v2 backcompat: server legacy package#2206
Open
KKonstantinov wants to merge 9 commits into
Open
Conversation
Frozen v1 SSE transport and OAuth Authorization Server helpers for migration from v1 to v2. Sub-path exports: ./sse (no Express dep), ./auth (Express peer dep), and . (re-exports both). Deprecated from day one — will not receive new features.
Frozen v1 SSE transport and OAuth Authorization Server helpers for migration from v1 to v2. Sub-path exports: ./sse (no Express dep), ./auth (Express peer dep), and . (re-exports both). Deprecated from day one — will not receive new features.
Frozen v1 SSE transport and OAuth Authorization Server helpers for migration from v1 to v2. Sub-path exports: ./sse (no Express dep), ./auth (Express peer dep), and . (re-exports both). Deprecated from day one — will not receive new features.
🦋 Changeset detectedLatest commit: cc96aa0 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
@modelcontextprotocol/client
@modelcontextprotocol/codemod
@modelcontextprotocol/server
@modelcontextprotocol/server-legacy
@modelcontextprotocol/express
@modelcontextprotocol/fastify
@modelcontextprotocol/hono
@modelcontextprotocol/node
commit: |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
The docs:check step failed because typedoc could not discover entry points for the server-legacy package. All other public packages already had a typedoc.json — this adds one with the same expand-src configuration.
…ntextprotocol/typescript-sdk into feature/v2-server-legacy-package
…server-legacy Instead of removing SSE server and OAuth auth imports with warnings, the codemod now moves them to @modelcontextprotocol/server-legacy/sse and /auth sub-paths respectively. An info diagnostic is emitted suggesting eventual migration to v2 equivalents.
The requireBearerAuth, mcpAuthMetadataRouter, getOAuthProtectedResourceMetadataUrl, and OAuthTokenVerifier exports were added to @modelcontextprotocol/express as backward-compat shims (PR #1907) but are now superseded by @modelcontextprotocol/server-legacy/auth. All consumers updated.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
@modelcontextprotocol/server-legacy— a drop-in bridge package that restores the v1 SSE transport and OAuth Authorization Server helpers for users migrating to v2.Motivation and Context
v2 removed
SSEServerTransport(replaced by Streamable HTTP) and restructured the OAuth auth module (error classes, provider interfaces, Express middleware). This package lets existing v1 servers keep working on v2 without rewriting their transport or auth layer immediately.Supercedes #1908 by @felixweinberger (
server-auth-legacy), but broader — bundles both SSE and auth under one package with sub-path exports.The requireBearerAuth, mcpAuthMetadataRouter, getOAuthProtectedResourceMetadataUrl, and OAuthTokenVerifier exports were added to
@modelcontextprotocol/expressas backward-compat shims (PR #1907) but are now superseded by@modelcontextprotocol/server-legacy/auth. All consumers updated.How Has This Been Tested?
162 tests (23 SSE + 139 auth) covering:
start,send,close,handlePostMessage, DNS rebinding protection)All pass locally. Build produces 18 dist files. Typecheck and lint clean.
Breaking Changes
None — this is an additive package. Existing code is unaffected.
Types of changes
Checklist
Additional context
Sub-path exports:
@modelcontextprotocol/server-legacy/sse—SSEServerTransport(adapted to v2'sTransportinterface)@modelcontextprotocol/server-legacy/auth—mcpAuthRouter,requireBearerAuth,ProxyOAuthServerProvider, OAuth error classes@modelcontextprotocol/server-legacy— re-exports bothKey adaptations from v1:
Request(v2) instead of v1'sRequestInfosend()acceptsTransportSendOptionsfor v2Transportinterface compatibility@modelcontextprotocol/coreis bundled inline via tsdownnoExternal(same pattern as other packages)Migration docs (
docs/migration.md,docs/migration-SKILL.md) updated to reference this package as a bridge path.