fix: Add library export fields to npm package (main, types, exports)

## Problem PR #309 added `main`, `types`, and `exports` fields to package.json for library usage, but v2.18.9 was published without these fields. The publish scripts (both local and CI/CD) use package.runtime.json as the base and didn't copy these critical fields. Result: npm package broke library usage for multi-tenant backends. ## Root Cause Both scripts/publish-npm.sh and .github/workflows/release.yml: - Copy package.runtime.json as base package.json - Add metadata fields (name, bin, repository, etc.) - Missing: main, types, exports fields ## Changes ### 1. scripts/publish-npm.sh - Added main, types, exports fields to package.json generation - Removed test suite execution (already runs in CI) ### 2. .github/workflows/release.yml - Added main, types, exports fields to CI publish step ### 3. Version bump - Bumped to v2.18.10 to republish with correct fields ## Verification ✅ Local publish preparation tested ✅ Generated package.json has all required fields: - main: "dist/index.js" - types: "dist/index.d.ts" - exports: { "." : { types, require, import } } ✅ TypeScript compilation passes ✅ All library export paths validated ## Impact - Fixes library usage for multi-tenant deployments - Enables downstream n8n-mcp-backend project - Maintains backward compatibility (CLI/Docker unchanged) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Merge pull request #309 from czlonkowski/feature/library-usage-multi-tenant
2026-03-20 17:33:08 +00:00 · 2025-10-12 00:09:55 +02:00 · 2025-10-11 22:53:14 +02:00 · 2025-10-11 22:31:07 +02:00 · 2025-10-11 21:56:28 +02:00
9 changed files with 870 additions and 55 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -334,6 +334,15 @@ jobs:
          const pkg = require('./package.json');
          pkg.name = 'n8n-mcp';
          pkg.description = 'Integration between n8n workflow automation and Model Context Protocol (MCP)';
          pkg.main = 'dist/index.js';
          pkg.types = 'dist/index.d.ts';
          pkg.exports = {
            '.': {
              types: './dist/index.d.ts',
              require: './dist/index.js',
              import: './dist/index.js'
            }
          };
          pkg.bin = { 'n8n-mcp': './dist/mcp/index.js' };
          pkg.repository = { type: 'git', url: 'git+https://github.com/czlonkowski/n8n-mcp.git' };
          pkg.keywords = ['n8n', 'mcp', 'model-context-protocol', 'ai', 'workflow', 'automation'];
--- a/docs/LIBRARY_USAGE.md
+++ b/docs/LIBRARY_USAGE.md
@@ -0,0 +1,724 @@
 # Library Usage Guide - Multi-Tenant / Hosted Deployments
 This guide covers using n8n-mcp as a library dependency for building multi-tenant hosted services.
 ## Overview
 n8n-mcp can be used as a Node.js library to build multi-tenant backends that provide MCP services to multiple users or instances. The package exports all necessary components for integration into your existing services.
 ## Installation
 ```bash
 npm install n8n-mcp
 ```
 ## Core Concepts
 ### Library Mode vs CLI Mode
 - **CLI Mode** (default): Single-player usage via `npx n8n-mcp` or Docker
 - **Library Mode**: Multi-tenant usage by importing and using the `N8NMCPEngine` class
 ### Instance Context
 The `InstanceContext` type allows you to pass per-request configuration to the MCP engine:
 ```typescript
 interface InstanceContext {
  // Instance-specific n8n API configuration
  n8nApiUrl?: string;
  n8nApiKey?: string;
  n8nApiTimeout?: number;
  n8nApiMaxRetries?: number;
  // Instance identification
  instanceId?: string;
  sessionId?: string;
  // Extensible metadata
  metadata?: Record<string, any>;
 }
 ```
 ## Basic Example
 ```typescript
 import express from 'express';
 import { N8NMCPEngine } from 'n8n-mcp';
 const app = express();
 const mcpEngine = new N8NMCPEngine({
  sessionTimeout: 3600000, // 1 hour
  logLevel: 'info'
 });
 // Handle MCP requests with per-user context
 app.post('/mcp', async (req, res) => {
  const instanceContext = {
    n8nApiUrl: req.user.n8nUrl,
