request({ method: "prompts/list", params }, types_js_1.ListPromptsResultSchema, options);
+        return this.request({ method: 'prompts/list', params }, types_js_1.ListPromptsResultSchema, options);
    }
    async listResources(params, options) {
-        return this.request({ method: "resources/list", params }, types_js_1.ListResourcesResultSchema, options);
+        return this.request({ method: 'resources/list', params }, types_js_1.ListResourcesResultSchema, options);
    }
    async listResourceTemplates(params, options) {
-        return this.request({ method: "resources/templates/list", params }, types_js_1.ListResourceTemplatesResultSchema, options);
+        return this.request({ method: 'resources/templates/list', params }, types_js_1.ListResourceTemplatesResultSchema, options);
    }
    async readResource(params, options) {
-        return this.request({ method: "resources/read", params }, types_js_1.ReadResourceResultSchema, options);
+        return this.request({ method: 'resources/read', params }, types_js_1.ReadResourceResultSchema, options);
    }
    async subscribeResource(params, options) {
-        return this.request({ method: "resources/subscribe", params }, types_js_1.EmptyResultSchema, options);
+        return this.request({ method: 'resources/subscribe', params }, types_js_1.EmptyResultSchema, options);
    }
    async unsubscribeResource(params, options) {
-        return this.request({ method: "resources/unsubscribe", params }, types_js_1.EmptyResultSchema, options);
+        return this.request({ method: 'resources/unsubscribe', params }, types_js_1.EmptyResultSchema, options);
    }
+    /**
+     * Calls a tool and waits for the result. Automatically validates structured output if the tool has an outputSchema.
+     *
+     * For task-based execution with streaming behavior, use client.experimental.tasks.callToolStream() instead.
+     */
    async callTool(params, resultSchema = types_js_1.CallToolResultSchema, options) {
-        const result = await this.request({ method: "tools/call", params }, resultSchema, options);
+        // Guard: required-task tools need experimental API
+        if (this.isToolTaskRequired(params.name)) {
+            throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidRequest, `Tool "${params.name}" requires task-based execution. Use client.experimental.tasks.callToolStream() instead.`);
+        }
+        const result = await this.request({ method: 'tools/call', params }, resultSchema, options);
        // Check if the tool has an outputSchema
        const validator = this.getToolOutputValidator(params.name);
        if (validator) {
@@ -247,10 +507,10 @@ class Client extends protocol_js_1.Protocol {
            // Only validate structured content if present (not when there's an error)
            if (result.structuredContent) {
                try {
-                    // Validate the structured content (which is already an object) against the schema
-                    const isValid = validator(result.structuredContent);
-                    if (!isValid) {
-                        throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Structured content does not match the tool's output schema: ${this._ajv.errorsText(validator.errors)}`);
+                    // Validate the structured content against the schema
+                    const validationResult = validator(result.structuredContent);
+                    if (!validationResult.valid) {
+                        throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Structured content does not match the tool's output schema: ${validationResult.errorMessage}`);
                    }
                }
                catch (error) {
@@ -263,32 +523,106 @@ class Client extends protocol_js_1.Protocol {
        }
        return result;
    }
-    cacheToolOutputSchemas(tools) {
+    isToolTask(toolName) {
+        if (!this._serverCapabilities?.tasks?.requests?.tools?.call) {
+            return false;
+        }
+        return this._cachedKnownTaskTools.has(toolName);
+    }
+    /**
+     * Check if a tool requires task-based execution.
+     * Unlike isToolTask which includes 'optional' tools, this only checks for 'required'.
+     */
+    isToolTaskRequired(toolName) {
+        return this._cachedRequiredTaskTools.has(toolName);
+    }
+    /**
+     * Cache validators for tool output schemas.
+     * Called after listTools() to pre-compile validators for better performance.
+     */
+    cacheToolMetadata(tools) {
        this._cachedToolOutputValidators.clear();
+        this._cachedKnownTaskTools.clear();
+        this._cachedRequiredTaskTools.clear();
        for (const tool of tools) {
-            // If the tool has an outputSchema, create and cache the Ajv validator
+            // If the tool has an outputSchema, create and cache the validator
            if (tool.outputSchema) {
-                try {
-                    const validator = this._ajv.compile(tool.outputSchema);
-                    this._cachedToolOutputValidators.set(tool.name, validator);
-                }
-                catch (_a) {
-                    // Ignore schema compilation errors
-                }
+                const toolValidator = this._jsonSchemaValidator.getValidator(tool.outputSchema);
+                this._cachedToolOutputValidators.set(tool.name, toolValidator);
+            }
+            // If the tool supports task-based execution, cache that information
+            const taskSupport = tool.execution?.taskSupport;
+            if (taskSupport === 'required' || taskSupport === 'optional') {
+                this._cachedKnownTaskTools.add(tool.name);
+            }
+            if (taskSupport === 'required') {
+                this._cachedRequiredTaskTools.add(tool.name);
            }
        }
    }
+    /**
+     * Get cached validator for a tool
+     */
    getToolOutputValidator(toolName) {
        return this._cachedToolOutputValidators.get(toolName);
    }
    async listTools(params, options) {
-        const result = await this.request({ method: "tools/list", params }, types_js_1.ListToolsResultSchema, options);
+        const result = await this.request({ method: 'tools/list', params }, types_js_1.ListToolsResultSchema, options);
        // Cache the tools and their output schemas for future validation
-        this.cacheToolOutputSchemas(result.tools);
+        this.cacheToolMetadata(result.tools);
        return result;
    }
+    /**
+     * Set up a single list changed handler.
+     * @internal
+     */
+    _setupListChangedHandler(listType, notificationSchema, options, fetcher) {
+        // Validate options using Zod schema (validates autoRefresh and debounceMs)
+        const parseResult = types_js_1.ListChangedOptionsBaseSchema.safeParse(options);
+        if (!parseResult.success) {
+            throw new Error(`Invalid ${listType} listChanged options: ${parseResult.error.message}`);
+        }
+        // Validate callback
+        if (typeof options.onChanged !== 'function') {
+            throw new Error(`Invalid ${listType} listChanged options: onChanged must be a function`);
+        }
+        const { autoRefresh, debounceMs } = parseResult.data;
+        const { onChanged } = options;
+        const refresh = async () => {
+            if (!autoRefresh) {
+                onChanged(null, null);
+                return;
+            }
+            try {
+                const items = await fetcher();
+                onChanged(null, items);
+            }
+            catch (e) {
+                const error = e instanceof Error ? e : new Error(String(e));
+                onChanged(error, null);
+            }
+        };
+        const handler = () => {
+            if (debounceMs) {
+                // Clear any pending debounce timer for this list type
+                const existingTimer = this._listChangedDebounceTimers.get(listType);
+                if (existingTimer) {
+                    clearTimeout(existingTimer);
+                }
+                // Set up debounced refresh
+                const timer = setTimeout(refresh, debounceMs);
+                this._listChangedDebounceTimers.set(listType, timer);
+            }
+            else {
+                // No debounce, refresh immediately
+                refresh();
+            }
+        };
+        // Register notification handler
+        this.setNotificationHandler(notificationSchema, handler);
+    }
    async sendRootsListChanged() {
-        return this.notification({ method: "notifications/roots/list_changed" });
+        return this.notification({ method: 'notifications/roots/list_changed' });
    }
 }
 exports.Client = Client;
@@ -1,7 +1,7 @@
-import { type ErrorEvent, type EventSourceInit } from "eventsource";
-import { Transport, FetchLike } from "../shared/transport.js";
-import { JSONRPCMessage } from "../types.js";
-import { OAuthClientProvider } from "./auth.js";
+import { type ErrorEvent, type EventSourceInit } from 'eventsource';
+import { Transport, FetchLike } from '../shared/transport.js';
+import { JSONRPCMessage } from '../types.js';
+import { OAuthClientProvider } from './auth.js';
 export declare class SseError extends Error {
    readonly code: number | undefined;
    readonly event: ErrorEvent;
@@ -47,6 +47,7 @@ export type SSEClientTransportOptions = {
 /**
 * Client transport for SSE: this will connect to a server using Server-Sent Events for receiving
 * messages and make separate POST requests for sending messages.
+ * @deprecated SSEClientTransport is deprecated. Prefer to use StreamableHTTPClientTransport where possible instead. Note that because some servers are still using SSE, clients may need to support both transports during the migration period.
 */
 export declare class SSEClientTransport implements Transport {
    private _eventSource?;
@@ -54,10 +55,12 @@ export declare class SSEClientTransport implements Transport {
    private _abortController?;
    private _url;
    private _resourceMetadataUrl?;
+    private _scope?;
    private _eventSourceInit?;
    private _requestInit?;
    private _authProvider?;
    private _fetch?;
+    private _fetchWithInit;
    private _protocolVersion?;
    onclose?: () => void;
    onerror?: (error: Error) => void;
@@ -1 +1 @@
-{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,KAAK,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AACnE,OAAO,EAAgD,mBAAmB,EAAqB,MAAM,WAAW,CAAC;AAEjH,qBAAa,QAAS,SAAQ,KAAK;aAEf,IAAI,EAAE,MAAM,GAAG,SAAS;aAExB,KAAK,EAAE,UAAU;gBAFjB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS,EACX,KAAK,EAAE,UAAU;CAIpC;AAED;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB,CAAC;AAEF;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAClD,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,oBAAoB,CAAC,CAAM;IACnC,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAC5C,OAAO,CAAC,MAAM,CAAC,CAAY;IAC3B,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAElC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAG5C,GAAG,EAAE,GAAG,EACR,IAAI,CAAC,EAAE,yBAAyB;YAUpB,cAAc;YAoBd,cAAc;IAiB5B,OAAO,CAAC,YAAY;IA6Ed,KAAK;IAUX;;OAEG;IACG,UAAU,CAAC,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAMtB,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IA0ClD,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAG1C"}
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,KAAK,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAyC,MAAM,wBAAwB,CAAC;AACrG,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AACnE,OAAO,EAAkD,mBAAmB,EAAqB,MAAM,WAAW,CAAC;AAEnH,qBAAa,QAAS,SAAQ,KAAK;aAEX,IAAI,EAAE,MAAM,GAAG,SAAS;aAExB,KAAK,EAAE,UAAU;gBAFjB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS,EACX,KAAK,EAAE,UAAU;CAIxC;AAED;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACpC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,KAAK,CAAC,EAAE,SAAS,CAAC;CACrB,CAAC;AAEF;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAChD,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,oBAAoB,CAAC,CAAM;IACnC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAC5C,OAAO,CAAC,MAAM,CAAC,CAAY;IAC3B,OAAO,CAAC,cAAc,CAAY;IAClC,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAElC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,yBAAyB;YAWxC,cAAc;YAyBd,cAAc;IAoB5B,OAAO,CAAC,YAAY;IAyEd,KAAK;IAQX;;OAEG;IACG,UAAU,CAAC,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAMtB,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkDlD,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAG5C"}
@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SSEClientTransport = exports.SseError = void 0;
 const eventsource_1 = require("eventsource");
+const transport_js_1 = require("../shared/transport.js");
 const types_js_1 = require("../types.js");
 const auth_js_1 = require("./auth.js");
 class SseError extends Error {
@@ -15,83 +16,92 @@ exports.SseError = SseError;
 /**
 * Client transport for SSE: this will connect to a server using Server-Sent Events for receiving
 * messages and make separate POST requests for sending messages.
+ * @deprecated SSEClientTransport is deprecated. Prefer to use StreamableHTTPClientTransport where possible instead. Note that because some servers are still using SSE, clients may need to support both transports during the migration period.
 */
 class SSEClientTransport {
    constructor(url, opts) {
        this._url = url;
        this._resourceMetadataUrl = undefined;
-        this._eventSourceInit = opts === null || opts === void 0 ? void 0 : opts.eventSourceInit;
-        this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
-        this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
-        this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;
+        this._scope = undefined;
+        this._eventSourceInit = opts?.eventSourceInit;
+        this._requestInit = opts?.requestInit;
+        this._authProvider = opts?.authProvider;
+        this._fetch = opts?.fetch;
+        this._fetchWithInit = (0, transport_js_1.createFetchWithInit)(opts?.fetch, opts?.requestInit);
    }
    async _authThenStart() {
-        var _a;
        if (!this._authProvider) {
-            throw new auth_js_1.UnauthorizedError("No auth provider");
+            throw new auth_js_1.UnauthorizedError('No auth provider');
        }
        let result;
        try {
-            result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
+            result = await (0, auth_js_1.auth)(this._authProvider, {
+                serverUrl: this._url,
+                resourceMetadataUrl: this._resourceMetadataUrl,
+                scope: this._scope,
+                fetchFn: this._fetchWithInit
+            });
        }
        catch (error) {
-            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
-        if (result !== "AUTHORIZED") {
+        if (result !== 'AUTHORIZED') {
            throw new auth_js_1.UnauthorizedError();
        }
        return await this._startOrAuth();
    }
    async _commonHeaders() {
-        var _a;
        const headers = {};
        if (this._authProvider) {
            const tokens = await this._authProvider.tokens();
            if (tokens) {
-                headers["Authorization"] = `Bearer ${tokens.access_token}`;
+                headers['Authorization'] = `Bearer ${tokens.access_token}`;
            }
        }
        if (this._protocolVersion) {
-            headers["mcp-protocol-version"] = this._protocolVersion;
+            headers['mcp-protocol-version'] = this._protocolVersion;
        }
-        return new Headers({ ...headers, ...(_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers });
+        const extraHeaders = (0, transport_js_1.normalizeHeaders)(this._requestInit?.headers);
+        return new Headers({
+            ...headers,
+            ...extraHeaders
+        });
    }
    _startOrAuth() {
-        var _a, _b, _c;
-        const fetchImpl = ((_c = (_b = (_a = this === null || this === void 0 ? void 0 : this._eventSourceInit) === null || _a === void 0 ? void 0 : _a.fetch) !== null && _b !== void 0 ? _b : this._fetch) !== null && _c !== void 0 ? _c : fetch);
+        const fetchImpl = (this?._eventSourceInit?.fetch ?? this._fetch ?? fetch);
        return new Promise((resolve, reject) => {
            this._eventSource = new eventsource_1.EventSource(this._url.href, {
                ...this._eventSourceInit,
                fetch: async (url, init) => {
                    const headers = await this._commonHeaders();
-                    headers.set("Accept", "text/event-stream");
+                    headers.set('Accept', 'text/event-stream');
                    const response = await fetchImpl(url, {
                        ...init,
-                        headers,
+                        headers
                    });
                    if (response.status === 401 && response.headers.has('www-authenticate')) {
-                        this._resourceMetadataUrl = (0, auth_js_1.extractResourceMetadataUrl)(response);
+                        const { resourceMetadataUrl, scope } = (0, auth_js_1.extractWWWAuthenticateParams)(response);
+                        this._resourceMetadataUrl = resourceMetadataUrl;
+                        this._scope = scope;
                    }
                    return response;
-                },
+                }
            });
            this._abortController = new AbortController();
-            this._eventSource.onerror = (event) => {
-                var _a;
+            this._eventSource.onerror = event => {
                if (event.code === 401 && this._authProvider) {
                    this._authThenStart().then(resolve, reject);
                    return;
                }
                const error = new SseError(event.code, event.message, event);
                reject(error);
-                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+                this.onerror?.(error);
            };
            this._eventSource.onopen = () => {
                // The connection is open, but we need to wait for the endpoint to be received.
            };
-            this._eventSource.addEventListener("endpoint", (event) => {
-                var _a;
+            this._eventSource.addEventListener('endpoint', (event) => {
                const messageEvent = event;
                try {
                    this._endpoint = new URL(messageEvent.data, this._url);
@@ -101,30 +111,29 @@ class SSEClientTransport {
                }
                catch (error) {
                    reject(error);
-                    (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+                    this.onerror?.(error);
                    void this.close();
                    return;
                }
                resolve();
            });
            this._eventSource.onmessage = (event) => {
-                var _a, _b;
                const messageEvent = event;
                let message;
                try {
                    message = types_js_1.JSONRPCMessageSchema.parse(JSON.parse(messageEvent.data));
                }
                catch (error) {
-                    (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+                    this.onerror?.(error);
                    return;
                }
-                (_b = this.onmessage) === null || _b === void 0 ? void 0 : _b.call(this, message);
+                this.onmessage?.(message);
            };
        });
    }
    async start() {
        if (this._eventSource) {
-            throw new Error("SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+            throw new Error('SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.');
        }
        return await this._startOrAuth();
    }
@@ -133,51 +142,64 @@ class SSEClientTransport {
     */
    async finishAuth(authorizationCode) {
        if (!this._authProvider) {
-            throw new auth_js_1.UnauthorizedError("No auth provider");
+            throw new auth_js_1.UnauthorizedError('No auth provider');
        }
-        const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
-        if (result !== "AUTHORIZED") {
-            throw new auth_js_1.UnauthorizedError("Failed to authorize");
+        const result = await (0, auth_js_1.auth)(this._authProvider, {
+            serverUrl: this._url,
+            authorizationCode,
+            resourceMetadataUrl: this._resourceMetadataUrl,
+            scope: this._scope,
+            fetchFn: this._fetchWithInit
+        });
+        if (result !== 'AUTHORIZED') {
+            throw new auth_js_1.UnauthorizedError('Failed to authorize');
        }
    }
    async close() {
-        var _a, _b, _c;
-        (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.abort();
-        (_b = this._eventSource) === null || _b === void 0 ? void 0 : _b.close();
-        (_c = this.onclose) === null || _c === void 0 ? void 0 : _c.call(this);
+        this._abortController?.abort();
+        this._eventSource?.close();
+        this.onclose?.();
    }
    async send(message) {
-        var _a, _b, _c;
        if (!this._endpoint) {
-            throw new Error("Not connected");
+            throw new Error('Not connected');
        }
        try {
            const headers = await this._commonHeaders();
-            headers.set("content-type", "application/json");
+            headers.set('content-type', 'application/json');
            const init = {
                ...this._requestInit,
-                method: "POST",
+                method: 'POST',
                headers,
                body: JSON.stringify(message),
-                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,
+                signal: this._abortController?.signal
            };
-            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._endpoint, init);
+            const response = await (this._fetch ?? fetch)(this._endpoint, init);
            if (!response.ok) {
+                const text = await response.text().catch(() => null);
                if (response.status === 401 && this._authProvider) {
-                    this._resourceMetadataUrl = (0, auth_js_1.extractResourceMetadataUrl)(response);
-                    const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
-                    if (result !== "AUTHORIZED") {
+                    const { resourceMetadataUrl, scope } = (0, auth_js_1.extractWWWAuthenticateParams)(response);
+                    this._resourceMetadataUrl = resourceMetadataUrl;
+                    this._scope = scope;
+                    const result = await (0, auth_js_1.auth)(this._authProvider, {
+                        serverUrl: this._url,
+                        resourceMetadataUrl: this._resourceMetadataUrl,
+                        scope: this._scope,
+                        fetchFn: this._fetchWithInit
+                    });
+                    if (result !== 'AUTHORIZED') {
                        throw new auth_js_1.UnauthorizedError();
                    }
                    // Purposely _not_ awaited, so we don't call onerror twice
                    return this.send(message);
                }
-                const text = await response.text().catch(() => null);
                throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);
            }
+            // Release connection - POST responses don't have content we need
+            await response.body?.cancel();
        }
        catch (error) {
-            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
    }
@@ -1,7 +1,7 @@
-import { IOType } from "node:child_process";
-import { Stream } from "node:stream";
-import { Transport } from "../shared/transport.js";
-import { JSONRPCMessage } from "../types.js";
+import { IOType } from 'node:child_process';
+import { Stream } from 'node:stream';
+import { Transport } from '../shared/transport.js';
+import { JSONRPCMessage } from '../types.js';
 export type StdioServerParameters = {
    /**
     * The executable to run to start the server.
@@ -45,7 +45,6 @@ export declare function getDefaultEnvironment(): Record<string, string>;
 */
 export declare class StdioClientTransport implements Transport {
    private _process?;
-    private _abortController;
    private _readBuffer;
    private _serverParams;
    private _stderrStream;
@@ -1 +1 @@
-{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../../src/client/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG1D,OAAO,EAAE,MAAM,EAAe,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAEhB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAElC;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,UAiBmB,CAAC;AAE3D;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAkB9D;AAED;;;;GAIG;AACH,qBAAa,oBAAqB,YAAW,SAAS;IACpD,OAAO,CAAC,QAAQ,CAAC,CAAe;IAChC,OAAO,CAAC,gBAAgB,CAA0C;IAClE,OAAO,CAAC,WAAW,CAAgC;IACnD,OAAO,CAAC,aAAa,CAAwB;IAC7C,OAAO,CAAC,aAAa,CAA4B;IAEjD,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,MAAM,EAAE,qBAAqB;IAOzC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAgE5B;;;;;;OAMG;IACH,IAAI,MAAM,IAAI,MAAM,GAAG,IAAI,CAM1B;IAED;;;;OAIG;IACH,IAAI,GAAG,IAAI,MAAM,GAAG,IAAI,CAEvB;IAED,OAAO,CAAC,iBAAiB;IAenB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAM5B,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAc7C"}
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../../src/client/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG1D,OAAO,EAAE,MAAM,EAAe,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,MAAM,qBAAqB,GAAG;IAChC;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAEhB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAElC;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,UAiBuB,CAAC;AAE/D;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAkB9D;AAED;;;;GAIG;AACH,qBAAa,oBAAqB,YAAW,SAAS;IAClD,OAAO,CAAC,QAAQ,CAAC,CAAe;IAChC,OAAO,CAAC,WAAW,CAAgC;IACnD,OAAO,CAAC,aAAa,CAAwB;IAC7C,OAAO,CAAC,aAAa,CAA4B;IAEjD,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,MAAM,EAAE,qBAAqB;IAOzC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqD5B;;;;;;OAMG;IACH,IAAI,MAAM,IAAI,MAAM,GAAG,IAAI,CAM1B;IAED;;;;OAIG;IACH,IAAI,GAAG,IAAI,MAAM,GAAG,IAAI,CAEvB;IAED,OAAO,CAAC,iBAAiB;IAenB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAyC5B,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAc/C"}
@@ -12,23 +12,23 @@ const stdio_js_1 = require("../shared/stdio.js");
 /**
 * Environment variables to inherit by default, if an environment is not explicitly given.
 */
-exports.DEFAULT_INHERITED_ENV_VARS = node_process_1.default.platform === "win32"
+exports.DEFAULT_INHERITED_ENV_VARS = node_process_1.default.platform === 'win32'
    ? [
-        "APPDATA",
-        "HOMEDRIVE",
-        "HOMEPATH",
-        "LOCALAPPDATA",
-        "PATH",
-        "PROCESSOR_ARCHITECTURE",
-        "SYSTEMDRIVE",
-        "SYSTEMROOT",
-        "TEMP",
-        "USERNAME",
-        "USERPROFILE",
-        "PROGRAMFILES",
+        'APPDATA',
+        'HOMEDRIVE',
+        'HOMEPATH',
+        'LOCALAPPDATA',
+        'PATH',
+        'PROCESSOR_ARCHITECTURE',
+        'SYSTEMDRIVE',
+        'SYSTEMROOT',
+        'TEMP',
+        'USERNAME',
+        'USERPROFILE',
+        'PROGRAMFILES'
    ]
    : /* list inspired by the default env inheritance of sudo */
-        ["HOME", "LOGNAME", "PATH", "SHELL", "TERM", "USER"];
+        ['HOME', 'LOGNAME', 'PATH', 'SHELL', 'TERM', 'USER'];
 /**
 * Returns a default environment object including only environment variables deemed safe to inherit.
 */
@@ -39,7 +39,7 @@ function getDefaultEnvironment() {
        if (value === undefined) {
            continue;
        }
-        if (value.startsWith("()")) {
+        if (value.startsWith('()')) {
            // Skip functions, which are a security risk.
            continue;
        }
@@ -54,11 +54,10 @@ function getDefaultEnvironment() {
 */
 class StdioClientTransport {
    constructor(server) {
-        this._abortController = new AbortController();
        this._readBuffer = new stdio_js_1.ReadBuffer();
        this._stderrStream = null;
        this._serverParams = server;
-        if (server.stderr === "pipe" || server.stderr === "overlapped") {
+        if (server.stderr === 'pipe' || server.stderr === 'overlapped') {
            this._stderrStream = new node_stream_1.PassThrough();
        }
    }
@@ -67,51 +66,40 @@ class StdioClientTransport {
     */
    async start() {
        if (this._process) {
-            throw new Error("StdioClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+            throw new Error('StdioClientTransport already started! If using Client class, note that connect() calls start() automatically.');
        }
        return new Promise((resolve, reject) => {
-            var _a, _b, _c, _d, _e;
-            this._process = (0, cross_spawn_1.default)(this._serverParams.command, (_a = this._serverParams.args) !== null && _a !== void 0 ? _a : [], {
+            this._process = (0, cross_spawn_1.default)(this._serverParams.command, this._serverParams.args ?? [], {
                // merge default env with server env because mcp server needs some env vars
                env: {
                    ...getDefaultEnvironment(),
-                    ...this._serverParams.env,
+                    ...this._serverParams.env
                },
-                stdio: ["pipe", "pipe", (_b = this._serverParams.stderr) !== null && _b !== void 0 ? _b : "inherit"],
+                stdio: ['pipe', 'pipe', this._serverParams.stderr ?? 'inherit'],
                shell: false,
-                signal: this._abortController.signal,
-                windowsHide: node_process_1.default.platform === "win32" && isElectron(),
-                cwd: this._serverParams.cwd,
+                windowsHide: node_process_1.default.platform === 'win32' && isElectron(),
+                cwd: this._serverParams.cwd
            });
-            this._process.on("error", (error) => {
-                var _a, _b;
-                if (error.name === "AbortError") {
-                    // Expected when close() is called.
-                    (_a = this.onclose) === null || _a === void 0 ? void 0 : _a.call(this);
-                    return;
-                }
+            this._process.on('error', error => {
                reject(error);
-                (_b = this.onerror) === null || _b === void 0 ? void 0 : _b.call(this, error);
+                this.onerror?.(error);
            });
-            this._process.on("spawn", () => {
+            this._process.on('spawn', () => {
                resolve();
            });
-            this._process.on("close", (_code) => {
-                var _a;
+            this._process.on('close', _code => {
                this._process = undefined;
-                (_a = this.onclose) === null || _a === void 0 ? void 0 : _a.call(this);
+                this.onclose?.();
            });
-            (_c = this._process.stdin) === null || _c === void 0 ? void 0 : _c.on("error", (error) => {
-                var _a;
-                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            this._process.stdin?.on('error', error => {
+                this.onerror?.(error);
            });
-            (_d = this._process.stdout) === null || _d === void 0 ? void 0 : _d.on("data", (chunk) => {
+            this._process.stdout?.on('data', chunk => {
                this._readBuffer.append(chunk);
                this.processReadBuffer();
            });
-            (_e = this._process.stdout) === null || _e === void 0 ? void 0 : _e.on("error", (error) => {
-                var _a;
-                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            this._process.stdout?.on('error', error => {
+                this.onerror?.(error);
            });
            if (this._stderrStream && this._process.stderr) {
                this._process.stderr.pipe(this._stderrStream);
@@ -126,11 +114,10 @@ class StdioClientTransport {
     * error output emitted by the child process.
     */
    get stderr() {
-        var _a, _b;
        if (this._stderrStream) {
            return this._stderrStream;
        }
-        return (_b = (_a = this._process) === null || _a === void 0 ? void 0 : _a.stderr) !== null && _b !== void 0 ? _b : null;
+        return this._process?.stderr ?? null;
    }
    /**
     * The child process pid spawned by this transport.
@@ -138,47 +125,75 @@ class StdioClientTransport {
     * This is only available after the transport has been started.
     */
    get pid() {
-        var _a, _b;
-        return (_b = (_a = this._process) === null || _a === void 0 ? void 0 : _a.pid) !== null && _b !== void 0 ? _b : null;
+        return this._process?.pid ?? null;
    }
    processReadBuffer() {
-        var _a, _b;
        while (true) {
            try {
                const message = this._readBuffer.readMessage();
                if (message === null) {
                    break;
                }
-                (_a = this.onmessage) === null || _a === void 0 ? void 0 : _a.call(this, message);
+                this.onmessage?.(message);
            }
            catch (error) {
-                (_b = this.onerror) === null || _b === void 0 ? void 0 : _b.call(this, error);
+                this.onerror?.(error);
            }
        }
    }
    async close() {
-        this._abortController.abort();
-        this._process = undefined;
+        if (this._process) {
+            const processToClose = this._process;
+            this._process = undefined;
+            const closePromise = new Promise(resolve => {
+                processToClose.once('close', () => {
+                    resolve();
+                });
+            });
+            try {
+                processToClose.stdin?.end();
+            }
+            catch {
+                // ignore
+            }
+            await Promise.race([closePromise, new Promise(resolve => setTimeout(resolve, 2000).unref())]);
+            if (processToClose.exitCode === null) {
+                try {
+                    processToClose.kill('SIGTERM');
+                }
+                catch {
+                    // ignore
+                }
+                await Promise.race([closePromise, new Promise(resolve => setTimeout(resolve, 2000).unref())]);
+            }
+            if (processToClose.exitCode === null) {
+                try {
+                    processToClose.kill('SIGKILL');
+                }
+                catch {
+                    // ignore
+                }
+            }
+        }
        this._readBuffer.clear();
    }
    send(message) {
-        return new Promise((resolve) => {
-            var _a;
-            if (!((_a = this._process) === null || _a === void 0 ? void 0 : _a.stdin)) {
-                throw new Error("Not connected");
+        return new Promise(resolve => {
+            if (!this._process?.stdin) {
+                throw new Error('Not connected');
            }
            const json = (0, stdio_js_1.serializeMessage)(message);
            if (this._process.stdin.write(json)) {
                resolve();
            }
            else {
-                this._process.stdin.once("drain", resolve);
+                this._process.stdin.once('drain', resolve);
            }
        });
    }
 }
 exports.StdioClientTransport = StdioClientTransport;
 function isElectron() {
-    return "type" in node_process_1.default;
+    return 'type' in node_process_1.default;
 }
 //# sourceMappingURL=stdio.js.map
@@ -1 +1 @@
-{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/client/stdio.ts"],"names":[],"mappings":";;;;;;AAkEA,sDAkBC;AAnFD,8DAAgC;AAChC,gEAAmC;AACnC,6CAAkD;AAClD,iDAAkE;AAqClE;;GAEG;AACU,QAAA,0BAA0B,GACrC,sBAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC;QACE,SAAS;QACT,WAAW;QACX,UAAU;QACV,cAAc;QACd,MAAM;QACN,wBAAwB;QACxB,aAAa;QACb,YAAY;QACZ,MAAM;QACN,UAAU;QACV,aAAa;QACb,cAAc;KACf;IACH,CAAC,CAAC,0DAA0D;QAC1D,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAE3D;;GAEG;AACH,SAAgB,qBAAqB;IACnC,MAAM,GAAG,GAA2B,EAAE,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,kCAA0B,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,sBAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,6CAA6C;YAC7C,SAAS;QACX,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAa,oBAAoB;IAW/B,YAAY,MAA6B;QATjC,qBAAgB,GAAoB,IAAI,eAAe,EAAE,CAAC;QAC1D,gBAAW,GAAe,IAAI,qBAAU,EAAE,CAAC;QAE3C,kBAAa,GAAuB,IAAI,CAAC;QAO/C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;QAC5B,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAC/D,IAAI,CAAC,aAAa,GAAG,IAAI,yBAAW,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,+GAA+G,CAChH,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;YACrC,IAAI,CAAC,QAAQ,GAAG,IAAA,qBAAK,EACnB,IAAI,CAAC,aAAa,CAAC,OAAO,EAC1B,MAAA,IAAI,CAAC,aAAa,CAAC,IAAI,mCAAI,EAAE,EAC7B;gBACE,2EAA2E;gBAC3E,GAAG,EAAE;oBACH,GAAG,qBAAqB,EAAE;oBAC1B,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG;iBAC1B;gBACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAA,IAAI,CAAC,aAAa,CAAC,MAAM,mCAAI,SAAS,CAAC;gBAC/D,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBACpC,WAAW,EAAE,sBAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU,EAAE;gBACzD,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG;aAC5B,CACF,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;;gBAClC,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,mCAAmC;oBACnC,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;oBACjB,OAAO;gBACT,CAAC;gBAED,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC7B,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;;gBAClC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;gBAC1B,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;YACnB,CAAC,CAAC,CAAC;YAEH,MAAA,IAAI,CAAC,QAAQ,CAAC,KAAK,0CAAE,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;;gBACzC,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;YAEH,MAAA,IAAI,CAAC,QAAQ,CAAC,MAAM,0CAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBACzC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC/B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,CAAC,CAAC,CAAC;YAEH,MAAA,IAAI,CAAC,QAAQ,CAAC,MAAM,0CAAE,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;;gBAC1C,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC/C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAChD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,IAAI,MAAM;;QACR,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;QAED,OAAO,MAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,MAAM,mCAAI,IAAI,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,IAAI,GAAG;;QACL,OAAO,MAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,GAAG,mCAAI,IAAI,CAAC;IACpC,CAAC;IAEO,iBAAiB;;QACvB,OAAO,IAAI,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBAC/C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;oBACrB,MAAM;gBACR,CAAC;gBAED,MAAA,IAAI,CAAC,SAAS,qDAAG,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC,OAAuB;QAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;;YAC7B,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,KAAK,CAAA,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAC;YACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAhJD,oDAgJC;AAED,SAAS,UAAU;IACjB,OAAO,MAAM,IAAI,sBAAO,CAAC;AAC3B,CAAC"}
+{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/client/stdio.ts"],"names":[],"mappings":";;;;;;AAkEA,sDAkBC;AAnFD,8DAAgC;AAChC,gEAAmC;AACnC,6CAAkD;AAClD,iDAAkE;AAqClE;;GAEG;AACU,QAAA,0BAA0B,GACnC,sBAAO,CAAC,QAAQ,KAAK,OAAO;IACxB,CAAC,CAAC;QACI,SAAS;QACT,WAAW;QACX,UAAU;QACV,cAAc;QACd,MAAM;QACN,wBAAwB;QACxB,aAAa;QACb,YAAY;QACZ,MAAM;QACN,UAAU;QACV,aAAa;QACb,cAAc;KACjB;IACH,CAAC,CAAC,0DAA0D;QAC1D,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAE/D;;GAEG;AACH,SAAgB,qBAAqB;IACjC,MAAM,GAAG,GAA2B,EAAE,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,kCAA0B,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,sBAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,SAAS;QACb,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,6CAA6C;YAC7C,SAAS;QACb,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,OAAO,GAAG,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAa,oBAAoB;IAU7B,YAAY,MAA6B;QARjC,gBAAW,GAAe,IAAI,qBAAU,EAAE,CAAC;QAE3C,kBAAa,GAAuB,IAAI,CAAC;QAO7C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;QAC5B,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAC7D,IAAI,CAAC,aAAa,GAAG,IAAI,yBAAW,EAAE,CAAC;QAC3C,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACP,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACX,+GAA+G,CAClH,CAAC;QACN,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,IAAI,CAAC,QAAQ,GAAG,IAAA,qBAAK,EAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE,EAAE;gBAC7E,2EAA2E;gBAC3E,GAAG,EAAE;oBACD,GAAG,qBAAqB,EAAE;oBAC1B,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG;iBAC5B;gBACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,IAAI,SAAS,CAAC;gBAC/D,KAAK,EAAE,KAAK;gBACZ,WAAW,EAAE,sBAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU,EAAE;gBACzD,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBAC9B,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC3B,OAAO,EAAE,CAAC;YACd,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBAC9B,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;gBAC1B,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBACrC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE;gBACrC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC/B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC7B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE;gBACtC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClD,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;;OAMG;IACH,IAAI,MAAM;QACN,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,aAAa,CAAC;QAC9B,CAAC;QAED,OAAO,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,IAAI,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,IAAI,GAAG;QACH,OAAO,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,IAAI,CAAC;IACtC,CAAC;IAEO,iBAAiB;QACrB,OAAO,IAAI,EAAE,CAAC;YACV,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBAC/C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;oBACnB,MAAM;gBACV,CAAC;gBAED,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,EAAE,CAAC,KAAc,CAAC,CAAC;YACnC,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;QACP,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChB,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC;YACrC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;YAE1B,MAAM,YAAY,GAAG,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;gBAC7C,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE;oBAC9B,OAAO,EAAE,CAAC;gBACd,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC;gBACD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACL,SAAS;YACb,CAAC;YAED,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;YAE/F,IAAI,cAAc,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACnC,IAAI,CAAC;oBACD,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;gBAAC,MAAM,CAAC;oBACL,SAAS;gBACb,CAAC;gBAED,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;YACnG,CAAC;YAED,IAAI,cAAc,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACnC,IAAI,CAAC;oBACD,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;gBAAC,MAAM,CAAC;oBACL,SAAS;gBACb,CAAC;YACL,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC;IAED,IAAI,CAAC,OAAuB;QACxB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;YACrC,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,2BAAgB,EAAC,OAAO,CAAC,CAAC;YACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;CACJ;AAvKD,oDAuKC;AAED,SAAS,UAAU;IACf,OAAO,MAAM,IAAI,sBAAO,CAAC;AAC7B,CAAC"}
@@ -1,6 +1,6 @@
-import { Transport, FetchLike } from "../shared/transport.js";
-import { JSONRPCMessage } from "../types.js";
-import { OAuthClientProvider } from "./auth.js";
+import { Transport, FetchLike } from '../shared/transport.js';
+import { JSONRPCMessage } from '../types.js';
+import { OAuthClientProvider } from './auth.js';
 export declare class StreamableHTTPError extends Error {
    readonly code: number | undefined;
    constructor(code: number | undefined, message: string | undefined);
@@ -22,9 +22,9 @@ export interface StartSSEOptions {
     */
    onresumptiontoken?: (token: string) => void;
    /**
-    * Override Message ID to associate with the replay message
-    * so that response can be associate with the new resumed request.
