fix(client,server): browser-conditional export for stdio transports

Adds browser/workerd conditions to the package root export that resolve to a
build whose StdioClientTransport / StdioServerTransport are throwing stubs,
so browser and Cloudflare Workers bundlers no longer pull node:child_process,
node:stream, or cross-spawn. Node.js, Bun, and Deno continue to resolve the
default condition and get the real implementation.

Adds SdkErrorCode.TransportNotSupported for the stub error.

Author: felixweinberger

.changeset/browser-stdio-conditional-export.md

@@ -0,0 +1,6 @@
+---
+'@modelcontextprotocol/client': patch
+'@modelcontextprotocol/server': patch
+---
+
+Add `browser`/`workerd` export conditions for the package root that swap the stdio transport for a throwing stub, so browser and Cloudflare Workers bundlers no longer pull `node:child_process`, `node:stream`, or `cross-spawn`. Node.js, Bun, and Deno continue to resolve the real `StdioClientTransport`/`StdioServerTransport`.

packages/client/package.json

@@ -21,6 +21,14 @@
     ],
     "exports": {
         ".": {
+            "workerd": {
+                "types": "./dist/index.browser.d.mts",
+                "import": "./dist/index.browser.mjs"
+            },
+            "browser": {
+                "types": "./dist/index.browser.d.mts",
+                "import": "./dist/index.browser.mjs"
+            },
             "types": "./dist/index.d.mts",
             "import": "./dist/index.mjs"
         },

packages/client/src/index.browser.ts

@@ -0,0 +1,80 @@
+// Public API for @modelcontextprotocol/client (browser / Cloudflare Workers entry).
+//
+// Mirrors ./index.ts exactly, except stdio symbols come from ./stdioStub.js so
+// the bundle does not pull `node:child_process`, `node:stream`, or `cross-spawn`.
+// Selected via the `browser` and `workerd` export conditions.
+
+export type {
+    AddClientAuthentication,
+    AuthProvider,
+    AuthResult,
+    ClientAuthMethod,
+    OAuthClientProvider,
+    OAuthDiscoveryState,
+    OAuthServerInfo
+} from './client/auth.js';
+export {
+    auth,
+    buildDiscoveryUrls,
+    discoverAuthorizationServerMetadata,
+    discoverOAuthMetadata,
+    discoverOAuthProtectedResourceMetadata,
+    discoverOAuthServerInfo,
+    exchangeAuthorization,
+    extractResourceMetadataUrl,
+    extractWWWAuthenticateParams,
+    fetchToken,
+    isHttpsUrl,
+    parseErrorResponse,
+    prepareAuthorizationCodeRequest,
+    refreshAuthorization,
+    registerClient,
+    selectClientAuthMethod,
+    selectResourceURL,
+    startAuthorization,
+    UnauthorizedError
+} from './client/auth.js';
+export type {
+    AssertionCallback,
+    ClientCredentialsProviderOptions,
+    CrossAppAccessContext,
+    CrossAppAccessProviderOptions,
+    PrivateKeyJwtProviderOptions,
+    StaticPrivateKeyJwtProviderOptions
+} from './client/authExtensions.js';
+export {
+    ClientCredentialsProvider,
+    createPrivateKeyJwtAuth,
+    CrossAppAccessProvider,
+    PrivateKeyJwtProvider,
+    StaticPrivateKeyJwtProvider
+} from './client/authExtensions.js';
+export type { ClientOptions } from './client/client.js';
+export { Client } from './client/client.js';
+export { getSupportedElicitationModes } from './client/client.js';
+export type { DiscoverAndRequestJwtAuthGrantOptions, JwtAuthGrantResult, RequestJwtAuthGrantOptions } from './client/crossAppAccess.js';
+export { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from './client/crossAppAccess.js';
+export type { LoggingOptions, Middleware, RequestLogger } from './client/middleware.js';
+export { applyMiddlewares, createMiddleware, withLogging, withOAuth } from './client/middleware.js';
+export type { SSEClientTransportOptions } from './client/sse.js';
+export { SSEClientTransport, SseError } from './client/sse.js';
+export type {
+    ReconnectionScheduler,
+    StartSSEOptions,
+    StreamableHTTPClientTransportOptions,
+    StreamableHTTPReconnectionOptions
+} from './client/streamableHttp.js';
+export { StreamableHTTPClientTransport } from './client/streamableHttp.js';
+
+// stdio: stubbed for browser / Cloudflare Workers — throws on use
+export type { StdioServerParameters } from './stdioStub.js';
+export { DEFAULT_INHERITED_ENV_VARS, getDefaultEnvironment, StdioClientTransport } from './stdioStub.js';
+
+// experimental exports
+export { ExperimentalClientTasks } from './experimental/tasks/client.js';
+
+// runtime-aware wrapper (shadows core/public's fromJsonSchema with optional validator)
+export { fromJsonSchema } from './fromJsonSchema.js';
+
+// re-export curated public API from core
+export * from '@modelcontextprotocol/core/public';