    n8nApiKey: req.user.n8nApiKey,
    instanceId: req.user.id
  };
  await mcpEngine.processRequest(req, res, instanceContext);
 });
 app.listen(3000);
 ```
 ## Multi-Tenant Backend Example
 This example shows a complete multi-tenant implementation with user authentication and instance management:
 ```typescript
 import express from 'express';
 import { N8NMCPEngine, InstanceContext, validateInstanceContext } from 'n8n-mcp';
 const app = express();
 const mcpEngine = new N8NMCPEngine({
  sessionTimeout: 3600000, // 1 hour
  logLevel: 'info'
 });
 // Start MCP engine
 await mcpEngine.start();
 // Authentication middleware
 const authenticate = async (req, res, next) => {
  const token = req.headers.authorization?.replace('Bearer ', '');
  if (!token) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  // Verify token and attach user to request
  req.user = await getUserFromToken(token);
  next();
 };
 // Get instance configuration from database
 const getInstanceConfig = async (instanceId: string, userId: string) => {
  // Your database logic here
  const instance = await db.instances.findOne({
    where: { id: instanceId, userId }
  });
  if (!instance) {
    throw new Error('Instance not found');
  }
  return {
    n8nApiUrl: instance.n8nUrl,
    n8nApiKey: await decryptApiKey(instance.encryptedApiKey),
    instanceId: instance.id
  };
 };
 // MCP endpoint with per-instance context
 app.post('/api/instances/:instanceId/mcp', authenticate, async (req, res) => {
  try {
    // Get instance configuration
    const instance = await getInstanceConfig(req.params.instanceId, req.user.id);
    // Create instance context
    const context: InstanceContext = {
      n8nApiUrl: instance.n8nApiUrl,
      n8nApiKey: instance.n8nApiKey,
      instanceId: instance.instanceId,
      metadata: {
        userId: req.user.id,
        userAgent: req.headers['user-agent'],
        ip: req.ip
      }
    };
    // Validate context before processing
    const validation = validateInstanceContext(context);
    if (!validation.valid) {
      return res.status(400).json({
        error: 'Invalid instance configuration',
        details: validation.errors
      });
    }
    // Process request with instance context
    await mcpEngine.processRequest(req, res, context);
  } catch (error) {
    console.error('MCP request error:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
 });
 // Health endpoint
 app.get('/health', async (req, res) => {
  const health = await mcpEngine.healthCheck();
  res.status(health.status === 'healthy' ? 200 : 503).json(health);
 });
 // Graceful shutdown
 process.on('SIGTERM', async () => {
  await mcpEngine.shutdown();
  process.exit(0);
 });
 app.listen(3000);
 ```
 ## API Reference
 ### N8NMCPEngine
 #### Constructor
 ```typescript
 new N8NMCPEngine(options?: {
  sessionTimeout?: number;  // Session TTL in ms (default: 1800000 = 30min)
  logLevel?: 'error' | 'warn' | 'info' | 'debug';  // Default: 'info'
 })
 ```
 #### Methods
 ##### `async processRequest(req, res, context?)`
 Process a single MCP request with optional instance context.
 **Parameters:**
 - `req`: Express request object
 - `res`: Express response object
 - `context` (optional): InstanceContext with per-instance configuration
 **Example:**
 ```typescript
 const context: InstanceContext = {
  n8nApiUrl: 'https://instance1.n8n.cloud',
  n8nApiKey: 'instance1-key',
  instanceId: 'tenant-123'
 };
 await engine.processRequest(req, res, context);
 ```
 ##### `async healthCheck()`
 Get engine health status for monitoring.
 **Returns:** `EngineHealth`
 ```typescript
 {
  status: 'healthy' | 'unhealthy';
  uptime: number;  // seconds
  sessionActive: boolean;
  memoryUsage: {
    used: number;
    total: number;
    unit: string;
  };
  version: string;
 }
 ```
 **Example:**
 ```typescript
 app.get('/health', async (req, res) => {
  const health = await engine.healthCheck();
  res.status(health.status === 'healthy' ? 200 : 503).json(health);
 });
 ```
 ##### `getSessionInfo()`
 Get current session information for debugging.