-    */
+     * Override Message ID to associate with the replay message
+     * so that response can be associate with the new resumed request.
+     */
    replayMessageId?: string | number;
 }
 /**
@@ -98,12 +98,18 @@ export declare class StreamableHTTPClientTransport implements Transport {
    private _abortController?;
    private _url;
    private _resourceMetadataUrl?;
+    private _scope?;
    private _requestInit?;
    private _authProvider?;
    private _fetch?;
+    private _fetchWithInit;
    private _sessionId?;
    private _reconnectionOptions;
    private _protocolVersion?;
+    private _hasCompletedAuthFlow;
+    private _lastUpscopingHeader?;
+    private _serverRetryMs?;
+    private _reconnectionTimeout?;
    onclose?: () => void;
    onerror?: (error: Error) => void;
    onmessage?: (message: JSONRPCMessage) => void;
@@ -118,9 +124,8 @@ export declare class StreamableHTTPClientTransport implements Transport {
     * @returns Time to wait in milliseconds before next reconnection attempt
     */
    private _getNextReconnectionDelay;
-    private _normalizeHeaders;
    /**
-     * Schedule a reconnection attempt with exponential backoff
+     * Schedule a reconnection attempt using server-provided retry interval or backoff
     *
     * @param lastEventId The ID of the last received event for resumability
     * @param attemptCount Current reconnection attempt count for this specific stream
@@ -152,5 +157,15 @@ export declare class StreamableHTTPClientTransport implements Transport {
    terminateSession(): Promise<void>;
    setProtocolVersion(version: string): void;
    get protocolVersion(): string | undefined;
+    /**
+     * Resume an SSE stream from a previous event ID.
+     * Opens a GET SSE connection with Last-Event-ID header to replay missed events.
+     *
+     * @param lastEventId The event ID to resume from
+     * @param options Optional callback to receive new resumption tokens
+     */
+    resumeStream(lastEventId: string, options?: {
+        onresumptiontoken?: (token: string) => void;
+    }): Promise<void>;
 }
 //# sourceMappingURL=streamableHttp.d.ts.map
@@ -1 +1 @@
-{"version":3,"file":"streamableHttp.d.ts","sourceRoot":"","sources":["../../../src/client/streamableHttp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAkE,cAAc,EAAwB,MAAM,aAAa,CAAC;AACnI,OAAO,EAAgD,mBAAmB,EAAqB,MAAM,WAAW,CAAC;AAWjH,qBAAa,mBAAoB,SAAQ,KAAK;aAE1B,IAAI,EAAE,MAAM,GAAG,SAAS;gBAAxB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS;CAI9B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAE5C;;;MAGE;IACF,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD;;;OAGG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,wBAAwB,EAAE,MAAM,CAAC;IAEjC;;;OAGG;IACH,2BAA2B,EAAE,MAAM,CAAC;IAEpC;;;OAGG;IACH,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,KAAK,CAAC,EAAE,SAAS,CAAC;IAElB;;OAEG;IACH,mBAAmB,CAAC,EAAE,iCAAiC,CAAC;IAExD;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;GAIG;AACH,qBAAa,6BAA8B,YAAW,SAAS;IAC7D,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,oBAAoB,CAAC,CAAM;IACnC,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAC5C,OAAO,CAAC,MAAM,CAAC,CAAY;IAC3B,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,oBAAoB,CAAoC;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAElC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAG5C,GAAG,EAAE,GAAG,EACR,IAAI,CAAC,EAAE,oCAAoC;YAW/B,cAAc;YAoBd,cAAc;YAyBd,eAAe;IA6C7B;;;;;OAKG;IACH,OAAO,CAAC,yBAAyB;IAW/B,OAAO,CAAC,iBAAiB;IAc3B;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,gBAAgB;IA0ElB,KAAK;IAUX;;OAEG;IACG,UAAU,CAAC,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAOtB,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,cAAc,EAAE,EAAE,OAAO,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAkG1J,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,CAElC;IAED;;;;;;;;;;OAUG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCvC,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAGzC,IAAI,eAAe,IAAI,MAAM,GAAG,SAAS,CAExC;CACF"}
+{"version":3,"file":"streamableHttp.d.ts","sourceRoot":"","sources":["../../../src/client/streamableHttp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAyC,MAAM,wBAAwB,CAAC;AACrG,OAAO,EAAwE,cAAc,EAAwB,MAAM,aAAa,CAAC;AACzI,OAAO,EAAkD,mBAAmB,EAAqB,MAAM,WAAW,CAAC;AAWnH,qBAAa,mBAAoB,SAAQ,KAAK;aAEtB,IAAI,EAAE,MAAM,GAAG,SAAS;gBAAxB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS;CAIlC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAE5C;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAC9C;;;OAGG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,wBAAwB,EAAE,MAAM,CAAC;IAEjC;;;OAGG;IACH,2BAA2B,EAAE,MAAM,CAAC;IAEpC;;;OAGG;IACH,UAAU,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IAC/C;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,KAAK,CAAC,EAAE,SAAS,CAAC;IAElB;;OAEG;IACH,mBAAmB,CAAC,EAAE,iCAAiC,CAAC;IAExD;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;;GAIG;AACH,qBAAa,6BAA8B,YAAW,SAAS;IAC3D,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,oBAAoB,CAAC,CAAM;IACnC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAC5C,OAAO,CAAC,MAAM,CAAC,CAAY;IAC3B,OAAO,CAAC,cAAc,CAAY;IAClC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,oBAAoB,CAAoC;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAClC,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,oBAAoB,CAAC,CAAS;IACtC,OAAO,CAAC,cAAc,CAAC,CAAS;IAChC,OAAO,CAAC,oBAAoB,CAAC,CAAgC;IAE7D,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,oCAAoC;YAYnD,cAAc;YAyBd,cAAc;YAwBd,eAAe;IA4C7B;;;;;OAKG;IACH,OAAO,CAAC,yBAAyB;IAejC;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,gBAAgB;IA+GlB,KAAK;IAUX;;OAEG;IACG,UAAU,CAAC,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAStB,IAAI,CACN,OAAO,EAAE,cAAc,GAAG,cAAc,EAAE,EAC1C,OAAO,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,GACpF,OAAO,CAAC,IAAI,CAAC;IA0JhB,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,CAElC;IAED;;;;;;;;;;OAUG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IA+BvC,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAGzC,IAAI,eAAe,IAAI,MAAM,GAAG,SAAS,CAExC;IAED;;;;;;OAMG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAMpH"}
@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.StreamableHTTPClientTransport = exports.StreamableHTTPError = void 0;
+const transport_js_1 = require("../shared/transport.js");
 const types_js_1 = require("../types.js");
 const auth_js_1 = require("./auth.js");
 const stream_1 = require("eventsource-parser/stream");
@@ -9,7 +10,7 @@ const DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {
    initialReconnectionDelay: 1000,
    maxReconnectionDelay: 30000,
    reconnectionDelayGrowFactor: 1.5,
-    maxRetries: 2,
+    maxRetries: 2
 };
 class StreamableHTTPError extends Error {
    constructor(code, message) {
@@ -25,72 +26,77 @@ exports.StreamableHTTPError = StreamableHTTPError;
 */
 class StreamableHTTPClientTransport {
    constructor(url, opts) {
-        var _a;
+        this._hasCompletedAuthFlow = false; // Circuit breaker: detect auth success followed by immediate 401
        this._url = url;
        this._resourceMetadataUrl = undefined;
-        this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
-        this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
-        this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;
-        this._sessionId = opts === null || opts === void 0 ? void 0 : opts.sessionId;
-        this._reconnectionOptions = (_a = opts === null || opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a !== void 0 ? _a : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;
+        this._scope = undefined;
+        this._requestInit = opts?.requestInit;
+        this._authProvider = opts?.authProvider;
+        this._fetch = opts?.fetch;
+        this._fetchWithInit = (0, transport_js_1.createFetchWithInit)(opts?.fetch, opts?.requestInit);
+        this._sessionId = opts?.sessionId;
+        this._reconnectionOptions = opts?.reconnectionOptions ?? DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;
    }
    async _authThenStart() {
-        var _a;
        if (!this._authProvider) {
-            throw new auth_js_1.UnauthorizedError("No auth provider");
+            throw new auth_js_1.UnauthorizedError('No auth provider');
        }
        let result;
        try {
-            result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
+            result = await (0, auth_js_1.auth)(this._authProvider, {
+                serverUrl: this._url,
+                resourceMetadataUrl: this._resourceMetadataUrl,
+                scope: this._scope,
+                fetchFn: this._fetchWithInit
+            });
        }
        catch (error) {
-            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
-        if (result !== "AUTHORIZED") {
+        if (result !== 'AUTHORIZED') {
            throw new auth_js_1.UnauthorizedError();
        }
        return await this._startOrAuthSse({ resumptionToken: undefined });
    }
    async _commonHeaders() {
-        var _a;
        const headers = {};
        if (this._authProvider) {
            const tokens = await this._authProvider.tokens();
            if (tokens) {
-                headers["Authorization"] = `Bearer ${tokens.access_token}`;
+                headers['Authorization'] = `Bearer ${tokens.access_token}`;
            }
        }
        if (this._sessionId) {
-            headers["mcp-session-id"] = this._sessionId;
+            headers['mcp-session-id'] = this._sessionId;
        }
        if (this._protocolVersion) {
-            headers["mcp-protocol-version"] = this._protocolVersion;
+            headers['mcp-protocol-version'] = this._protocolVersion;
        }
-        const extraHeaders = this._normalizeHeaders((_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers);
+        const extraHeaders = (0, transport_js_1.normalizeHeaders)(this._requestInit?.headers);
        return new Headers({
            ...headers,
-            ...extraHeaders,
+            ...extraHeaders
        });
    }
    async _startOrAuthSse(options) {
-        var _a, _b, _c;
        const { resumptionToken } = options;
        try {
            // Try to open an initial SSE stream with GET to listen for server messages
            // This is optional according to the spec - server may not support it
            const headers = await this._commonHeaders();
-            headers.set("Accept", "text/event-stream");
+            headers.set('Accept', 'text/event-stream');
            // Include Last-Event-ID header for resumable streams if provided
            if (resumptionToken) {
-                headers.set("last-event-id", resumptionToken);
+                headers.set('last-event-id', resumptionToken);
            }
-            const response = await ((_a = this._fetch) !== null && _a !== void 0 ? _a : fetch)(this._url, {
-                method: "GET",
+            const response = await (this._fetch ?? fetch)(this._url, {
+                method: 'GET',
                headers,
-                signal: (_b = this._abortController) === null || _b === void 0 ? void 0 : _b.signal,
+                signal: this._abortController?.signal
            });
            if (!response.ok) {
+                await response.body?.cancel();
                if (response.status === 401 && this._authProvider) {
                    // Need to authenticate
                    return await this._authThenStart();
@@ -105,7 +111,7 @@ class StreamableHTTPClientTransport {
            this._handleSseStream(response.body, options, true);
        }
        catch (error) {
-            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
    }
@@ -116,47 +122,38 @@ class StreamableHTTPClientTransport {
     * @returns Time to wait in milliseconds before next reconnection attempt
     */
    _getNextReconnectionDelay(attempt) {
-        // Access default values directly, ensuring they're never undefined
+        // Use server-provided retry value if available
+        if (this._serverRetryMs !== undefined) {
+            return this._serverRetryMs;
+        }
+        // Fall back to exponential backoff
        const initialDelay = this._reconnectionOptions.initialReconnectionDelay;
        const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;
        const maxDelay = this._reconnectionOptions.maxReconnectionDelay;
        // Cap at maximum delay
        return Math.min(initialDelay * Math.pow(growFactor, attempt), maxDelay);
    }
-    _normalizeHeaders(headers) {
-        if (!headers)
-            return {};
-        if (headers instanceof Headers) {
-            return Object.fromEntries(headers.entries());
-        }
-        if (Array.isArray(headers)) {
-            return Object.fromEntries(headers);
-        }
-        return { ...headers };
-    }
    /**
-     * Schedule a reconnection attempt with exponential backoff
+     * Schedule a reconnection attempt using server-provided retry interval or backoff
     *
     * @param lastEventId The ID of the last received event for resumability
     * @param attemptCount Current reconnection attempt count for this specific stream
     */
    _scheduleReconnection(options, attemptCount = 0) {
-        var _a;
        // Use provided options or default options
        const maxRetries = this._reconnectionOptions.maxRetries;
        // Check if we've exceeded maximum retry attempts
-        if (maxRetries > 0 && attemptCount >= maxRetries) {
-            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));
+        if (attemptCount >= maxRetries) {
+            this.onerror?.(new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));
            return;
        }
        // Calculate next delay based on current attempt count
        const delay = this._getNextReconnectionDelay(attemptCount);
        // Schedule the reconnection
-        setTimeout(() => {
+        this._reconnectionTimeout = setTimeout(() => {
            // Use the last event ID to resume where we left off
            this._startOrAuthSse(options).catch(error => {
-                var _a;
-                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));
+                this.onerror?.(new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));
                // Schedule another attempt if this one failed, incrementing the attempt counter
                this._scheduleReconnection(options, attemptCount + 1);
            });
@@ -168,15 +165,25 @@ class StreamableHTTPClientTransport {
        }
        const { onresumptiontoken, replayMessageId } = options;
        let lastEventId;
+        // Track whether we've received a priming event (event with ID)
+        // Per spec, server SHOULD send a priming event with ID before closing
+        let hasPrimingEvent = false;
+        // Track whether we've received a response - if so, no need to reconnect
+        // Reconnection is for when server disconnects BEFORE sending response
+        let receivedResponse = false;
        const processStream = async () => {
-            var _a, _b, _c, _d;
            // this is the closest we can get to trying to catch network errors
            // if something happens reader will throw
            try {
                // Create a pipeline: binary stream -> text decoder -> SSE parser
                const reader = stream
                    .pipeThrough(new TextDecoderStream())
-                    .pipeThrough(new stream_1.EventSourceParserStream())
+                    .pipeThrough(new stream_1.EventSourceParserStream({
+                    onRetry: (retryMs) => {
+                        // Capture server-provided retry value for reconnection timing
+                        this._serverRetryMs = retryMs;
+                    }
+                }))
                    .getReader();
                while (true) {
                    const { value: event, done } = await reader.read();
@@ -186,29 +193,54 @@ class StreamableHTTPClientTransport {
                    // Update last event ID if provided
                    if (event.id) {
                        lastEventId = event.id;
-                        onresumptiontoken === null || onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);
+                        // Mark that we've received a priming event - stream is now resumable
+                        hasPrimingEvent = true;
+                        onresumptiontoken?.(event.id);
                    }
-                    if (!event.event || event.event === "message") {
+                    // Skip events with no data (priming events, keep-alives)
+                    if (!event.data) {
+                        continue;
+                    }
+                    if (!event.event || event.event === 'message') {
                        try {
                            const message = types_js_1.JSONRPCMessageSchema.parse(JSON.parse(event.data));
-                            if (replayMessageId !== undefined && (0, types_js_1.isJSONRPCResponse)(message)) {
-                                message.id = replayMessageId;
+                            if ((0, types_js_1.isJSONRPCResultResponse)(message)) {
+                                // Mark that we received a response - no need to reconnect for this request
+                                receivedResponse = true;
+                                if (replayMessageId !== undefined) {
+                                    message.id = replayMessageId;
+                                }
                            }
-                            (_a = this.onmessage) === null || _a === void 0 ? void 0 : _a.call(this, message);
+                            this.onmessage?.(message);
                        }
                        catch (error) {
-                            (_b = this.onerror) === null || _b === void 0 ? void 0 : _b.call(this, error);
+                            this.onerror?.(error);
                        }
                    }
                }
+                // Handle graceful server-side disconnect
+                // Server may close connection after sending event ID and retry field
+                // Reconnect if: already reconnectable (GET stream) OR received a priming event (POST stream with event ID)
+                // BUT don't reconnect if we already received a response - the request is complete
+                const canResume = isReconnectable || hasPrimingEvent;
+                const needsReconnect = canResume && !receivedResponse;
+                if (needsReconnect && this._abortController && !this._abortController.signal.aborted) {
+                    this._scheduleReconnection({
+                        resumptionToken: lastEventId,
+                        onresumptiontoken,
+                        replayMessageId
+                    }, 0);
+                }
            }
            catch (error) {
                // Handle stream errors - likely a network disconnect
-                (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, new Error(`SSE stream disconnected: ${error}`));
+                this.onerror?.(new Error(`SSE stream disconnected: ${error}`));
                // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing
-                if (isReconnectable &&
-                    this._abortController &&
-                    !this._abortController.signal.aborted) {
+                // Reconnect if: already reconnectable (GET stream) OR received a priming event (POST stream with event ID)
+                // BUT don't reconnect if we already received a response - the request is complete
+                const canResume = isReconnectable || hasPrimingEvent;
+                const needsReconnect = canResume && !receivedResponse;
+                if (needsReconnect && this._abortController && !this._abortController.signal.aborted) {
                    // Use the exponential backoff reconnection strategy
                    try {
                        this._scheduleReconnection({
@@ -218,7 +250,7 @@ class StreamableHTTPClientTransport {
                        }, 0);
                    }
                    catch (error) {
-                        (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));
+                        this.onerror?.(new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));
                    }
                }
            }
@@ -227,7 +259,7 @@ class StreamableHTTPClientTransport {
    }
    async start() {
        if (this._abortController) {
-            throw new Error("StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+            throw new Error('StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.');
        }
        this._abortController = new AbortController();
    }
@@ -236,96 +268,153 @@ class StreamableHTTPClientTransport {
     */
    async finishAuth(authorizationCode) {
        if (!this._authProvider) {
-            throw new auth_js_1.UnauthorizedError("No auth provider");
+            throw new auth_js_1.UnauthorizedError('No auth provider');
        }
-        const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
-        if (result !== "AUTHORIZED") {
-            throw new auth_js_1.UnauthorizedError("Failed to authorize");
+        const result = await (0, auth_js_1.auth)(this._authProvider, {
+            serverUrl: this._url,
+            authorizationCode,
+            resourceMetadataUrl: this._resourceMetadataUrl,
+            scope: this._scope,
+            fetchFn: this._fetchWithInit
+        });
+        if (result !== 'AUTHORIZED') {
+            throw new auth_js_1.UnauthorizedError('Failed to authorize');
        }
    }
    async close() {
-        var _a, _b;
-        // Abort any pending requests
-        (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.abort();
-        (_b = this.onclose) === null || _b === void 0 ? void 0 : _b.call(this);
+        if (this._reconnectionTimeout) {
+            clearTimeout(this._reconnectionTimeout);
+            this._reconnectionTimeout = undefined;
+        }
+        this._abortController?.abort();
+        this.onclose?.();
    }
    async send(message, options) {
-        var _a, _b, _c, _d;
        try {
            const { resumptionToken, onresumptiontoken } = options || {};
            if (resumptionToken) {
                // If we have at last event ID, we need to reconnect the SSE stream
-                this._startOrAuthSse({ resumptionToken, replayMessageId: (0, types_js_1.isJSONRPCRequest)(message) ? message.id : undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });
+                this._startOrAuthSse({ resumptionToken, replayMessageId: (0, types_js_1.isJSONRPCRequest)(message) ? message.id : undefined }).catch(err => this.onerror?.(err));
                return;
            }
            const headers = await this._commonHeaders();
-            headers.set("content-type", "application/json");
-            headers.set("accept", "application/json, text/event-stream");
+            headers.set('content-type', 'application/json');
+            headers.set('accept', 'application/json, text/event-stream');
            const init = {
                ...this._requestInit,
-                method: "POST",
+                method: 'POST',
                headers,
                body: JSON.stringify(message),
-                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,
+                signal: this._abortController?.signal
            };
-            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);
+            const response = await (this._fetch ?? fetch)(this._url, init);
            // Handle session ID received during initialization
-            const sessionId = response.headers.get("mcp-session-id");
+            const sessionId = response.headers.get('mcp-session-id');
            if (sessionId) {
                this._sessionId = sessionId;
            }
            if (!response.ok) {
+                const text = await response.text().catch(() => null);
                if (response.status === 401 && this._authProvider) {
-                    this._resourceMetadataUrl = (0, auth_js_1.extractResourceMetadataUrl)(response);
-                    const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl, fetchFn: this._fetch });
-                    if (result !== "AUTHORIZED") {
+                    // Prevent infinite recursion when server returns 401 after successful auth
+                    if (this._hasCompletedAuthFlow) {
+                        throw new StreamableHTTPError(401, 'Server returned 401 after successful authentication');
+                    }
+                    const { resourceMetadataUrl, scope } = (0, auth_js_1.extractWWWAuthenticateParams)(response);
+                    this._resourceMetadataUrl = resourceMetadataUrl;
+                    this._scope = scope;
+                    const result = await (0, auth_js_1.auth)(this._authProvider, {
+                        serverUrl: this._url,
+                        resourceMetadataUrl: this._resourceMetadataUrl,
+                        scope: this._scope,
+                        fetchFn: this._fetchWithInit
+                    });
+                    if (result !== 'AUTHORIZED') {
                        throw new auth_js_1.UnauthorizedError();
                    }
+                    // Mark that we completed auth flow
+                    this._hasCompletedAuthFlow = true;
                    // Purposely _not_ awaited, so we don't call onerror twice
                    return this.send(message);
                }
-                const text = await response.text().catch(() => null);
-                throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);
+                if (response.status === 403 && this._authProvider) {
+                    const { resourceMetadataUrl, scope, error } = (0, auth_js_1.extractWWWAuthenticateParams)(response);
+                    if (error === 'insufficient_scope') {
+                        const wwwAuthHeader = response.headers.get('WWW-Authenticate');
+                        // Check if we've already tried upscoping with this header to prevent infinite loops.
+                        if (this._lastUpscopingHeader === wwwAuthHeader) {
+                            throw new StreamableHTTPError(403, 'Server returned 403 after trying upscoping');
+                        }
+                        if (scope) {
+                            this._scope = scope;
+                        }
+                        if (resourceMetadataUrl) {
+                            this._resourceMetadataUrl = resourceMetadataUrl;
+                        }
+                        // Mark that upscoping was tried.
+                        this._lastUpscopingHeader = wwwAuthHeader ?? undefined;
+                        const result = await (0, auth_js_1.auth)(this._authProvider, {
+                            serverUrl: this._url,
+                            resourceMetadataUrl: this._resourceMetadataUrl,
+                            scope: this._scope,
+                            fetchFn: this._fetch
+                        });
+                        if (result !== 'AUTHORIZED') {
+                            throw new auth_js_1.UnauthorizedError();
+                        }
+                        return this.send(message);
+                    }
+                }
+                throw new StreamableHTTPError(response.status, `Error POSTing to endpoint: ${text}`);
            }
+            // Reset auth loop flag on successful response
+            this._hasCompletedAuthFlow = false;
+            this._lastUpscopingHeader = undefined;
            // If the response is 202 Accepted, there's no body to process
            if (response.status === 202) {
+                await response.body?.cancel();
                // if the accepted notification is initialized, we start the SSE stream
                // if it's supported by the server
                if ((0, types_js_1.isInitializedNotification)(message)) {
                    // Start without a lastEventId since this is a fresh connection
-                    this._startOrAuthSse({ resumptionToken: undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });
+                    this._startOrAuthSse({ resumptionToken: undefined }).catch(err => this.onerror?.(err));
                }
                return;
            }
            // Get original message(s) for detecting request IDs
            const messages = Array.isArray(message) ? message : [message];
-            const hasRequests = messages.filter(msg => "method" in msg && "id" in msg && msg.id !== undefined).length > 0;
+            const hasRequests = messages.filter(msg => 'method' in msg && 'id' in msg && msg.id !== undefined).length > 0;
            // Check the response type
-            const contentType = response.headers.get("content-type");
+            const contentType = response.headers.get('content-type');
            if (hasRequests) {
-                if (contentType === null || contentType === void 0 ? void 0 : contentType.includes("text/event-stream")) {
+                if (contentType?.includes('text/event-stream')) {
                    // Handle SSE stream responses for requests
                    // We use the same handler as standalone streams, which now supports
                    // reconnection with the last event ID
                    this._handleSseStream(response.body, { onresumptiontoken }, false);
                }
-                else if (contentType === null || contentType === void 0 ? void 0 : contentType.includes("application/json")) {
+                else if (contentType?.includes('application/json')) {
                    // For non-streaming servers, we might get direct JSON responses
                    const data = await response.json();
                    const responseMessages = Array.isArray(data)
                        ? data.map(msg => types_js_1.JSONRPCMessageSchema.parse(msg))
                        : [types_js_1.JSONRPCMessageSchema.parse(data)];
                    for (const msg of responseMessages) {
-                        (_c = this.onmessage) === null || _c === void 0 ? void 0 : _c.call(this, msg);
+                        this.onmessage?.(msg);
                    }
                }
                else {
+                    await response.body?.cancel();
                    throw new StreamableHTTPError(-1, `Unexpected content type: ${contentType}`);
                }
            }
+            else {
+                // No requests in message but got 200 OK - still need to release connection
+                await response.body?.cancel();
+            }
        }
        catch (error) {
-            (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
    }
@@ -344,7 +433,6 @@ class StreamableHTTPClientTransport {
     * the server does not allow clients to terminate sessions.
     */
    async terminateSession() {
-        var _a, _b, _c;
        if (!this._sessionId) {
            return; // No session to terminate
        }
@@ -352,11 +440,12 @@ class StreamableHTTPClientTransport {
            const headers = await this._commonHeaders();
            const init = {
                ...this._requestInit,
-                method: "DELETE",
+                method: 'DELETE',
                headers,
-                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,
+                signal: this._abortController?.signal
            };
-            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);
+            const response = await (this._fetch ?? fetch)(this._url, init);
+            await response.body?.cancel();
            // We specifically handle 405 as a valid response according to the spec,
            // meaning the server does not support explicit session termination
            if (!response.ok && response.status !== 405) {
@@ -365,7 +454,7 @@ class StreamableHTTPClientTransport {
            this._sessionId = undefined;
        }
        catch (error) {
-            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);
+            this.onerror?.(error);
            throw error;
        }
    }
@@ -375,6 +464,19 @@ class StreamableHTTPClientTransport {
    get protocolVersion() {
        return this._protocolVersion;
    }
+    /**
+     * Resume an SSE stream from a previous event ID.
+     * Opens a GET SSE connection with Last-Event-ID header to replay missed events.
+     *
+     * @param lastEventId The event ID to resume from
+     * @param options Optional callback to receive new resumption tokens
+     */
+    async resumeStream(lastEventId, options) {
+        await this._startOrAuthSse({
+            resumptionToken: lastEventId,
+            onresumptiontoken: options?.onresumptiontoken
+        });
+    }
 }
 exports.StreamableHTTPClientTransport = StreamableHTTPClientTransport;
 //# sourceMappingURL=streamableHttp.js.map
@@ -1,5 +1,5 @@
-import { Transport } from "../shared/transport.js";
-import { JSONRPCMessage } from "../types.js";
+import { Transport } from '../shared/transport.js';
+import { JSONRPCMessage } from '../types.js';
 /**
 * Client transport for WebSocket: this will connect to a server over the WebSocket protocol.
 */
@@ -1 +1 @@
-{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../../src/client/websocket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AAInE;;GAEG;AACH,qBAAa,wBAAyB,YAAW,SAAS;IACxD,OAAO,CAAC,OAAO,CAAC,CAAY;IAC5B,OAAO,CAAC,IAAI,CAAM;IAElB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,GAAG,EAAE,GAAG;IAIpB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAyChB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAW7C"}
+{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../../src/client/websocket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AAInE;;GAEG;AACH,qBAAa,wBAAyB,YAAW,SAAS;IACtD,OAAO,CAAC,OAAO,CAAC,CAAY;IAC5B,OAAO,CAAC,IAAI,CAAM;IAElB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAElC,GAAG,EAAE,GAAG;IAIpB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAsChB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAW/C"}
@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WebSocketClientTransport = void 0;
 const types_js_1 = require("../types.js");
-const SUBPROTOCOL = "mcp";
+const SUBPROTOCOL = 'mcp';
 /**
 * Client transport for WebSocket: this will connect to a server over the WebSocket protocol.
