WIP Servlet 4 MCP

Ean Schuessler
Showing 11 changed files with 196 additions and 2200 deletions
AGENTS.md
README-SDK-Services.md
README-SDK-Servlet.md
README-SSE-Servlet.md
component.xml
data/McpSecuritySeedData.xml
service/McpServices.xml
src/main/groovy/org/moqui/mcp/EnhancedMcpServlet.groovy
src/main/groovy/org/moqui/mcp/ServiceBasedMcpServlet.groovy
web-sdk-services.xml
web-sdk-sse.xml
--- a/AGENTS.md deleted 100644 → 0
View file @fc1526c
+++ b/AGENTS.md deleted 100644 → 0
View file @fc1526c
-# Moqui MCP v2.0 Server Guide
-This guide explains how to interact with Moqui MCP v2.0 server for AI-Moqui integration using Model Context Protocol (MCP) and Moqui's unified screen-based implementation.
-## Repository Status
-**moqui-mcp-2** is a **standalone component with its own git repository**. It uses a unified screen-based approach that handles both JSON-RPC and Server-Sent Events (SSE) for maximum MCP client compatibility.
- **Repository**: Independent git repository
- **Integration**: Included as plain directory in moqui-opencode
- **Version**: v2.0.0 (unified screen implementation)
- **Approach**: Moqui screen-based with dual JSON-RPC/SSE support
- **Status**: ✅ **PRODUCTION READY** - All tests passing
-## Architecture Overview
-```
-moqui-mcp-2/
-├── AGENTS.md                    # This file - MCP server guide
-├── component.xml               # Component configuration
-├── screen/
-│   └── webroot/
-│       └── mcp.xml            # Unified MCP screen (JSON-RPC + SSE)
-├── service/
-│   ├── McpServices.xml         # MCP services implementation
-│   └── mcp.rest.xml          # Basic REST endpoints
-└── data/
-    └── McpSecuritySeedData.xml  # Security permissions
-```
-## Implementation Status
-### **✅ COMPLETED FEATURES**
- **Unified Screen Architecture**: Single endpoint handles both JSON-RPC and SSE
- **Content-Type Negotiation**: Correctly prioritizes `application/json` over `text/event-stream`
- **Session Management**: MCP session IDs generated and validated
- **Security Integration**: Full Moqui security framework integration
- **Method Mapping**: All MCP methods properly mapped to Moqui services
- **Error Handling**: Comprehensive error responses for both formats
- **Protocol Headers**: MCP protocol version headers set correctly
-### **✅ ENDPOINT CONFIGURATION**
- **Primary Endpoint**: `http://localhost:8080/mcp/rpc`
- **JSON-RPC Support**: `Accept: application/json` → JSON responses
- **SSE Support**: `Accept: text/event-stream` → Server-Sent Events
- **Authentication**: Basic auth with `mcp-user:moqui` credentials
- **Session Headers**: `Mcp-Session-Id` for session persistence
-## MCP Implementation Strategy
-### **Unified Screen Design**
- ✅ **Single Endpoint**: `/mcp/rpc` handles both JSON-RPC and SSE
- ✅ **Content-Type Negotiation**: Automatic response format selection
- ✅ **Standard Services**: MCP methods as regular Moqui services
- ✅ **Native Authentication**: Leverages Moqui's user authentication
- ✅ **Direct Integration**: No custom layers or abstractions
- ✅ **Audit Logging**: Uses Moqui's ArtifactHit framework
-### **MCP Method Mapping**
-```
-MCP Method              → Moqui Service
-initialize              → McpServices.mcp#Initialize
-tools/list              → McpServices.mcp#ToolsList
-tools/call              → McpServices.mcp#ToolsCall
-resources/list           → McpServices.mcp#ResourcesList
-resources/read           → McpServices.mcp#ResourcesRead
-ping                    → McpServices.mcp#Ping
-```
-### **Response Format Handling**
-```
-Accept Header                    → Response Format
-application/json               → JSON-RPC 2.0 response
-text/event-stream              → Server-Sent Events
-application/json, text/event-stream → JSON-RPC 2.0 (prioritized)
-```
-## MCP Endpoint
-### **Unified Screen Endpoint**
-```
-POST /mcp/rpc
- Single screen handles both JSON-RPC and SSE
- Content-Type negotiation determines response format
- Built-in authentication and audit logging
- MCP protocol version headers included