 **Returns:**
 ```typescript
 {
  active: boolean;
  sessionId?: string;
  age?: number;  // milliseconds
  sessions?: {
    total: number;
    active: number;
    expired: number;
    max: number;
    sessionIds: string[];
  };
 }
 ```
 ##### `async start()`
 Start the engine (for standalone mode). Not needed when using `processRequest()` directly.
 ##### `async shutdown()`
 Graceful shutdown for service lifecycle management.
 **Example:**
 ```typescript
 process.on('SIGTERM', async () => {
  await engine.shutdown();
  process.exit(0);
 });
 ```
 ### Types
 #### InstanceContext
 Configuration for a specific user instance:
 ```typescript
 interface InstanceContext {
  n8nApiUrl?: string;
  n8nApiKey?: string;
  n8nApiTimeout?: number;
  n8nApiMaxRetries?: number;
  instanceId?: string;
  sessionId?: string;
  metadata?: Record<string, any>;
 }
 ```
 #### Validation Functions
 ##### `validateInstanceContext(context: InstanceContext)`
 Validate and sanitize instance context.
 **Returns:**
 ```typescript
 {
  valid: boolean;
  errors?: string[];
 }
 ```
 **Example:**
 ```typescript
 import { validateInstanceContext } from 'n8n-mcp';
 const validation = validateInstanceContext(context);
 if (!validation.valid) {
  console.error('Invalid context:', validation.errors);
 }
 ```
 ##### `isInstanceContext(obj: any)`
 Type guard to check if an object is a valid InstanceContext.
 **Example:**
 ```typescript
 import { isInstanceContext } from 'n8n-mcp';
 if (isInstanceContext(req.body.context)) {
  // TypeScript knows this is InstanceContext
  await engine.processRequest(req, res, req.body.context);
 }
 ```
 ## Session Management
 ### Session Strategies
 The MCP engine supports flexible session ID formats:
 - **UUIDv4**: Internal n8n-mcp format (default)
 - **Instance-prefixed**: `instance-{userId}-{hash}-{uuid}` for multi-tenant isolation
 - **Custom formats**: Any non-empty string for mcp-remote and other proxies
 Session validation happens via transport lookup, not format validation. This ensures compatibility with all MCP clients.
 ### Multi-Tenant Configuration
 Set these environment variables for multi-tenant mode:
 ```bash
 # Enable multi-tenant mode
 ENABLE_MULTI_TENANT=true
 # Session strategy: "instance" (default) or "shared"
 MULTI_TENANT_SESSION_STRATEGY=instance
 ```
 **Session Strategies:**
 - **instance** (recommended): Each tenant gets isolated sessions
  - Session ID: `instance-{instanceId}-{configHash}-{uuid}`
  - Better isolation and security
  - Easier debugging per tenant
 - **shared**: Multiple tenants share sessions with context switching
  - More efficient for high tenant count
  - Requires careful context management
 ## Security Considerations
 ### API Key Management
 Always encrypt API keys server-side:
 ```typescript
 import { createCipheriv, createDecipheriv } from 'crypto';
 // Encrypt before storing
 const encryptApiKey = (apiKey: string) => {
  const cipher = createCipheriv('aes-256-gcm', encryptionKey, iv);
  return cipher.update(apiKey, 'utf8', 'hex') + cipher.final('hex');
 };
 // Decrypt before using
 const decryptApiKey = (encrypted: string) => {
  const decipher = createDecipheriv('aes-256-gcm', encryptionKey, iv);
  return decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8');
 };
 // Use decrypted key in context
 const context: InstanceContext = {
  n8nApiKey: await decryptApiKey(instance.encryptedApiKey),
  // ...
 };
 ```
 ### Input Validation
 Always validate instance context before processing:
 ```typescript
 import { validateInstanceContext } from 'n8n-mcp';
 const validation = validateInstanceContext(context);
 if (!validation.valid) {
  throw new Error(`Invalid context: ${validation.errors?.join(', ')}`);
 }
 ```
 ### Rate Limiting
 Implement rate limiting per tenant:
 ```typescript
 import rateLimit from 'express-rate-limit';
 const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
  keyGenerator: (req) => req.user?.id || req.ip
 });
 app.post('/api/instances/:instanceId/mcp', authenticate, limiter, async (req, res) => {
  // ...