 */
@@ -12,51 +12,44 @@ class WebSocketClientTransport {
    }
    start() {
        if (this._socket) {
-            throw new Error("WebSocketClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+            throw new Error('WebSocketClientTransport already started! If using Client class, note that connect() calls start() automatically.');
        }
        return new Promise((resolve, reject) => {
            this._socket = new WebSocket(this._url, SUBPROTOCOL);
-            this._socket.onerror = (event) => {
-                var _a;
-                const error = "error" in event
-                    ? event.error
-                    : new Error(`WebSocket error: ${JSON.stringify(event)}`);
+            this._socket.onerror = event => {
+                const error = 'error' in event ? event.error : new Error(`WebSocket error: ${JSON.stringify(event)}`);
                reject(error);
-                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+                this.onerror?.(error);
            };
            this._socket.onopen = () => {
                resolve();
            };
            this._socket.onclose = () => {
-                var _a;
-                (_a = this.onclose) === null || _a === void 0 ? void 0 : _a.call(this);
+                this.onclose?.();
            };
            this._socket.onmessage = (event) => {
-                var _a, _b;
                let message;
                try {
                    message = types_js_1.JSONRPCMessageSchema.parse(JSON.parse(event.data));
                }
                catch (error) {
-                    (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+                    this.onerror?.(error);
                    return;
                }
-                (_b = this.onmessage) === null || _b === void 0 ? void 0 : _b.call(this, message);
+                this.onmessage?.(message);
            };
        });
    }
    async close() {
-        var _a;
-        (_a = this._socket) === null || _a === void 0 ? void 0 : _a.close();
+        this._socket?.close();
    }
    send(message) {
        return new Promise((resolve, reject) => {
-            var _a;
            if (!this._socket) {
-                reject(new Error("Not connected"));
+                reject(new Error('Not connected'));
                return;
            }
-            (_a = this._socket) === null || _a === void 0 ? void 0 : _a.send(JSON.stringify(message));
+            this._socket?.send(JSON.stringify(message));
            resolve();
        });
    }
@@ -1 +1 @@
-{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../../src/client/websocket.ts"],"names":[],"mappings":";;;AACA,0CAAmE;AAEnE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B;;GAEG;AACH,MAAa,wBAAwB;IAQnC,YAAY,GAAQ;QAClB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,OAAO,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAErD,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;;gBAC/B,MAAM,KAAK,GACT,OAAO,IAAI,KAAK;oBACd,CAAC,CAAE,KAAK,CAAC,KAAe;oBACxB,CAAC,CAAC,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAC7D,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE;gBACzB,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE;;gBAC1B,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;YACnB,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,KAAmB,EAAE,EAAE;;gBAC/C,IAAI,OAAuB,CAAC;gBAC5B,IAAI,CAAC;oBACH,OAAO,GAAG,+BAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/D,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;oBAC/B,OAAO;gBACT,CAAC;gBAED,MAAA,IAAI,CAAC,SAAS,qDAAG,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;;QACT,MAAA,IAAI,CAAC,OAAO,0CAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IAED,IAAI,CAAC,OAAuB;QAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;YACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;gBACnC,OAAO;YACT,CAAC;YAED,MAAA,IAAI,CAAC,OAAO,0CAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AApED,4DAoEC"}
+{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../../src/client/websocket.ts"],"names":[],"mappings":";;;AACA,0CAAmE;AAEnE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B;;GAEG;AACH,MAAa,wBAAwB;IAQjC,YAAY,GAAQ;QAChB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IACpB,CAAC;IAED,KAAK;QACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,mHAAmH,CACtH,CAAC;QACN,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,IAAI,CAAC,OAAO,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAErD,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE;gBAC3B,MAAM,KAAK,GAAG,OAAO,IAAI,KAAK,CAAC,CAAC,CAAE,KAAK,CAAC,KAAe,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACjH,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE;gBACvB,OAAO,EAAE,CAAC;YACd,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;YACrB,CAAC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,OAAuB,CAAC;gBAC5B,IAAI,CAAC;oBACD,OAAO,GAAG,+BAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBACjE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,IAAI,CAAC,OAAO,EAAE,CAAC,KAAc,CAAC,CAAC;oBAC/B,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,KAAK;QACP,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,CAAC,OAAuB;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAChB,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;gBACnC,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5C,OAAO,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC;CACJ;AAjED,4DAiEC"}
@@ -22,11 +22,11 @@ async function createAndRunClient(config) {
    });
    const transport = new streamableHttp_js_1.StreamableHTTPClientTransport(new URL(serverUrl));
    // Set up client-specific error handler
-    client.onerror = (error) => {
+    client.onerror = error => {
        console.error(`[${config.id}] Client error:`, error);
    };
    // Set up client-specific notification handler
-    client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, (notification) => {
+    client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, notification => {
        console.log(`[${config.id}] Notification: ${notification.params.data}`);
    });
    try {
@@ -1 +1 @@
-{"version":3,"file":"multipleClientsParallel.js","sourceRoot":"","sources":["../../../../src/examples/client/multipleClientsParallel.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,6CAKwB;AAExB;;;;;;;GAOG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AASzD,KAAK,UAAU,kBAAkB,CAAC,MAAoB;IACpD,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,sBAAsB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,iDAA6B,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAExE,uCAAuC;IACvC,MAAM,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;QACzB,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,8CAA8C;IAC9C,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,CAAC,YAAY,EAAE,EAAE;QAC/E,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,mBAAmB,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,wBAAwB;QACxB,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,2BAA2B,CAAC,CAAC;QAEtD,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,mBAAmB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAoB;YACnC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE;gBACN,IAAI,EAAE,MAAM,CAAC,QAAQ;gBACrB,SAAS,EAAE;oBACT,GAAG,MAAM,CAAC,aAAa;oBACvB,iEAAiE;oBACjE,MAAM,EAAE,MAAM,CAAC,EAAE;iBAClB;aACF;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,+BAAoB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,uBAAuB,CAAC,CAAC;QAElD,8DAA8D;QAC9D,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAExD,aAAa;QACb,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,gCAAgC,CAAC,CAAC;QAE3D,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC;QACH,+BAA+B;QAC/B,MAAM,aAAa,GAAmB;YACpC;gBACE,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACb,QAAQ,EAAE,CAAC,EAAE,iCAAiC;oBAC9C,KAAK,EAAE,CAAC,CAAK,uBAAuB;iBACrC;aACF;YACD;gBACE,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACb,QAAQ,EAAE,CAAC,EAAE,kCAAkC;oBAC/C,KAAK,EAAE,CAAC,CAAK,uBAAuB;iBACrC;aACF;YACD;gBACE,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACb,QAAQ,EAAE,CAAC,EAAE,mCAAmC;oBAChD,KAAK,EAAE,CAAC,CAAO,uBAAuB;iBACvC;aACF;SACF,CAAC;QAEF,gCAAgC;QAChC,OAAO,CAAC,GAAG,CAAC,YAAY,aAAa,CAAC,MAAM,yBAAyB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YACjC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;YACtC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAqC,EAAE,EAAE;oBAC/D,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;wBACtC,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBAChC,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;oBAC/C,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;YACrD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAE9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,oBAAoB;AACpB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;IACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"multipleClientsParallel.js","sourceRoot":"","sources":["../../../../src/examples/client/multipleClientsParallel.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,6CAAyH;AAEzH;;;;;;;GAOG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AASzD,KAAK,UAAU,kBAAkB,CAAC,MAAoB;IAClD,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,sBAAsB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,OAAO,EAAE,OAAO;KACnB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,iDAA6B,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAExE,uCAAuC;IACvC,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,8CAA8C;IAC9C,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,YAAY,CAAC,EAAE;QAC3E,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,mBAAmB,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACD,wBAAwB;QACxB,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,2BAA2B,CAAC,CAAC;QAEtD,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,mBAAmB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAoB;YACjC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE;gBACJ,IAAI,EAAE,MAAM,CAAC,QAAQ;gBACrB,SAAS,EAAE;oBACP,GAAG,MAAM,CAAC,aAAa;oBACvB,iEAAiE;oBACjE,MAAM,EAAE,MAAM,CAAC,EAAE;iBACpB;aACJ;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,+BAAoB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,uBAAuB,CAAC,CAAC;QAElD,8DAA8D;QAC9D,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAExD,aAAa;QACb,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,gCAAgC,CAAC,CAAC;QAE3D,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,CAAC;IAChB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,IAAI;IACf,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC;QACD,+BAA+B;QAC/B,MAAM,aAAa,GAAmB;YAClC;gBACI,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACX,QAAQ,EAAE,CAAC,EAAE,iCAAiC;oBAC9C,KAAK,EAAE,CAAC,CAAC,uBAAuB;iBACnC;aACJ;YACD;gBACI,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACX,QAAQ,EAAE,CAAC,EAAE,kCAAkC;oBAC/C,KAAK,EAAE,CAAC,CAAC,uBAAuB;iBACnC;aACJ;YACD;gBACI,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,2BAA2B;gBACrC,aAAa,EAAE;oBACX,QAAQ,EAAE,CAAC,EAAE,mCAAmC;oBAChD,KAAK,EAAE,CAAC,CAAC,uBAAuB;iBACnC;aACJ;SACJ,CAAC;QAEF,gCAAgC;QAChC,OAAO,CAAC,GAAG,CAAC,YAAY,aAAa,CAAC,MAAM,yBAAyB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YAC/B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;YACtC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAqC,EAAE,EAAE;oBAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;wBACpC,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBAClC,CAAC;yBAAM,CAAC;wBACJ,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;oBACjD,CAAC;gBACL,CAAC,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;YACvD,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACL,CAAC;AAED,oBAAoB;AACpB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC5B,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;IACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -25,7 +25,7 @@ async function main() {
            name: 'parallel-tool-calls-client',
            version: '1.0.0'
        });
-        client.onerror = (error) => {
+        client.onerror = error => {
            console.error('Client error:', error);
        };
        // Connect to the server
@@ -33,12 +33,12 @@ async function main() {
        await client.connect(transport);
        console.log('Successfully connected to MCP server');
        // Set up notification handler with caller identification
-        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, (notification) => {
+        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, notification => {
            console.log(`Notification: ${notification.params.data}`);
        });
-        console.log("List tools");
+        console.log('List tools');
        const toolsRequest = await listTools(client);
-        console.log("Tools: ", toolsRequest);
+        console.log('Tools: ', toolsRequest);
        // 2. Start multiple notification tools in parallel
        console.log('\n=== Starting Multiple Notification Streams in Parallel ===');
        const toolResults = await startParallelNotificationTools(client);
@@ -146,7 +146,8 @@ async function startParallelNotificationTools(client) {
        // Start all tool calls in parallel
        const toolPromises = toolCalls.map(({ caller, request }) => {
            console.log(`Starting tool call for ${caller}...`);
-            return client.request(request, types_js_1.CallToolResultSchema)
+            return client
+                .request(request, types_js_1.CallToolResultSchema)
                .then(result => ({ caller, result }))
                .catch(error => {
                console.error(`Error in tool call for ${caller}:`, error);
@@ -1 +1 @@
-{"version":3,"file":"parallelToolCallsClient.js","sourceRoot":"","sources":["../../../../src/examples/client/parallelToolCallsClient.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,6CAMwB;AAExB;;;;;;GAMG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AAEzD,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAErD,IAAI,MAAc,CAAC;IACnB,IAAI,SAAwC,CAAC;IAE7C,IAAI,CAAC;QACH,+CAA+C;QAC/C,MAAM,GAAG,IAAI,iBAAM,CAAC;YAClB,IAAI,EAAE,4BAA4B;YAClC,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;QAEH,MAAM,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;YACzB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC;QAEF,wBAAwB;QACxB,SAAS,GAAG,IAAI,iDAA6B,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAClE,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QAEpD,yDAAyD;QACzD,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,CAAC,YAAY,EAAE,EAAE;YAC/E,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QACzB,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAGpC,mDAAmD;QACnD,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;QAEjE,sCAAsC;QACtC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAsC,EAAE,EAAE;gBAChE,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,6CAA6C;QAC7C,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAEzD,gBAAgB;QAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAE9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,MAAc;IACrC,IAAI,CAAC;QACH,MAAM,YAAY,GAAqB;YACrC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,EAAE;SACX,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,gCAAqB,CAAC,CAAC;QAE9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,8BAA8B,CAAC,MAAc;IAC1D,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,SAAS,GAAG;YAChB;gBACE,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE;oBACP,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACN,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACT,QAAQ,EAAE,CAAC,EAAG,mCAAmC;4BACjD,KAAK,EAAE,EAAE,EAAO,wBAAwB;4BACxC,MAAM,EAAE,eAAe,CAAC,0BAA0B;yBACnD;qBACF;iBACF;aACF;YACD;gBACE,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE;oBACP,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACN,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACT,QAAQ,EAAE,CAAC,EAAE,kCAAkC;4BAC/C,KAAK,EAAE,CAAC,EAAQ,uBAAuB;4BACvC,MAAM,EAAE,eAAe,CAAC,0BAA0B;yBACnD;qBACF;iBACF;aACF;YACD;gBACE,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE;oBACP,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACN,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACT,QAAQ,EAAE,CAAC,EAAG,mCAAmC;4BACjD,KAAK,EAAE,CAAC,EAAQ,4BAA4B;4BAC5C,MAAM,EAAE,gBAAgB,CAAC,0BAA0B;yBACpD;qBACF;iBACF;aACF;SACF,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,MAAM,oCAAoC,CAAC,CAAC;QAE9E,mCAAmC;QACnC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE;YACzD,OAAO,CAAC,GAAG,CAAC,0BAA0B,MAAM,KAAK,CAAC,CAAC;YACnD,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,+BAAoB,CAAC;iBACjD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;iBACpC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACb,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC;gBAC1D,MAAM,KAAK,CAAC;YACd,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,sCAAsC;QACtC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEhD,6BAA6B;QAC7B,MAAM,aAAa,GAAmC,EAAE,CAAC;QACzD,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE;YACrC,aAAa,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACpE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,mBAAmB;AACnB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"parallelToolCallsClient.js","sourceRoot":"","sources":["../../../../src/examples/client/parallelToolCallsClient.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,6CAMwB;AAExB;;;;;;GAMG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AAEzD,KAAK,UAAU,IAAI;IACf,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAErD,IAAI,MAAc,CAAC;IACnB,IAAI,SAAwC,CAAC;IAE7C,IAAI,CAAC;QACD,+CAA+C;QAC/C,MAAM,GAAG,IAAI,iBAAM,CAAC;YAChB,IAAI,EAAE,4BAA4B;YAClC,OAAO,EAAE,OAAO;SACnB,CAAC,CAAC;QAEH,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE;YACrB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC,CAAC;QAEF,wBAAwB;QACxB,SAAS,GAAG,IAAI,iDAA6B,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAClE,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QAEpD,yDAAyD;QACzD,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,YAAY,CAAC,EAAE;YAC3E,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAErC,mDAAmD;QACnD,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,MAAM,WAAW,GAAG,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAC;QAEjE,sCAAsC;QACtC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAqC,EAAE,EAAE;gBAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClC,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC,CAAC,CAAC;QACP,CAAC;QAED,6CAA6C;QAC7C,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAEzD,gBAAgB;QAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,MAAc;IACnC,IAAI,CAAC;QACD,MAAM,YAAY,GAAqB;YACnC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,EAAE;SACb,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,gCAAqB,CAAC,CAAC;QAE9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACJ,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAChE,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,8BAA8B,CAAC,MAAc;IACxD,IAAI,CAAC;QACD,2DAA2D;QAC3D,MAAM,SAAS,GAAG;YACd;gBACI,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE;oBACL,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACJ,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACP,QAAQ,EAAE,CAAC,EAAE,mCAAmC;4BAChD,KAAK,EAAE,EAAE,EAAE,wBAAwB;4BACnC,MAAM,EAAE,eAAe,CAAC,0BAA0B;yBACrD;qBACJ;iBACJ;aACJ;YACD;gBACI,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE;oBACL,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACJ,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACP,QAAQ,EAAE,CAAC,EAAE,kCAAkC;4BAC/C,KAAK,EAAE,CAAC,EAAE,uBAAuB;4BACjC,MAAM,EAAE,eAAe,CAAC,0BAA0B;yBACrD;qBACJ;iBACJ;aACJ;YACD;gBACI,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE;oBACL,MAAM,EAAE,YAAY;oBACpB,MAAM,EAAE;wBACJ,IAAI,EAAE,2BAA2B;wBACjC,SAAS,EAAE;4BACP,QAAQ,EAAE,CAAC,EAAE,mCAAmC;4BAChD,KAAK,EAAE,CAAC,EAAE,4BAA4B;4BACtC,MAAM,EAAE,gBAAgB,CAAC,0BAA0B;yBACtD;qBACJ;iBACJ;aACJ;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,MAAM,oCAAoC,CAAC,CAAC;QAE9E,mCAAmC;QACnC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,0BAA0B,MAAM,KAAK,CAAC,CAAC;YACnD,OAAO,MAAM;iBACR,OAAO,CAAC,OAAO,EAAE,+BAAoB,CAAC;iBACtC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;iBACpC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACX,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC;gBAC1D,MAAM,KAAK,CAAC;YAChB,CAAC,CAAC,CAAC;QACX,CAAC,CAAC,CAAC;QAEH,sCAAsC;QACtC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEhD,6BAA6B;QAC7B,MAAM,aAAa,GAAmC,EAAE,CAAC;QACzD,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE;YACnC,aAAa,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,OAAO,aAAa,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACpE,MAAM,KAAK,CAAC;IAChB,CAAC;AACL,CAAC;AAED,mBAAmB;AACnB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC5B,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -9,71 +9,30 @@ const index_js_1 = require("../../client/index.js");
 const streamableHttp_js_1 = require("../../client/streamableHttp.js");
 const types_js_1 = require("../../types.js");
 const auth_js_1 = require("../../client/auth.js");
+const simpleOAuthClientProvider_js_1 = require("./simpleOAuthClientProvider.js");
 // Configuration
 const DEFAULT_SERVER_URL = 'http://localhost:3000/mcp';
 const CALLBACK_PORT = 8090; // Use different port than auth server (3001)
 const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
-/**
- * In-memory OAuth client provider for demonstration purposes
- * In production, you should persist tokens securely
- */
-class InMemoryOAuthClientProvider {
-    constructor(_redirectUrl, _clientMetadata, onRedirect) {
-        this._redirectUrl = _redirectUrl;
-        this._clientMetadata = _clientMetadata;
-        this._onRedirect = onRedirect || ((url) => {
-            console.log(`Redirect to: ${url.toString()}`);
-        });
-    }
-    get redirectUrl() {
-        return this._redirectUrl;
-    }
-    get clientMetadata() {
-        return this._clientMetadata;
-    }
-    clientInformation() {
-        return this._clientInformation;
-    }
-    saveClientInformation(clientInformation) {
-        this._clientInformation = clientInformation;
-    }
-    tokens() {
-        return this._tokens;
-    }
-    saveTokens(tokens) {
-        this._tokens = tokens;
-    }
-    redirectToAuthorization(authorizationUrl) {
-        this._onRedirect(authorizationUrl);
-    }
-    saveCodeVerifier(codeVerifier) {
-        this._codeVerifier = codeVerifier;
-    }
-    codeVerifier() {
-        if (!this._codeVerifier) {
-            throw new Error('No code verifier saved');
-        }
-        return this._codeVerifier;
-    }
-}
 /**
 * Interactive MCP client with OAuth authentication
 * Demonstrates the complete OAuth flow with browser-based authorization
 */
 class InteractiveOAuthClient {
-    constructor(serverUrl) {
+    constructor(serverUrl, clientMetadataUrl) {
        this.serverUrl = serverUrl;
+        this.clientMetadataUrl = clientMetadataUrl;
        this.client = null;
        this.rl = (0, node_readline_1.createInterface)({
            input: process.stdin,
-            output: process.stdout,
+            output: process.stdout
        });
    }
    /**
     * Prompts user for input via readline
     */
    async question(query) {
-        return new Promise((resolve) => {
+        return new Promise(resolve => {
            this.rl.question(query, resolve);
        });
    }
@@ -83,7 +42,7 @@ class InteractiveOAuthClient {
    async openBrowser(url) {
        console.log(`🌐 Opening browser for authorization: ${url}`);
        const command = `open "${url}"`;
-        (0, node_child_process_1.exec)(command, (error) => {
+        (0, node_child_process_1.exec)(command, error => {
            if (error) {
                console.error(`Failed to open browser: ${error.message}`);
                console.log(`Please manually open: ${url}`);
@@ -111,7 +70,7 @@ class InteractiveOAuthClient {
                const code = parsedUrl.searchParams.get('code');
                const error = parsedUrl.searchParams.get('error');
                if (code) {
-                    console.log(`✅ Authorization code received: ${code === null || code === void 0 ? void 0 : code.substring(0, 10)}...`);
+                    console.log(`✅ Authorization code received: ${code?.substring(0, 10)}...`);
                    res.writeHead(200, { 'Content-Type': 'text/html' });
                    res.end(`
            <html>
@@ -188,20 +147,19 @@ class InteractiveOAuthClient {
            redirect_uris: [CALLBACK_URL],
            grant_types: ['authorization_code', 'refresh_token'],
            response_types: ['code'],
-            token_endpoint_auth_method: 'client_secret_post',
-            scope: 'mcp:tools'
+            token_endpoint_auth_method: 'client_secret_post'
        };
        console.log('🔐 Creating OAuth provider...');
-        const oauthProvider = new InMemoryOAuthClientProvider(CALLBACK_URL, clientMetadata, (redirectUrl) => {
+        const oauthProvider = new simpleOAuthClientProvider_js_1.InMemoryOAuthClientProvider(CALLBACK_URL, clientMetadata, (redirectUrl) => {
            console.log(`📌 OAuth redirect handler called - opening browser`);
            console.log(`Opening browser to: ${redirectUrl.toString()}`);
            this.openBrowser(redirectUrl.toString());
-        });
+        }, this.clientMetadataUrl);
        console.log('🔐 OAuth provider created');
        console.log('👤 Creating MCP client...');
        this.client = new index_js_1.Client({
            name: 'simple-oauth-client',
-            version: '1.0.0',
+            version: '1.0.0'
        }, { capabilities: {} });
        console.log('👤 Client created');
        console.log('🔐 Starting OAuth flow...');
@@ -217,6 +175,7 @@ class InteractiveOAuthClient {
        console.log('Commands:');
        console.log('  list - List available tools');
        console.log('  call <tool_name> [args] - Call a tool');
+        console.log('  stream <tool_name> [args] - Call a tool with streaming (shows task status)');
        console.log('  quit - Exit the client');
        console.log();
        while (true) {
@@ -236,8 +195,11 @@ class InteractiveOAuthClient {
                else if (command.startsWith('call ')) {
                    await this.handleCallTool(command);
                }
+                else if (command.startsWith('stream ')) {
+                    await this.handleStreamTool(command);
+                }
                else {
-                    console.log('❌ Unknown command. Try \'list\', \'call <tool_name>\', or \'quit\'');
+                    console.log("❌ Unknown command. Try 'list', 'call <tool_name>', 'stream <tool_name>', or 'quit'");
                }
            }
            catch (error) {
@@ -257,7 +219,7 @@ class InteractiveOAuthClient {
        try {
            const request = {
                method: 'tools/list',
-                params: {},
+                params: {}
            };
            const result = await this.client.request(request, types_js_1.ListToolsResultSchema);
            if (result.tools && result.tools.length > 0) {
@@ -292,7 +254,7 @@ class InteractiveOAuthClient {
            try {
                toolArgs = JSON.parse(argsString);
            }
-            catch (_a) {
+            catch {
                console.log('❌ Invalid arguments format (expected JSON)');
                return;
            }
@@ -309,13 +271,13 @@ class InteractiveOAuthClient {
                method: 'tools/call',
                params: {
                    name: toolName,
-                    arguments: toolArgs,
-                },
+                    arguments: toolArgs
+                }
            };
            const result = await this.client.request(request, types_js_1.CallToolResultSchema);
            console.log(`\n🔧 Tool '${toolName}' result:`);
            if (result.content) {
-                result.content.forEach((content) => {
+                result.content.forEach(content => {
                    if (content.type === 'text') {
                        console.log(content.text);
                    }
@@ -332,6 +294,78 @@ class InteractiveOAuthClient {
            console.error(`❌ Failed to call tool '${toolName}':`, error);
        }
    }
+    async handleStreamTool(command) {
+        const parts = command.split(/\s+/);
+        const toolName = parts[1];
+        if (!toolName) {
+            console.log('❌ Please specify a tool name');
+            return;
+        }
+        // Parse arguments (simple JSON-like format)
+        let toolArgs = {};
+        if (parts.length > 2) {
+            const argsString = parts.slice(2).join(' ');
+            try {
+                toolArgs = JSON.parse(argsString);
+            }
+            catch {
+                console.log('❌ Invalid arguments format (expected JSON)');
+                return;
+            }
+        }
+        await this.streamTool(toolName, toolArgs);
+    }
+    async streamTool(toolName, toolArgs) {
+        if (!this.client) {
+            console.log('❌ Not connected to server');
+            return;
+        }
+        try {
+            // Using the experimental tasks API - WARNING: may change without notice
+            console.log(`\n🔧 Streaming tool '${toolName}'...`);
+            const stream = this.client.experimental.tasks.callToolStream({
+                name: toolName,
+                arguments: toolArgs
+            }, types_js_1.CallToolResultSchema, {
+                task: {
+                    taskId: `task-${Date.now()}`,
+                    ttl: 60000
+                }
+            });
+            // Iterate through all messages yielded by the generator
+            for await (const message of stream) {
+                switch (message.type) {
+                    case 'taskCreated':
+                        console.log(`✓ Task created: ${message.task.taskId}`);
+                        break;
+                    case 'taskStatus':
+                        console.log(`⟳ Status: ${message.task.status}`);
+                        if (message.task.statusMessage) {
+                            console.log(`  ${message.task.statusMessage}`);
+                        }
+                        break;
+                    case 'result':
+                        console.log('✓ Completed!');
+                        message.result.content.forEach(content => {
+                            if (content.type === 'text') {
+                                console.log(content.text);
+                            }
+                            else {
+                                console.log(content);
+                            }
+                        });
+                        break;
+                    case 'error':
+                        console.log('✗ Error:');
+                        console.log(`  ${message.error.message}`);
+                        break;
+                }
+            }
+        }
+        catch (error) {
+            console.error(`❌ Failed to stream tool '${toolName}':`, error);
+        }
+    }
    close() {
        this.rl.close();
        if (this.client) {
@@ -344,11 +378,16 @@ class InteractiveOAuthClient {
 * Main entry point
 */
 async function main() {
-    const serverUrl = process.env.MCP_SERVER_URL || DEFAULT_SERVER_URL;
+    const args = process.argv.slice(2);
+    const serverUrl = args[0] || DEFAULT_SERVER_URL;
+    const clientMetadataUrl = args[1];
    console.log('🚀 Simple MCP OAuth Client');
    console.log(`Connecting to: ${serverUrl}`);
+    if (clientMetadataUrl) {
+        console.log(`Client Metadata URL: ${clientMetadataUrl}`);
+    }
    console.log();
-    const client = new InteractiveOAuthClient(serverUrl);
+    const client = new InteractiveOAuthClient(serverUrl, clientMetadataUrl);
    // Handle graceful shutdown
    process.on('SIGINT', () => {
        console.log('\n\n👋 Goodbye!');
@@ -367,7 +406,7 @@ async function main() {
    }
 }
 // Run if this file is executed directly
-main().catch((error) => {
+main().catch(error => {
    console.error('Unhandled error:', error);
    process.exit(1);
 });
@@ -1,14 +1,11 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 const index_js_1 = require("../../client/index.js");
 const streamableHttp_js_1 = require("../../client/streamableHttp.js");
 const node_readline_1 = require("node:readline");
 const types_js_1 = require("../../types.js");
 const metadataUtils_js_1 = require("../../shared/metadataUtils.js");
-const ajv_1 = __importDefault(require("ajv"));
+const ajv_1 = require("ajv");
 // Create readline interface for user input
 const readline = (0, node_readline_1.createInterface)({
    input: process.stdin,
@@ -39,9 +36,10 @@ function printHelp() {
    console.log('  reconnect                  - Reconnect to the server');
    console.log('  list-tools                 - List available tools');
    console.log('  call-tool <name> [args]    - Call a tool with optional JSON arguments');
+    console.log('  call-tool-task <name> [args] - Call a tool with task-based execution (example: call-tool-task delay {"duration":3000})');
    console.log('  greet [name]               - Call the greet tool');
    console.log('  multi-greet [name]         - Call the multi-greet tool with notifications');
-    console.log('  collect-info [type]        - Test elicitation with collect-user-info tool (contact/preferences/feedback)');
+    console.log('  collect-info [type]        - Test form elicitation with collect-user-info tool (contact/preferences/feedback)');
    console.log('  start-notifications [interval] [count] - Start periodic notifications');
    console.log('  run-notifications-tool-with-resumability [interval] [count] - Run notification tool with resumability');
    console.log('  list-prompts               - List available prompts');
@@ -53,9 +51,8 @@ function printHelp() {
 }
 function commandLoop() {
    readline.question('\n> ', async (input) => {
-        var _a;
        const args = input.trim().split(/\s+/);
-        const command = (_a = args[0]) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+        const command = args[0]?.toLowerCase();
        try {
            switch (command) {
                case 'connect':
@@ -84,7 +81,7 @@ function commandLoop() {
                            try {
                                toolArgs = JSON.parse(args.slice(2).join(' '));
                            }
-                            catch (_b) {
+                            catch {
                                console.log('Invalid JSON arguments. Using empty args.');
                            }
                        }
@@ -112,6 +109,24 @@ function commandLoop() {
                    await runNotificationsToolWithResumability(interval, count);
                    break;
                }
+                case 'call-tool-task':
+                    if (args.length < 2) {
+                        console.log('Usage: call-tool-task <name> [args]');
+                    }
+                    else {
+                        const toolName = args[1];
+                        let toolArgs = {};
+                        if (args.length > 2) {
+                            try {
+                                toolArgs = JSON.parse(args.slice(2).join(' '));
+                            }
+                            catch {
+                                console.log('Invalid JSON arguments. Using empty args.');
+                            }
+                        }
+                        await callToolTask(toolName, toolArgs);
+                    }
+                    break;
                case 'list-prompts':
                    await listPrompts();
                    break;
@@ -126,7 +141,7 @@ function commandLoop() {
                            try {
                                promptArgs = JSON.parse(args.slice(2).join(' '));
                            }
-                            catch (_c) {
+                            catch {
                                console.log('Invalid JSON arguments. Using empty args.');
                            }
                        }
@@ -175,30 +190,35 @@ async function connect(url) {
    }
    console.log(`Connecting to ${serverUrl}...`);
    try {
-        // Create a new client with elicitation capability
+        // Create a new client with form elicitation capability
        client = new index_js_1.Client({
            name: 'example-client',
            version: '1.0.0'
        }, {
            capabilities: {
-                elicitation: {},
-            },
+                elicitation: {
+                    form: {}
+                }
+            }
        });
-        client.onerror = (error) => {
+        client.onerror = error => {
            console.error('\x1b[31mClient error:', error, '\x1b[0m');
        };
        // Set up elicitation request handler with proper validation
        client.setRequestHandler(types_js_1.ElicitRequestSchema, async (request) => {
-            var _a;
-            console.log('\n🔔 Elicitation Request Received:');
+            if (request.params.mode !== 'form') {
+                throw new types_js_1.McpError(types_js_1.ErrorCode.InvalidParams, `Unsupported elicitation mode: ${request.params.mode}`);
+            }
+            console.log('\n🔔 Elicitation (form) Request Received:');
            console.log(`Message: ${request.params.message}`);
+            console.log(`Related Task: ${request.params._meta?.[types_js_1.RELATED_TASK_META_KEY]?.taskId}`);
            console.log('Requested Schema:');
            console.log(JSON.stringify(request.params.requestedSchema, null, 2));
            const schema = request.params.requestedSchema;
            const properties = schema.properties;
            const required = schema.required || [];
            // Set up AJV validator for the requested schema
-            const ajv = new ajv_1.default();
+            const ajv = new ajv_1.Ajv();
            const validate = ajv.compile(schema);
            let attempts = 0;
            const maxAttempts = 3;
@@ -240,8 +260,8 @@ async function connect(url) {
                        prompt += ` [default: ${field.default}]`;
                    }
                    prompt += ': ';
-                    const answer = await new Promise((resolve) => {
-                        readline.question(prompt, (input) => {
+                    const answer = await new Promise(resolve => {
+                        readline.question(prompt, input => {
                            resolve(input.trim());
                        });
                    });
@@ -302,7 +322,8 @@ async function connect(url) {
                    return { action: 'cancel' };
                }
                // If we didn't complete all fields due to an error, try again
-                if (Object.keys(content).length !== Object.keys(properties).filter(name => required.includes(name) || content[name] !== undefined).length) {
+                if (Object.keys(content).length !==
+                    Object.keys(properties).filter(name => required.includes(name) || content[name] !== undefined).length) {
                    if (attempts < maxAttempts) {
                        console.log('Please try again...');
                        continue;
@@ -316,8 +337,8 @@ async function connect(url) {
                const isValid = validate(content);
                if (!isValid) {
                    console.log('❌ Validation errors:');
-                    (_a = validate.errors) === null || _a === void 0 ? void 0 : _a.forEach(error => {
-                        console.log(`  - ${error.dataPath || 'root'}: ${error.message}`);
+                    validate.errors?.forEach(error => {
+                        console.log(`  - ${error.instancePath || 'root'}: ${error.message}`);
                    });
                    if (attempts < maxAttempts) {
                        console.log('Please correct the errors and try again...');
@@ -331,15 +352,15 @@ async function connect(url) {
                // Show the collected data and ask for confirmation
                console.log('\n✅ Collected data:');
                console.log(JSON.stringify(content, null, 2));
-                const confirmAnswer = await new Promise((resolve) => {
-                    readline.question('\nSubmit this information? (yes/no/cancel): ', (input) => {
+                const confirmAnswer = await new Promise(resolve => {
+                    readline.question('\nSubmit this information? (yes/no/cancel): ', input => {
                        resolve(input.trim().toLowerCase());
                    });
                });
                if (confirmAnswer === 'yes' || confirmAnswer === 'y') {
                    return {
                        action: 'accept',
-                        content,
+                        content
                    };
                }
                else if (confirmAnswer === 'cancel' || confirmAnswer === 'c') {
@@ -362,7 +383,7 @@ async function connect(url) {
