Skip to content

Commit 3686059

Browse files
MrGDCrazyMrGDCrazy
authored
Merge pull request #1 from MrGDCrazy/claude/audit-typescript-sdk-SuqNb
2 parents f0f4a47 + 3abbb6e commit 3686059

6 files changed

Lines changed: 26 additions & 26 deletions

File tree

.github/CODEOWNERS

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,11 @@
44
* @modelcontextprotocol/typescript-sdk
55

66
# Auth team owns all auth-related code
7-
/src/server/auth/ @modelcontextprotocol/typescript-sdk-auth
8-
/src/client/auth* @modelcontextprotocol/typescript-sdk-auth
9-
/src/shared/auth* @modelcontextprotocol/typescript-sdk-auth
10-
/src/examples/client/simpleOAuthClient.ts @modelcontextprotocol/typescript-sdk-auth
11-
/src/examples/server/demoInMemoryOAuthProvider.ts @modelcontextprotocol/typescript-sdk-auth
7+
/packages/client/src/client/auth* @modelcontextprotocol/typescript-sdk-auth
8+
/packages/client/src/client/authExtensions* @modelcontextprotocol/typescript-sdk-auth
9+
/packages/client/src/client/crossAppAccess* @modelcontextprotocol/typescript-sdk-auth
10+
/packages/core/src/shared/auth* @modelcontextprotocol/typescript-sdk-auth
11+
/packages/core/src/auth/ @modelcontextprotocol/typescript-sdk-auth
12+
/examples/shared/src/auth* @modelcontextprotocol/typescript-sdk-auth
13+
/examples/shared/src/authServer* @modelcontextprotocol/typescript-sdk-auth
14+
/examples/client/src/simpleOAuthClient* @modelcontextprotocol/typescript-sdk-auth

.github/workflows/conformance.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ permissions:
1616
jobs:
1717
client-conformance:
1818
runs-on: ubuntu-latest
19-
continue-on-error: true
19+
continue-on-error: false
2020
steps:
2121
- uses: actions/checkout@v4
2222
- name: Install pnpm
@@ -34,7 +34,7 @@ jobs:
3434

3535
server-conformance:
3636
runs-on: ubuntu-latest
37-
continue-on-error: true
37+
continue-on-error: false
3838
steps:
3939
- uses: actions/checkout@v4
4040
- name: Install pnpm

.github/workflows/main.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,14 +105,14 @@ jobs:
105105
id-token: write
106106

107107
steps:
108-
- uses: actions/checkout@v4
108+
- uses: actions/checkout@v6
109109

110110
- name: Install pnpm
111111
uses: pnpm/action-setup@v4
112112
id: pnpm-install
113113
with:
114114
run_install: false
115-
- uses: actions/setup-node@v4
115+
- uses: actions/setup-node@v6
116116
with:
117117
node-version: 24
118118
cache: pnpm

.github/workflows/publish.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,9 @@ jobs:
3434
- name: Install dependencies
3535
run: pnpm install
3636

37+
- name: Type-check and lint
38+
run: pnpm run check:all
39+
3740
- name: Build packages
3841
run: pnpm run build:all
3942

packages/core/src/shared/protocol.ts

Lines changed: 8 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -474,9 +474,12 @@ export abstract class Protocol<ContextT extends BaseContext> {
474474
});
475475

476476
this.setRequestHandler('tasks/result', async (request, ctx) => {
477-
const handleTaskResult = async (): Promise<Result> => {
478-
const taskId = request.params.taskId;
477+
const taskId = request.params.taskId;
479478

479+
// Iterative poll loop: drain the queue and wait for the task to reach a terminal
480+
// state. Using an explicit loop (rather than recursion) avoids building up a
481+
// deep promise chain for long-running tasks.
482+
while (true) {
480483
// Deliver queued messages
481484
if (this._taskMessageQueue) {
482485
let queuedMessage: QueuedMessage | undefined;
@@ -528,15 +531,6 @@ export abstract class Protocol<ContextT extends BaseContext> {
528531
throw new ProtocolError(ProtocolErrorCode.InvalidParams, `Task not found: ${taskId}`);
529532
}
530533

531-
// Block if task is not terminal (we've already delivered all queued messages above)
532-
if (!isTerminal(task.status)) {
533-
// Wait for status change or new messages
534-
await this._waitForTaskUpdate(taskId, ctx.mcpReq.signal);
535-
536-
// After waking up, recursively call to deliver any new messages or result
537-
return await handleTaskResult();
538-
}
539-
540534
// If task is terminal, return the result
541535
if (isTerminal(task.status)) {
542536
const result = await this._taskStore!.getTaskResult(taskId, ctx.sessionId);
@@ -554,10 +548,9 @@ export abstract class Protocol<ContextT extends BaseContext> {
554548
} as Result;
555549
}
556550

557-
return await handleTaskResult();
558-
};
559-
560-
return await handleTaskResult();
551+
// Task is not yet terminal — wait for the next poll interval, then loop again
552+
await this._waitForTaskUpdate(taskId, ctx.mcpReq.signal);
553+
}
561554
});
562555

563556
this.setRequestHandler('tasks/list', async (request, ctx) => {

packages/server/src/server/streamableHttp.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -806,9 +806,10 @@ export class WebStandardStreamableHTTPServerTransport implements Transport {
806806

807807
return new Response(readable, { status: 200, headers });
808808
} catch (error) {
809-
// return JSON-RPC formatted error
809+
// return JSON-RPC formatted error — do NOT include raw error details in the response
810+
// to avoid leaking internal implementation information to clients.
810811
this.onerror?.(error as Error);
811-
return this.createJsonErrorResponse(400, -32_700, 'Parse error', { data: String(error) });
812+
return this.createJsonErrorResponse(400, -32_700, 'Parse error');
812813
}
813814
}
814815

0 commit comments

Comments
 (0)