packages/client/src/stdioStub.ts

@@ -0,0 +1,63 @@
+/**
+ * Browser/Workers stub for {@linkcode StdioClientTransport}.
+ *
+ * Selected via the `browser` / `workerd` export conditions on the package root.
+ * The real implementation in `./client/stdio.ts` imports `node:child_process`,
+ * `node:stream`, and `cross-spawn`, which are unavailable in browsers and
+ * Cloudflare Workers. Node.js, Bun, and Deno resolve the default condition and
+ * get the real implementation.
+ */
+import type { JSONRPCMessage, Transport } from '@modelcontextprotocol/core';
+import { SdkError, SdkErrorCode } from '@modelcontextprotocol/core';
+
+/**
+ * Parameters for launching an MCP server over stdio.
+ *
+ * Browser stub: `stderr` is loosely typed to avoid pulling Node-only types.
+ */
+export type StdioServerParameters = {
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    stderr?: unknown;
+    cwd?: string;
+};
+
+const UNSUPPORTED_MESSAGE =
+    'StdioClientTransport requires a process-spawning runtime (Node.js, Bun, or Deno) and is not available in browsers or Cloudflare Workers. Use StreamableHTTPClientTransport instead.';
+
+function unsupported(): never {
+    throw new SdkError(SdkErrorCode.TransportNotSupported, UNSUPPORTED_MESSAGE);
+}
+
+/** Browser stub: empty in environments without a process-level env. */
+export const DEFAULT_INHERITED_ENV_VARS: string[] = [];
+
+/** Browser stub: throws — there is no process environment to inherit. */
+export function getDefaultEnvironment(): Record<string, string> {
+    return unsupported();
+}
+
+/**
+ * Browser stub for `StdioClientTransport`. Throws on construction with a message
+ * directing the caller to `StreamableHTTPClientTransport`.
+ */
+export class StdioClientTransport implements Transport {
+    onclose?: () => void;
+    onerror?: (error: Error) => void;
+    onmessage?: (message: JSONRPCMessage) => void;
+
+    constructor(_server: StdioServerParameters) {
+        unsupported();
+    }
+
+    start(): Promise<void> {
+        return unsupported();
+    }
+    send(_message: JSONRPCMessage): Promise<void> {
+        return unsupported();
+    }
+    close(): Promise<void> {
+        return Promise.resolve();
+    }
+}