            sessionId: sessionId
        });
        // Set up notification handlers
-        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, (notification) => {
+        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, notification => {
            notificationCount++;
            console.log(`\nNotification #${notificationCount}: ${notification.params.level} - ${notification.params.data}`);
            // Re-display the prompt
@@ -381,7 +402,7 @@ async function connect(url) {
                }, types_js_1.ListResourcesResultSchema);
                console.log('Available resources count:', resourcesResult.resources.length);
            }
-            catch (_a) {
+            catch {
                console.log('Failed to list resources after change notification');
            }
            // Re-display the prompt
@@ -536,7 +557,7 @@ async function callMultiGreetTool(name) {
    await callTool('multi-greet', { name });
 }
 async function callCollectInfoTool(infoType) {
-    console.log(`Testing elicitation with collect-user-info tool (${infoType})...`);
+    console.log(`Testing form elicitation with collect-user-info tool (${infoType})...`);
    await callTool('collect-user-info', { infoType });
 }
 async function startNotifications(interval, count) {
@@ -621,7 +642,7 @@ async function getPrompt(name, args) {
        const promptResult = await client.request(promptRequest, types_js_1.GetPromptResultSchema);
        console.log('Prompt template:');
        promptResult.messages.forEach((msg, index) => {
-            console.log(`  [${index + 1}] ${msg.role}: ${msg.content.text}`);
+            console.log(`  [${index + 1}] ${msg.role}: ${msg.content.type === 'text' ? msg.content.text : JSON.stringify(msg.content)}`);
        });
    }
    catch (error) {
@@ -674,7 +695,10 @@ async function readResource(uri) {
            if ('text' in content && typeof content.text === 'string') {
                console.log('  Content:');
                console.log('  ---');
-                console.log(content.text.split('\n').map((line) => '  ' + line).join('\n'));
+                console.log(content.text
+                    .split('\n')
+                    .map((line) => '  ' + line)
+                    .join('\n'));
                console.log('  ---');
            }
            else if ('blob' in content && typeof content.blob === 'string') {
@@ -686,6 +710,57 @@ async function readResource(uri) {
        console.log(`Error reading resource ${uri}: ${error}`);
    }
 }
+async function callToolTask(name, args) {
+    if (!client) {
+        console.log('Not connected to server.');
+        return;
+    }
+    console.log(`Calling tool '${name}' with task-based execution...`);
+    console.log('Arguments:', args);
+    // Use task-based execution - call now, fetch later
+    // Using the experimental tasks API - WARNING: may change without notice
+    console.log('This will return immediately while processing continues in the background...');
+    try {
+        // Call the tool with task metadata using streaming API
+        const stream = client.experimental.tasks.callToolStream({
+            name,
+            arguments: args
+        }, types_js_1.CallToolResultSchema, {
+            task: {
+                ttl: 60000 // Keep results for 60 seconds
+            }
+        });
+        console.log('Waiting for task completion...');
+        let lastStatus = '';
+        for await (const message of stream) {
+            switch (message.type) {
+                case 'taskCreated':
+                    console.log('Task created successfully with ID:', message.task.taskId);
+                    break;
+                case 'taskStatus':
+                    if (lastStatus !== message.task.status) {
+                        console.log(`  ${message.task.status}${message.task.statusMessage ? ` - ${message.task.statusMessage}` : ''}`);
+                    }
+                    lastStatus = message.task.status;
+                    break;
+                case 'result':
+                    console.log('Task completed!');
+                    console.log('Tool result:');
+                    message.result.content.forEach(item => {
+                        if (item.type === 'text') {
+                            console.log(`  ${item.text}`);
+                        }
+                    });
+                    break;
+                case 'error':
+                    throw message.error;
+            }
+        }
+    }
+    catch (error) {
+        console.log(`Error with task-based execution: ${error}`);
+    }
+}
 async function cleanup() {
    if (client && transport) {
        try {
@@ -30,7 +30,7 @@ async function main() {
        client = connection.client;
        transport = connection.transport;
        // Set up notification handler
-        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, (notification) => {
+        client.setNotificationHandler(types_js_1.LoggingMessageNotificationSchema, notification => {
            console.log(`Notification: ${notification.params.level} - ${notification.params.data}`);
        });
        // DEMO WORKFLOW:
@@ -64,7 +64,7 @@ async function connectWithBackwardsCompatibility(url) {
        name: 'backwards-compatible-client',
        version: '1.0.0'
    });
-    client.onerror = (error) => {
+    client.onerror = error => {
        console.error('Client error:', error);
    };
    const baseUrl = new URL(url);
@@ -1 +1 @@
-{"version":3,"file":"streamableHttpWithSseFallbackClient.js","sourceRoot":"","sources":["../../../../src/examples/client/streamableHttpWithSseFallbackClient.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,gDAAyD;AACzD,6CAMwB;AAExB;;;;;;;;;;GAUG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AAEzD,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAErD,IAAI,MAAc,CAAC;IACnB,IAAI,SAA6D,CAAC;IAElE,IAAI,CAAC;QACH,oDAAoD;QACpD,MAAM,UAAU,GAAG,MAAM,iCAAiC,CAAC,SAAS,CAAC,CAAC;QACtE,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;QAEjC,8BAA8B;QAC9B,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,CAAC,YAAY,EAAE,EAAE;YAC/E,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,CAAC,KAAK,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAExB,gCAAgC;QAChC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAEpC,4CAA4C;QAC5C,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAExD,gBAAgB;QAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAE9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iCAAiC,CAAC,GAAW;IAK1D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAE5D,8CAA8C;IAC9C,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAC;QACxB,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,MAAM,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;QACzB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE7B,IAAI,CAAC;QACH,0BAA0B;QAC1B,MAAM,mBAAmB,GAAG,IAAI,iDAA6B,CAAC,OAAO,CAAC,CAAC;QACvE,MAAM,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAE1C,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;QAC9E,OAAO;YACL,MAAM;YACN,SAAS,EAAE,mBAAmB;YAC9B,aAAa,EAAE,iBAAiB;SACjC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0DAA0D;QAC1D,OAAO,CAAC,GAAG,CAAC,+CAA+C,KAAK,EAAE,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,iDAAiD;YACjD,MAAM,YAAY,GAAG,IAAI,2BAAkB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,SAAS,GAAG,IAAI,iBAAM,CAAC;gBAC3B,IAAI,EAAE,6BAA6B;gBACnC,OAAO,EAAE,OAAO;aACjB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAEtC,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;YAC3E,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,KAAK;aACrB,CAAC;QACJ,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,8EAA8E,KAAK,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAChI,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,MAAc;IACrC,IAAI,CAAC;QACH,MAAM,YAAY,GAAqB;YACrC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,EAAE;SACX,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,gCAAqB,CAAC,CAAC;QAE9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;gBACrC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAAC,MAAc;IACjD,IAAI,CAAC;QACH,uDAAuD;QACvD,MAAM,OAAO,GAAoB;YAC/B,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE;gBACN,IAAI,EAAE,2BAA2B;gBACjC,SAAS,EAAE;oBACT,QAAQ,EAAE,IAAI,EAAE,iCAAiC;oBACjD,KAAK,EAAE,CAAC,CAAO,uBAAuB;iBACvC;aACF;SACF,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,+BAAoB,CAAC,CAAC;QAEnE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,mBAAmB;AACnB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"streamableHttpWithSseFallbackClient.js","sourceRoot":"","sources":["../../../../src/examples/client/streamableHttpWithSseFallbackClient.ts"],"names":[],"mappings":";;AAAA,oDAA+C;AAC/C,sEAA+E;AAC/E,gDAAyD;AACzD,6CAMwB;AAExB;;;;;;;;;;GAUG;AAEH,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,2BAA2B,CAAC;AAEzD,KAAK,UAAU,IAAI;IACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAErD,IAAI,MAAc,CAAC;IACnB,IAAI,SAA6D,CAAC;IAElE,IAAI,CAAC;QACD,oDAAoD;QACpD,MAAM,UAAU,GAAG,MAAM,iCAAiC,CAAC,SAAS,CAAC,CAAC;QACtE,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;QAEjC,8BAA8B;QAC9B,MAAM,CAAC,sBAAsB,CAAC,2CAAgC,EAAE,YAAY,CAAC,EAAE;YAC3E,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,CAAC,KAAK,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAExB,gCAAgC;QAChC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAEpC,4CAA4C;QAC5C,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAExD,gBAAgB;QAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iCAAiC,CAAC,GAAW;IAKxD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAE5D,8CAA8C;IAC9C,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAC;QACtB,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,OAAO;KACnB,CAAC,CAAC;IAEH,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE7B,IAAI,CAAC;QACD,0BAA0B;QAC1B,MAAM,mBAAmB,GAAG,IAAI,iDAA6B,CAAC,OAAO,CAAC,CAAC;QACvE,MAAM,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAE1C,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;QAC9E,OAAO;YACH,MAAM;YACN,SAAS,EAAE,mBAAmB;YAC9B,aAAa,EAAE,iBAAiB;SACnC,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,0DAA0D;QAC1D,OAAO,CAAC,GAAG,CAAC,+CAA+C,KAAK,EAAE,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QAEnE,IAAI,CAAC;YACD,iDAAiD;YACjD,MAAM,YAAY,GAAG,IAAI,2BAAkB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,SAAS,GAAG,IAAI,iBAAM,CAAC;gBACzB,IAAI,EAAE,6BAA6B;gBACnC,OAAO,EAAE,OAAO;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAEtC,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;YAC3E,OAAO;gBACH,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,KAAK;aACvB,CAAC;QACN,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,8EAA8E,KAAK,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAChI,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAChF,CAAC;IACL,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,MAAc;IACnC,IAAI,CAAC;QACD,MAAM,YAAY,GAAqB;YACnC,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,EAAE;SACb,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,gCAAqB,CAAC,CAAC;QAE9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACJ,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAChE,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAAC,MAAc;IAC/C,IAAI,CAAC;QACD,uDAAuD;QACvD,MAAM,OAAO,GAAoB;YAC7B,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE;gBACJ,IAAI,EAAE,2BAA2B;gBACjC,SAAS,EAAE;oBACP,QAAQ,EAAE,IAAI,EAAE,iCAAiC;oBACjD,KAAK,EAAE,CAAC,CAAC,uBAAuB;iBACnC;aACJ;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,+BAAoB,CAAC,CAAC;QAEnE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACJ,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,WAAW,EAAE,IAAI,CAAC,CAAC;YACjD,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;AACL,CAAC;AAED,mBAAmB;AACnB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC5B,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1,24 +1,24 @@
 import { AuthorizationParams, OAuthServerProvider } from '../../server/auth/provider.js';
 import { OAuthRegisteredClientsStore } from '../../server/auth/clients.js';
 import { OAuthClientInformationFull, OAuthMetadata, OAuthTokens } from '../../shared/auth.js';
-import { Response } from "express";
+import { Response } from 'express';
 import { AuthInfo } from '../../server/auth/types.js';
 export declare class DemoInMemoryClientsStore implements OAuthRegisteredClientsStore {
    private clients;
    getClient(clientId: string): Promise<{
        redirect_uris: string[];
        client_id: string;
-        jwks_uri?: string | undefined;
-        scope?: string | undefined;
        token_endpoint_auth_method?: string | undefined;
        grant_types?: string[] | undefined;
        response_types?: string[] | undefined;
        client_name?: string | undefined;
        client_uri?: string | undefined;
        logo_uri?: string | undefined;
+        scope?: string | undefined;
        contacts?: string[] | undefined;
        tos_uri?: string | undefined;
        policy_uri?: string | undefined;
+        jwks_uri?: string | undefined;
        jwks?: any;
        software_id?: string | undefined;
        software_version?: string | undefined;
@@ -30,17 +30,17 @@ export declare class DemoInMemoryClientsStore implements OAuthRegisteredClientsS
    registerClient(clientMetadata: OAuthClientInformationFull): Promise<{
        redirect_uris: string[];
        client_id: string;
-        jwks_uri?: string | undefined;
-        scope?: string | undefined;
        token_endpoint_auth_method?: string | undefined;
        grant_types?: string[] | undefined;
        response_types?: string[] | undefined;
        client_name?: string | undefined;
        client_uri?: string | undefined;
        logo_uri?: string | undefined;
+        scope?: string | undefined;
        contacts?: string[] | undefined;
        tos_uri?: string | undefined;
        policy_uri?: string | undefined;
+        jwks_uri?: string | undefined;
        jwks?: any;
        software_id?: string | undefined;
        software_version?: string | undefined;
@@ -1 +1 @@
-{"version":3,"file":"demoInMemoryOAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/examples/server/demoInMemoryOAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC9F,OAAgB,EAAW,QAAQ,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAKtD,qBAAa,wBAAyB,YAAW,2BAA2B;IAC1E,OAAO,CAAC,OAAO,CAAiD;IAE1D,SAAS,CAAC,QAAQ,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;IAI1B,cAAc,CAAC,cAAc,EAAE,0BAA0B;;;;;;;;;;;;;;;;;;;;;;CAIhE;AAED;;;;;;;GAOG;AACH,qBAAa,wBAAyB,YAAW,mBAAmB;IAOtD,OAAO,CAAC,gBAAgB,CAAC;IANrC,YAAY,2BAAkC;IAC9C,OAAO,CAAC,KAAK,CAE4B;IACzC,OAAO,CAAC,MAAM,CAA+B;gBAEzB,gBAAgB,CAAC,GAAE,CAAC,QAAQ,CAAC,EAAE,GAAG,KAAK,OAAO,aAAA;IAE5D,SAAS,CACb,MAAM,EAAE,0BAA0B,EAClC,MAAM,EAAE,mBAAmB,EAC3B,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IAoBV,6BAA6B,CACjC,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,MAAM,CAAC;IAWZ,yBAAyB,CAC7B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EAGzB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,WAAW,CAAC;IAoCjB,oBAAoB,CACxB,OAAO,EAAE,0BAA0B,EACnC,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,GAAG,GACd,OAAO,CAAC,WAAW,CAAC;IAIjB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAc1D;AAGD,eAAO,MAAM,eAAe,oDAAmD;IAAC,aAAa,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,GAAG,CAAC;IAAC,cAAc,EAAE,OAAO,CAAA;CAAC,KAAG,aA2EjJ,CAAA"}
+{"version":3,"file":"demoInMemoryOAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/examples/server/demoInMemoryOAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC9F,OAAgB,EAAW,QAAQ,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAKtD,qBAAa,wBAAyB,YAAW,2BAA2B;IACxE,OAAO,CAAC,OAAO,CAAiD;IAE1D,SAAS,CAAC,QAAQ,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;IAI1B,cAAc,CAAC,cAAc,EAAE,0BAA0B;;;;;;;;;;;;;;;;;;;;;;CAIlE;AAED;;;;;;;GAOG;AACH,qBAAa,wBAAyB,YAAW,mBAAmB;IAWpD,OAAO,CAAC,gBAAgB,CAAC;IAVrC,YAAY,2BAAkC;IAC9C,OAAO,CAAC,KAAK,CAMT;IACJ,OAAO,CAAC,MAAM,CAA+B;gBAEzB,gBAAgB,CAAC,GAAE,CAAC,QAAQ,CAAC,EAAE,GAAG,KAAK,OAAO,aAAA;IAE5D,SAAS,CAAC,MAAM,EAAE,0BAA0B,EAAE,MAAM,EAAE,mBAAmB,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAwCxG,6BAA6B,CAAC,MAAM,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAU7G,yBAAyB,CAC3B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EAGzB,aAAa,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,WAAW,CAAC;IAoCjB,oBAAoB,CACtB,OAAO,EAAE,0BAA0B,EACnC,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,GAAG,GAChB,OAAO,CAAC,WAAW,CAAC;IAIjB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAc5D;AAED,eAAO,MAAM,eAAe,oDAIzB;IACC,aAAa,EAAE,GAAG,CAAC;IACnB,YAAY,EAAE,GAAG,CAAC;IAClB,cAAc,EAAE,OAAO,CAAC;CAC3B,KAAG,aA+EH,CAAC"}
@@ -8,6 +8,7 @@ const node_crypto_1 = require("node:crypto");
 const express_1 = __importDefault(require("express"));
 const router_js_1 = require("../../server/auth/router.js");
 const auth_utils_js_1 = require("../../shared/auth-utils.js");
+const errors_js_1 = require("../../server/auth/errors.js");
 class DemoInMemoryClientsStore {
    constructor() {
        this.clients = new Map();
@@ -39,7 +40,7 @@ class DemoInMemoryAuthProvider {
    async authorize(client, params, res) {
        const code = (0, node_crypto_1.randomUUID)();
        const searchParams = new URLSearchParams({
-            code,
+            code
        });
        if (params.state !== undefined) {
            searchParams.set('state', params.state);
@@ -48,7 +49,26 @@ class DemoInMemoryAuthProvider {
            client,
            params
        });
-        const targetUrl = new URL(client.redirect_uris[0]);
+        // Simulate a user login
+        // Set a secure HTTP-only session cookie with authorization info
+        if (res.cookie) {
+            const authCookieData = {
+                userId: 'demo_user',
+                name: 'Demo User',
+                timestamp: Date.now()
+            };
+            res.cookie('demo_session', JSON.stringify(authCookieData), {
+                httpOnly: true,
+                secure: false, // In production, this should be true
+                sameSite: 'lax',
+                maxAge: 24 * 60 * 60 * 1000, // 24 hours - for demo purposes
+                path: '/' // Available to all routes
+            });
+        }
+        if (!client.redirect_uris.includes(params.redirectUri)) {
+            throw new errors_js_1.InvalidRequestError('Unregistered redirect_uri');
+        }
+        const targetUrl = new URL(params.redirectUri);
        targetUrl.search = searchParams.toString();
        res.redirect(targetUrl.toString());
    }
@@ -82,14 +102,14 @@ class DemoInMemoryAuthProvider {
            scopes: codeData.params.scopes || [],
            expiresAt: Date.now() + 3600000, // 1 hour
            resource: codeData.params.resource,
-            type: 'access',
+            type: 'access'
        };
        this.tokens.set(token, tokenData);
        return {
            access_token: token,
            token_type: 'bearer',
            expires_in: 3600,
-            scope: (codeData.params.scopes || []).join(' '),
+            scope: (codeData.params.scopes || []).join(' ')
        };
    }
    async exchangeRefreshToken(_client, _refreshToken, _scopes, _resource) {
@@ -105,7 +125,7 @@ class DemoInMemoryAuthProvider {
            clientId: tokenData.clientId,
            scopes: tokenData.scopes,
            expiresAt: Math.floor(tokenData.expiresAt / 1000),
-            resource: tokenData.resource,
+            resource: tokenData.resource
        };
    }
 }
@@ -116,12 +136,14 @@ const setupAuthServer = ({ authServerUrl, mcpServerUrl, strictResource }) => {
    // how to separate an OAuth Authorization Server from a Resource
    // server in the SDK. The SDK is not intended to be provide a standalone
    // authorization server.
-    const validateResource = strictResource ? (resource) => {
-        if (!resource)
-            return false;
-        const expectedResource = (0, auth_utils_js_1.resourceUrlFromServerUrl)(mcpServerUrl);
-        return resource.toString() === expectedResource.toString();
-    } : undefined;
+    const validateResource = strictResource
+        ? (resource) => {
+            if (!resource)
+                return false;
+            const expectedResource = (0, auth_utils_js_1.resourceUrlFromServerUrl)(mcpServerUrl);
+            return resource.toString() === expectedResource.toString();
+        }
+        : undefined;
    const provider = new DemoInMemoryAuthProvider(validateResource);
    const authApp = (0, express_1.default)();
    authApp.use(express_1.default.json());
@@ -133,7 +155,7 @@ const setupAuthServer = ({ authServerUrl, mcpServerUrl, strictResource }) => {
    authApp.use((0, router_js_1.mcpAuthRouter)({
        provider,
        issuerUrl: authServerUrl,
-        scopesSupported: ['mcp:tools'],
+        scopesSupported: ['mcp:tools']
    }));
    authApp.post('/introspect', async (req, res) => {
        try {
@@ -148,7 +170,7 @@ const setupAuthServer = ({ authServerUrl, mcpServerUrl, strictResource }) => {
                client_id: tokenInfo.clientId,
                scope: tokenInfo.scopes.join(' '),
                exp: tokenInfo.expiresAt,
-                aud: tokenInfo.resource,
+                aud: tokenInfo.resource
            });
            return;
        }
@@ -162,7 +184,7 @@ const setupAuthServer = ({ authServerUrl, mcpServerUrl, strictResource }) => {
    });
    const auth_port = authServerUrl.port;
    // Start the auth server
-    authApp.listen(auth_port, (error) => {
+    authApp.listen(auth_port, error => {
        if (error) {
            console.error('Failed to start server:', error);
            process.exit(1);
@@ -174,9 +196,9 @@ const setupAuthServer = ({ authServerUrl, mcpServerUrl, strictResource }) => {
    const oauthMetadata = (0, router_js_1.createOAuthMetadata)({
        provider,
        issuerUrl: authServerUrl,
-        scopesSupported: ['mcp:tools'],
+        scopesSupported: ['mcp:tools']
    });
-    oauthMetadata.introspection_endpoint = new URL("/introspect", authServerUrl).href;
+    oauthMetadata.introspection_endpoint = new URL('/introspect', authServerUrl).href;
    return oauthMetadata;
 };
 exports.setupAuthServer = setupAuthServer;
@@ -1,75 +1,94 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const node_crypto_1 = require("node:crypto");
 const mcp_js_1 = require("../../server/mcp.js");
 const streamableHttp_js_1 = require("../../server/streamableHttp.js");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const types_js_1 = require("../../types.js");
-const cors_1 = __importDefault(require("cors"));
+const express_js_1 = require("../../server/express.js");
 // Create an MCP server with implementation details
 const getServer = () => {
    const server = new mcp_js_1.McpServer({
        name: 'json-response-streamable-http-server',
-        version: '1.0.0',
+        version: '1.0.0'
    }, {
        capabilities: {
-            logging: {},
+            logging: {}
        }
    });
    // Register a simple tool that returns a greeting
-    server.tool('greet', 'A simple greeting tool', {
-        name: zod_1.z.string().describe('Name to greet'),
+    server.registerTool('greet', {
+        description: 'A simple greeting tool',
+        inputSchema: {
+            name: z.string().describe('Name to greet')
+        }
    }, async ({ name }) => {
        return {
            content: [
                {
                    type: 'text',
-                    text: `Hello, ${name}!`,
-                },
-            ],
+                    text: `Hello, ${name}!`
+                }
+            ]
        };
    });
    // Register a tool that sends multiple greetings with notifications
-    server.tool('multi-greet', 'A tool that sends different greetings with delays between them', {
-        name: zod_1.z.string().describe('Name to greet'),
-    }, async ({ name }, { sendNotification }) => {
+    server.registerTool('multi-greet', {
+        description: 'A tool that sends different greetings with delays between them',
+        inputSchema: {
+            name: z.string().describe('Name to greet')
+        }
+    }, async ({ name }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "debug", data: `Starting multi-greet for ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'debug',
+            data: `Starting multi-greet for ${name}`
+        }, extra.sessionId);
        await sleep(1000); // Wait 1 second before first greeting
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "info", data: `Sending first greeting to ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'info',
+            data: `Sending first greeting to ${name}`
+        }, extra.sessionId);
        await sleep(1000); // Wait another second before second greeting
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "info", data: `Sending second greeting to ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'info',
+            data: `Sending second greeting to ${name}`
+        }, extra.sessionId);
        return {
            content: [
                {
                    type: 'text',
-                    text: `Good morning, ${name}!`,
+                    text: `Good morning, ${name}!`
                }
-            ],
+            ]
        };
    });
    return server;
 };
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
-// Configure CORS to expose Mcp-Session-Id header for browser-based clients
-app.use((0, cors_1.default)({
-    origin: '*', // Allow all origins - adjust as needed for production
-    exposedHeaders: ['Mcp-Session-Id']
-}));
+const app = (0, express_js_1.createMcpExpressApp)();
 // Map to store transports by session ID
 const transports = {};
 app.post('/mcp', async (req, res) => {
@@ -87,7 +106,7 @@ app.post('/mcp', async (req, res) => {
            transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
                enableJsonResponse: true, // Enable JSON response mode
-                onsessioninitialized: (sessionId) => {
+                onsessioninitialized: sessionId => {
                    // Store the transport by session ID when session is initialized
                    // This avoids race conditions where requests might come in before the session is stored
                    console.log(`Session initialized with ID: ${sessionId}`);
@@ -106,9 +125,9 @@ app.post('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32000,
-                    message: 'Bad Request: No valid session ID provided',
+                    message: 'Bad Request: No valid session ID provided'
                },
-                id: null,
+                id: null
            });
            return;
        }
@@ -122,9 +141,9 @@ app.post('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32603,
-                    message: 'Internal server error',
+                    message: 'Internal server error'
                },
-                id: null,
+                id: null
            });
        }
    }
@@ -137,7 +156,7 @@ app.get('/mcp', async (req, res) => {
 });
 // Start the server
 const PORT = 3000;
-app.listen(PORT, (error) => {
+app.listen(PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -1 +1 @@
-{"version":3,"file":"jsonResponseStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/jsonResponseStreamableHttp.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,6CAAyC;AACzC,gDAAgD;AAChD,sEAA+E;AAC/E,6BAAwB;AACxB,6CAAqE;AACrE,gDAAwB;AAGxB,mDAAmD;AACnD,MAAM,SAAS,GAAG,GAAG,EAAE;IACrB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,OAAO;KACjB,EAAE;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,EAAE;SACZ;KACF,CAAC,CAAC;IAEH,iDAAiD;IACjD,MAAM,CAAC,IAAI,CACT,OAAO,EACP,wBAAwB,EACxB;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;KAC3C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA2B,EAAE;QAC1C,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,UAAU,IAAI,GAAG;iBACxB;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,mEAAmE;IACnE,MAAM,CAAC,IAAI,CACT,aAAa,EACb,gEAAgE,EAChE;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;KAC3C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAA2B,EAAE;QAChE,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAE9E,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,4BAA4B,IAAI,EAAE,EAAE;SACrE,CAAC,CAAC;QAEH,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,sCAAsC;QAEzD,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,6BAA6B,IAAI,EAAE,EAAE;SACrE,CAAC,CAAC;QAEH,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,6CAA6C;QAEhE,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,IAAI,EAAE,EAAE;SACtE,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,iBAAiB,IAAI,GAAG;iBAC/B;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA;AAED,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,2EAA2E;AAC3E,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC;IACX,MAAM,EAAE,GAAG,EAAE,sDAAsD;IACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;CACnC,CAAC,CAAC,CAAC;AAEJ,wCAAwC;AACxC,MAAM,UAAU,GAA2D,EAAE,CAAC;AAE9E,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACrD,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,2BAA2B;YAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,sDAAsD;YACtD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC5C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,kBAAkB,EAAE,IAAI,EAAE,4BAA4B;gBACtD,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;oBAClC,gEAAgE;oBAChE,wFAAwF;oBACxF,OAAO,CAAC,GAAG,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;oBACzD,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;gBACpC,CAAC;aACF,CAAC,CAAC;YAEH,sEAAsE;YACtE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,kBAAkB;QAC5B,CAAC;aAAM,CAAC;YACN,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,2CAA2C;iBACrD;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oEAAoE;QACpE,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACjC;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACpD,qFAAqF;IACrF,kEAAkE;IAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;IACzB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,gDAAgD,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"jsonResponseStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/jsonResponseStreamableHttp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,6CAAyC;AACzC,gDAAgD;AAChD,sEAA+E;AAC/E,0CAA4B;AAC5B,6CAAqE;AACrE,wDAA8D;AAE9D,mDAAmD;AACnD,MAAM,SAAS,GAAG,GAAG,EAAE;IACnB,MAAM,MAAM,GAAG,IAAI,kBAAS,CACxB;QACI,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,OAAO;KACnB,EACD;QACI,YAAY,EAAE;YACV,OAAO,EAAE,EAAE;SACd;KACJ,CACJ,CAAC;IAEF,iDAAiD;IACjD,MAAM,CAAC,YAAY,CACf,OAAO,EACP;QACI,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE;YACT,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;SAC7C;KACJ,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA2B,EAAE;QACxC,OAAO;YACH,OAAO,EAAE;gBACL;oBACI,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,UAAU,IAAI,GAAG;iBAC1B;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IAEF,mEAAmE;IACnE,MAAM,CAAC,YAAY,CACf,aAAa,EACb;QACI,WAAW,EAAE,gEAAgE;QAC7E,WAAW,EAAE;YACT,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;SAC7C;KACJ,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAA2B,EAAE;QAC/C,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAE9E,MAAM,MAAM,CAAC,kBAAkB,CAC3B;YACI,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,4BAA4B,IAAI,EAAE;SAC3C,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;QAEF,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,sCAAsC;QAEzD,MAAM,MAAM,CAAC,kBAAkB,CAC3B;YACI,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,6BAA6B,IAAI,EAAE;SAC5C,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;QAEF,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,6CAA6C;QAEhE,MAAM,MAAM,CAAC,kBAAkB,CAC3B;YACI,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,8BAA8B,IAAI,EAAE;SAC7C,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;QAEF,OAAO;YACH,OAAO,EAAE;gBACL;oBACI,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,iBAAiB,IAAI,GAAG;iBACjC;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IACF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAA,gCAAmB,GAAE,CAAC;AAElC,wCAAwC;AACxC,MAAM,UAAU,GAA2D,EAAE,CAAC;AAE9E,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC;QACD,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,2BAA2B;YAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,sDAAsD;YACtD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC1C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,kBAAkB,EAAE,IAAI,EAAE,4BAA4B;gBACtD,oBAAoB,EAAE,SAAS,CAAC,EAAE;oBAC9B,gEAAgE;oBAChE,wFAAwF;oBACxF,OAAO,CAAC,GAAG,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;oBACzD,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;gBACtC,CAAC;aACJ,CAAC,CAAC;YAEH,sEAAsE;YACtE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,kBAAkB;QAC9B,CAAC;aAAM,CAAC;YACJ,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACH,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,2CAA2C;iBACvD;gBACD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,oEAAoE;QACpE,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACH,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACnC;gBACD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;QACP,CAAC;IACL,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClD,qFAAqF;IACrF,kEAAkE;IAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AACpE,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE;IACrB,IAAI,KAAK,EAAE,CAAC;QACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,gDAAgD,IAAI,EAAE,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC5B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -4,67 +4,92 @@
 * Example MCP server using the high-level McpServer API with outputSchema
 * This demonstrates how to easily create tools with structured output
 */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const mcp_js_1 = require("../../server/mcp.js");
 const stdio_js_1 = require("../../server/stdio.js");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const server = new mcp_js_1.McpServer({
-    name: "mcp-output-schema-high-level-example",
-    version: "1.0.0",
+    name: 'mcp-output-schema-high-level-example',
+    version: '1.0.0'
 });
 // Define a tool with structured output - Weather data
-server.registerTool("get_weather", {
-    description: "Get weather information for a city",
+server.registerTool('get_weather', {
+    description: 'Get weather information for a city',
    inputSchema: {
-        city: zod_1.z.string().describe("City name"),
-        country: zod_1.z.string().describe("Country code (e.g., US, UK)")
+        city: z.string().describe('City name'),
+        country: z.string().describe('Country code (e.g., US, UK)')
    },
    outputSchema: {
-        temperature: zod_1.z.object({
-            celsius: zod_1.z.number(),
-            fahrenheit: zod_1.z.number()
+        temperature: z.object({
+            celsius: z.number(),
+            fahrenheit: z.number()
        }),
-        conditions: zod_1.z.enum(["sunny", "cloudy", "rainy", "stormy", "snowy"]),
-        humidity: zod_1.z.number().min(0).max(100),
-        wind: zod_1.z.object({
-            speed_kmh: zod_1.z.number(),
-            direction: zod_1.z.string()
+        conditions: z.enum(['sunny', 'cloudy', 'rainy', 'stormy', 'snowy']),
+        humidity: z.number().min(0).max(100),
+        wind: z.object({
+            speed_kmh: z.number(),
+            direction: z.string()
        })
-    },
+    }
 }, async ({ city, country }) => {
    // Parameters are available but not used in this example
    void city;
    void country;
    // Simulate weather API call
    const temp_c = Math.round((Math.random() * 35 - 5) * 10) / 10;
-    const conditions = ["sunny", "cloudy", "rainy", "stormy", "snowy"][Math.floor(Math.random() * 5)];
+    const conditions = ['sunny', 'cloudy', 'rainy', 'stormy', 'snowy'][Math.floor(Math.random() * 5)];
    const structuredContent = {
        temperature: {
            celsius: temp_c,
-            fahrenheit: Math.round((temp_c * 9 / 5 + 32) * 10) / 10
+            fahrenheit: Math.round(((temp_c * 9) / 5 + 32) * 10) / 10
        },
        conditions,
        humidity: Math.round(Math.random() * 100),
        wind: {
            speed_kmh: Math.round(Math.random() * 50),
-            direction: ["N", "NE", "E", "SE", "S", "SW", "W", "NW"][Math.floor(Math.random() * 8)]
+            direction: ['N', 'NE', 'E', 'SE', 'S', 'SW', 'W', 'NW'][Math.floor(Math.random() * 8)]
        }
    };
    return {
-        content: [{
-                type: "text",
+        content: [
+            {
+                type: 'text',
                text: JSON.stringify(structuredContent, null, 2)
-            }],
+            }
+        ],
        structuredContent
    };
 });
 async function main() {
    const transport = new stdio_js_1.StdioServerTransport();
    await server.connect(transport);
-    console.error("High-level Output Schema Example Server running on stdio");
+    console.error('High-level Output Schema Example Server running on stdio');
 }
-main().catch((error) => {
-    console.error("Server error:", error);
+main().catch(error => {
+    console.error('Server error:', error);
    process.exit(1);
 });
 //# sourceMappingURL=mcpServerOutputSchema.js.map
@@ -1 +1 @@
-{"version":3,"file":"mcpServerOutputSchema.js","sourceRoot":"","sources":["../../../../src/examples/server/mcpServerOutputSchema.ts"],"names":[],"mappings":";;AACA;;;GAGG;;AAEH,gDAAgD;AAChD,oDAA6D;AAC7D,6BAAwB;AAExB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAC1B;IACE,IAAI,EAAE,sCAAsC;IAC5C,OAAO,EAAE,OAAO;CACjB,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,YAAY,CACjB,aAAa,EACb;IACE,WAAW,EAAE,oCAAoC;IACjD,WAAW,EAAE;QACX,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;QACtC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;KAC5D;IACD,YAAY,EAAE;QACZ,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC;YACpB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;YACnB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;SACvB,CAAC;QACF,UAAU,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;QACpC,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC;YACb,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;YACrB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;SACtB,CAAC;KACH;CACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;IAC1B,wDAAwD;IACxD,KAAK,IAAI,CAAC;IACV,KAAK,OAAO,CAAC;IACb,4BAA4B;IAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IAElG,MAAM,iBAAiB,GAAG;QACxB,WAAW,EAAE;YACX,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE;SACxD;QACD,UAAU;QACV,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;QACzC,IAAI,EAAE;YACJ,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC;YACzC,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;SACvF;KACF,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC;gBACR,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;aACjD,CAAC;QACF,iBAAiB;KAClB,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"mcpServerOutputSchema.js","sourceRoot":"","sources":["../../../../src/examples/server/mcpServerOutputSchema.ts"],"names":[],"mappings":";;AACA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,gDAAgD;AAChD,oDAA6D;AAC7D,0CAA4B;AAE5B,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;IACzB,IAAI,EAAE,sCAAsC;IAC5C,OAAO,EAAE,OAAO;CACnB,CAAC,CAAC;AAEH,sDAAsD;AACtD,MAAM,CAAC,YAAY,CACf,aAAa,EACb;IACI,WAAW,EAAE,oCAAoC;IACjD,WAAW,EAAE;QACT,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;QACtC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;KAC9D;IACD,YAAY,EAAE;QACV,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YAClB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;SACzB,CAAC;QACF,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YACX,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;YACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACxB,CAAC;KACL;CACJ,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;IACxB,wDAAwD;IACxD,KAAK,IAAI,CAAC;IACV,KAAK,OAAO,CAAC;IACb,4BAA4B;IAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IAElG,MAAM,iBAAiB,GAAG;QACtB,WAAW,EAAE;YACT,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE;SAC5D;QACD,UAAU;QACV,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;QACzC,IAAI,EAAE;YACF,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC;YACzC,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;SACzF;KACJ,CAAC;IAEF,OAAO;QACH,OAAO,EAAE;YACL;gBACI,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;aACnD;SACJ;QACD,iBAAiB;KACpB,CAAC;AACN,CAAC,CACJ,CAAC;AAEF,KAAK,UAAU,IAAI;IACf,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1,12 +1,32 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const mcp_js_1 = require("../../server/mcp.js");
 const sse_js_1 = require("../../server/sse.js");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
+const express_js_1 = require("../../server/express.js");
 /**
 * This example server demonstrates the deprecated HTTP+SSE transport
 * (protocol version 2024-11-05). It mainly used for testing backward compatible clients.