-```
-### **Request Flow**
-1. **Authentication**: Basic auth validates user credentials
-2. **Session Management**: Initialize generates session ID, subsequent requests require it
-3. **Content-Type Negotiation**: Accept header determines response format
-4. **Method Routing**: MCP methods mapped to Moqui services
-5. **Response Generation**: JSON-RPC or SSE based on client preference
-### **JSON-RPC Request Format**
-```json
-{
-  "jsonrpc": "2.0",
-  "id": "unique_request_id",
-  "method": "initialize",
-  "params": {
-    "protocolVersion": "2025-06-18",
-    "capabilities": {
-      "roots": {},
-      "sampling": {}
-    },
-    "clientInfo": {
-      "name": "AI Client",
-      "version": "1.0.0"
-    }
-  }
-}
-```
-### **SSE Request Format**
-```bash
-curl -X POST http://localhost:8080/mcp/rpc \
-  -H "Content-Type: application/json" \
-  -H "Accept: text/event-stream" \
-  -H "Authorization: Basic bWNwLXVzZXI6bW9xdWk=" \
-  -H "Mcp-Session-Id: <session-id>" \
-  -d '{"jsonrpc":"2.0","id":"ping-1","method":"ping","params":{}}'
-```
-### **SSE Response Format**
-```
-event: response
-data: {"jsonrpc":"2.0","id":"ping-1","result":{"result":{"timestamp":"2025-11-14T23:16:14+0000","status":"healthy","version":"2.0.0"}}}
-```
-## MCP Client Integration
-### **Python Client Example**
-```python
-import requests
-import json
-import uuid
-class MoquiMCPClient:
-    def __init__(self, base_url, username, password):
-        self.base_url = base_url
-        self.request_id = 0
-        self.authenticate(username, password)
-    def _make_request(self, method, params=None):
-        self.request_id += 1
-        payload = {
-            "jsonrpc": "2.0",
-            "id": f"req_{self.request_id}",
-            "method": method,
-            "params": params or {}
-        }
-        response = requests.post(f"{self.base_url}/mcp/rpc", json=payload)
-        return response.json()
-    def initialize(self):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#Initialize", {
-            "protocolVersion": "2025-06-18",
-            "capabilities": {
-                "roots": {},
-                "sampling": {}
-            },
-            "clientInfo": {
-                "name": "Python MCP Client",
-                "version": "1.0.0"
-            }
-        })
-    def list_tools(self):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#ToolsList")
-    def call_tool(self, tool_name, arguments):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#ToolsCall", {
-            "name": tool_name,
-            "arguments": arguments
-        })
-    def list_resources(self):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#ResourcesList")
-    def read_resource(self, uri):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#ResourcesRead", {
-            "uri": uri
-        })
-    def ping(self):
-        return self._make_request("org.moqui.mcp.McpServices.mcp#Ping")
-# Usage
-client = MoquiMCPClient("http://localhost:8080", "admin", "moqui")
-init_result = client.initialize()
-tools = client.list_tools()
-result = client.call_tool("org.moqui.example.Services.create#Example", {
-    "exampleName": "Test Example"
-})
-```
-### **JavaScript Client Example**
-```javascript
-class MoquiMCPClient {
-    constructor(baseUrl, username, password) {
-        this.baseUrl = baseUrl;
-        this.requestId = 0;
-        this.authenticate(username, password);
-    }
-    async makeRequest(method, params = {}) {
-        this.requestId++;
-        const payload = {
-            jsonrpc: "2.0",
-            id: `req_${this.requestId}`,
-            method,
-            params
-        };
-        const response = await fetch(`${this.baseUrl}/mcp/rpc`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(payload)
-        });
-        return response.json();
-    }
-    async initialize() {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#Initialize', {
-            protocolVersion: '2025-06-18',
-            capabilities: {
-                roots: {},