 });
 ```
 ## Error Handling
 Always wrap MCP requests in try-catch blocks:
 ```typescript
 app.post('/api/instances/:instanceId/mcp', authenticate, async (req, res) => {
  try {
    const context = await getInstanceConfig(req.params.instanceId, req.user.id);
    await mcpEngine.processRequest(req, res, context);
  } catch (error) {
    console.error('MCP error:', error);
    // Don't leak internal errors to clients
    if (error.message.includes('not found')) {
      return res.status(404).json({ error: 'Instance not found' });
    }
    res.status(500).json({ error: 'Internal server error' });
  }
 });
 ```
 ## Monitoring
 ### Health Checks
 Set up periodic health checks:
 ```typescript
 setInterval(async () => {
  const health = await mcpEngine.healthCheck();
  if (health.status === 'unhealthy') {
    console.error('MCP engine unhealthy:', health);
    // Alert your monitoring system
  }
  // Log metrics
  console.log('MCP engine metrics:', {
    uptime: health.uptime,
    memory: health.memoryUsage,
    sessionActive: health.sessionActive
  });
 }, 60000); // Every minute
 ```
 ### Session Monitoring
 Track active sessions:
 ```typescript
 app.get('/admin/sessions', authenticate, async (req, res) => {
  if (!req.user.isAdmin) {
    return res.status(403).json({ error: 'Forbidden' });
  }
  const sessionInfo = mcpEngine.getSessionInfo();
  res.json(sessionInfo);
 });
 ```
 ## Testing
 ### Unit Testing
 ```typescript
 import { N8NMCPEngine, InstanceContext } from 'n8n-mcp';
 describe('MCP Engine', () => {
  let engine: N8NMCPEngine;
  beforeEach(() => {
    engine = new N8NMCPEngine({ logLevel: 'error' });
  });
  afterEach(async () => {
    await engine.shutdown();
  });
  it('should process request with context', async () => {
    const context: InstanceContext = {
      n8nApiUrl: 'https://test.n8n.io',
      n8nApiKey: 'test-key',
      instanceId: 'test-instance'
    };
    const mockReq = createMockRequest();
    const mockRes = createMockResponse();
    await engine.processRequest(mockReq, mockRes, context);
    expect(mockRes.status).toBe(200);
  });
 });
 ```
 ### Integration Testing
 ```typescript
 import request from 'supertest';
 import { createApp } from './app';
 describe('Multi-tenant MCP API', () => {
  let app;
  let authToken;
  beforeAll(async () => {
    app = await createApp();
    authToken = await getTestAuthToken();
  });
  it('should handle MCP request for instance', async () => {
    const response = await request(app)
      .post('/api/instances/test-instance/mcp')
      .set('Authorization', `Bearer ${authToken}`)
      .send({
        jsonrpc: '2.0',
        method: 'initialize',
        params: {
          protocolVersion: '2024-11-05',
          capabilities: {}
        },
        id: 1
      });
    expect(response.status).toBe(200);
    expect(response.body.result).toBeDefined();
  });
 });
 ```
 ## Deployment Considerations
 ### Environment Variables
 ```bash
 # Required for multi-tenant mode
 ENABLE_MULTI_TENANT=true
 MULTI_TENANT_SESSION_STRATEGY=instance
 # Optional: Logging
 LOG_LEVEL=info
 DISABLE_CONSOLE_OUTPUT=false
 # Optional: Session configuration
 SESSION_TIMEOUT=1800000  # 30 minutes in milliseconds
 MAX_SESSIONS=100
 # Optional: Performance
 NODE_ENV=production
 ```
 ### Docker Deployment
 ```dockerfile
 FROM node:20-alpine
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci --only=production
 COPY . .