@@ -20,52 +40,48 @@ const zod_1 = require("zod");
 const getServer = () => {
    const server = new mcp_js_1.McpServer({
        name: 'simple-sse-server',
-        version: '1.0.0',
+        version: '1.0.0'
    }, { capabilities: { logging: {} } });
-    server.tool('start-notification-stream', 'Starts sending periodic notifications', {
-        interval: zod_1.z.number().describe('Interval in milliseconds between notifications').default(1000),
-        count: zod_1.z.number().describe('Number of notifications to send').default(10),
-    }, async ({ interval, count }, { sendNotification }) => {
+    server.registerTool('start-notification-stream', {
+        description: 'Starts sending periodic notifications',
+        inputSchema: {
+            interval: z.number().describe('Interval in milliseconds between notifications').default(1000),
+            count: z.number().describe('Number of notifications to send').default(10)
+        }
+    }, async ({ interval, count }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
        let counter = 0;
        // Send the initial notification
-        await sendNotification({
-            method: "notifications/message",
-            params: {
-                level: "info",
-                data: `Starting notification stream with ${count} messages every ${interval}ms`
-            }
-        });
+        await server.sendLoggingMessage({
+            level: 'info',
+            data: `Starting notification stream with ${count} messages every ${interval}ms`
+        }, extra.sessionId);
        // Send periodic notifications
        while (counter < count) {
            counter++;
            await sleep(interval);
            try {
-                await sendNotification({
-                    method: "notifications/message",
-                    params: {
-                        level: "info",
-                        data: `Notification #${counter} at ${new Date().toISOString()}`
-                    }
-                });
+                await server.sendLoggingMessage({
+                    level: 'info',
+                    data: `Notification #${counter} at ${new Date().toISOString()}`
+                }, extra.sessionId);
            }
            catch (error) {
-                console.error("Error sending notification:", error);
+                console.error('Error sending notification:', error);
            }
        }
        return {
            content: [
                {
                    type: 'text',
-                    text: `Completed sending ${count} notifications every ${interval}ms`,
+                    text: `Completed sending ${count} notifications every ${interval}ms`
                }
-            ],
+            ]
        };
    });
    return server;
 };
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
+const app = (0, express_js_1.createMcpExpressApp)();
 // Store transports by session ID
 const transports = {};
 // SSE endpoint for establishing the stream
@@ -125,7 +141,7 @@ app.post('/messages', async (req, res) => {
 });
 // Start the server
 const PORT = 3000;
-app.listen(PORT, (error) => {
+app.listen(PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -1 +1 @@
-{"version":3,"file":"simpleSseServer.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleSseServer.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,gDAAgD;AAChD,gDAAyD;AACzD,6BAAwB;AAGxB;;;;;;;;GAQG;AAEH,gCAAgC;AAChC,MAAM,SAAS,GAAG,GAAG,EAAE;IACrB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,OAAO;KACjB,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,CAAC,IAAI,CACT,2BAA2B,EAC3B,uCAAuC,EACvC;QACE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;QAC7F,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;KAC1E,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAA2B,EAAE;QAC3E,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,gCAAgC;QAChC,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE;gBACN,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,qCAAqC,KAAK,mBAAmB,QAAQ,IAAI;aAChF;SACF,CAAC,CAAC;QAEH,8BAA8B;QAC9B,OAAO,OAAO,GAAG,KAAK,EAAE,CAAC;YACvB,OAAO,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;YAEtB,IAAI,CAAC;gBACH,MAAM,gBAAgB,CAAC;oBACrB,MAAM,EAAE,uBAAuB;oBAC/B,MAAM,EAAE;wBACN,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,iBAAiB,OAAO,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;qBAChE;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qBAAqB,KAAK,wBAAwB,QAAQ,IAAI;iBACrE;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,iCAAiC;AACjC,MAAM,UAAU,GAAuC,EAAE,CAAC;AAE1D,2CAA2C;AAC3C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACpD,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IAEtE,IAAI,CAAC;QACH,4CAA4C;QAC5C,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAE3D,oCAAoC;QACpC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;QACtC,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;QAElC,2DAA2D;QAC3D,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YACvB,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;YAC7D,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC,CAAC;QAEF,0CAA0C;QAC1C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,2DAA2D;AAC3D,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC1D,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAElD,8CAA8C;IAC9C,+EAA+E;IAC/E,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAA+B,CAAC;IAE5D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6CAA6C,SAAS,EAAE,CAAC,CAAC;QACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,6CAA6C;QAC7C,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;IACzB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,gFAAgF,IAAI,EAAE,CAAC,CAAC;AACtG,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAEvC,6DAA6D;IAC7D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;YAC1D,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;YACpC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"simpleSseServer.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleSseServer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,gDAAgD;AAChD,gDAAyD;AACzD,0CAA4B;AAE5B,wDAA8D;AAE9D;;;;;;;;GAQG;AAEH,gCAAgC;AAChC,MAAM,SAAS,GAAG,GAAG,EAAE;IACnB,MAAM,MAAM,GAAG,IAAI,kBAAS,CACxB;QACI,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,OAAO;KACnB,EACD,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CACpC,CAAC;IAEF,MAAM,CAAC,YAAY,CACf,2BAA2B,EAC3B;QACI,WAAW,EAAE,uCAAuC;QACpD,WAAW,EAAE;YACT,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;YAC7F,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;SAC5E;KACJ,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,KAAK,EAA2B,EAAE;QAC1D,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,gCAAgC;QAChC,MAAM,MAAM,CAAC,kBAAkB,CAC3B;YACI,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,qCAAqC,KAAK,mBAAmB,QAAQ,IAAI;SAClF,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;QAEF,8BAA8B;QAC9B,OAAO,OAAO,GAAG,KAAK,EAAE,CAAC;YACrB,OAAO,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;YAEtB,IAAI,CAAC;gBACD,MAAM,MAAM,CAAC,kBAAkB,CAC3B;oBACI,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,iBAAiB,OAAO,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;iBAClE,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;YACN,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACxD,CAAC;QACL,CAAC;QAED,OAAO;YACH,OAAO,EAAE;gBACL;oBACI,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qBAAqB,KAAK,wBAAwB,QAAQ,IAAI;iBACvE;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IACF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAA,gCAAmB,GAAE,CAAC;AAElC,iCAAiC;AACjC,MAAM,UAAU,GAAuC,EAAE,CAAC;AAE1D,2CAA2C;AAC3C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClD,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IAEtE,IAAI,CAAC;QACD,4CAA4C;QAC5C,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAE3D,oCAAoC;QACpC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;QACtC,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;QAElC,2DAA2D;QAC3D,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YACrB,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;YAC7D,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC,CAAC;QAEF,0CAA0C;QAC1C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC1D,CAAC;IACL,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,2DAA2D;AAC3D,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACxD,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAElD,8CAA8C;IAC9C,+EAA+E;IAC/E,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAA+B,CAAC;IAE5D,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QACpD,OAAO;IACX,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,6CAA6C,SAAS,EAAE,CAAC,CAAC;QACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC1C,OAAO;IACX,CAAC;IAED,IAAI,CAAC;QACD,6CAA6C;QAC7C,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;IACL,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE;IACrB,IAAI,KAAK,EAAE,CAAC;QACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,gFAAgF,IAAI,EAAE,CAAC,CAAC;AACxG,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC5B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAEvC,6DAA6D;IAC7D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;YAC1D,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;YACpC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9E,CAAC;IACL,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1,22 +1,44 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const mcp_js_1 = require("../../server/mcp.js");
 const streamableHttp_js_1 = require("../../server/streamableHttp.js");
-const zod_1 = require("zod");
-const cors_1 = __importDefault(require("cors"));
+const z = __importStar(require("zod/v4"));
+const express_js_1 = require("../../server/express.js");
 const getServer = () => {
    // Create an MCP server with implementation details
    const server = new mcp_js_1.McpServer({
        name: 'stateless-streamable-http-server',
-        version: '1.0.0',
+        version: '1.0.0'
    }, { capabilities: { logging: {} } });
    // Register a simple prompt
-    server.prompt('greeting-template', 'A simple greeting prompt template', {
-        name: zod_1.z.string().describe('Name to include in greeting'),
+    server.registerPrompt('greeting-template', {
+        description: 'A simple greeting prompt template',
+        argsSchema: {
+            name: z.string().describe('Name to include in greeting')
+        }
    }, async ({ name }) => {
        return {
            messages: [
@@ -24,32 +46,32 @@ const getServer = () => {
                    role: 'user',
                    content: {
                        type: 'text',
-                        text: `Please greet ${name} in a friendly manner.`,
-                    },
-                },
-            ],
+                        text: `Please greet ${name} in a friendly manner.`
+                    }
+                }
+            ]
        };
    });
    // Register a tool specifically for testing resumability
-    server.tool('start-notification-stream', 'Starts sending periodic notifications for testing resumability', {
-        interval: zod_1.z.number().describe('Interval in milliseconds between notifications').default(100),
-        count: zod_1.z.number().describe('Number of notifications to send (0 for 100)').default(10),
-    }, async ({ interval, count }, { sendNotification }) => {
+    server.registerTool('start-notification-stream', {
+        description: 'Starts sending periodic notifications for testing resumability',
+        inputSchema: {
+            interval: z.number().describe('Interval in milliseconds between notifications').default(100),
+            count: z.number().describe('Number of notifications to send (0 for 100)').default(10)
+        }
+    }, async ({ interval, count }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
        let counter = 0;
        while (count === 0 || counter < count) {
            counter++;
            try {
-                await sendNotification({
-                    method: "notifications/message",
-                    params: {
-                        level: "info",
-                        data: `Periodic notification #${counter} at ${new Date().toISOString()}`
-                    }
-                });
+                await server.sendLoggingMessage({
+                    level: 'info',
+                    data: `Periodic notification #${counter} at ${new Date().toISOString()}`
+                }, extra.sessionId);
            }
            catch (error) {
-                console.error("Error sending notification:", error);
+                console.error('Error sending notification:', error);
            }
            // Wait for the specified interval
            await sleep(interval);
@@ -58,36 +80,30 @@ const getServer = () => {
            content: [
                {
                    type: 'text',
-                    text: `Started sending periodic notifications every ${interval}ms`,
+                    text: `Started sending periodic notifications every ${interval}ms`
                }
-            ],
+            ]
        };
    });
    // Create a simple resource at a fixed URI
-    server.resource('greeting-resource', 'https://example.com/greetings/default', { mimeType: 'text/plain' }, async () => {
+    server.registerResource('greeting-resource', 'https://example.com/greetings/default', { mimeType: 'text/plain' }, async () => {
        return {
            contents: [
                {
                    uri: 'https://example.com/greetings/default',
-                    text: 'Hello, world!',
-                },
-            ],
+                    text: 'Hello, world!'
+                }
+            ]
        };
    });
    return server;
 };
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
-// Configure CORS to expose Mcp-Session-Id header for browser-based clients
-app.use((0, cors_1.default)({
-    origin: '*', // Allow all origins - adjust as needed for production
-    exposedHeaders: ['Mcp-Session-Id']
-}));
+const app = (0, express_js_1.createMcpExpressApp)();
 app.post('/mcp', async (req, res) => {
    const server = getServer();
    try {
        const transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
-            sessionIdGenerator: undefined,
+            sessionIdGenerator: undefined
        });
        await server.connect(transport);
        await transport.handleRequest(req, res, req.body);
@@ -104,9 +120,9 @@ app.post('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32603,
-                    message: 'Internal server error',
+                    message: 'Internal server error'
                },
-                id: null,
+                id: null
            });
        }
    }
@@ -114,10 +130,10 @@ app.post('/mcp', async (req, res) => {
 app.get('/mcp', async (req, res) => {
    console.log('Received GET MCP request');
    res.writeHead(405).end(JSON.stringify({
-        jsonrpc: "2.0",
+        jsonrpc: '2.0',
        error: {
            code: -32000,
-            message: "Method not allowed."
+            message: 'Method not allowed.'
        },
        id: null
    }));
@@ -125,17 +141,17 @@ app.get('/mcp', async (req, res) => {
 app.delete('/mcp', async (req, res) => {
    console.log('Received DELETE MCP request');
    res.writeHead(405).end(JSON.stringify({
-        jsonrpc: "2.0",
+        jsonrpc: '2.0',
        error: {
            code: -32000,
-            message: "Method not allowed."
+            message: 'Method not allowed.'
        },
        id: null
    }));
 });
 // Start the server
 const PORT = 3000;
-app.listen(PORT, (error) => {
+app.listen(PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -1 +1 @@
-{"version":3,"file":"simpleStatelessStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleStatelessStreamableHttp.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,gDAAgD;AAChD,sEAA+E;AAC/E,6BAAwB;AAExB,gDAAwB;AAExB,MAAM,SAAS,GAAG,GAAG,EAAE;IACrB,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,OAAO;KACjB,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEtC,2BAA2B;IAC3B,MAAM,CAAC,MAAM,CACX,mBAAmB,EACnB,mCAAmC,EACnC;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;KACzD,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA4B,EAAE;QAC3C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,gBAAgB,IAAI,wBAAwB;qBACnD;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,wDAAwD;IACxD,MAAM,CAAC,IAAI,CACT,2BAA2B,EAC3B,gEAAgE,EAChE;QACE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAC5F,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;KACtF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAA2B,EAAE;QAC3E,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,OAAO,KAAK,KAAK,CAAC,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC;YACtC,OAAO,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,gBAAgB,CAAC;oBACrB,MAAM,EAAE,uBAAuB;oBAC/B,MAAM,EAAE;wBACN,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,0BAA0B,OAAO,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;qBACzE;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACtD,CAAC;YACD,kCAAkC;YAClC,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,gDAAgD,QAAQ,IAAI;iBACnE;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,0CAA0C;IAC1C,MAAM,CAAC,QAAQ,CACb,mBAAmB,EACnB,uCAAuC,EACvC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAC1B,KAAK,IAAiC,EAAE;QACtC,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,uCAAuC;oBAC5C,IAAI,EAAE,eAAe;iBACtB;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA;AAED,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,2EAA2E;AAC3E,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC;IACX,MAAM,EAAE,GAAG,EAAE,sDAAsD;IACnE,cAAc,EAAE,CAAC,gBAAgB,CAAC;CACnC,CAAC,CAAC,CAAC;AAEJ,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACrD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,SAAS,GAAkC,IAAI,iDAA6B,CAAC;YACjF,kBAAkB,EAAE,SAAS;SAC9B,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAClD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACnB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC9B,SAAS,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACjC;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACpD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,OAAO,EAAE,KAAK;QACd,KAAK,EAAE;YACL,IAAI,EAAE,CAAC,KAAK;YACZ,OAAO,EAAE,qBAAqB;SAC/B;QACD,EAAE,EAAE,IAAI;KACT,CAAC,CAAC,CAAC;AACN,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACvD,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;QACpC,OAAO,EAAE,KAAK;QACd,KAAK,EAAE;YACL,IAAI,EAAE,CAAC,KAAK;YACZ,OAAO,EAAE,qBAAqB;SAC/B;QACD,EAAE,EAAE,IAAI;KACT,CAAC,CAAC,CAAC;AACN,CAAC,CAAC,CAAC;AAGH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;IACzB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;AAChF,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"simpleStatelessStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleStatelessStreamableHttp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,gDAAgD;AAChD,sEAA+E;AAC/E,0CAA4B;AAE5B,wDAA8D;AAE9D,MAAM,SAAS,GAAG,GAAG,EAAE;IACnB,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,kBAAS,CACxB;QACI,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,OAAO;KACnB,EACD,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CACpC,CAAC;IAEF,2BAA2B;IAC3B,MAAM,CAAC,cAAc,CACjB,mBAAmB,EACnB;QACI,WAAW,EAAE,mCAAmC;QAChD,UAAU,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;SAC3D;KACJ,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA4B,EAAE;QACzC,OAAO;YACH,QAAQ,EAAE;gBACN;oBACI,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACL,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,gBAAgB,IAAI,wBAAwB;qBACrD;iBACJ;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IAEF,wDAAwD;IACxD,MAAM,CAAC,YAAY,CACf,2BAA2B,EAC3B;QACI,WAAW,EAAE,gEAAgE;QAC7E,WAAW,EAAE;YACT,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YAC5F,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;SACxF;KACJ,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,KAAK,EAA2B,EAAE;QAC1D,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,OAAO,KAAK,KAAK,CAAC,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC;YACpC,OAAO,EAAE,CAAC;YACV,IAAI,CAAC;gBACD,MAAM,MAAM,CAAC,kBAAkB,CAC3B;oBACI,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,0BAA0B,OAAO,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;iBAC3E,EACD,KAAK,CAAC,SAAS,CAClB,CAAC;YACN,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACxD,CAAC;YACD,kCAAkC;YAClC,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO;YACH,OAAO,EAAE;gBACL;oBACI,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,gDAAgD,QAAQ,IAAI;iBACrE;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IAEF,0CAA0C;IAC1C,MAAM,CAAC,gBAAgB,CACnB,mBAAmB,EACnB,uCAAuC,EACvC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAC1B,KAAK,IAAiC,EAAE;QACpC,OAAO;YACH,QAAQ,EAAE;gBACN;oBACI,GAAG,EAAE,uCAAuC;oBAC5C,IAAI,EAAE,eAAe;iBACxB;aACJ;SACJ,CAAC;IACN,CAAC,CACJ,CAAC;IACF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAA,gCAAmB,GAAE,CAAC;AAElC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACnD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC;QACD,MAAM,SAAS,GAAkC,IAAI,iDAA6B,CAAC;YAC/E,kBAAkB,EAAE,SAAS;SAChC,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAClD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC9B,SAAS,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACH,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACnC;gBACD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;QACP,CAAC;IACL,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAClB,IAAI,CAAC,SAAS,CAAC;QACX,OAAO,EAAE,KAAK;QACd,KAAK,EAAE;YACH,IAAI,EAAE,CAAC,KAAK;YACZ,OAAO,EAAE,qBAAqB;SACjC;QACD,EAAE,EAAE,IAAI;KACX,CAAC,CACL,CAAC;AACN,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACrD,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAClB,IAAI,CAAC,SAAS,CAAC;QACX,OAAO,EAAE,KAAK;QACd,KAAK,EAAE;YACH,IAAI,EAAE,CAAC,KAAK;YACZ,OAAO,EAAE,qBAAqB;SACjC;QACD,EAAE,EAAE,IAAI;KACX,CAAC,CACL,CAAC;AACN,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE;IACrB,IAAI,KAAK,EAAE,CAAC;QACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;AAClF,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC5B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1,83 +1,118 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const node_crypto_1 = require("node:crypto");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const mcp_js_1 = require("../../server/mcp.js");
 const streamableHttp_js_1 = require("../../server/streamableHttp.js");
 const router_js_1 = require("../../server/auth/router.js");
 const bearerAuth_js_1 = require("../../server/auth/middleware/bearerAuth.js");
+const express_js_1 = require("../../server/express.js");
 const types_js_1 = require("../../types.js");
 const inMemoryEventStore_js_1 = require("../shared/inMemoryEventStore.js");
+const in_memory_js_1 = require("../../experimental/tasks/stores/in-memory.js");
 const demoInMemoryOAuthProvider_js_1 = require("./demoInMemoryOAuthProvider.js");
-const auth_utils_js_1 = require("src/shared/auth-utils.js");
-const cors_1 = __importDefault(require("cors"));
+const auth_utils_js_1 = require("../../shared/auth-utils.js");
 // Check for OAuth flag
 const useOAuth = process.argv.includes('--oauth');
 const strictOAuth = process.argv.includes('--oauth-strict');
+// Create shared task store for demonstration
+const taskStore = new in_memory_js_1.InMemoryTaskStore();
 // Create an MCP server with implementation details
 const getServer = () => {
    const server = new mcp_js_1.McpServer({
        name: 'simple-streamable-http-server',
-        version: '1.0.0'
-    }, { capabilities: { logging: {} } });
+        version: '1.0.0',
+        icons: [{ src: './mcp.svg', sizes: ['512x512'], mimeType: 'image/svg+xml' }],
+        websiteUrl: 'https://github.com/modelcontextprotocol/typescript-sdk'
+    }, {
+        capabilities: { logging: {}, tasks: { requests: { tools: { call: {} } } } },
+        taskStore, // Enable task support
+        taskMessageQueue: new in_memory_js_1.InMemoryTaskMessageQueue()
+    });
    // Register a simple tool that returns a greeting
    server.registerTool('greet', {
        title: 'Greeting Tool', // Display name for UI
        description: 'A simple greeting tool',
        inputSchema: {
-            name: zod_1.z.string().describe('Name to greet'),
-        },
+            name: z.string().describe('Name to greet')
+        }
    }, async ({ name }) => {
        return {
            content: [
                {
                    type: 'text',
-                    text: `Hello, ${name}!`,
-                },
-            ],
+                    text: `Hello, ${name}!`
+                }
+            ]
        };
    });
    // Register a tool that sends multiple greetings with notifications (with annotations)
-    server.tool('multi-greet', 'A tool that sends different greetings with delays between them', {
-        name: zod_1.z.string().describe('Name to greet'),
-    }, {
-        title: 'Multiple Greeting Tool',
-        readOnlyHint: true,
-        openWorldHint: false
-    }, async ({ name }, { sendNotification }) => {
+    server.registerTool('multi-greet', {
+        description: 'A tool that sends different greetings with delays between them',
+        inputSchema: {
+            name: z.string().describe('Name to greet')
+        },
+        annotations: {
+            title: 'Multiple Greeting Tool',
+            readOnlyHint: true,
+            openWorldHint: false
+        }
+    }, async ({ name }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "debug", data: `Starting multi-greet for ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'debug',
+            data: `Starting multi-greet for ${name}`
+        }, extra.sessionId);
        await sleep(1000); // Wait 1 second before first greeting
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "info", data: `Sending first greeting to ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'info',
+            data: `Sending first greeting to ${name}`
+        }, extra.sessionId);
        await sleep(1000); // Wait another second before second greeting
-        await sendNotification({
-            method: "notifications/message",
-            params: { level: "info", data: `Sending second greeting to ${name}` }
-        });
+        await server.sendLoggingMessage({
+            level: 'info',
+            data: `Sending second greeting to ${name}`
+        }, extra.sessionId);
        return {
            content: [
                {
                    type: 'text',
-                    text: `Good morning, ${name}!`,
+                    text: `Good morning, ${name}!`
                }
-            ],
+            ]
        };
    });
-    // Register a tool that demonstrates elicitation (user input collection)
+    // Register a tool that demonstrates form elicitation (user input collection with a schema)
    // This creates a closure that captures the server instance
-    server.tool('collect-user-info', 'A tool that collects user information through elicitation', {
-        infoType: zod_1.z.enum(['contact', 'preferences', 'feedback']).describe('Type of information to collect'),
-    }, async ({ infoType }) => {
+    server.registerTool('collect-user-info', {
+        description: 'A tool that collects user information through form elicitation',
+        inputSchema: {
+            infoType: z.enum(['contact', 'preferences', 'feedback']).describe('Type of information to collect')
+        }
+    }, async ({ infoType }, extra) => {
        let message;
        let requestedSchema;
        switch (infoType) {
@@ -89,21 +124,21 @@ const getServer = () => {
                        name: {
                            type: 'string',
                            title: 'Full Name',
-                            description: 'Your full name',
+                            description: 'Your full name'
                        },
                        email: {
                            type: 'string',
                            title: 'Email Address',
                            description: 'Your email address',
-                            format: 'email',
+                            format: 'email'
                        },
                        phone: {
                            type: 'string',
                            title: 'Phone Number',
-                            description: 'Your phone number (optional)',
-                        },
+                            description: 'Your phone number (optional)'
+                        }
                    },
-                    required: ['name', 'email'],
+                    required: ['name', 'email']
                };
                break;
            case 'preferences':
@@ -116,23 +151,23 @@ const getServer = () => {
                            title: 'Theme',
                            description: 'Choose your preferred theme',
                            enum: ['light', 'dark', 'auto'],
-                            enumNames: ['Light', 'Dark', 'Auto'],
+                            enumNames: ['Light', 'Dark', 'Auto']
                        },
                        notifications: {
                            type: 'boolean',
                            title: 'Enable Notifications',
                            description: 'Would you like to receive notifications?',
-                            default: true,
+                            default: true
                        },
                        frequency: {
                            type: 'string',
                            title: 'Notification Frequency',
                            description: 'How often would you like notifications?',
                            enum: ['daily', 'weekly', 'monthly'],
-                            enumNames: ['Daily', 'Weekly', 'Monthly'],
-                        },
+                            enumNames: ['Daily', 'Weekly', 'Monthly']
+                        }
                    },
-                    required: ['theme'],
+                    required: ['theme']
                };
                break;
            case 'feedback':
@@ -145,40 +180,44 @@ const getServer = () => {
                            title: 'Rating',
                            description: 'Rate your experience (1-5)',
                            minimum: 1,
-                            maximum: 5,
+                            maximum: 5
                        },
                        comments: {
                            type: 'string',
                            title: 'Comments',
                            description: 'Additional comments (optional)',
-                            maxLength: 500,
+                            maxLength: 500
                        },
                        recommend: {
                            type: 'boolean',
                            title: 'Would you recommend this?',
-                            description: 'Would you recommend this to others?',
-                        },
+                            description: 'Would you recommend this to others?'
+                        }
                    },
-                    required: ['rating', 'recommend'],
+                    required: ['rating', 'recommend']
                };
                break;
            default:
                throw new Error(`Unknown info type: ${infoType}`);
        }
        try {
-            // Use the underlying server instance to elicit input from the client
-            const result = await server.server.elicitInput({
-                message,
-                requestedSchema,
-            });
+            // Use sendRequest through the extra parameter to elicit input
+            const result = await extra.sendRequest({
+                method: 'elicitation/create',
+                params: {
+                    mode: 'form',
+                    message,
+                    requestedSchema
+                }
+            }, types_js_1.ElicitResultSchema);
            if (result.action === 'accept') {
                return {
                    content: [
                        {
                            type: 'text',
-                            text: `Thank you! Collected ${infoType} information: ${JSON.stringify(result.content, null, 2)}`,
-                        },
-                    ],
+                            text: `Thank you! Collected ${infoType} information: ${JSON.stringify(result.content, null, 2)}`
+                        }
+                    ]
                };
            }
            else if (result.action === 'decline') {
@@ -186,9 +225,9 @@ const getServer = () => {
                    content: [
                        {
                            type: 'text',
-                            text: `No information was collected. User declined ${infoType} information request.`,
-                        },
-                    ],
+                            text: `No information was collected. User declined ${infoType} information request.`
+                        }
+                    ]
                };
            }
            else {
@@ -196,9 +235,9 @@ const getServer = () => {
                    content: [
                        {
                            type: 'text',
-                            text: `Information collection was cancelled by the user.`,
-                        },
-                    ],
+                            text: `Information collection was cancelled by the user.`
+                        }
+                    ]
                };
            }
        }
@@ -207,9 +246,9 @@ const getServer = () => {
                content: [
                    {
                        type: 'text',
-                        text: `Error collecting ${infoType} information: ${error}`,
-                    },
-                ],
+                        text: `Error collecting ${infoType} information: ${error}`
+                    }
+                ]
            };
        }
    });
@@ -218,8 +257,8 @@ const getServer = () => {
        title: 'Greeting Template', // Display name for UI
        description: 'A simple greeting prompt template',
        argsSchema: {
-            name: zod_1.z.string().describe('Name to include in greeting'),
-        },
+            name: z.string().describe('Name to include in greeting')
+        }
    }, async ({ name }) => {
        return {
            messages: [
@@ -227,32 +266,32 @@ const getServer = () => {
                    role: 'user',
                    content: {
                        type: 'text',
-                        text: `Please greet ${name} in a friendly manner.`,
-                    },
-                },
-            ],
+                        text: `Please greet ${name} in a friendly manner.`
+                    }
+                }
+            ]
        };
    });
    // Register a tool specifically for testing resumability
-    server.tool('start-notification-stream', 'Starts sending periodic notifications for testing resumability', {
-        interval: zod_1.z.number().describe('Interval in milliseconds between notifications').default(100),
-        count: zod_1.z.number().describe('Number of notifications to send (0 for 100)').default(50),
-    }, async ({ interval, count }, { sendNotification }) => {
+    server.registerTool('start-notification-stream', {
+        description: 'Starts sending periodic notifications for testing resumability',
+        inputSchema: {
+            interval: z.number().describe('Interval in milliseconds between notifications').default(100),
+            count: z.number().describe('Number of notifications to send (0 for 100)').default(50)
+        }
+    }, async ({ interval, count }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
        let counter = 0;
        while (count === 0 || counter < count) {
            counter++;
            try {
-                await sendNotification({
-                    method: "notifications/message",
-                    params: {
-                        level: "info",
-                        data: `Periodic notification #${counter} at ${new Date().toISOString()}`
-                    }
-                });
+                await server.sendLoggingMessage({
+                    level: 'info',
+                    data: `Periodic notification #${counter} at ${new Date().toISOString()}`
+                }, extra.sessionId);
            }
            catch (error) {
-                console.error("Error sending notification:", error);
+                console.error('Error sending notification:', error);
            }
            // Wait for the specified interval
            await sleep(interval);
@@ -261,9 +300,9 @@ const getServer = () => {
            content: [
                {
                    type: 'text',
-                    text: `Started sending periodic notifications every ${interval}ms`,
+                    text: `Started sending periodic notifications every ${interval}ms`
                }
-            ],
+            ]
        };
    });
    // Create a simple resource at a fixed URI
@@ -276,9 +315,9 @@ const getServer = () => {
            contents: [
                {
                    uri: 'https://example.com/greetings/default',
-                    text: 'Hello, world!',
-                },
-            ],
+                    text: 'Hello, world!'