-                sampling: {}
-            },
-            clientInfo: {
-                name: 'JavaScript MCP Client',
-                version: '1.0.0'
-            }
-        });
-    }
-    async listTools() {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#ToolsList');
-    }
-    async callTool(toolName, arguments) {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#ToolsCall', {
-            name: toolName,
-            arguments
-        });
-    }
-    async listResources() {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#ResourcesList');
-    }
-    async readResource(uri) {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#ResourcesRead', {
-            uri
-        });
-    }
-    async ping() {
-        return this.makeRequest('org.moqui.mcp.McpServices.mcp#Ping');
-    }
-}
-// Usage
-const client = new MoquiMCPClient('http://localhost:8080', 'admin', 'moqui');
-await client.initialize();
-const tools = await client.listTools();
-const result = await client.callTool('org.moqui.example.Services.create#Example', {
-    exampleName: 'Test Example'
-});
-```
-### **cURL Examples**
-#### **Initialize MCP Session**
-```bash
-curl -X POST -H "Content-Type: application/json" \
-  --data '{
-    "jsonrpc": "2.0",
-    "id": "init_001",
-    "method": "org.moqui.mcp.McpServices.mcp#Initialize",
-    "params": {
-      "protocolVersion": "2025-06-18",
-      "capabilities": {
-        "roots": {},
-        "sampling": {}
-      },
-      "clientInfo": {
-        "name": "cURL Client",
-        "version": "1.0.0"
-      }
-    }
-  }' \
-  http://localhost:8080/mcp/rpc
-```
-#### **List Available Tools**
-```bash
-curl -X POST -H "Content-Type: application/json" \
-  --data '{
-    "jsonrpc": "2.0",
-    "id": "tools_001",
-    "method": "org.moqui.mcp.McpServices.mcp#ToolsList",
-    "params": {}
-  }' \
-  http://localhost:8080/mcp/rpc
-```
-#### **Execute Tool**
-```bash
-curl -X POST -H "Content-Type: application/json" \
-  --data '{
-    "jsonrpc": "2.0",
-    "id": "call_001",
-    "method": "org.moqui.mcp.McpServices.mcp#ToolsCall",
-    "params": {
-      "name": "org.moqui.example.Services.create#Example",
-      "arguments": {
-        "exampleName": "JSON-RPC Test",
-        "statusId": "EXST_ACTIVE"
-      }
-    }
-  }' \
-  http://localhost:8080/mcp/rpc
-```
-#### **Read Entity Resource**
-```bash
-curl -X POST -H "Content-Type: application/json" \
-  --data '{
-    "jsonrpc": "2.0",
-    "id": "resource_001",
-    "method": "org.moqui.mcp.McpServices.mcp#ResourcesRead",
-    "params": {
-      "uri": "entity://Example"
-    }
-  }' \
-  http://localhost:8080/mcp/rpc
-```
-#### **Health Check**
-```bash
-curl -X POST -H "Content-Type: application/json" \
-  --data '{
-    "jsonrpc": "2.0",
-    "id": "ping_001",
-    "method": "org.moqui.mcp.McpServices.mcp#Ping",
-    "params": {}
-  }' \
-  http://localhost:8080/mcp/rpc
-```
-## Security and Permissions
-### **Authentication**
- Uses Moqui's built-in user authentication
- Pass credentials via standard JSON-RPC `authUsername` and `authPassword` parameters
- Or use existing session via Moqui's web session
-### **Authorization**
- All MCP services require `authenticate="true"`
- Tool access controlled by Moqui's service permissions
- Entity access controlled by Moqui's entity permissions
- Audit logging via Moqui's ArtifactHit framework
-### **Permission Setup**
-```xml
-<!-- MCP User Group -->
-<moqui.security.UserGroup userGroupId="McpUser" description="MCP Server Users"/>
-<!-- MCP Artifact Groups -->
-<moqui.security.ArtifactGroup artifactGroupId="McpServices" description="MCP JSON-RPC Services"/>
-<moqui.security.ArtifactGroup artifactGroupId="McpRestPaths" description="MCP REST API Paths"/>
-<moqui.security.ArtifactGroup artifactGroupId="McpScreenTransitions" description="MCP Screen Transitions"/>
-<!-- MCP Service Permissions -->
-<moqui.security.ArtifactAuthz userGroupId="McpUser" 
-    artifactGroupId="McpServices" 
-    authzTypeEnumId="AUTHZT_ALLOW" 