 ENV NODE_ENV=production
 ENV ENABLE_MULTI_TENANT=true
 ENV LOG_LEVEL=info
 EXPOSE 3000
 CMD ["node", "dist/server.js"]
 ```
 ### Kubernetes Deployment
 ```yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: n8n-mcp-backend
 spec:
  replicas: 3
  selector:
    matchLabels:
      app: n8n-mcp-backend
  template:
    metadata:
      labels:
        app: n8n-mcp-backend
    spec:
      containers:
      - name: backend
        image: your-registry/n8n-mcp-backend:latest
        ports:
        - containerPort: 3000
        env:
        - name: ENABLE_MULTI_TENANT
          value: "true"
        - name: LOG_LEVEL
          value: "info"
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 10
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 5
          periodSeconds: 10
 ```
 ## Examples
 ### Complete Multi-Tenant SaaS Example
 For a complete implementation example, see:
 - [n8n-mcp-backend](https://github.com/czlonkowski/n8n-mcp-backend) - Full hosted service implementation
 ### Migration from Single-Player
 If you're migrating from single-player (CLI/Docker) to multi-tenant:
 1. **Keep backward compatibility** - Use environment fallback:
 ```typescript
 const context: InstanceContext = {
  n8nApiUrl: instanceUrl || process.env.N8N_API_URL,
  n8nApiKey: instanceKey || process.env.N8N_API_KEY,
  instanceId: instanceId || 'default'
 };
 ```
 2. **Gradual rollout** - Start with a feature flag:
 ```typescript
 const isMultiTenant = process.env.ENABLE_MULTI_TENANT === 'true';
 if (isMultiTenant) {
  const context = await getInstanceConfig(req.params.instanceId);
  await engine.processRequest(req, res, context);
 } else {
  // Legacy single-player mode
  await engine.processRequest(req, res);
 }
 ```
 ## Troubleshooting
 ### Common Issues
 #### Module Resolution Errors
 If you see `Cannot find module 'n8n-mcp'`:
 ```bash
 # Clear node_modules and reinstall
 rm -rf node_modules package-lock.json
 npm install
 # Verify package has types field
 npm info n8n-mcp
 # Check TypeScript can resolve it
 npx tsc --noEmit
 ```
 #### Session ID Validation Errors
 If you see `Invalid session ID format` errors:
 - Ensure you're using n8n-mcp v2.18.9 or later
 - Session IDs can be any non-empty string
 - No need to generate UUIDs - use your own format
 #### Memory Leaks
 If memory usage grows over time:
 ```typescript
 // Ensure proper cleanup
 process.on('SIGTERM', async () => {
  await engine.shutdown();
  process.exit(0);
 });
 // Monitor session count
 const sessionInfo = engine.getSessionInfo();
 console.log('Active sessions:', sessionInfo.sessions?.active);
 ```
 ## Further Reading
 - [MCP Protocol Specification](https://modelcontextprotocol.io/docs)
 - [n8n API Documentation](https://docs.n8n.io/api/)
 - [Express.js Guide](https://expressjs.com/en/guide/routing.html)
 - [n8n-mcp Main README](../README.md)
 ## Support
 - **Issues**: [GitHub Issues](https://github.com/czlonkowski/n8n-mcp/issues)
 - **Discussions**: [GitHub Discussions](https://github.com/czlonkowski/n8n-mcp/discussions)
 - **Security**: For security issues, see [SECURITY.md](../SECURITY.md)
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "n8n-mcp",
-  "version": "2.18.0",
+  "version": "2.18.10",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "n8n-mcp",
-      "version": "2.18.0",
+      "version": "2.18.10",
      "license": "MIT",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.13.2",
--- a/package.json
+++ b/package.json
@@ -1,8 +1,16 @@
 {
  "name": "n8n-mcp",
-  "version": "2.18.8",
+  "version": "2.18.10",
  "description": "Integration between n8n workflow automation and Model Context Protocol (MCP)",
  "main": "dist/index.js",
  "types": "dist/index.d.ts",
  "exports": {
    ".": {
      "types": "./dist/index.d.ts",
      "require": "./dist/index.js",
      "import": "./dist/index.js"
    }
  },
  "bin": {
    "n8n-mcp": "./dist/mcp/index.js"
  },
--- a/package.runtime.json
+++ b/package.runtime.json
@@ -1,6 +1,6 @@
 {
  "name": "n8n-mcp-runtime",
-  "version": "2.18.7",
+  "version": "2.18.10",
  "description": "n8n MCP Server Runtime Dependencies Only",
  "private": true,
  "dependencies": {
--- a/scripts/publish-npm.sh
+++ b/scripts/publish-npm.sh
@@ -11,29 +11,8 @@ NC='\033[0m' # No Color
 echo "🚀 Preparing n8n-mcp for npm publish..."