packages/client/src/validators/cfWorker.ts

@@ -6,5 +6,5 @@
  * import { CfWorkerJsonSchemaValidator } from '@modelcontextprotocol/client/validators/cf-worker';
  * ```
  */
-export { CfWorkerJsonSchemaValidator } from '@modelcontextprotocol/core';
 export type { CfWorkerSchemaDraft } from '@modelcontextprotocol/core';
+export { CfWorkerJsonSchemaValidator } from '@modelcontextprotocol/core';

packages/client/test/client/browserBundle.test.ts

@@ -0,0 +1,30 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+import { describe, expect, test } from 'vitest';
+
+const distDir = join(dirname(fileURLToPath(import.meta.url)), '../../dist');
+const browserBundle = join(distDir, 'index.browser.mjs');
+const nodeBundle = join(distDir, 'index.mjs');
+
+const built = existsSync(browserBundle) && existsSync(nodeBundle);
+
+describe.skipIf(!built)('browser-conditional bundle (requires `pnpm build`)', () => {
+    test('index.browser.mjs has no Node-only stdio dependencies', () => {
+        const src = readFileSync(browserBundle, 'utf8');
+        expect(src).not.toMatch(/\bchild_process\b/);
+        expect(src).not.toMatch(/\bcross-spawn\b/);
+        expect(src).not.toMatch(/\bnode:stream\b/);
+    });
+
+    test('index.browser.mjs still exports StdioClientTransport (stubbed)', () => {
+        const src = readFileSync(browserBundle, 'utf8');
+        expect(src).toContain('StdioClientTransport');
+    });
+
+    test('default index.mjs still includes the real stdio transport', () => {
+        const src = readFileSync(nodeBundle, 'utf8');
+        expect(src).toContain('cross-spawn');
+    });
+});

packages/client/tsdown.config.ts

@@ -4,7 +4,14 @@ export default defineConfig({
     failOnWarn: 'ci-only',
     // 1. Entry Points
     //    Directly matches package.json include/exclude globs
-    entry: ['src/index.ts', 'src/shimsNode.ts', 'src/shimsWorkerd.ts', 'src/shimsBrowser.ts', 'src/validators/cfWorker.ts'],
+    entry: [
+        'src/index.ts',
+        'src/index.browser.ts',
+        'src/shimsNode.ts',
+        'src/shimsWorkerd.ts',
+        'src/shimsBrowser.ts',
+        'src/validators/cfWorker.ts'
+    ],
 
     // 2. Output Configuration
     format: ['esm'],

packages/core/src/errors/sdkErrors.ts

@@ -20,6 +20,8 @@ export enum SdkErrorCode {
     CapabilityNotSupported = 'CAPABILITY_NOT_SUPPORTED',
 
     // Transport errors
+    /** Transport is not available in the current runtime (e.g. stdio in a browser) */
+    TransportNotSupported = 'TRANSPORT_NOT_SUPPORTED',
     /** Request timed out waiting for response */
     RequestTimeout = 'REQUEST_TIMEOUT',
     /** Connection was closed */

packages/server/package.json

@@ -21,6 +21,14 @@
     ],
     "exports": {
         ".": {
+            "workerd": {
+                "types": "./dist/index.browser.d.mts",
+                "import": "./dist/index.browser.mjs"
+            },
+            "browser": {
+                "types": "./dist/index.browser.d.mts",
+                "import": "./dist/index.browser.mjs"
+            },
             "types": "./dist/index.d.mts",
             "import": "./dist/index.mjs"
         },

packages/server/src/index.browser.ts

@@ -0,0 +1,50 @@
+// Public API for @modelcontextprotocol/server (browser / Cloudflare Workers entry).
+//
+// Mirrors ./index.ts exactly, except stdio symbols come from ./stdioStub.js so
+// the bundle does not pull `node:stream`.
+// Selected via the `browser` and `workerd` export conditions.
+
+export type { CompletableSchema, CompleteCallback } from './server/completable.js';
+export { completable, isCompletable } from './server/completable.js';
+export type {
+    AnyToolHandler,
+    BaseToolCallback,
+    CompleteResourceTemplateCallback,
+    ListResourcesCallback,
+    PromptCallback,
+    ReadResourceCallback,
+    ReadResourceTemplateCallback,
+    RegisteredPrompt,
+    RegisteredResource,
+    RegisteredResourceTemplate,
+    RegisteredTool,
+    ResourceMetadata,
+    ToolCallback
+} from './server/mcp.js';
+export { McpServer, ResourceTemplate } from './server/mcp.js';
+export type { HostHeaderValidationResult } from './server/middleware/hostHeaderValidation.js';
+export { hostHeaderValidationResponse, localhostAllowedHostnames, validateHostHeader } from './server/middleware/hostHeaderValidation.js';
+export type { ServerOptions } from './server/server.js';
+export { Server } from './server/server.js';
+export type {
+    EventId,
+    EventStore,
+    HandleRequestOptions,
+    StreamId,
+    WebStandardStreamableHTTPServerTransportOptions
+} from './server/streamableHttp.js';
+export { WebStandardStreamableHTTPServerTransport } from './server/streamableHttp.js';
+
+// stdio: stubbed for browser / Cloudflare Workers — throws on use
+export { StdioServerTransport } from './stdioStub.js';
+
+// experimental exports
+export type { CreateTaskRequestHandler, TaskRequestHandler, ToolTaskHandler } from './experimental/tasks/interfaces.js';
+export { ExperimentalMcpServerTasks } from './experimental/tasks/mcpServer.js';
+export { ExperimentalServerTasks } from './experimental/tasks/server.js';
+
+// runtime-aware wrapper (shadows core/public's fromJsonSchema with optional validator)
+export { fromJsonSchema } from './fromJsonSchema.js';
+
+// re-export curated public API from core
+export * from '@modelcontextprotocol/core/public';