-    authzActionEnumId="AUTHZA_ALL"/>
-<moqui.security.ArtifactAuthz userGroupId="McpUser" 
-    artifactGroupId="McpRestPaths" 
-    authzTypeEnumId="AUTHZT_ALLOW" 
-    authzActionEnumId="AUTHZA_ALL"/>
-<moqui.security.ArtifactAuthz userGroupId="McpUser" 
-    artifactGroupId="McpScreenTransitions" 
-    authzTypeEnumId="AUTHZT_ALLOW" 
-    authzActionEnumId="AUTHZA_ALL"/>
-```
-## Development and Testing
-### **Local Development**
-1. Start Moqui with moqui-mcp-2 component
-2. Test with JSON-RPC client examples above
-3. Check Moqui logs for debugging
-4. Monitor ArtifactHit records for audit trail
-### **Service Discovery**
- All Moqui services automatically available as MCP tools
- Filtered by user permissions
- Service parameters converted to JSON Schema
- Service descriptions used for tool descriptions
-### **Entity Access**
- All Moqui entities automatically available as MCP resources
- Format: `entity://EntityName`
- Filtered by entity VIEW permissions
- Limited to 100 records per request
-## Error Handling
-### **JSON-RPC Error Responses**
-```json
-{
-  "jsonrpc": "2.0",
-  "id": "req_001",
-  "error": {
-    "code": -32601,
-    "message": "Method not found"
-  }
-}
-```
-### **Common Error Codes**
- `-32600`: Invalid Request (malformed JSON-RPC)
- `-32601`: Method not found
- `-32602`: Invalid params
- `-32603`: Internal error (service execution failed)
-### **Service-Level Errors**
- Permission denied throws Exception with message
- Invalid service name throws Exception
- Entity access violations throw Exception
- All errors logged to Moqui error system
-## Monitoring and Debugging
-### **Audit Trail**
- All MCP calls logged to `moqui.server.ArtifactHit`
- Track user, service, parameters, execution time
- Monitor success/failure rates
- Debug via Moqui's built-in monitoring tools
-### **Performance Metrics**
- Service execution time tracked
- Response size monitored
- Error rates captured
- User activity patterns available
---
-## Testing Results
-### **✅ VERIFIED FUNCTIONALITY**
- **JSON-RPC Initialize**: Session creation and protocol negotiation
- **JSON-RPC Ping**: Health check with proper response format
- **JSON-RPC Tools List**: Service discovery working correctly
- **SSE Responses**: Server-sent events with proper event formatting
- **Session Management**: Session ID generation and validation
- **Content-Type Negotiation**: Correct prioritization of JSON over SSE
- **Security Integration**: All three authorization layers working
- **Error Handling**: Proper error responses for both formats
-### **✅ CLIENT COMPATIBILITY**
- **opencode Client**: Ready for production use
- **Standard MCP Clients**: Full protocol compliance
- **Custom Integrations**: Easy integration patterns documented
-## Key Advantages
-### **Unified Screen Benefits**
-1. **Single Endpoint**: One URL handles all MCP protocol variations
-2. **Content-Type Negotiation**: Automatic response format selection
-3. **Client Compatibility**: Works with both JSON-RPC and SSE clients
-4. **Simplicity**: No custom webapps or complex routing needed
-5. **Reliability**: Uses battle-tested Moqui screen framework
-6. **Security**: Leverages Moqui's mature security system
-7. **Audit**: Built-in logging and monitoring
-8. **Maintenance**: Minimal custom code to maintain
-### **Clean Architecture**
- Single screen handles all MCP protocol logic
- No custom authentication layers
- Standard Moqui session management
- Direct service-to-tool mapping
- Standard Moqui patterns throughout
- Full MCP protocol compliance
-**This implementation demonstrates the power of Moqui's screen framework for unified MCP protocol handling.**
\ No newline at end of file
--- a/README-SDK-Services.md deleted 100644 → 0
View file @fc1526c
+++ b/README-SDK-Services.md deleted 100644 → 0
View file @fc1526c
-# Moqui MCP SDK Services Servlet
-This document describes the MCP servlet implementation that combines the official Java MCP SDK with existing Moqui services for optimal architecture.