-# Run tests first to ensure quality
+# Skip tests - they already run in CI before merge/publish
-echo "🧪 Running tests..."
+echo "⏭️  Skipping tests (already verified in CI)"
 TEST_OUTPUT=$(npm test 2>&1)
 TEST_EXIT_CODE=$?
 # Check test results - look for actual test failures vs coverage issues
 if echo "$TEST_OUTPUT" | grep -q "Tests.*failed"; then
    # Extract failed count using sed (portable)
    FAILED_COUNT=$(echo "$TEST_OUTPUT" | sed -n 's/.*Tests.*\([0-9]*\) failed.*/\1/p' | head -1)
    if [ "$FAILED_COUNT" != "0" ] && [ "$FAILED_COUNT" != "" ]; then
        echo -e "${RED}❌ $FAILED_COUNT test(s) failed. Aborting publish.${NC}"
        echo "$TEST_OUTPUT" | tail -20
        exit 1
    fi
 fi
 # If we got here, tests passed - check coverage
 if echo "$TEST_OUTPUT" | grep -q "Coverage.*does not meet global threshold"; then
    echo -e "${YELLOW}⚠️  All tests passed but coverage is below threshold${NC}"
    echo -e "${YELLOW}   Consider improving test coverage before next release${NC}"
 else
    echo -e "${GREEN}✅ All tests passed with good coverage!${NC}"
 fi
 # Sync version to runtime package first
 echo "🔄 Syncing version to package.runtime.json..."
@@ -80,6 +59,15 @@ node -e "
 const pkg = require('./package.json');
 pkg.name = 'n8n-mcp';
 pkg.description = 'Integration between n8n workflow automation and Model Context Protocol (MCP)';
 pkg.main = 'dist/index.js';
 pkg.types = 'dist/index.d.ts';
 pkg.exports = {
  '.': {
    types: './dist/index.d.ts',
    require: './dist/index.js',
    import: './dist/index.js'
  }
 };
 pkg.bin = { 'n8n-mcp': './dist/mcp/index.js' };
 pkg.repository = { type: 'git', url: 'git+https://github.com/czlonkowski/n8n-mcp.git' };
 pkg.keywords = ['n8n', 'mcp', 'model-context-protocol', 'ai', 'workflow', 'automation'];
--- a/src/http-server-single-session.ts
+++ b/src/http-server-single-session.ts
@@ -188,11 +188,22 @@ export class SingleSessionHTTPServer {
  /**
   * Validate session ID format
   *
   * Accepts any non-empty string to support various MCP clients:
   * - UUIDv4 (internal n8n-mcp format)
   * - instance-{userId}-{hash}-{uuid} (multi-tenant format)
   * - Custom formats from mcp-remote and other proxies
   *
   * Security: Session validation happens via lookup in this.transports,
   * not format validation. This ensures compatibility with all MCP clients.
   *
   * @param sessionId - Session identifier from MCP client
   * @returns true if valid, false otherwise
   */
  private isValidSessionId(sessionId: string): boolean {
-    // UUID v4 format validation
+    // Accept any non-empty string as session ID
-    const uuidv4Regex = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    // This ensures compatibility with all MCP clients and proxies
-    return uuidv4Regex.test(sessionId);
+    return Boolean(sessionId && sessionId.length > 0);
  }
  /**
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,6 +10,22 @@ export { SingleSessionHTTPServer } from './http-server-single-session';
 export { ConsoleManager } from './utils/console-manager';
 export { N8NDocumentationMCPServer } from './mcp/server';
 // Type exports for multi-tenant and library usage
 export type {
  InstanceContext
 } from './types/instance-context';
 export {
  validateInstanceContext,
  isInstanceContext
 } from './types/instance-context';
 // Re-export MCP SDK types for convenience
 export type {
  Tool,
  CallToolResult,
  ListToolsResult
 } from '@modelcontextprotocol/sdk/types.js';