+                }
+            ]
        };
    });
    // Create additional resources for ResourceLink demonstration
@@ -291,9 +330,9 @@ const getServer = () => {
            contents: [
                {
                    uri: 'file:///example/file1.txt',
-                    text: 'This is the content of file 1',
-                },
-            ],
+                    text: 'This is the content of file 1'
+                }
+            ]
        };
    });
    server.registerResource('example-file-2', 'file:///example/file2.txt', {
@@ -305,9 +344,9 @@ const getServer = () => {
            contents: [
                {
                    uri: 'file:///example/file2.txt',
-                    text: 'This is the content of file 2',
-                },
-            ],
+                    text: 'This is the content of file 2'
+                }
+            ]
        };
    });
    // Register a tool that returns ResourceLinks
@@ -315,8 +354,8 @@ const getServer = () => {
        title: 'List Files with ResourceLinks',
        description: 'Returns a list of files as ResourceLinks without embedding their content',
        inputSchema: {
-            includeDescriptions: zod_1.z.boolean().optional().describe('Whether to include descriptions in the resource links'),
-        },
+            includeDescriptions: z.boolean().optional().describe('Whether to include descriptions in the resource links')
+        }
    }, async ({ includeDescriptions = true }) => {
        const resourceLinks = [
            {
@@ -345,27 +384,60 @@ const getServer = () => {
            content: [
                {
                    type: 'text',
-                    text: 'Here are the available files as resource links:',
+                    text: 'Here are the available files as resource links:'
                },
                ...resourceLinks,
                {
                    type: 'text',
-                    text: '\nYou can read any of these resources using their URI.',
+                    text: '\nYou can read any of these resources using their URI.'
                }
-            ],
+            ]
        };
    });
+    // Register a long-running tool that demonstrates task execution
+    // Using the experimental tasks API - WARNING: may change without notice
+    server.experimental.tasks.registerToolTask('delay', {
+        title: 'Delay',
+        description: 'A simple tool that delays for a specified duration, useful for testing task execution',
+        inputSchema: {
+            duration: z.number().describe('Duration in milliseconds').default(5000)
+        }
+    }, {
+        async createTask({ duration }, { taskStore, taskRequestedTtl }) {
+            // Create the task
+            const task = await taskStore.createTask({
+                ttl: taskRequestedTtl
+            });
+            // Simulate out-of-band work
+            (async () => {
+                await new Promise(resolve => setTimeout(resolve, duration));
+                await taskStore.storeTaskResult(task.taskId, 'completed', {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Completed ${duration}ms delay`
+                        }
+                    ]
+                });
+            })();
+            // Return CreateTaskResult with the created task
+            return {
+                task
+            };
+        },
+        async getTask(_args, { taskId, taskStore }) {
+            return await taskStore.getTask(taskId);
+        },
+        async getTaskResult(_args, { taskId, taskStore }) {
+            const result = await taskStore.getTaskResult(taskId);
+            return result;
+        }
+    });
    return server;
 };
 const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;
 const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
-// Allow CORS all domains, expose the Mcp-Session-Id header
-app.use((0, cors_1.default)({
-    origin: '*', // Allow all origins
-    exposedHeaders: ["Mcp-Session-Id"]
-}));
+const app = (0, express_js_1.createMcpExpressApp)();
 // Set up OAuth if enabled
 let authMiddleware = null;
 if (useOAuth) {
@@ -382,14 +454,15 @@ if (useOAuth) {
            const response = await fetch(endpoint, {
                method: 'POST',
                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
+                    'Content-Type': 'application/x-www-form-urlencoded'
                },
                body: new URLSearchParams({
                    token: token
                }).toString()
            });
            if (!response.ok) {
-                throw new Error(`Invalid or expired token: ${await response.text()}`);
+                const text = await response.text().catch(() => null);
+                throw new Error(`Invalid or expired token: ${text}`);
            }
            const data = await response.json();
            if (strictOAuth) {
@@ -405,7 +478,7 @@ if (useOAuth) {
                token,
                clientId: data.client_id,
                scopes: data.scope ? data.scope.split(' ') : [],
-                expiresAt: data.exp,
+                expiresAt: data.exp
            };
        }
    };
@@ -414,12 +487,12 @@ if (useOAuth) {
        oauthMetadata,
        resourceServerUrl: mcpServerUrl,
        scopesSupported: ['mcp:tools'],
-        resourceName: 'MCP Demo Server',
+        resourceName: 'MCP Demo Server'
    }));
    authMiddleware = (0, bearerAuth_js_1.requireBearerAuth)({
        verifier: tokenVerifier,
        requiredScopes: [],
-        resourceMetadataUrl: (0, router_js_1.getOAuthProtectedResourceMetadataUrl)(mcpServerUrl),
+        resourceMetadataUrl: (0, router_js_1.getOAuthProtectedResourceMetadataUrl)(mcpServerUrl)
    });
 }
 // Map to store transports by session ID
@@ -448,7 +521,7 @@ const mcpPostHandler = async (req, res) => {
            transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
                eventStore, // Enable resumability
-                onsessioninitialized: (sessionId) => {
+                onsessioninitialized: sessionId => {
                    // Store the transport by session ID when session is initialized
                    // This avoids race conditions where requests might come in before the session is stored
                    console.log(`Session initialized with ID: ${sessionId}`);
@@ -476,9 +549,9 @@ const mcpPostHandler = async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32000,
-                    message: 'Bad Request: No valid session ID provided',
+                    message: 'Bad Request: No valid session ID provided'
                },
-                id: null,
+                id: null
            });
            return;
        }
@@ -493,9 +566,9 @@ const mcpPostHandler = async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32603,
-                    message: 'Internal server error',
+                    message: 'Internal server error'
                },
-                id: null,
+                id: null
            });
        }
    }
@@ -561,7 +634,7 @@ if (useOAuth && authMiddleware) {
 else {
    app.delete('/mcp', mcpDeleteHandler);
 }
-app.listen(MCP_PORT, (error) => {
+app.listen(MCP_PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -1,21 +1,40 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const node_crypto_1 = require("node:crypto");
 const mcp_js_1 = require("../../server/mcp.js");
 const streamableHttp_js_1 = require("../../server/streamableHttp.js");
 const sse_js_1 = require("../../server/sse.js");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const types_js_1 = require("../../types.js");
 const inMemoryEventStore_js_1 = require("../shared/inMemoryEventStore.js");
-const cors_1 = __importDefault(require("cors"));
+const express_js_1 = require("../../server/express.js");
 /**
 * This example server demonstrates backwards compatibility with both:
 * 1. The deprecated HTTP+SSE transport (protocol version 2024-11-05)
- * 2. The Streamable HTTP transport (protocol version 2025-03-26)
+ * 2. The Streamable HTTP transport (protocol version 2025-11-25)
 *
 * It maintains a single MCP server instance but exposes two transport options:
 * - /mcp: The new Streamable HTTP endpoint (supports GET/POST/DELETE)
@@ -25,28 +44,28 @@ const cors_1 = __importDefault(require("cors"));
 const getServer = () => {
    const server = new mcp_js_1.McpServer({
        name: 'backwards-compatible-server',
-        version: '1.0.0',
+        version: '1.0.0'
    }, { capabilities: { logging: {} } });
    // Register a simple tool that sends notifications over time
-    server.tool('start-notification-stream', 'Starts sending periodic notifications for testing resumability', {
-        interval: zod_1.z.number().describe('Interval in milliseconds between notifications').default(100),
-        count: zod_1.z.number().describe('Number of notifications to send (0 for 100)').default(50),
-    }, async ({ interval, count }, { sendNotification }) => {
+    server.registerTool('start-notification-stream', {
+        description: 'Starts sending periodic notifications for testing resumability',
+        inputSchema: {
+            interval: z.number().describe('Interval in milliseconds between notifications').default(100),
+            count: z.number().describe('Number of notifications to send (0 for 100)').default(50)
+        }
+    }, async ({ interval, count }, extra) => {
        const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
        let counter = 0;
        while (count === 0 || counter < count) {
            counter++;
            try {
-                await sendNotification({
-                    method: "notifications/message",
-                    params: {
-                        level: "info",
-                        data: `Periodic notification #${counter} at ${new Date().toISOString()}`
-                    }
-                });
+                await server.sendLoggingMessage({
+                    level: 'info',
+                    data: `Periodic notification #${counter} at ${new Date().toISOString()}`
+                }, extra.sessionId);
            }
            catch (error) {
-                console.error("Error sending notification:", error);
+                console.error('Error sending notification:', error);
            }
            // Wait for the specified interval
            await sleep(interval);
@@ -55,25 +74,19 @@ const getServer = () => {
            content: [
                {
                    type: 'text',
-                    text: `Started sending periodic notifications every ${interval}ms`,
+                    text: `Started sending periodic notifications every ${interval}ms`
                }
-            ],
+            ]
        };
    });
    return server;
 };
 // Create Express application
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
-// Configure CORS to expose Mcp-Session-Id header for browser-based clients
-app.use((0, cors_1.default)({
-    origin: '*', // Allow all origins - adjust as needed for production
-    exposedHeaders: ['Mcp-Session-Id']
-}));
+const app = (0, express_js_1.createMcpExpressApp)();
 // Store transports by session ID
 const transports = {};
 //=============================================================================
-// STREAMABLE HTTP TRANSPORT (PROTOCOL VERSION 2025-03-26)
+// STREAMABLE HTTP TRANSPORT (PROTOCOL VERSION 2025-11-25)
 //=============================================================================
 // Handle all MCP Streamable HTTP requests (GET, POST, DELETE) on a single endpoint
 app.all('/mcp', async (req, res) => {
@@ -95,9 +108,9 @@ app.all('/mcp', async (req, res) => {
                    jsonrpc: '2.0',
                    error: {
                        code: -32000,
-                        message: 'Bad Request: Session exists but uses a different transport protocol',
+                        message: 'Bad Request: Session exists but uses a different transport protocol'
                    },
-                    id: null,
+                    id: null
                });
                return;
            }
@@ -107,7 +120,7 @@ app.all('/mcp', async (req, res) => {
            transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
                eventStore, // Enable resumability
-                onsessioninitialized: (sessionId) => {
+                onsessioninitialized: sessionId => {
                    // Store the transport by session ID when session is initialized
                    console.log(`StreamableHTTP session initialized with ID: ${sessionId}`);
                    transports[sessionId] = transport;
@@ -131,9 +144,9 @@ app.all('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32000,
-                    message: 'Bad Request: No valid session ID provided',
+                    message: 'Bad Request: No valid session ID provided'
                },
-                id: null,
+                id: null
            });
            return;
        }
@@ -147,9 +160,9 @@ app.all('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32603,
-                    message: 'Internal server error',
+                    message: 'Internal server error'
                },
-                id: null,
+                id: null
            });
        }
    }
@@ -161,13 +174,13 @@ app.get('/sse', async (req, res) => {
    console.log('Received GET request to /sse (deprecated SSE transport)');
    const transport = new sse_js_1.SSEServerTransport('/messages', res);
    transports[transport.sessionId] = transport;
-    res.on("close", () => {
+    res.on('close', () => {
        delete transports[transport.sessionId];
    });
    const server = getServer();
    await server.connect(transport);
 });
-app.post("/messages", async (req, res) => {
+app.post('/messages', async (req, res) => {
    const sessionId = req.query.sessionId;
    let transport;
    const existingTransport = transports[sessionId];
@@ -181,9 +194,9 @@ app.post("/messages", async (req, res) => {
            jsonrpc: '2.0',
            error: {
                code: -32000,
-                message: 'Bad Request: Session exists but uses a different transport protocol',
+                message: 'Bad Request: Session exists but uses a different transport protocol'
            },
-            id: null,
+            id: null
        });
        return;
    }
@@ -196,7 +209,7 @@ app.post("/messages", async (req, res) => {
 });
 // Start the server
 const PORT = 3000;
-app.listen(PORT, (error) => {
+app.listen(PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -206,10 +219,10 @@ app.listen(PORT, (error) => {
 ==============================================
 SUPPORTED TRANSPORT OPTIONS:

-1. Streamable Http(Protocol version: 2025-03-26)
+1. Streamable Http(Protocol version: 2025-11-25)
   Endpoint: /mcp
   Methods: GET, POST, DELETE
-   Usage: 
+   Usage:
     - Initialize with POST to /mcp
     - Establish SSE stream with GET to /mcp
     - Send requests with POST to /mcp
@@ -1,35 +1,40 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const express_1 = __importDefault(require("express"));
 const node_crypto_1 = require("node:crypto");
 const mcp_js_1 = require("../../server/mcp.js");
 const streamableHttp_js_1 = require("../../server/streamableHttp.js");
 const types_js_1 = require("../../types.js");
-// Create an MCP server with implementation details
-const server = new mcp_js_1.McpServer({
-    name: 'resource-list-changed-notification-server',
-    version: '1.0.0',
-});
+const express_js_1 = require("../../server/express.js");
+// Factory to create a new MCP server per session.
+// Each session needs its own server+transport pair to avoid cross-session contamination.
+const getServer = () => {
+    const server = new mcp_js_1.McpServer({
+        name: 'resource-list-changed-notification-server',
+        version: '1.0.0'
+    });
+    const addResource = (name, content) => {
+        const uri = `https://mcp-example.com/dynamic/${encodeURIComponent(name)}`;
+        server.registerResource(name, uri, { mimeType: 'text/plain', description: `Dynamic resource: ${name}` }, async () => {
+            return {
+                contents: [{ uri, text: content }]
+            };
+        });
+    };
+    addResource('example-resource', 'Initial content for example-resource');
+    // Periodically add new resources to demonstrate notifications
+    const resourceChangeInterval = setInterval(() => {
+        const name = (0, node_crypto_1.randomUUID)();
+        addResource(name, `Content for ${name}`);
+    }, 5000);
+    // Clean up the interval when the server closes
+    server.server.onclose = () => {
+        clearInterval(resourceChangeInterval);
+    };
+    return server;
+};
 // Store transports by session ID to send notifications
 const transports = {};
-const addResource = (name, content) => {
-    const uri = `https://mcp-example.com/dynamic/${encodeURIComponent(name)}`;
-    server.resource(name, uri, { mimeType: 'text/plain', description: `Dynamic resource: ${name}` }, async () => {
-        return {
-            contents: [{ uri, text: content }],
-        };
-    });
-};
-addResource('example-resource', 'Initial content for example-resource');
-const resourceChangeInterval = setInterval(() => {
-    const name = (0, node_crypto_1.randomUUID)();
-    addResource(name, `Content for ${name}`);
-}, 5000); // Change resources every 5 seconds for testing
-const app = (0, express_1.default)();
-app.use(express_1.default.json());
+const app = (0, express_js_1.createMcpExpressApp)();
 app.post('/mcp', async (req, res) => {
    console.log('Received MCP request:', req.body);
    try {
@@ -44,14 +49,15 @@ app.post('/mcp', async (req, res) => {
            // New initialization request
            transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
-                onsessioninitialized: (sessionId) => {
+                onsessioninitialized: sessionId => {
                    // Store the transport by session ID when session is initialized
                    // This avoids race conditions where requests might come in before the session is stored
                    console.log(`Session initialized with ID: ${sessionId}`);
                    transports[sessionId] = transport;
                }
            });
-            // Connect the transport to the MCP server
+            // Create a new server per session and connect it to the transport
+            const server = getServer();
            await server.connect(transport);
            // Handle the request - the onsessioninitialized callback will store the transport
            await transport.handleRequest(req, res, req.body);
@@ -63,9 +69,9 @@ app.post('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32000,
-                    message: 'Bad Request: No valid session ID provided',
+                    message: 'Bad Request: No valid session ID provided'
                },
-                id: null,
+                id: null
            });
            return;
        }
@@ -79,9 +85,9 @@ app.post('/mcp', async (req, res) => {
                jsonrpc: '2.0',
                error: {
                    code: -32603,
-                    message: 'Internal server error',
+                    message: 'Internal server error'
                },
-                id: null,
+                id: null
            });
        }
    }
@@ -99,7 +105,7 @@ app.get('/mcp', async (req, res) => {
 });
 // Start the server
 const PORT = 3000;
-app.listen(PORT, (error) => {
+app.listen(PORT, error => {
    if (error) {
        console.error('Failed to start server:', error);
        process.exit(1);
@@ -109,8 +115,10 @@ app.listen(PORT, (error) => {
 // Handle server shutdown
 process.on('SIGINT', async () => {
    console.log('Shutting down server...');
-    clearInterval(resourceChangeInterval);
-    await server.close();
+    for (const sessionId in transports) {
+        await transports[sessionId].close();
+        delete transports[sessionId];
+    }
    process.exit(0);
 });
 //# sourceMappingURL=standaloneSseWithGetStreamableHttp.js.map
@@ -1 +1 @@
-{"version":3,"file":"standaloneSseWithGetStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/standaloneSseWithGetStreamableHttp.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,6CAAyC;AACzC,gDAAgD;AAChD,sEAA+E;AAC/E,6CAAyE;AAEzE,mDAAmD;AACnD,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;IAC3B,IAAI,EAAE,2CAA2C;IACjD,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,uDAAuD;AACvD,MAAM,UAAU,GAA2D,EAAE,CAAC;AAE9E,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,OAAe,EAAE,EAAE;IACpD,MAAM,GAAG,GAAG,mCAAmC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;IAC1E,MAAM,CAAC,QAAQ,CACb,IAAI,EACJ,GAAG,EACH,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,qBAAqB,IAAI,EAAE,EAAE,EACpE,KAAK,IAAiC,EAAE;QACtC,OAAO;YACL,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SACnC,CAAC;IACJ,CAAC,CACF,CAAC;AAEJ,CAAC,CAAC;AAEF,WAAW,CAAC,kBAAkB,EAAE,sCAAsC,CAAC,CAAC;AAExE,MAAM,sBAAsB,GAAG,WAAW,CAAC,GAAG,EAAE;IAC9C,MAAM,IAAI,GAAG,IAAA,wBAAU,GAAE,CAAC;IAC1B,WAAW,CAAC,IAAI,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC;AAC3C,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,+CAA+C;AAEzD,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACrD,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,2BAA2B;YAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,6BAA6B;YAC7B,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC5C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;oBAClC,gEAAgE;oBAChE,wFAAwF;oBACxF,OAAO,CAAC,GAAG,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;oBACzD,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;gBACpC,CAAC;aACF,CAAC,CAAC;YAEH,0CAA0C;YAC1C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,kFAAkF;YAClF,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,kBAAkB;QAC5B,CAAC;aAAM,CAAC;YACN,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,2CAA2C;iBACrD;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,6CAA6C;QAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACjC;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,uFAAuF;AACvF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC,CAAC,CAAC;AAGH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;IACzB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,EAAE,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACtC,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"standaloneSseWithGetStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/standaloneSseWithGetStreamableHttp.ts"],"names":[],"mappings":";;AACA,6CAAyC;AACzC,gDAAgD;AAChD,sEAA+E;AAC/E,6CAAyE;AACzE,wDAA8D;AAE9D,kDAAkD;AAClD,yFAAyF;AACzF,MAAM,SAAS,GAAG,GAAG,EAAE;IACnB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QACzB,IAAI,EAAE,2CAA2C;QACjD,OAAO,EAAE,OAAO;KACnB,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,OAAe,EAAE,EAAE;QAClD,MAAM,GAAG,GAAG,mCAAmC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1E,MAAM,CAAC,gBAAgB,CACnB,IAAI,EACJ,GAAG,EACH,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,qBAAqB,IAAI,EAAE,EAAE,EACpE,KAAK,IAAiC,EAAE;YACpC,OAAO;gBACH,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACrC,CAAC;QACN,CAAC,CACJ,CAAC;IACN,CAAC,CAAC;IAEF,WAAW,CAAC,kBAAkB,EAAE,sCAAsC,CAAC,CAAC;IAExE,8DAA8D;IAC9D,MAAM,sBAAsB,GAAG,WAAW,CAAC,GAAG,EAAE;QAC5C,MAAM,IAAI,GAAG,IAAA,wBAAU,GAAE,CAAC;QAC1B,WAAW,CAAC,IAAI,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,+CAA+C;IAC/C,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,GAAG,EAAE;QACzB,aAAa,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC;AAEF,uDAAuD;AACvD,MAAM,UAAU,GAA2D,EAAE,CAAC;AAE9E,MAAM,GAAG,GAAG,IAAA,gCAAmB,GAAE,CAAC;AAElC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC;QACD,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,2BAA2B;YAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,6BAA6B;YAC7B,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC1C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,SAAS,CAAC,EAAE;oBAC9B,gEAAgE;oBAChE,wFAAwF;oBACxF,OAAO,CAAC,GAAG,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;oBACzD,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;gBACtC,CAAC;aACJ,CAAC,CAAC;YAEH,kEAAkE;YAClE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,kFAAkF;YAClF,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,kBAAkB;QAC9B,CAAC;aAAM,CAAC;YACJ,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACH,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,2CAA2C;iBACvD;gBACD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,6CAA6C;QAC7C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACH,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACnC;gBACD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;QACP,CAAC;IACL,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,uFAAuF;AACvF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACtD,OAAO;IACX,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE;IACrB,IAAI,KAAK,EAAE,CAAC;QACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC5B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACjC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1,49 +1,73 @@
 "use strict";
 // Run with: npx tsx src/examples/server/toolWithSampleServer.ts
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const mcp_js_1 = require("../../server/mcp.js");
 const stdio_js_1 = require("../../server/stdio.js");
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const mcpServer = new mcp_js_1.McpServer({
-    name: "tools-with-sample-server",
-    version: "1.0.0",
+    name: 'tools-with-sample-server',
+    version: '1.0.0'
 });
 // Tool that uses LLM sampling to summarize any text
-mcpServer.registerTool("summarize", {
-    description: "Summarize any text using an LLM",
+mcpServer.registerTool('summarize', {
+    description: 'Summarize any text using an LLM',
    inputSchema: {
-        text: zod_1.z.string().describe("Text to summarize"),
-    },
+        text: z.string().describe('Text to summarize')
+    }
 }, async ({ text }) => {
    // Call the LLM through MCP sampling
    const response = await mcpServer.server.createMessage({
        messages: [
            {
-                role: "user",
+                role: 'user',
                content: {
-                    type: "text",
-                    text: `Please summarize the following text concisely:\n\n${text}`,
-                },
-            },
+                    type: 'text',
+                    text: `Please summarize the following text concisely:\n\n${text}`
+                }
+            }
        ],
-        maxTokens: 500,
+        maxTokens: 500
    });
+    // Since we're not passing tools param to createMessage, response.content is single content
    return {
        content: [
            {
-                type: "text",
-                text: response.content.type === "text" ? response.content.text : "Unable to generate summary",
-            },
-        ],
+                type: 'text',
+                text: response.content.type === 'text' ? response.content.text : 'Unable to generate summary'
+            }
+        ]
    };
 });
 async function main() {
    const transport = new stdio_js_1.StdioServerTransport();
    await mcpServer.connect(transport);
-    console.log("MCP server is running...");
+    console.log('MCP server is running...');
 }
-main().catch((error) => {
-    console.error("Server error:", error);
+main().catch(error => {
+    console.error('Server error:', error);
    process.exit(1);
 });
 //# sourceMappingURL=toolWithSampleServer.js.map
@@ -1 +1 @@
-{"version":3,"file":"toolWithSampleServer.js","sourceRoot":"","sources":["../../../../src/examples/server/toolWithSampleServer.ts"],"names":[],"mappings":";AACA,gEAAgE;;AAEhE,gDAAgD;AAChD,oDAA6D;AAC7D,6BAAwB;AAExB,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC;IAC9B,IAAI,EAAE,0BAA0B;IAChC,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,SAAS,CAAC,YAAY,CACpB,WAAW,EACX;IACE,WAAW,EAAE,iCAAiC;IAC9C,WAAW,EAAE;QACX,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;KAC/C;CACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,oCAAoC;IACpC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC;QACpD,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qDAAqD,IAAI,EAAE;iBAClE;aACF;SACF;QACD,SAAS,EAAE,GAAG;KACf,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,4BAA4B;aAC9F;SACF;KACF,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;AAC1C,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"toolWithSampleServer.js","sourceRoot":"","sources":["../../../../src/examples/server/toolWithSampleServer.ts"],"names":[],"mappings":";AAAA,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;AAEhE,gDAAgD;AAChD,oDAA6D;AAC7D,0CAA4B;AAE5B,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC;IAC5B,IAAI,EAAE,0BAA0B;IAChC,OAAO,EAAE,OAAO;CACnB,CAAC,CAAC;AAEH,oDAAoD;AACpD,SAAS,CAAC,YAAY,CAClB,WAAW,EACX;IACI,WAAW,EAAE,iCAAiC;IAC9C,WAAW,EAAE;QACT,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;KACjD;CACJ,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACf,oCAAoC;IACpC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC;QAClD,QAAQ,EAAE;YACN;gBACI,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACL,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,qDAAqD,IAAI,EAAE;iBACpE;aACJ;SACJ;QACD,SAAS,EAAE,GAAG;KACjB,CAAC,CAAC;IAEH,2FAA2F;IAC3F,OAAO;QACH,OAAO,EAAE;YACL;gBACI,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,4BAA4B;aAChG;SACJ;KACJ,CAAC;AACN,CAAC,CACJ,CAAC;AAEF,KAAK,UAAU,IAAI;IACf,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;AAC5C,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}
@@ -1 +1 @@
-{"version":3,"file":"inMemoryEventStore.d.ts","sourceRoot":"","sources":["../../../../src/examples/shared/inMemoryEventStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAyE;IAEvF;;OAEG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAK9B;;;OAGG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAM5E;;;OAGG;IACG,iBAAiB,CAAC,WAAW,EAAE,MAAM,EACzC,EAAE,IAAI,EAAE,EAAE;QAAE,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,GAC9E,OAAO,CAAC,MAAM,CAAC;CAkCnB"}
+{"version":3,"file":"inMemoryEventStore.d.ts","sourceRoot":"","sources":["../../../../src/examples/shared/inMemoryEventStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAE5D;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,UAAU;IACjD,OAAO,CAAC,MAAM,CAAyE;IAEvF;;OAEG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAK9B;;;OAGG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAM5E;;;OAGG;IACG,iBAAiB,CACnB,WAAW,EAAE,MAAM,EACnB,EAAE,IAAI,EAAE,EAAE;QAAE,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,GAChF,OAAO,CAAC,MAAM,CAAC;CAkCrB"}
@@ -1 +1 @@
-{"version":3,"file":"inMemoryEventStore.js","sourceRoot":"","sources":["../../../../src/examples/shared/inMemoryEventStore.ts"],"names":[],"mappings":";;;AAGA;;;;GAIG;AACH,MAAa,kBAAkB;IAA/B;QACU,WAAM,GAA+D,IAAI,GAAG,EAAE,CAAC;IAmEzF,CAAC;IAjEC;;OAEG;IACK,eAAe,CAAC,QAAgB;QACtC,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACpF,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,OAAe;QAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,OAAuB;QACxD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,WAAmB,EACzC,EAAE,IAAI,EAAyE;QAE/E,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,cAAc,GAAG,KAAK,CAAC;QAE3B,oDAAoD;QACpD,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzF,KAAK,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC3E,2CAA2C;YAC3C,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;gBAC/B,SAAS;YACX,CAAC;YAED,qDAAqD;YACrD,IAAI,OAAO,KAAK,WAAW,EAAE,CAAC;gBAC5B,cAAc,GAAG,IAAI,CAAC;gBACtB,SAAS;YACX,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AApED,gDAoEC"}
+{"version":3,"file":"inMemoryEventStore.js","sourceRoot":"","sources":["../../../../src/examples/shared/inMemoryEventStore.ts"],"names":[],"mappings":";;;AAGA;;;;GAIG;AACH,MAAa,kBAAkB;IAA/B;QACY,WAAM,GAA+D,IAAI,GAAG,EAAE,CAAC;IAoE3F,CAAC;IAlEG;;OAEG;IACK,eAAe,CAAC,QAAgB;QACpC,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACtF,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,OAAe;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,OAAuB;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CACnB,WAAmB,EACnB,EAAE,IAAI,EAAyE;QAE/E,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,CAAC;QACd,CAAC;QAED,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,OAAO,EAAE,CAAC;QACd,CAAC;QAED,IAAI,cAAc,GAAG,KAAK,CAAC;QAE3B,oDAAoD;QACpD,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzF,KAAK,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YACzE,2CAA2C;YAC3C,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;gBAC7B,SAAS;YACb,CAAC;YAED,qDAAqD;YACrD,IAAI,OAAO,KAAK,WAAW,EAAE,CAAC;gBAC1B,cAAc,GAAG,IAAI,CAAC;gBACtB,SAAS;YACb,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjC,CAAC;QACL,CAAC;QACD,OAAO,QAAQ,CAAC;IACpB,CAAC;CACJ;AArED,gDAqEC"}
@@ -1,6 +1,6 @@
-import { Transport } from "./shared/transport.js";
-import { JSONRPCMessage, RequestId } from "./types.js";
-import { AuthInfo } from "./server/auth/types.js";
+import { Transport } from './shared/transport.js';
+import { JSONRPCMessage, RequestId } from './types.js';
+import { AuthInfo } from './server/auth/types.js';
 /**
 * In-memory transport for creating clients and servers that talk to each other within the same process.
 */
@@ -1 +1 @@
-{"version":3,"file":"inMemory.d.ts","sourceRoot":"","sources":["../../src/inMemory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAOlD;;GAEG;AACH,qBAAa,iBAAkB,YAAW,SAAS;IACjD,OAAO,CAAC,eAAe,CAAC,CAAoB;IAC5C,OAAO,CAAC,aAAa,CAAuB;IAE5C,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAQ3D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAQtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B;;;OAGG;IACG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,SAAS,CAAC;QAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAWpH"}
+{"version":3,"file":"inMemory.d.ts","sourceRoot":"","sources":["../../src/inMemory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAOlD;;GAEG;AACH,qBAAa,iBAAkB,YAAW,SAAS;IAC/C,OAAO,CAAC,eAAe,CAAC,CAAoB;IAC5C,OAAO,CAAC,aAAa,CAAuB;IAE5C,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,KAAK,IAAI,CAAC;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAQ3D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAQtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B;;;OAGG;IACG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,SAAS,CAAC;QAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAWtH"}
@@ -19,19 +19,17 @@ class InMemoryTransport {
        return [clientTransport, serverTransport];
    }
    async start() {
-        var _a;
        // Process any messages that were queued before start was called
        while (this._messageQueue.length > 0) {
            const queuedMessage = this._messageQueue.shift();
-            (_a = this.onmessage) === null || _a === void 0 ? void 0 : _a.call(this, queuedMessage.message, queuedMessage.extra);
+            this.onmessage?.(queuedMessage.message, queuedMessage.extra);
        }
    }
    async close() {
-        var _a;
        const other = this._otherTransport;
        this._otherTransport = undefined;
-        await (other === null || other === void 0 ? void 0 : other.close());
-        (_a = this.onclose) === null || _a === void 0 ? void 0 : _a.call(this);
+        await other?.close();
+        this.onclose?.();
    }
    /**
     * Sends a message with optional auth info.
@@ -39,13 +37,13 @@ class InMemoryTransport {
     */
    async send(message, options) {
        if (!this._otherTransport) {
-            throw new Error("Not connected");
+            throw new Error('Not connected');
        }
        if (this._otherTransport.onmessage) {
-            this._otherTransport.onmessage(message, { authInfo: options === null || options === void 0 ? void 0 : options.authInfo });
+            this._otherTransport.onmessage(message, { authInfo: options?.authInfo });
        }
        else {
-            this._otherTransport._messageQueue.push({ message, extra: { authInfo: options === null || options === void 0 ? void 0 : options.authInfo } });
+            this._otherTransport._messageQueue.push({ message, extra: { authInfo: options?.authInfo } });
        }
    }
 }
@@ -1 +1 @@
-{"version":3,"file":"inMemory.js","sourceRoot":"","sources":["../../src/inMemory.ts"],"names":[],"mappings":";;;AASA;;GAEG;AACH,MAAa,iBAAiB;IAA9B;QAEU,kBAAa,GAAoB,EAAE,CAAC;IAgD9C,CAAC;IAzCC;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,MAAM,eAAe,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAChD,eAAe,CAAC,eAAe,GAAG,eAAe,CAAC;QAClD,eAAe,CAAC,eAAe,GAAG,eAAe,CAAC;QAClD,OAAO,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK;;QACT,gEAAgE;QAChE,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAG,CAAC;YAClD,MAAA,IAAI,CAAC,SAAS,qDAAG,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;;QACT,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC;QACnC,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QACjC,MAAM,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,EAAE,CAAA,CAAC;QACrB,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuB,EAAE,OAA+D;QACjG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;CACF;AAlDD,8CAkDC"}
+{"version":3,"file":"inMemory.js","sourceRoot":"","sources":["../../src/inMemory.ts"],"names":[],"mappings":";;;AASA;;GAEG;AACH,MAAa,iBAAiB;IAA9B;QAEY,kBAAa,GAAoB,EAAE,CAAC;IAgDhD,CAAC;IAzCG;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACnB,MAAM,eAAe,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAChD,eAAe,CAAC,eAAe,GAAG,eAAe,CAAC;QAClD,eAAe,CAAC,eAAe,GAAG,eAAe,CAAC;QAClD,OAAO,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,KAAK;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAG,CAAC;YAClD,IAAI,CAAC,SAAS,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;QACP,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC;QACnC,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QACjC,MAAM,KAAK,EAAE,KAAK,EAAE,CAAC;QACrB,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,OAAuB,EAAE,OAA+D;QAC/F,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjG,CAAC;IACL,CAAC;CACJ;AAlDD,8CAkDC"}
@@ -1,4 +1,4 @@
-import { OAuthClientInformationFull } from "../../shared/auth.js";
+import { OAuthClientInformationFull } from '../../shared/auth.js';
 /**
 * Stores information about registered OAuth clients for this server.