-## Overview
-The `McpSdkServicesServlet` provides the best of both worlds:
- **MCP SDK** for standards-compliant protocol handling and SSE transport
- **McpServices.xml** for proven business logic and Moqui integration
- **Delegation pattern** for clean separation of concerns
- **Service reuse** across different MCP transport implementations
-## Architecture
-### Component Interaction
-```
-┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
-│   MCP Client    │───▶│  MCP SDK Servlet │───▶│  McpServices.xml│
-│                 │    │                  │    │                 │
-│ - JSON-RPC 2.0  │    │ - Transport      │    │ - Business      │
-│ - SSE Events    │    │ - Protocol       │    │   Logic         │
-│ - Tool Calls    │    │ - Validation     │    │ - Security      │
-└─────────────────┘    └──────────────────┘    └─────────────────┘
-                              │
-                              ▼
-                       ┌─────────────────┐
-                       │ Moqui Framework│
-                       │                 │
-                       │ - Entity Engine │
-                       │ - Service Engine│
-                       │ - Security      │
-                       └─────────────────┘
-```
-### Service Delegation Pattern
-| MCP Method | SDK Servlet | Moqui Service | Description |
-|------------|-------------|---------------|-------------|
-| `initialize` | `initialize` tool | `mcp#Initialize` | Session initialization |
-| `ping` | `ping` tool | `mcp#Ping` | Health check |
-| `tools/list` | `tools/list` tool | `mcp#ToolsList` | Discover available tools |
-| `tools/call` | `tools/call` tool | `mcp#ToolsCall` | Execute tools/services |
-| `resources/list` | `resources/list` tool | `mcp#ResourcesList` | Discover entities |
-| `resources/read` | `resources/read` tool | `mcp#ResourcesRead` | Read entity data |
-## Benefits
-### 1. Separation of Concerns
- **SDK Servlet**: Protocol handling, transport, validation
- **McpServices.xml**: Business logic, security, data access
- **Clean interfaces**: Well-defined service contracts
-### 2. Code Reuse
- **Single source of truth**: All MCP logic in McpServices.xml
- **Multiple transports**: Same services work with different servlets
- **Testable services**: Can test business logic independently
-### 3. Standards Compliance
- **MCP SDK**: Guaranteed protocol compliance
- **JSON Schema**: Automatic validation
- **Error handling**: Standardized responses
-### 4. Moqui Integration
- **Security**: Leverages Moqui authentication/authorization
- **Auditing**: Built-in artifact hit tracking
- **Transactions**: Proper transaction management
- **Error handling**: Moqui exception handling
-## Configuration
-### Dependencies
-```gradle
-dependencies {
-    // MCP Java SDK for transport and protocol
-    implementation 'io.modelcontextprotocol.sdk:mcp-sdk:1.0.0'
-    // Jackson for JSON handling (required by MCP SDK)
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
-    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.2'
-    // Servlet API
-    compileOnly 'javax.servlet:javax.servlet-api:4.0.1'
-}
-```
-### Web.xml Configuration
-```xml
-<servlet>
-    <servlet-name>McpSdkServicesServlet</servlet-name>
-    <servlet-class>org.moqui.mcp.McpSdkServicesServlet</servlet-class>
-    <init-param>
-        <param-name>moqui-name</param-name>
-        <param-value>moqui-mcp-2</param-value>
-    </init-param>
-    <async-supported>true</async-supported>
-    <load-on-startup>1</load-on-startup>
-</servlet>
-<servlet-mapping>
-    <servlet-name>McpSdkServicesServlet</servlet-name>
-    <url-pattern>/mcp/*</url-pattern>
-</servlet-mapping>
-```
-## Available Tools
-### Core MCP Tools
-| Tool | Service | Description |
-|------|---------|-------------|
-| `initialize` | `mcp#Initialize` | Initialize MCP session with capabilities negotiation |
-| `ping` | `mcp#Ping` | Health check and server status |