 // Default export for convenience
 import N8NMCPEngine from './mcp-engine';
 export default N8NMCPEngine;
--- a/tests/unit/http-server-session-management.test.ts
+++ b/tests/unit/http-server-session-management.test.ts
@@ -780,13 +780,48 @@ describe('HTTP Server Session Management', () => {
        });
      });
-      it('should return 400 for invalid session ID format', async () => {
+      it('should return 404 for non-existent session (any format accepted)', async () => {
        server = new SingleSessionHTTPServer();
        await server.start();
        const handler = findHandler('delete', '/mcp');
        // Test various session ID formats - all should pass validation
        // but return 404 if session doesn't exist
        const sessionIds = [
          'invalid-session-id',
          'instance-user123-abc-uuid',
          'mcp-remote-session-xyz',
          'short-id',
          '12345'
        ];
        for (const sessionId of sessionIds) {
          const { req, res } = createMockReqRes();
          req.headers = { 'mcp-session-id': sessionId };
          req.method = 'DELETE';
          await handler(req, res);
          expect(res.status).toHaveBeenCalledWith(404); // Session not found
          expect(res.json).toHaveBeenCalledWith({
            jsonrpc: '2.0',
            error: {
              code: -32001,
              message: 'Session not found'
            },
            id: null
          });
        }
      });
      it('should return 400 for empty session ID', async () => {
        server = new SingleSessionHTTPServer();
        await server.start();
        const handler = findHandler('delete', '/mcp');
        const { req, res } = createMockReqRes();
-        req.headers = { 'mcp-session-id': 'invalid-session-id' };
+        req.headers = { 'mcp-session-id': '' };
        req.method = 'DELETE';
        await handler(req, res);
@@ -796,7 +831,7 @@ describe('HTTP Server Session Management', () => {
          jsonrpc: '2.0',
          error: {
            code: -32602,
-            message: 'Invalid session ID format'
+            message: 'Mcp-Session-Id header is required'
          },
          id: null
        });
@@ -912,40 +947,64 @@ describe('HTTP Server Session Management', () => {
  });
  describe('Session ID Validation', () => {
-    it('should validate UUID v4 format correctly', async () => {
+    it('should accept any non-empty string as session ID', async () => {
      server = new SingleSessionHTTPServer();
      const validUUIDs = [
        'aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee', // 8 is valid variant
        '12345678-1234-4567-8901-123456789012', // 8 is valid variant
        'f47ac10b-58cc-4372-a567-0e02b2c3d479' // a is valid variant
      ];
-      const invalidUUIDs = [
+      // Valid session IDs - any non-empty string is accepted
-        'invalid-uuid',
+      const validSessionIds = [
-        'aaaaaaaa-bbbb-3ccc-8ddd-eeeeeeeeeeee', // Wrong version (3)
+        // UUIDv4 format (existing format - still valid)
-        'aaaaaaaa-bbbb-4ccc-cddd-eeeeeeeeeeee', // Wrong variant (c)
+        'aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee',
        '12345678-1234-4567-8901-123456789012',
        'f47ac10b-58cc-4372-a567-0e02b2c3d479',
        // Instance-prefixed format (multi-tenant)
        'instance-user123-abc123-550e8400-e29b-41d4-a716-446655440000',
        // Custom formats (mcp-remote, proxies, etc.)