 */
@@ -14,6 +14,6 @@ export interface OAuthRegisteredClientsStore {
     *
     * If unimplemented, dynamic client registration is unsupported.
     */
-    registerClient?(client: Omit<OAuthClientInformationFull, "client_id" | "client_id_issued_at">): OAuthClientInformationFull | Promise<OAuthClientInformationFull>;
+    registerClient?(client: Omit<OAuthClientInformationFull, 'client_id' | 'client_id_issued_at'>): OAuthClientInformationFull | Promise<OAuthClientInformationFull>;
 }
 //# sourceMappingURL=clients.d.ts.map
@@ -1 +1 @@
-{"version":3,"file":"clients.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/clients.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,0BAA0B,GAAG,SAAS,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAAC;IAEtH;;;;;;OAMG;IACH,cAAc,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,0BAA0B,EAAE,WAAW,GAAG,qBAAqB,CAAC,GAAG,0BAA0B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;CAClK"}
+{"version":3,"file":"clients.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/clients.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,2BAA2B;IACxC;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,0BAA0B,GAAG,SAAS,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAAC;IAEtH;;;;;;OAMG;IACH,cAAc,CAAC,CACX,MAAM,EAAE,IAAI,CAAC,0BAA0B,EAAE,WAAW,GAAG,qBAAqB,CAAC,GAC9E,0BAA0B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;CACvE"}
@@ -1,4 +1,4 @@
-import { OAuthErrorResponse } from "../../shared/auth.js";
+import { OAuthErrorResponse } from '../../shared/auth.js';
 /**
 * Base class for all OAuth errors
 */
@@ -124,6 +124,13 @@ export declare class InvalidClientMetadataError extends OAuthError {
 export declare class InsufficientScopeError extends OAuthError {
    static errorCode: string;
 }
+/**
+ * Invalid target error - The requested resource is invalid, missing, unknown, or malformed.
+ * (Custom error for resource indicators - RFC 8707)
+ */
+export declare class InvalidTargetError extends OAuthError {
+    static errorCode: string;
+}
 /**
 * A utility class for defining one-off error codes
 */
@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;aAKjB,QAAQ,CAAC,EAAE,MAAM;IAJnC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC;gBAGvB,OAAO,EAAE,MAAM,EACC,QAAQ,CAAC,EAAE,MAAM,YAAA;IAMnC;;OAEG;IACH,gBAAgB,IAAI,kBAAkB;IAatC,IAAI,SAAS,IAAI,MAAM,CAEtB;CACF;AAED;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;IACjD,MAAM,CAAC,SAAS,SAAqB;CACtC;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,UAAU;IAChD,MAAM,CAAC,SAAS,SAAoB;CACrC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC/C,MAAM,CAAC,SAAS,SAAmB;CACpC;AAED;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IACrD,MAAM,CAAC,SAAS,SAAyB;CAC1C;AAED;;;GAGG;AACH,qBAAa,yBAA0B,SAAQ,UAAU;IACvD,MAAM,CAAC,SAAS,SAA4B;CAC7C;AAED;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC/C,MAAM,CAAC,SAAS,SAAmB;CACpC;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC/C,MAAM,CAAC,SAAS,SAAmB;CACpC;AAED;;;GAGG;AACH,qBAAa,WAAY,SAAQ,UAAU;IACzC,MAAM,CAAC,SAAS,SAAkB;CACnC;AAED;;;GAGG;AACH,qBAAa,2BAA4B,SAAQ,UAAU;IACzD,MAAM,CAAC,SAAS,SAA6B;CAC9C;AAED;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,UAAU;IAC1D,MAAM,CAAC,SAAS,SAA+B;CAChD;AAED;;;GAGG;AACH,qBAAa,yBAA0B,SAAQ,UAAU;IACvD,MAAM,CAAC,SAAS,SAA4B;CAC7C;AAED;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC/C,MAAM,CAAC,SAAS,SAAmB;CACpC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;IACnD,MAAM,CAAC,SAAS,SAAwB;CACzC;AAED;;;GAGG;AACH,qBAAa,oBAAqB,SAAQ,UAAU;IAClD,MAAM,CAAC,SAAS,SAAuB;CACxC;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,UAAU;IACxD,MAAM,CAAC,SAAS,SAA6B;CAC9C;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,UAAU;IACpD,MAAM,CAAC,SAAS,SAAwB;CACzC;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,UAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAf,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM;IAIxF,IAAI,SAAS,IAAI,MAAM,CAEtB;CACF;AAED;;GAEG;AACH,eAAO,MAAM,YAAY;;CAiBf,CAAC"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;aAKb,QAAQ,CAAC,EAAE,MAAM;IAJrC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC;gBAGrB,OAAO,EAAE,MAAM,EACC,QAAQ,CAAC,EAAE,MAAM,YAAA;IAMrC;;OAEG;IACH,gBAAgB,IAAI,kBAAkB;IAatC,IAAI,SAAS,IAAI,MAAM,CAEtB;CACJ;AAED;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;IAC/C,MAAM,CAAC,SAAS,SAAqB;CACxC;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,UAAU;IAC9C,MAAM,CAAC,SAAS,SAAoB;CACvC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC7C,MAAM,CAAC,SAAS,SAAmB;CACtC;AAED;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IACnD,MAAM,CAAC,SAAS,SAAyB;CAC5C;AAED;;;GAGG;AACH,qBAAa,yBAA0B,SAAQ,UAAU;IACrD,MAAM,CAAC,SAAS,SAA4B;CAC/C;AAED;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC7C,MAAM,CAAC,SAAS,SAAmB;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC7C,MAAM,CAAC,SAAS,SAAmB;CACtC;AAED;;;GAGG;AACH,qBAAa,WAAY,SAAQ,UAAU;IACvC,MAAM,CAAC,SAAS,SAAkB;CACrC;AAED;;;GAGG;AACH,qBAAa,2BAA4B,SAAQ,UAAU;IACvD,MAAM,CAAC,SAAS,SAA6B;CAChD;AAED;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,UAAU;IACxD,MAAM,CAAC,SAAS,SAA+B;CAClD;AAED;;;GAGG;AACH,qBAAa,yBAA0B,SAAQ,UAAU;IACrD,MAAM,CAAC,SAAS,SAA4B;CAC/C;AAED;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,UAAU;IAC7C,MAAM,CAAC,SAAS,SAAmB;CACtC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;IACjD,MAAM,CAAC,SAAS,SAAwB;CAC3C;AAED;;;GAGG;AACH,qBAAa,oBAAqB,SAAQ,UAAU;IAChD,MAAM,CAAC,SAAS,SAAuB;CAC1C;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,UAAU;IACtD,MAAM,CAAC,SAAS,SAA6B;CAChD;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,UAAU;IAClD,MAAM,CAAC,SAAS,SAAwB;CAC3C;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,UAAU;IAC9C,MAAM,CAAC,SAAS,SAAoB;CACvC;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,UAAU;IAExC,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAf,eAAe,EAAE,MAAM,EACxC,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM;IAKrB,IAAI,SAAS,IAAI,MAAM,CAEtB;CACJ;AAED;;GAEG;AACH,eAAO,MAAM,YAAY;;CAkBf,CAAC"}
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAUTH_ERRORS = exports.CustomOAuthError = exports.InsufficientScopeError = exports.InvalidClientMetadataError = exports.TooManyRequestsError = exports.MethodNotAllowedError = exports.InvalidTokenError = exports.UnsupportedTokenTypeError = exports.UnsupportedResponseTypeError = exports.TemporarilyUnavailableError = exports.ServerError = exports.AccessDeniedError = exports.InvalidScopeError = exports.UnsupportedGrantTypeError = exports.UnauthorizedClientError = exports.InvalidGrantError = exports.InvalidClientError = exports.InvalidRequestError = exports.OAuthError = void 0;
+exports.OAUTH_ERRORS = exports.CustomOAuthError = exports.InvalidTargetError = exports.InsufficientScopeError = exports.InvalidClientMetadataError = exports.TooManyRequestsError = exports.MethodNotAllowedError = exports.InvalidTokenError = exports.UnsupportedTokenTypeError = exports.UnsupportedResponseTypeError = exports.TemporarilyUnavailableError = exports.ServerError = exports.AccessDeniedError = exports.InvalidScopeError = exports.UnsupportedGrantTypeError = exports.UnauthorizedClientError = exports.InvalidGrantError = exports.InvalidClientError = exports.InvalidRequestError = exports.OAuthError = void 0;
 /**
 * Base class for all OAuth errors
 */
@@ -36,7 +36,7 @@ exports.OAuthError = OAuthError;
 class InvalidRequestError extends OAuthError {
 }
 exports.InvalidRequestError = InvalidRequestError;
-InvalidRequestError.errorCode = "invalid_request";
+InvalidRequestError.errorCode = 'invalid_request';
 /**
 * Invalid client error - Client authentication failed (e.g., unknown client, no client
 * authentication included, or unsupported authentication method).
@@ -44,7 +44,7 @@ InvalidRequestError.errorCode = "invalid_request";
 class InvalidClientError extends OAuthError {
 }
 exports.InvalidClientError = InvalidClientError;
-InvalidClientError.errorCode = "invalid_client";
+InvalidClientError.errorCode = 'invalid_client';
 /**
 * Invalid grant error - The provided authorization grant or refresh token is
 * invalid, expired, revoked, does not match the redirection URI used in the
@@ -53,7 +53,7 @@ InvalidClientError.errorCode = "invalid_client";
 class InvalidGrantError extends OAuthError {
 }
 exports.InvalidGrantError = InvalidGrantError;
-InvalidGrantError.errorCode = "invalid_grant";
+InvalidGrantError.errorCode = 'invalid_grant';
 /**
 * Unauthorized client error - The authenticated client is not authorized to use
 * this authorization grant type.
@@ -61,7 +61,7 @@ InvalidGrantError.errorCode = "invalid_grant";
 class UnauthorizedClientError extends OAuthError {
 }
 exports.UnauthorizedClientError = UnauthorizedClientError;
-UnauthorizedClientError.errorCode = "unauthorized_client";
+UnauthorizedClientError.errorCode = 'unauthorized_client';
 /**
 * Unsupported grant type error - The authorization grant type is not supported
 * by the authorization server.
@@ -69,7 +69,7 @@ UnauthorizedClientError.errorCode = "unauthorized_client";
 class UnsupportedGrantTypeError extends OAuthError {
 }
 exports.UnsupportedGrantTypeError = UnsupportedGrantTypeError;
-UnsupportedGrantTypeError.errorCode = "unsupported_grant_type";
+UnsupportedGrantTypeError.errorCode = 'unsupported_grant_type';
 /**
 * Invalid scope error - The requested scope is invalid, unknown, malformed, or
 * exceeds the scope granted by the resource owner.
@@ -77,14 +77,14 @@ UnsupportedGrantTypeError.errorCode = "unsupported_grant_type";
 class InvalidScopeError extends OAuthError {
 }
 exports.InvalidScopeError = InvalidScopeError;
-InvalidScopeError.errorCode = "invalid_scope";
+InvalidScopeError.errorCode = 'invalid_scope';
 /**
 * Access denied error - The resource owner or authorization server denied the request.
 */
 class AccessDeniedError extends OAuthError {
 }
 exports.AccessDeniedError = AccessDeniedError;
-AccessDeniedError.errorCode = "access_denied";
+AccessDeniedError.errorCode = 'access_denied';
 /**
 * Server error - The authorization server encountered an unexpected condition
 * that prevented it from fulfilling the request.
@@ -92,7 +92,7 @@ AccessDeniedError.errorCode = "access_denied";
 class ServerError extends OAuthError {
 }
 exports.ServerError = ServerError;
-ServerError.errorCode = "server_error";
+ServerError.errorCode = 'server_error';
 /**
 * Temporarily unavailable error - The authorization server is currently unable to
 * handle the request due to a temporary overloading or maintenance of the server.
@@ -100,7 +100,7 @@ ServerError.errorCode = "server_error";
 class TemporarilyUnavailableError extends OAuthError {
 }
 exports.TemporarilyUnavailableError = TemporarilyUnavailableError;
-TemporarilyUnavailableError.errorCode = "temporarily_unavailable";
+TemporarilyUnavailableError.errorCode = 'temporarily_unavailable';
 /**
 * Unsupported response type error - The authorization server does not support
 * obtaining an authorization code using this method.
@@ -108,7 +108,7 @@ TemporarilyUnavailableError.errorCode = "temporarily_unavailable";
 class UnsupportedResponseTypeError extends OAuthError {
 }
 exports.UnsupportedResponseTypeError = UnsupportedResponseTypeError;
-UnsupportedResponseTypeError.errorCode = "unsupported_response_type";
+UnsupportedResponseTypeError.errorCode = 'unsupported_response_type';
 /**
 * Unsupported token type error - The authorization server does not support
 * the requested token type.
@@ -116,7 +116,7 @@ UnsupportedResponseTypeError.errorCode = "unsupported_response_type";
 class UnsupportedTokenTypeError extends OAuthError {
 }
 exports.UnsupportedTokenTypeError = UnsupportedTokenTypeError;
-UnsupportedTokenTypeError.errorCode = "unsupported_token_type";
+UnsupportedTokenTypeError.errorCode = 'unsupported_token_type';
 /**
 * Invalid token error - The access token provided is expired, revoked, malformed,
 * or invalid for other reasons.
@@ -124,7 +124,7 @@ UnsupportedTokenTypeError.errorCode = "unsupported_token_type";
 class InvalidTokenError extends OAuthError {
 }
 exports.InvalidTokenError = InvalidTokenError;
-InvalidTokenError.errorCode = "invalid_token";
+InvalidTokenError.errorCode = 'invalid_token';
 /**
 * Method not allowed error - The HTTP method used is not allowed for this endpoint.
 * (Custom, non-standard error)
@@ -132,7 +132,7 @@ InvalidTokenError.errorCode = "invalid_token";
 class MethodNotAllowedError extends OAuthError {
 }
 exports.MethodNotAllowedError = MethodNotAllowedError;
-MethodNotAllowedError.errorCode = "method_not_allowed";
+MethodNotAllowedError.errorCode = 'method_not_allowed';
 /**
 * Too many requests error - Rate limit exceeded.
 * (Custom, non-standard error based on RFC 6585)
@@ -140,7 +140,7 @@ MethodNotAllowedError.errorCode = "method_not_allowed";
 class TooManyRequestsError extends OAuthError {
 }
 exports.TooManyRequestsError = TooManyRequestsError;
-TooManyRequestsError.errorCode = "too_many_requests";
+TooManyRequestsError.errorCode = 'too_many_requests';
 /**
 * Invalid client metadata error - The client metadata is invalid.
 * (Custom error for dynamic client registration - RFC 7591)
@@ -148,14 +148,22 @@ TooManyRequestsError.errorCode = "too_many_requests";
 class InvalidClientMetadataError extends OAuthError {
 }
 exports.InvalidClientMetadataError = InvalidClientMetadataError;
-InvalidClientMetadataError.errorCode = "invalid_client_metadata";
+InvalidClientMetadataError.errorCode = 'invalid_client_metadata';
 /**
 * Insufficient scope error - The request requires higher privileges than provided by the access token.
 */
 class InsufficientScopeError extends OAuthError {
 }
 exports.InsufficientScopeError = InsufficientScopeError;
-InsufficientScopeError.errorCode = "insufficient_scope";
+InsufficientScopeError.errorCode = 'insufficient_scope';
+/**
+ * Invalid target error - The requested resource is invalid, missing, unknown, or malformed.
+ * (Custom error for resource indicators - RFC 8707)
+ */
+class InvalidTargetError extends OAuthError {
+}
+exports.InvalidTargetError = InvalidTargetError;
+InvalidTargetError.errorCode = 'invalid_target';
 /**
 * A utility class for defining one-off error codes
 */
@@ -189,5 +197,6 @@ exports.OAUTH_ERRORS = {
    [TooManyRequestsError.errorCode]: TooManyRequestsError,
    [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,
    [InsufficientScopeError.errorCode]: InsufficientScopeError,
+    [InvalidTargetError.errorCode]: InvalidTargetError
 };
 //# sourceMappingURL=errors.js.map
@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../src/server/auth/errors.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACH,MAAa,UAAW,SAAQ,KAAK;IAGnC,YACE,OAAe,EACC,QAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,aAAQ,GAAR,QAAQ,CAAS;QAGjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,MAAM,QAAQ,GAAuB;YACnC,KAAK,EAAE,IAAI,CAAC,SAAS;YACrB,iBAAiB,EAAE,IAAI,CAAC,OAAO;SAChC,CAAC;QAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;QACrC,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,SAAS;QACX,OAAQ,IAAI,CAAC,WAAiC,CAAC,SAAS,CAAA;IAC1D,CAAC;CACF;AA9BD,gCA8BC;AAED;;;;GAIG;AACH,MAAa,mBAAoB,SAAQ,UAAU;;AAAnD,kDAEC;AADQ,6BAAS,GAAG,iBAAiB,CAAC;AAGvC;;;GAGG;AACH,MAAa,kBAAmB,SAAQ,UAAU;;AAAlD,gDAEC;AADQ,4BAAS,GAAG,gBAAgB,CAAC;AAGtC;;;;GAIG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADQ,2BAAS,GAAG,eAAe,CAAC;AAGrC;;;GAGG;AACH,MAAa,uBAAwB,SAAQ,UAAU;;AAAvD,0DAEC;AADQ,iCAAS,GAAG,qBAAqB,CAAC;AAG3C;;;GAGG;AACH,MAAa,yBAA0B,SAAQ,UAAU;;AAAzD,8DAEC;AADQ,mCAAS,GAAG,wBAAwB,CAAC;AAG9C;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADQ,2BAAS,GAAG,eAAe,CAAC;AAGrC;;GAEG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADQ,2BAAS,GAAG,eAAe,CAAC;AAGrC;;;GAGG;AACH,MAAa,WAAY,SAAQ,UAAU;;AAA3C,kCAEC;AADQ,qBAAS,GAAG,cAAc,CAAC;AAGpC;;;GAGG;AACH,MAAa,2BAA4B,SAAQ,UAAU;;AAA3D,kEAEC;AADQ,qCAAS,GAAG,yBAAyB,CAAC;AAG/C;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,UAAU;;AAA5D,oEAEC;AADQ,sCAAS,GAAG,2BAA2B,CAAC;AAGjD;;;GAGG;AACH,MAAa,yBAA0B,SAAQ,UAAU;;AAAzD,8DAEC;AADQ,mCAAS,GAAG,wBAAwB,CAAC;AAG9C;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADQ,2BAAS,GAAG,eAAe,CAAC;AAGrC;;;GAGG;AACH,MAAa,qBAAsB,SAAQ,UAAU;;AAArD,sDAEC;AADQ,+BAAS,GAAG,oBAAoB,CAAC;AAG1C;;;GAGG;AACH,MAAa,oBAAqB,SAAQ,UAAU;;AAApD,oDAEC;AADQ,8BAAS,GAAG,mBAAmB,CAAC;AAGzC;;;GAGG;AACH,MAAa,0BAA2B,SAAQ,UAAU;;AAA1D,gEAEC;AADQ,oCAAS,GAAG,yBAAyB,CAAC;AAG/C;;GAEG;AACH,MAAa,sBAAuB,SAAQ,UAAU;;AAAtD,wDAEC;AADQ,gCAAS,GAAG,oBAAoB,CAAC;AAG1C;;GAEG;AACH,MAAa,gBAAiB,SAAQ,UAAU;IAC9C,YAA6B,eAAuB,EAAE,OAAe,EAAE,QAAiB;QACtF,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QADE,oBAAe,GAAf,eAAe,CAAQ;IAEpD,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;CACF;AARD,4CAQC;AAED;;GAEG;AACU,QAAA,YAAY,GAAG;IAC1B,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,mBAAmB;IACpD,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,kBAAkB;IAClD,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,uBAAuB,CAAC,SAAS,CAAC,EAAE,uBAAuB;IAC5D,CAAC,yBAAyB,CAAC,SAAS,CAAC,EAAE,yBAAyB;IAChE,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,WAAW;IACpC,CAAC,2BAA2B,CAAC,SAAS,CAAC,EAAE,2BAA2B;IACpE,CAAC,4BAA4B,CAAC,SAAS,CAAC,EAAE,4BAA4B;IACtE,CAAC,yBAAyB,CAAC,SAAS,CAAC,EAAE,yBAAyB;IAChE,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,qBAAqB,CAAC,SAAS,CAAC,EAAE,qBAAqB;IACxD,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,oBAAoB;IACtD,CAAC,0BAA0B,CAAC,SAAS,CAAC,EAAE,0BAA0B;IAClE,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,sBAAsB;CAClD,CAAC"}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../src/server/auth/errors.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACH,MAAa,UAAW,SAAQ,KAAK;IAGjC,YACI,OAAe,EACC,QAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,aAAQ,GAAR,QAAQ,CAAS;QAGjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,gBAAgB;QACZ,MAAM,QAAQ,GAAuB;YACjC,KAAK,EAAE,IAAI,CAAC,SAAS;YACrB,iBAAiB,EAAE,IAAI,CAAC,OAAO;SAClC,CAAC;QAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChB,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;QACvC,CAAC;QAED,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED,IAAI,SAAS;QACT,OAAQ,IAAI,CAAC,WAAiC,CAAC,SAAS,CAAC;IAC7D,CAAC;CACJ;AA9BD,gCA8BC;AAED;;;;GAIG;AACH,MAAa,mBAAoB,SAAQ,UAAU;;AAAnD,kDAEC;AADU,6BAAS,GAAG,iBAAiB,CAAC;AAGzC;;;GAGG;AACH,MAAa,kBAAmB,SAAQ,UAAU;;AAAlD,gDAEC;AADU,4BAAS,GAAG,gBAAgB,CAAC;AAGxC;;;;GAIG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADU,2BAAS,GAAG,eAAe,CAAC;AAGvC;;;GAGG;AACH,MAAa,uBAAwB,SAAQ,UAAU;;AAAvD,0DAEC;AADU,iCAAS,GAAG,qBAAqB,CAAC;AAG7C;;;GAGG;AACH,MAAa,yBAA0B,SAAQ,UAAU;;AAAzD,8DAEC;AADU,mCAAS,GAAG,wBAAwB,CAAC;AAGhD;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADU,2BAAS,GAAG,eAAe,CAAC;AAGvC;;GAEG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADU,2BAAS,GAAG,eAAe,CAAC;AAGvC;;;GAGG;AACH,MAAa,WAAY,SAAQ,UAAU;;AAA3C,kCAEC;AADU,qBAAS,GAAG,cAAc,CAAC;AAGtC;;;GAGG;AACH,MAAa,2BAA4B,SAAQ,UAAU;;AAA3D,kEAEC;AADU,qCAAS,GAAG,yBAAyB,CAAC;AAGjD;;;GAGG;AACH,MAAa,4BAA6B,SAAQ,UAAU;;AAA5D,oEAEC;AADU,sCAAS,GAAG,2BAA2B,CAAC;AAGnD;;;GAGG;AACH,MAAa,yBAA0B,SAAQ,UAAU;;AAAzD,8DAEC;AADU,mCAAS,GAAG,wBAAwB,CAAC;AAGhD;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,UAAU;;AAAjD,8CAEC;AADU,2BAAS,GAAG,eAAe,CAAC;AAGvC;;;GAGG;AACH,MAAa,qBAAsB,SAAQ,UAAU;;AAArD,sDAEC;AADU,+BAAS,GAAG,oBAAoB,CAAC;AAG5C;;;GAGG;AACH,MAAa,oBAAqB,SAAQ,UAAU;;AAApD,oDAEC;AADU,8BAAS,GAAG,mBAAmB,CAAC;AAG3C;;;GAGG;AACH,MAAa,0BAA2B,SAAQ,UAAU;;AAA1D,gEAEC;AADU,oCAAS,GAAG,yBAAyB,CAAC;AAGjD;;GAEG;AACH,MAAa,sBAAuB,SAAQ,UAAU;;AAAtD,wDAEC;AADU,gCAAS,GAAG,oBAAoB,CAAC;AAG5C;;;GAGG;AACH,MAAa,kBAAmB,SAAQ,UAAU;;AAAlD,gDAEC;AADU,4BAAS,GAAG,gBAAgB,CAAC;AAGxC;;GAEG;AACH,MAAa,gBAAiB,SAAQ,UAAU;IAC5C,YACqB,eAAuB,EACxC,OAAe,EACf,QAAiB;QAEjB,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAJR,oBAAe,GAAf,eAAe,CAAQ;IAK5C,CAAC;IAED,IAAI,SAAS;QACT,OAAO,IAAI,CAAC,eAAe,CAAC;IAChC,CAAC;CACJ;AAZD,4CAYC;AAED;;GAEG;AACU,QAAA,YAAY,GAAG;IACxB,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,mBAAmB;IACpD,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,kBAAkB;IAClD,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,uBAAuB,CAAC,SAAS,CAAC,EAAE,uBAAuB;IAC5D,CAAC,yBAAyB,CAAC,SAAS,CAAC,EAAE,yBAAyB;IAChE,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,WAAW;IACpC,CAAC,2BAA2B,CAAC,SAAS,CAAC,EAAE,2BAA2B;IACpE,CAAC,4BAA4B,CAAC,SAAS,CAAC,EAAE,4BAA4B;IACtE,CAAC,yBAAyB,CAAC,SAAS,CAAC,EAAE,yBAAyB;IAChE,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;IAChD,CAAC,qBAAqB,CAAC,SAAS,CAAC,EAAE,qBAAqB;IACxD,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,oBAAoB;IACtD,CAAC,0BAA0B,CAAC,SAAS,CAAC,EAAE,0BAA0B;IAClE,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,sBAAsB;IAC1D,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,kBAAkB;CAC5C,CAAC"}
@@ -1,6 +1,6 @@
-import { RequestHandler } from "express";
-import { OAuthServerProvider } from "../provider.js";
-import { Options as RateLimitOptions } from "express-rate-limit";
+import { RequestHandler } from 'express';
+import { OAuthServerProvider } from '../provider.js';
+import { Options as RateLimitOptions } from 'express-rate-limit';
 export type AuthorizationHandlerOptions = {
    provider: OAuthServerProvider;
    /**
@@ -1 +1 @@
-{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,2BAA2B,GAAG;IACxC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAkBF,wBAAgB,oBAAoB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAkH1H"}
+{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,2BAA2B,GAAG;IACtC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAqBF,wBAAgB,oBAAoB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAgH1H"}
@@ -1,32 +1,58 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.authorizationHandler = authorizationHandler;
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const express_1 = __importDefault(require("express"));
 const express_rate_limit_1 = require("express-rate-limit");
 const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
 const errors_js_1 = require("../errors.js");
 // Parameters that must be validated in order to issue redirects.
-const ClientAuthorizationParamsSchema = zod_1.z.object({
-    client_id: zod_1.z.string(),
-    redirect_uri: zod_1.z.string().optional().refine((value) => value === undefined || URL.canParse(value), { message: "redirect_uri must be a valid URL" }),
+const ClientAuthorizationParamsSchema = z.object({
+    client_id: z.string(),
+    redirect_uri: z
+        .string()
+        .optional()
+        .refine(value => value === undefined || URL.canParse(value), { message: 'redirect_uri must be a valid URL' })
 });
 // Parameters that must be validated for a successful authorization request. Failure can be reported to the redirect URI.
-const RequestAuthorizationParamsSchema = zod_1.z.object({
-    response_type: zod_1.z.literal("code"),
-    code_challenge: zod_1.z.string(),
-    code_challenge_method: zod_1.z.literal("S256"),
-    scope: zod_1.z.string().optional(),
-    state: zod_1.z.string().optional(),
-    resource: zod_1.z.string().url().optional(),
+const RequestAuthorizationParamsSchema = z.object({
+    response_type: z.literal('code'),
+    code_challenge: z.string(),
+    code_challenge_method: z.literal('S256'),
+    scope: z.string().optional(),
+    state: z.string().optional(),
+    resource: z.string().url().optional()
 });
 function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
    // Create a router to apply middleware
    const router = express_1.default.Router();
-    router.use((0, allowedMethods_js_1.allowedMethods)(["GET", "POST"]));
+    router.use((0, allowedMethods_js_1.allowedMethods)(['GET', 'POST']));
    router.use(express_1.default.urlencoded({ extended: false }));
    // Apply rate limiting unless explicitly disabled
    if (rateLimitConfig !== false) {
@@ -39,8 +65,7 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
            ...rateLimitConfig
        }));
    }
-    router.all("/", async (req, res) => {
-        var _a;
+    router.all('/', async (req, res) => {
        res.setHeader('Cache-Control', 'no-store');
        // In the authorization flow, errors are split into two categories:
        // 1. Pre-redirect errors (direct response with 400)
@@ -56,18 +81,18 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
            redirect_uri = result.data.redirect_uri;
            client = await provider.clientsStore.getClient(client_id);
            if (!client) {
-                throw new errors_js_1.InvalidClientError("Invalid client_id");
+                throw new errors_js_1.InvalidClientError('Invalid client_id');
            }
            if (redirect_uri !== undefined) {
                if (!client.redirect_uris.includes(redirect_uri)) {
-                    throw new errors_js_1.InvalidRequestError("Unregistered redirect_uri");
+                    throw new errors_js_1.InvalidRequestError('Unregistered redirect_uri');
                }
            }
            else if (client.redirect_uris.length === 1) {
                redirect_uri = client.redirect_uris[0];
            }
            else {
-                throw new errors_js_1.InvalidRequestError("redirect_uri must be specified when client has multiple registered URIs");
+                throw new errors_js_1.InvalidRequestError('redirect_uri must be specified when client has multiple registered URIs');
            }
        }
        catch (error) {
@@ -82,7 +107,7 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
                res.status(status).json(error.toResponseObject());
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.status(500).json(serverError.toResponseObject());
            }
            return;
@@ -100,14 +125,7 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
            // Validate scopes
            let requestedScopes = [];
            if (scope !== undefined) {
-                requestedScopes = scope.split(" ");
-                const allowedScopes = new Set((_a = client.scope) === null || _a === void 0 ? void 0 : _a.split(" "));
-                // Check each requested scope against allowed scopes
-                for (const scope of requestedScopes) {
-                    if (!allowedScopes.has(scope)) {
-                        throw new errors_js_1.InvalidScopeError(`Client was not registered with scope ${scope}`);
-                    }
-                }
+                requestedScopes = scope.split(' ');
            }
            // All validation passed, proceed with authorization
            await provider.authorize(client, {
@@ -115,7 +133,7 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
                scopes: requestedScopes,
                redirectUri: redirect_uri,
                codeChallenge: code_challenge,
-                resource: resource ? new URL(resource) : undefined,
+                resource: resource ? new URL(resource) : undefined
            }, res);
        }
        catch (error) {
@@ -124,7 +142,7 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
                res.redirect(302, createErrorRedirect(redirect_uri, error, state));
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.redirect(302, createErrorRedirect(redirect_uri, serverError, state));
            }
        }
@@ -136,13 +154,13 @@ function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
 */
 function createErrorRedirect(redirectUri, error, state) {
    const errorUrl = new URL(redirectUri);
-    errorUrl.searchParams.set("error", error.errorCode);
-    errorUrl.searchParams.set("error_description", error.message);
+    errorUrl.searchParams.set('error', error.errorCode);
+    errorUrl.searchParams.set('error_description', error.message);
    if (error.errorUri) {
-        errorUrl.searchParams.set("error_uri", error.errorUri);
+        errorUrl.searchParams.set('error_uri', error.errorUri);
    }
    if (state) {
-        errorUrl.searchParams.set("state", state);
+        errorUrl.searchParams.set('state', state);
    }
    return errorUrl.href;
 }
@@ -1,4 +1,4 @@
-import { RequestHandler } from "express";
-import { OAuthMetadata, OAuthProtectedResourceMetadata } from "../../../shared/auth.js";
+import { RequestHandler } from 'express';
+import { OAuthMetadata, OAuthProtectedResourceMetadata } from '../../../shared/auth.js';
 export declare function metadataHandler(metadata: OAuthMetadata | OAuthProtectedResourceMetadata): RequestHandler;
 //# sourceMappingURL=metadata.d.ts.map
@@ -12,8 +12,8 @@ function metadataHandler(metadata) {
    const router = express_1.default.Router();
    // Configure CORS to allow any origin, to make accessible to web-based MCP clients
    router.use((0, cors_1.default)());
-    router.use((0, allowedMethods_js_1.allowedMethods)(['GET']));
-    router.get("/", (req, res) => {
+    router.use((0, allowedMethods_js_1.allowedMethods)(['GET', 'OPTIONS']));
+    router.get('/', (req, res) => {
        res.status(200).json(metadata);
    });
    return router;
@@ -1 +1 @@
-{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":";;;;;AAKA,0CAaC;AAlBD,sDAAkD;AAElD,gDAAwB;AACxB,uEAAiE;AAEjE,SAAgB,eAAe,CAAC,QAAwD;IACtF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":";;;;;AAKA,0CAaC;AAlBD,sDAAkD;AAElD,gDAAwB;AACxB,uEAAiE;AAEjE,SAAgB,eAAe,CAAC,QAAwD;IACpF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
@@ -1,6 +1,6 @@
-import { RequestHandler } from "express";
-import { OAuthRegisteredClientsStore } from "../clients.js";
-import { Options as RateLimitOptions } from "express-rate-limit";
+import { RequestHandler } from 'express';
+import { OAuthRegisteredClientsStore } from '../clients.js';
+import { Options as RateLimitOptions } from 'express-rate-limit';
 export type ClientRegistrationHandlerOptions = {
    /**
     * A store used to save information about dynamically registered OAuth clients.