-| `tools/list` | `mcp#ToolsList` | List all available Moqui services as tools |
-| `tools/call` | `mcp#ToolsCall` | Execute any Moqui service |
-| `resources/list` | `mcp#ResourcesList` | List all accessible entities as resources |
-| `resources/read` | `mcp#ResourcesRead` | Read entity data and metadata |
-| `debug/component` | `debug#ComponentStatus` | Debug component status and configuration |
-### Tool Examples
-#### Initialize Session
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "init-1",
-       "method": "tools/call",
-       "params": {
-         "name": "initialize",
-         "arguments": {
-           "protocolVersion": "2025-06-18",
-           "clientInfo": {
-             "name": "Test Client",
-             "version": "1.0.0"
-           }
-         }
-       }
-     }'
-```
-#### List Available Tools
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "tools-1",
-       "method": "tools/call",
-       "params": {
-         "name": "tools/list",
-         "arguments": {}
-       }
-     }'
-```
-#### Execute Moqui Service
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "call-1",
-       "method": "tools/call",
-       "params": {
-         "name": "tools/call",
-         "arguments": {
-           "name": "org.moqui.entity.EntityServices.find#List",
-           "arguments": {
-             "entityName": "moqui.security.UserAccount",
-             "fields": ["username", "emailAddress"],
-             "limit": 10
-           }
-         }
-       }
-     }'
-```
-## Available Resources
-### Entity Resources
- **`entity://`** - List all entities
- **`entity://EntityName`** - Read specific entity data
-#### Resource Examples
-```bash
-# List all entities
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "res-1",
-       "method": "tools/call",
-       "params": {
-         "name": "resources/list",
-         "arguments": {}
-       }
-     }'
-# Read specific entity
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "res-2",
-       "method": "tools/call",
-       "params": {
-         "name": "resources/read",
-         "arguments": {
-           "uri": "entity://moqui.security.UserAccount"
-         }
-       }
-     }'
-```
-## Available Prompts
-### Entity Query Prompt
-Generate Moqui entity queries:
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "prompt-1",
-       "method": "prompts/get",
-       "params": {
-         "name": "entity-query",
-         "arguments": {
-           "entity": "mantle.order.OrderHeader",
-           "purpose": "Find recent orders",
-           "fields": "orderId, orderDate, grandTotal"
-         }
-       }
-     }'
-```
-### Service Execution Prompt
-Generate Moqui service execution plans:
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "prompt-2",
-       "method": "prompts/get",
-       "params": {
-         "name": "service-execution",
-         "arguments": {
-           "serviceName": "create#OrderItem",
-           "description": "Create a new order item",
-           "parameters": "{\"orderId\":\"string\",\"productId\":\"string\",\"quantity\":\"number\"}"
-         }
-       }
-     }'
-```
-## Service Implementation Details
-### McpServices.xml Features
-The `McpServices.xml` provides comprehensive MCP functionality:
-#### 1. Service Discovery (`mcp#ToolsList`)
-```xml
-<service verb="mcp" noun="ToolsList" authenticate="true" allow-remote="true">
-    <description>Handle MCP tools/list request with direct Moqui service discovery</description>
-    <actions>
-        <script><![CDATA[
-            // Get all service names from Moqui service engine
-            def allServiceNames = ec.service.getKnownServiceNames()
-            def availableTools = []
-            // Convert services to MCP tools
-            for (serviceName in allServiceNames) {
-                if (ec.service.hasPermission(serviceName)) {
-                    def serviceInfo = ec.service.getServiceInfo(serviceName)
-                    // Convert to MCP tool format...