        'mcp-remote-session-xyz',
        'custom-session-format',
        'short-uuid',
-        '',
+        'invalid-uuid', // "invalid" UUID is valid as generic string
-        'aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee-extra'
+        '12345',
        // Even "wrong" UUID versions are accepted (relaxed validation)
        'aaaaaaaa-bbbb-3ccc-8ddd-eeeeeeeeeeee', // UUID v3
        'aaaaaaaa-bbbb-4ccc-cddd-eeeeeeeeeeee', // Wrong variant
        'aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee-extra', // Extra chars
        // Any non-empty string works
        'anything-goes'
      ];
-      for (const uuid of validUUIDs) {
+      // Invalid session IDs - only empty strings
-        expect((server as any).isValidSessionId(uuid)).toBe(true);
+      const invalidSessionIds = [
        ''
      ];
      // All non-empty strings should be accepted
      for (const sessionId of validSessionIds) {
        expect((server as any).isValidSessionId(sessionId)).toBe(true);
      }
-      for (const uuid of invalidUUIDs) {
+      // Only empty strings should be rejected
-        expect((server as any).isValidSessionId(uuid)).toBe(false);
+      for (const sessionId of invalidSessionIds) {
        expect((server as any).isValidSessionId(sessionId)).toBe(false);
      }
    });
-    it('should reject requests with invalid session ID format', async () => {
+    it('should accept non-empty strings, reject only empty strings', async () => {
      server = new SingleSessionHTTPServer();
-      
+
-      // Test the validation method directly
+      // These should all be ACCEPTED (return true) - any non-empty string
-      expect((server as any).isValidSessionId('invalid-session-id')).toBe(false);
+      expect((server as any).isValidSessionId('invalid-session-id')).toBe(true);
-      expect((server as any).isValidSessionId('')).toBe(false);
+      expect((server as any).isValidSessionId('short')).toBe(true);
      expect((server as any).isValidSessionId('instance-user-abc-123')).toBe(true);
      expect((server as any).isValidSessionId('mcp-remote-xyz')).toBe(true);
      expect((server as any).isValidSessionId('12345')).toBe(true);
      expect((server as any).isValidSessionId('aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee')).toBe(true);
      // Only empty string should be REJECTED (return false)
      expect((server as any).isValidSessionId('')).toBe(false);
    });
    it('should reject requests with non-existent session ID', async () => {
Author	SHA1	Message	Date
czlonkowski	54c598717c	fix: Add library export fields to npm package (main, types, exports) ## Problem PR #309 added `main`, `types`, and `exports` fields to package.json for library usage, but v2.18.9 was published without these fields. The publish scripts (both local and CI/CD) use package.runtime.json as the base and didn't copy these critical fields. Result: npm package broke library usage for multi-tenant backends. ## Root Cause Both scripts/publish-npm.sh and .github/workflows/release.yml: - Copy package.runtime.json as base package.json - Add metadata fields (name, bin, repository, etc.) - Missing: main, types, exports fields ## Changes ### 1. scripts/publish-npm.sh - Added main, types, exports fields to package.json generation - Removed test suite execution (already runs in CI) ### 2. .github/workflows/release.yml - Added main, types, exports fields to CI publish step ### 3. Version bump - Bumped to v2.18.10 to republish with correct fields ## Verification ✅ Local publish preparation tested ✅ Generated package.json has all required fields: - main: "dist/index.js" - types: "dist/index.d.ts" - exports: { "." : { types, require, import } } ✅ TypeScript compilation passes ✅ All library export paths validated ## Impact - Fixes library usage for multi-tenant deployments - Enables downstream n8n-mcp-backend project - Maintains backward compatibility (CLI/Docker unchanged) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-12 00:09:55 +02:00
Romuald Członkowski	8b5b01de98	Merge pull request #309 from czlonkowski/feature/library-usage-multi-tenant feat: Add library usage support for multi-tenant deployments	2025-10-11 22:53:14 +02:00
czlonkowski	275e573d8d	fix: update session validation tests to match relaxed validation behavior - Updated "should return 400 for empty session ID" test to expect "Mcp-Session-Id header is required" instead of "Invalid session ID format" (empty strings are treated as missing headers) - Updated "should return 404 for non-existent session" test to verify any non-empty string format is accepted - Updated "should accept any non-empty string as session ID" test to comprehensively test all session ID formats - All 38 session management tests now pass This aligns with the relaxed session ID validation introduced in PR #309 for multi-tenant support. The server now accepts any non-empty string as a session ID to support various MCP clients (UUIDv4, instance-prefixed, mcp-remote, custom formats). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 22:31:07 +02:00
czlonkowski	6256105053	feat: add library usage support for multi-tenant deployments Enable n8n-mcp to be used as a library dependency for multi-tenant backends: Changes: - Add `types` and `exports` fields to package.json for TypeScript support - Export InstanceContext types and MCP SDK types from src/index.ts - Relax session ID validation to support multi-tenant session strategies - Accept any non-empty string (UUIDv4, instance-prefixed, custom formats) - Maintains backward compatibility with existing UUIDv4 format - Enables mcp-remote and other proxy compatibility - Add comprehensive library usage documentation (docs/LIBRARY_USAGE.md) - Multi-tenant backend examples - API reference for N8NMCPEngine - Security best practices - Deployment guides (Docker, Kubernetes) - Testing strategies Breaking Changes: None - all changes are backward compatible Version: 2.18.9 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 21:56:28 +02:00