@@ -25,5 +25,5 @@ export type ClientRegistrationHandlerOptions = {
     */
    clientIdGeneration?: boolean;
 };
-export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration, }: ClientRegistrationHandlerOptions): RequestHandler;
+export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration }: ClientRegistrationHandlerOptions): RequestHandler;
 //# sourceMappingURL=register.d.ts.map
@@ -1 +1 @@
-{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAS5E,MAAM,MAAM,gCAAgC,GAAG;IAC7C;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;IAE1C;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;IAE9C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,EACxC,YAAY,EACZ,yBAAgE,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAyB,GAC1B,EAAE,gCAAgC,GAAG,cAAc,CA0EnD"}
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,gCAAgC,GAAG;IAC3C;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;IAE1C;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;IAE9C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAgE,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAyB,EAC5B,EAAE,gCAAgC,GAAG,cAAc,CA0EnD"}
@@ -12,15 +12,15 @@ const express_rate_limit_1 = require("express-rate-limit");
 const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
 const errors_js_1 = require("../errors.js");
 const DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS = 30 * 24 * 60 * 60; // 30 days
-function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true, }) {
+function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true }) {
    if (!clientsStore.registerClient) {
-        throw new Error("Client registration store does not support registering clients");
+        throw new Error('Client registration store does not support registering clients');
    }
    // Nested router so we can configure middleware and restrict HTTP method
    const router = express_1.default.Router();
    // Configure CORS to allow any origin, to make accessible to web-based MCP clients
    router.use((0, cors_1.default)());
-    router.use((0, allowedMethods_js_1.allowedMethods)(["POST"]));
+    router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
    router.use(express_1.default.json());
    // Apply rate limiting unless explicitly disabled - stricter limits for registration
    if (rateLimitConfig !== false) {
@@ -33,7 +33,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
            ...rateLimitConfig
        }));
    }
-    router.post("/", async (req, res) => {
+    router.post('/', async (req, res) => {
        res.setHeader('Cache-Control', 'no-store');
        try {
            const parseResult = auth_js_1.OAuthClientMetadataSchema.safeParse(req.body);
@@ -43,9 +43,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
            const clientMetadata = parseResult.data;
            const isPublicClient = clientMetadata.token_endpoint_auth_method === 'none';
            // Generate client credentials
-            const clientSecret = isPublicClient
-                ? undefined
-                : node_crypto_1.default.randomBytes(32).toString('hex');
+            const clientSecret = isPublicClient ? undefined : node_crypto_1.default.randomBytes(32).toString('hex');
            const clientIdIssuedAt = Math.floor(Date.now() / 1000);
            // Calculate client secret expiry time
            const clientsDoExpire = clientSecretExpirySeconds > 0;
@@ -54,7 +52,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
            let clientInfo = {
                ...clientMetadata,
                client_secret: clientSecret,
-                client_secret_expires_at: clientSecretExpiresAt,
+                client_secret_expires_at: clientSecretExpiresAt
            };
            if (clientIdGeneration) {
                clientInfo.client_id = node_crypto_1.default.randomUUID();
@@ -69,7 +67,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
                res.status(status).json(error.toResponseObject());
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.status(500).json(serverError.toResponseObject());
            }
        }
@@ -1 +1 @@
-{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":";;;;;AA4CA,8DA+EC;AA3HD,sDAAkD;AAClD,qDAAgG;AAChG,8DAAiC;AACjC,gDAAwB;AAExB,2DAA4E;AAC5E,uEAAiE;AACjE,4CAKsB;AA8BtB,MAAM,oCAAoC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE1E,SAAgB,yBAAyB,CAAC,EACxC,YAAY,EACZ,yBAAyB,GAAG,oCAAoC,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAkB,GAAG,IAAI,GACQ;IACjC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAE3B,oFAAoF;IACpF,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,IAAA,8BAAS,EAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnC,GAAG,EAAE,EAAE,EAAE,+DAA+D;YACxE,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,mEAAmE,CAAC,CAAC,gBAAgB,EAAE;YACzH,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,mCAAyB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,sCAA0B,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC;YACxC,MAAM,cAAc,GAAG,cAAc,CAAC,0BAA0B,KAAK,MAAM,CAAA;YAE3E,8BAA8B;YAC9B,MAAM,YAAY,GAAG,cAAc;gBACjC,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,qBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC3C,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEvD,sCAAsC;YACtC,MAAM,eAAe,GAAG,yBAAyB,GAAG,CAAC,CAAA;YACrD,MAAM,gBAAgB,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAA;YAC3F,MAAM,qBAAqB,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAA;YAE3E,IAAI,UAAU,GAA2E;gBACvF,GAAG,cAAc;gBACjB,aAAa,EAAE,YAAY;gBAC3B,wBAAwB,EAAE,qBAAqB;aAChD,CAAC;YAEF,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,CAAC,SAAS,GAAG,qBAAM,CAAC,UAAU,EAAE,CAAC;gBAC3C,UAAU,CAAC,mBAAmB,GAAG,gBAAgB,CAAC;YACpD,CAAC;YAED,UAAU,GAAG,MAAM,YAAY,CAAC,cAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":";;;;;AAuCA,8DA+EC;AAtHD,sDAAkD;AAClD,qDAAgG;AAChG,8DAAiC;AACjC,gDAAwB;AAExB,2DAA4E;AAC5E,uEAAiE;AACjE,4CAAyG;AA8BzG,MAAM,oCAAoC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE1E,SAAgB,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAyB,GAAG,oCAAoC,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAkB,GAAG,IAAI,EACM;IAC/B,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAE3B,oFAAoF;IACpF,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnC,GAAG,EAAE,EAAE,EAAE,+DAA+D;YACxE,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,mEAAmE,CAAC,CAAC,gBAAgB,EAAE;YACzH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,mCAAyB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,sCAA0B,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpE,CAAC;YAED,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC;YACxC,MAAM,cAAc,GAAG,cAAc,CAAC,0BAA0B,KAAK,MAAM,CAAC;YAE5E,8BAA8B;YAC9B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,qBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACzF,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEvD,sCAAsC;YACtC,MAAM,eAAe,GAAG,yBAAyB,GAAG,CAAC,CAAC;YACtD,MAAM,gBAAgB,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5F,MAAM,qBAAqB,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC;YAE5E,IAAI,UAAU,GAA2E;gBACrF,GAAG,cAAc;gBACjB,aAAa,EAAE,YAAY;gBAC3B,wBAAwB,EAAE,qBAAqB;aAClD,CAAC;YAEF,IAAI,kBAAkB,EAAE,CAAC;gBACrB,UAAU,CAAC,SAAS,GAAG,qBAAM,CAAC,UAAU,EAAE,CAAC;gBAC3C,UAAU,CAAC,mBAAmB,GAAG,gBAAgB,CAAC;YACtD,CAAC;YAED,UAAU,GAAG,MAAM,YAAY,CAAC,cAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
@@ -1,6 +1,6 @@
-import { OAuthServerProvider } from "../provider.js";
-import { RequestHandler } from "express";
-import { Options as RateLimitOptions } from "express-rate-limit";
+import { OAuthServerProvider } from '../provider.js';
+import { RequestHandler } from 'express';
+import { Options as RateLimitOptions } from 'express-rate-limit';
 export type RevocationHandlerOptions = {
    provider: OAuthServerProvider;
    /**
@@ -9,5 +9,5 @@ export type RevocationHandlerOptions = {
     */
    rateLimit?: Partial<RateLimitOptions> | false;
 };
-export declare function revocationHandler({ provider, rateLimit: rateLimitConfig, }: RevocationHandlerOptions): RequestHandler;
+export declare function revocationHandler({ provider, rateLimit: rateLimitConfig }: RevocationHandlerOptions): RequestHandler;
 //# sourceMappingURL=revoke.d.ts.map
@@ -1 +1 @@
-{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAS5E,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,EAChC,QAAQ,EACR,SAAS,EAAE,eAAe,GAC3B,EAAE,wBAAwB,GAAG,cAAc,CA8D3C"}
+{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,wBAAwB,GAAG;IACnC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,wBAAwB,GAAG,cAAc,CA4DpH"}
@@ -11,15 +11,15 @@ const auth_js_1 = require("../../../shared/auth.js");
 const express_rate_limit_1 = require("express-rate-limit");
 const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
 const errors_js_1 = require("../errors.js");
-function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
+function revocationHandler({ provider, rateLimit: rateLimitConfig }) {
    if (!provider.revokeToken) {
-        throw new Error("Auth provider does not support revoking tokens");
+        throw new Error('Auth provider does not support revoking tokens');
    }
    // Nested router so we can configure middleware and restrict HTTP method
    const router = express_1.default.Router();
    // Configure CORS to allow any origin, to make accessible to web-based MCP clients
    router.use((0, cors_1.default)());
-    router.use((0, allowedMethods_js_1.allowedMethods)(["POST"]));
+    router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
    router.use(express_1.default.urlencoded({ extended: false }));
    // Apply rate limiting unless explicitly disabled
    if (rateLimitConfig !== false) {
@@ -28,14 +28,14 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
            max: 50, // 50 requests per windowMs
            standardHeaders: true,
            legacyHeaders: false,
-            message: new errors_js_1.TooManyRequestsError("You have exceeded the rate limit for token revocation requests").toResponseObject(),
-            ...rateLimitConfig,
+            message: new errors_js_1.TooManyRequestsError('You have exceeded the rate limit for token revocation requests').toResponseObject(),
+            ...rateLimitConfig
        }));
    }
    // Authenticate and extract client details
    router.use((0, clientAuth_js_1.authenticateClient)({ clientsStore: provider.clientsStore }));
-    router.post("/", async (req, res) => {
-        res.setHeader("Cache-Control", "no-store");
+    router.post('/', async (req, res) => {
+        res.setHeader('Cache-Control', 'no-store');
        try {
            const parseResult = auth_js_1.OAuthTokenRevocationRequestSchema.safeParse(req.body);
            if (!parseResult.success) {
@@ -44,7 +44,7 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
            const client = req.client;
            if (!client) {
                // This should never happen
-                throw new errors_js_1.ServerError("Internal Server Error");
+                throw new errors_js_1.ServerError('Internal Server Error');
            }
            await provider.revokeToken(client, parseResult.data);
            res.status(200).json({});
@@ -55,7 +55,7 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
                res.status(status).json(error.toResponseObject());
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.status(500).json(serverError.toResponseObject());
            }
        }
@@ -1 +1 @@
-{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":";;;;;AAuBA,8CAiEC;AAvFD,sDAAkD;AAClD,gDAAwB;AACxB,+DAAiE;AACjE,qDAA4E;AAC5E,2DAA4E;AAC5E,uEAAiE;AACjE,4CAKsB;AAWtB,SAAgB,iBAAiB,CAAC,EAChC,QAAQ,EACR,SAAS,EAAE,eAAe,GACD;IACzB,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CACR,IAAA,8BAAS,EAAC;YACR,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAC/B,gEAAgE,CACjE,CAAC,gBAAgB,EAAE;YACpB,GAAG,eAAe;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,2CAAiC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,QAAQ,CAAC,WAAY,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":";;;;;AAkBA,8CA4DC;AA7ED,sDAAkD;AAClD,gDAAwB;AACxB,+DAAiE;AACjE,qDAA4E;AAC5E,2DAA4E;AAC5E,uEAAiE;AACjE,4CAAkG;AAWlG,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA4B;IAChG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACtE,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,gEAAgE,CAAC,CAAC,gBAAgB,EAAE;YACtH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,2CAAiC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,QAAQ,CAAC,WAAY,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
@@ -1,6 +1,6 @@
-import { RequestHandler } from "express";
-import { OAuthServerProvider } from "../provider.js";
-import { Options as RateLimitOptions } from "express-rate-limit";
+import { RequestHandler } from 'express';
+import { OAuthServerProvider } from '../provider.js';
+import { Options as RateLimitOptions } from 'express-rate-limit';
 export type TokenHandlerOptions = {
    provider: OAuthServerProvider;
    /**
@@ -1 +1 @@
-{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAmBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CA4G1G"}
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAC9B,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAmBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CA+G1G"}
@@ -1,10 +1,33 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.tokenHandler = tokenHandler;
-const zod_1 = require("zod");
+const z = __importStar(require("zod/v4"));
 const express_1 = __importDefault(require("express"));
 const cors_1 = __importDefault(require("cors"));
 const pkce_challenge_1 = require("pkce-challenge");
@@ -12,32 +35,32 @@ const clientAuth_js_1 = require("../middleware/clientAuth.js");
 const express_rate_limit_1 = require("express-rate-limit");
 const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
 const errors_js_1 = require("../errors.js");
-const TokenRequestSchema = zod_1.z.object({
-    grant_type: zod_1.z.string(),
+const TokenRequestSchema = z.object({
+    grant_type: z.string()
 });
-const AuthorizationCodeGrantSchema = zod_1.z.object({
-    code: zod_1.z.string(),
-    code_verifier: zod_1.z.string(),
-    redirect_uri: zod_1.z.string().optional(),
-    resource: zod_1.z.string().url().optional(),
+const AuthorizationCodeGrantSchema = z.object({
+    code: z.string(),
+    code_verifier: z.string(),
+    redirect_uri: z.string().optional(),
+    resource: z.string().url().optional()
 });
-const RefreshTokenGrantSchema = zod_1.z.object({
-    refresh_token: zod_1.z.string(),
-    scope: zod_1.z.string().optional(),
-    resource: zod_1.z.string().url().optional(),
+const RefreshTokenGrantSchema = z.object({
+    refresh_token: z.string(),
+    scope: z.string().optional(),
+    resource: z.string().url().optional()
 });
 function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
    // Nested router so we can configure middleware and restrict HTTP method
    const router = express_1.default.Router();
    // Configure CORS to allow any origin, to make accessible to web-based MCP clients
    router.use((0, cors_1.default)());
-    router.use((0, allowedMethods_js_1.allowedMethods)(["POST"]));
+    router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
    router.use(express_1.default.urlencoded({ extended: false }));
    // Apply rate limiting unless explicitly disabled
    if (rateLimitConfig !== false) {
        router.use((0, express_rate_limit_1.rateLimit)({
            windowMs: 15 * 60 * 1000, // 15 minutes
-            max: 50, // 50 requests per windowMs 
+            max: 50, // 50 requests per windowMs
            standardHeaders: true,
            legacyHeaders: false,
            message: new errors_js_1.TooManyRequestsError('You have exceeded the rate limit for token requests').toResponseObject(),
@@ -46,7 +69,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
    }
    // Authenticate and extract client details
    router.use((0, clientAuth_js_1.authenticateClient)({ clientsStore: provider.clientsStore }));
-    router.post("/", async (req, res) => {
+    router.post('/', async (req, res) => {
        res.setHeader('Cache-Control', 'no-store');
        try {
            const parseResult = TokenRequestSchema.safeParse(req.body);
@@ -57,22 +80,22 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
            const client = req.client;
            if (!client) {
                // This should never happen
-                throw new errors_js_1.ServerError("Internal Server Error");
+                throw new errors_js_1.ServerError('Internal Server Error');
            }
            switch (grant_type) {
-                case "authorization_code": {
+                case 'authorization_code': {
                    const parseResult = AuthorizationCodeGrantSchema.safeParse(req.body);
                    if (!parseResult.success) {
                        throw new errors_js_1.InvalidRequestError(parseResult.error.message);
                    }
                    const { code, code_verifier, redirect_uri, resource } = parseResult.data;
                    const skipLocalPkceValidation = provider.skipLocalPkceValidation;
-                    // Perform local PKCE validation unless explicitly skipped 
+                    // Perform local PKCE validation unless explicitly skipped
                    // (e.g. to validate code_verifier in upstream server)
                    if (!skipLocalPkceValidation) {
                        const codeChallenge = await provider.challengeForAuthorizationCode(client, code);
                        if (!(await (0, pkce_challenge_1.verifyChallenge)(code_verifier, codeChallenge))) {
-                            throw new errors_js_1.InvalidGrantError("code_verifier does not match the challenge");
+                            throw new errors_js_1.InvalidGrantError('code_verifier does not match the challenge');
                        }
                    }
                    // Passes the code_verifier to the provider if PKCE validation didn't occur locally
@@ -80,21 +103,21 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
                    res.status(200).json(tokens);
                    break;
                }
-                case "refresh_token": {
+                case 'refresh_token': {
                    const parseResult = RefreshTokenGrantSchema.safeParse(req.body);
                    if (!parseResult.success) {
                        throw new errors_js_1.InvalidRequestError(parseResult.error.message);
                    }
                    const { refresh_token, scope, resource } = parseResult.data;
-                    const scopes = scope === null || scope === void 0 ? void 0 : scope.split(" ");
+                    const scopes = scope?.split(' ');
                    const tokens = await provider.exchangeRefreshToken(client, refresh_token, scopes, resource ? new URL(resource) : undefined);
                    res.status(200).json(tokens);
                    break;
                }
-                // Not supported right now
-                //case "client_credentials":
+                // Additional auth methods will not be added on the server side of the SDK.
+                case 'client_credentials':
                default:
-                    throw new errors_js_1.UnsupportedGrantTypeError("The grant type is not supported by this authorization server.");
+                    throw new errors_js_1.UnsupportedGrantTypeError('The grant type is not supported by this authorization server.');
            }
        }
        catch (error) {
@@ -103,7 +126,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
                res.status(status).json(error.toResponseObject());
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.status(500).json(serverError.toResponseObject());
            }
        }
@@ -1 +1 @@
-{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;AA2CA,oCA4GC;AAvJD,6BAAwB;AACxB,sDAAkD;AAElD,gDAAwB;AACxB,mDAAiD;AACjD,+DAAiE;AACjE,2DAA4E;AAC5E,uEAAiE;AACjE,4CAOsB;AAWtB,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACvB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,SAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAuB;IACxF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,IAAA,8BAAS,EAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,4BAA4B;YACrC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,qDAAqD,CAAC,CAAC,gBAAgB,EAAE;YAC3G,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACjD,CAAC;YAED,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBAC1B,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC3D,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAEzE,MAAM,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;oBAEjE,2DAA2D;oBAC3D,sDAAsD;oBACtD,IAAI,CAAC,uBAAuB,EAAE,CAAC;wBAC7B,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,6BAA6B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;wBACjF,IAAI,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;4BAC3D,MAAM,IAAI,6BAAiB,CAAC,4CAA4C,CAAC,CAAC;wBAC5E,CAAC;oBACH,CAAC;oBAED,mFAAmF;oBACnF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACrD,MAAM,EACN,IAAI,EACJ,uBAAuB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EACnD,YAAY,EACZ,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CACzC,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACR,CAAC;gBAED,KAAK,eAAe,CAAC,CAAC,CAAC;oBACrB,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC3D,CAAC;oBAED,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAE5D,MAAM,MAAM,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;oBAC5H,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACR,CAAC;gBAED,0BAA0B;gBAC1B,4BAA4B;gBAE5B;oBACE,MAAM,IAAI,qCAAyB,CACjC,+DAA+D,CAChE,CAAC;YACN,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CA,oCA+GC;AA1JD,0CAA4B;AAC5B,sDAAkD;AAElD,gDAAwB;AACxB,mDAAiD;AACjD,+DAAiE;AACjE,2DAA4E;AAC5E,uEAAiE;AACjE,4CAOsB;AAWtB,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,SAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAuB;IACtF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,qDAAqD,CAAC,CAAC,gBAAgB,EAAE;YAC3G,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,QAAQ,UAAU,EAAE,CAAC;gBACjB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBACxB,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAEzE,MAAM,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;oBAEjE,0DAA0D;oBAC1D,sDAAsD;oBACtD,IAAI,CAAC,uBAAuB,EAAE,CAAC;wBAC3B,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,6BAA6B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;wBACjF,IAAI,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;4BACzD,MAAM,IAAI,6BAAiB,CAAC,4CAA4C,CAAC,CAAC;wBAC9E,CAAC;oBACL,CAAC;oBAED,mFAAmF;oBACnF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACnD,MAAM,EACN,IAAI,EACJ,uBAAuB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EACnD,YAAY,EACZ,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBAED,KAAK,eAAe,CAAC,CAAC,CAAC;oBACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAE5D,MAAM,MAAM,GAAG,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAC9C,MAAM,EACN,aAAa,EACb,MAAM,EACN,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBACD,2EAA2E;gBAC3E,KAAK,oBAAoB,CAAC;gBAC1B;oBACI,MAAM,IAAI,qCAAyB,CAAC,+DAA+D,CAAC,CAAC;YAC7G,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
@@ -1,4 +1,4 @@
-import { RequestHandler } from "express";
+import { RequestHandler } from 'express';
 /**
 * Middleware to handle unsupported HTTP methods with a 405 Method Not Allowed response.
 *
@@ -1 +1 @@
-{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,CAYvE"}
+{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,CAUvE"}
@@ -15,9 +15,7 @@ function allowedMethods(allowedMethods) {
            return;
        }
        const error = new errors_js_1.MethodNotAllowedError(`The method ${req.method} is not allowed for this endpoint`);
-        res.status(405)
-            .set('Allow', allowedMethods.join(', '))
-            .json(error.toResponseObject());
+        res.status(405).set('Allow', allowedMethods.join(', ')).json(error.toResponseObject());
    };
 }
 //# sourceMappingURL=allowedMethods.js.map
@@ -1 +1 @@
-{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":";;AASA,wCAYC;AApBD,4CAAqD;AAErD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,cAAwB;IACrD,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,iCAAqB,CAAC,cAAc,GAAG,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;aACZ,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACvC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":";;AASA,wCAUC;AAlBD,4CAAqD;AAErD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,cAAwB;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,IAAI,EAAE,CAAC;YACP,OAAO;QACX,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,iCAAqB,CAAC,cAAc,GAAG,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC3F,CAAC,CAAC;AACN,CAAC"}
@@ -1,6 +1,6 @@
-import { RequestHandler } from "express";
-import { OAuthTokenVerifier } from "../provider.js";
-import { AuthInfo } from "../types.js";
+import { RequestHandler } from 'express';
+import { OAuthTokenVerifier } from '../provider.js';
+import { AuthInfo } from '../types.js';
 export type BearerAuthMiddlewareOptions = {
    /**
     * A provider used to verify tokens.
@@ -15,7 +15,7 @@ export type BearerAuthMiddlewareOptions = {
     */
    resourceMetadataUrl?: string;
 };
-declare module "express-serve-static-core" {
+declare module 'express-serve-static-core' {
    interface Request {
        /**
         * Information about the validated access token, if the `requireBearerAuth` middleware was used.
@@ -1 +1 @@
-{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;IACxC;;OAEG;IACH,QAAQ,EAAE,kBAAkB,CAAC;IAE7B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,OAAO,QAAQ,2BAA2B,CAAC;IACzC,UAAU,OAAO;QACf;;WAEG;QACH,IAAI,CAAC,EAAE,QAAQ,CAAC;KACjB;CACF;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAmB,EAAE,mBAAmB,EAAE,EAAE,2BAA2B,GAAG,cAAc,CA0DrI"}
+{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;IACtC;;OAEG;IACH,QAAQ,EAAE,kBAAkB,CAAC;IAE7B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,QAAQ,2BAA2B,CAAC;IACvC,UAAU,OAAO;QACb;;WAEG;QACH,IAAI,CAAC,EAAE,QAAQ,CAAC;KACnB;CACJ;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAmB,EAAE,mBAAmB,EAAE,EAAE,2BAA2B,GAAG,cAAc,CA8DrI"}
@@ -15,7 +15,7 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
        try {
            const authHeader = req.headers.authorization;
            if (!authHeader) {
-                throw new errors_js_1.InvalidTokenError("Missing Authorization header");
+                throw new errors_js_1.InvalidTokenError('Missing Authorization header');
            }
            const [type, token] = authHeader.split(' ');
            if (type.toLowerCase() !== 'bearer' || !token) {
@@ -26,32 +26,37 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
            if (requiredScopes.length > 0) {
                const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope));
                if (!hasAllScopes) {
-                    throw new errors_js_1.InsufficientScopeError("Insufficient scope");
+                    throw new errors_js_1.InsufficientScopeError('Insufficient scope');
                }
            }
            // Check if the token is set to expire or if it is expired
            if (typeof authInfo.expiresAt !== 'number' || isNaN(authInfo.expiresAt)) {
-                throw new errors_js_1.InvalidTokenError("Token has no expiration time");
+                throw new errors_js_1.InvalidTokenError('Token has no expiration time');
            }
            else if (authInfo.expiresAt < Date.now() / 1000) {
-                throw new errors_js_1.InvalidTokenError("Token has expired");
+                throw new errors_js_1.InvalidTokenError('Token has expired');
            }
            req.auth = authInfo;
            next();
        }
        catch (error) {
+            // Build WWW-Authenticate header parts
+            const buildWwwAuthHeader = (errorCode, message) => {
+                let header = `Bearer error="${errorCode}", error_description="${message}"`;
+                if (requiredScopes.length > 0) {
+                    header += `, scope="${requiredScopes.join(' ')}"`;
+                }
+                if (resourceMetadataUrl) {
+                    header += `, resource_metadata="${resourceMetadataUrl}"`;
+                }
+                return header;
+            };
            if (error instanceof errors_js_1.InvalidTokenError) {
-                const wwwAuthValue = resourceMetadataUrl
-                    ? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
-                    : `Bearer error="${error.errorCode}", error_description="${error.message}"`;
-                res.set("WWW-Authenticate", wwwAuthValue);
+                res.set('WWW-Authenticate', buildWwwAuthHeader(error.errorCode, error.message));
                res.status(401).json(error.toResponseObject());
            }
            else if (error instanceof errors_js_1.InsufficientScopeError) {
-                const wwwAuthValue = resourceMetadataUrl
-                    ? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
-                    : `Bearer error="${error.errorCode}", error_description="${error.message}"`;
-                res.set("WWW-Authenticate", wwwAuthValue);
+                res.set('WWW-Authenticate', buildWwwAuthHeader(error.errorCode, error.message));
                res.status(403).json(error.toResponseObject());
            }
            else if (error instanceof errors_js_1.ServerError) {
@@ -61,7 +66,7 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
                res.status(400).json(error.toResponseObject());
            }
            else {
-                const serverError = new errors_js_1.ServerError("Internal Server Error");
+                const serverError = new errors_js_1.ServerError('Internal Server Error');
                res.status(500).json(serverError.toResponseObject());
            }
        }
@@ -1 +1 @@
-{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;AAuCA,8CA0DC;AAhGD,4CAAkG;AA8BlG;;;;;;;GAOG;AACH,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;IACnH,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAC9D,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9C,MAAM,IAAI,6BAAiB,CAAC,8DAA8D,CAAC,CAAC;YAC9F,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAEzD,kDAAkD;YAClD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAChD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAChC,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,kCAAsB,CAAC,oBAAoB,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,0DAA0D;YAC1D,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxE,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAC9D,CAAC;iBAAM,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBAClD,MAAM,IAAI,6BAAiB,CAAC,mBAAmB,CAAC,CAAC;YACnD,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,6BAAiB,EAAE,CAAC;gBACvC,MAAM,YAAY,GAAG,mBAAmB;oBACtC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAC9E,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,kCAAsB,EAAE,CAAC;gBACnD,MAAM,YAAY,GAAG,mBAAmB;oBACtC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAC9E,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,uBAAW,EAAE,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;AAuCA,8CA8DC;AApGD,4CAAkG;AA8BlG;;;;;;;GAOG;AACH,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;IACjH,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5B,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC5C,MAAM,IAAI,6BAAiB,CAAC,8DAA8D,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAEzD,kDAAkD;YAClD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBAEpF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChB,MAAM,IAAI,kCAAsB,CAAC,oBAAoB,CAAC,CAAC;gBAC3D,CAAC;YACL,CAAC;YAED,0DAA0D;YAC1D,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;iBAAM,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,6BAAiB,CAAC,mBAAmB,CAAC,CAAC;YACrD,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,IAAI,EAAE,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,sCAAsC;YACtC,MAAM,kBAAkB,GAAG,CAAC,SAAiB,EAAE,OAAe,EAAU,EAAE;gBACtE,IAAI,MAAM,GAAG,iBAAiB,SAAS,yBAAyB,OAAO,GAAG,CAAC;gBAC3E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,IAAI,YAAY,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBACtD,CAAC;gBACD,IAAI,mBAAmB,EAAE,CAAC;oBACtB,MAAM,IAAI,wBAAwB,mBAAmB,GAAG,CAAC;gBAC7D,CAAC;gBACD,OAAO,MAAM,CAAC;YAClB,CAAC,CAAC;YAEF,IAAI,KAAK,YAAY,6BAAiB,EAAE,CAAC;gBACrC,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,kCAAsB,EAAE,CAAC;gBACjD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,uBAAW,EAAE,CAAC;gBACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}
@@ -1,13 +1,13 @@
-import { RequestHandler } from "express";
-import { OAuthRegisteredClientsStore } from "../clients.js";
-import { OAuthClientInformationFull } from "../../../shared/auth.js";
+import { RequestHandler } from 'express';
+import { OAuthRegisteredClientsStore } from '../clients.js';
+import { OAuthClientInformationFull } from '../../../shared/auth.js';
 export type ClientAuthenticationMiddlewareOptions = {
    /**
     * A store used to read information about registered OAuth clients.
     */
    clientsStore: OAuthRegisteredClientsStore;
 };
-declare module "express-serve-static-core" {
+declare module 'express-serve-static-core' {
    interface Request {
        /**
         * The authenticated client for this request, if the `authenticateClient` middleware was used.
@@ -1 +1 @@
-{"version":3,"file":"clientAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAGrE,MAAM,MAAM,qCAAqC,GAAG;IAClD;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;CAC3C,CAAA;AAOD,OAAO,QAAQ,2BAA2B,CAAC;IACzC,UAAU,OAAO;QACf;;WAEG;QACH,MAAM,CAAC,EAAE,0BAA0B,CAAC;KACrC;CACF;AAED,wBAAgB,kBAAkB,CAAC,EAAE,YAAY,EAAE,EAAE,qCAAqC,GAAG,cAAc,CA4C1G"}
+{"version":3,"file":"clientAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAGrE,MAAM,MAAM,qCAAqC,GAAG;IAChD;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;CAC7C,CAAC;AAOF,OAAO,QAAQ,2BAA2B,CAAC;IACvC,UAAU,OAAO;QACb;;WAEG;QACH,MAAM,CAAC,EAAE,0BAA0B,CAAC;KACvC;CACJ;AAED,wBAAgB,kBAAkB,CAAC,EAAE,YAAY,EAAE,EAAE,qCAAqC,GAAG,cAAc,CAoC1G"}
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":""}`
				`@@ -1 +0,0 @@`
				{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;;;AAAA,4CAA2B;AAE3B,8DAA8D;AAC7D,MAAc,CAAC,SAAS,GAAG,YAAS,CAAC;AAEtC,sDAA8B;AAC9B,gDAA2C;AAC3C,4CAAqD;AACrD,gDAAyD;AACzD,wDAAiE;AACjE,gDAA2C;AAC3C,4CAAqD;AACrD,gDAAyD;AACzD,yCAAuD;AAEvD,KAAK,UAAU,SAAS,CAAC,cAAsB,EAAE,IAAc;IAC7D,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,QAAQ,EAAE,EAAE;SACb;KACF,CACF,CAAC;IAEF,IAAI,eAAe,CAAC;IAEpB,IAAI,GAAG,GAAoB,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;IAChC,CAAC;IAAC,WAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,OAAO,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,QAAQ,EAAE,CAAC;QAC5D,eAAe,GAAG,IAAI,2BAAkB,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,KAAK,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,QAAQ,MAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,GAAG,IAAI,uCAAwB,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,eAAe,GAAG,IAAI,+BAAoB,CAAC;YACzC,OAAO,EAAE,cAAc;YACvB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAEpC,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE5B,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,EAAE,oCAAyB,CAAC,CAAC;IAE9E,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAmB;IAC1C,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;QAEtB,IAAI,OAAO,GAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YAEtC,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;gBACE,IAAI,EAAE,4BAA4B;gBAClC,OAAO,EAAE,OAAO;aACjB,EACD;gBACE,YAAY,EAAE,EAAE;aACjB,CACF,CAAC;YAEF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,MAAM,CAAC,OAAO,GAAG,GAAG,EAAE;gBACpB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;YAChD,CAAC,CAAC;YAEF,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACtC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAEhC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAmB,CAAC;YAChD,MAAM,SAAS,GAAG,OAAO;iBACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAA+B,CAAC;iBAC7C,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE;YACzB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,MAAM,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB;YACE,IAAI,EAAE,4BAA4B;YAClC,OAAO,EAAE,OAAO;SACjB,EACD;YACE,YAAY,EAAE;gBACZ,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE;aACZ;SACF,CACF,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACxB,QAAQ,OAAO,EAAE,CAAC;IAChB,KAAK,QAAQ;QACX,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM;IAER,KAAK,QAAQ,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM;IACR,CAAC;IAED;QACE,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC"}