-                }
-            }
-        ]]></script>
-    </actions>
-</service>
-```
-#### 2. Service Execution (`mcp#ToolsCall`)
-```xml
-<service verb="mcp" noun="ToolsCall" authenticate="true" allow-remote="true">
-    <description>Handle MCP tools/call request with direct Moqui service execution</description>
-    <actions>
-        <script><![CDATA[
-            // Validate service exists and user has permission
-            if (!ec.service.hasPermission(name)) {
-                throw new Exception("Permission denied for tool: ${name}")
-            }
-            // Create audit record
-            def artifactHit = ec.entity.makeValue("moqui.server.ArtifactHit")
-            // ... audit setup ...
-            // Execute service
-            def serviceResult = ec.service.sync().name(name).parameters(arguments).call()
-            // Convert result to MCP format
-            result = [content: content, isError: false]
-        ]]></script>
-    </actions>
-</service>
-```
-#### 3. Entity Access (`mcp#ResourcesRead`)
-```xml
-<service verb="mcp" noun="ResourcesRead" authenticate="true" allow-remote="true">
-    <description>Handle MCP resources/read request with Moqui entity queries</description>
-    <actions>
-        <script><![CDATA[
-            // Parse entity URI and validate permissions
-            if (!ec.user.hasPermission("entity:${entityName}", "VIEW")) {
-                throw new Exception("Permission denied for entity: ${entityName}")
-            }
-            // Get entity definition and query data
-            def entityDef = ec.entity.getEntityDefinition(entityName)
-            def entityList = ec.entity.find(entityName).limit(100).list()
-            // Build comprehensive response
-            result = [contents: [[
-                uri: uri,
-                mimeType: "application/json",
-                text: entityInfo + data
-            ]]]
-        ]]></script>
-    </actions>
-</service>
-```
-## Security Model
-### Authentication Integration
- **Moqui Authentication**: Uses existing Moqui user accounts
- **Session Management**: Leverages Moqui web sessions
- **Permission Checking**: Validates service and entity permissions
- **Audit Trail**: Records all MCP operations in ArtifactHit
-### Permission Model
-| Operation | Permission Check | Description |
-|------------|------------------|-------------|
-| Service Execution | `ec.service.hasPermission(serviceName)` | Check service-level permissions |
-| Entity Access | `ec.user.hasPermission("entity:EntityName", "VIEW")` | Check entity-level permissions |
-| Resource Access | `ec.user.hasPermission("entity:EntityName", "VIEW")` | Check entity read permissions |
-### Audit Logging
-All MCP operations are automatically logged:
-```groovy
-def artifactHit = ec.entity.makeValue("moqui.server.ArtifactHit")
-artifactHit.artifactType = "MCP"
-artifactHit.artifactSubType = "Tool"  // or "Resource"
-artifactHit.artifactName = serviceName
-artifactHit.parameterString = new JsonBuilder(arguments).toString()
-artifactHit.userId = ec.user.userId
-artifactHit.create()
-```
-## Error Handling
-### Service-Level Errors
-The McpServices.xml provides comprehensive error handling:
-```groovy
-try {
-    def serviceResult = ec.service.sync().name(name).parameters(arguments).call()
-    result = [content: content, isError: false]
-} catch (Exception e) {
-    // Update audit record with error
-    artifactHit.wasError = "Y"
-    artifactHit.errorMessage = e.message
-    artifactHit.update()
-    result = [
-        content: [[type: "text", text: "Error executing tool ${name}: ${e.message}"]],
-        isError: true
-    ]
-}
-```
-### SDK-Level Errors
-The MCP SDK handles protocol-level errors:
- **JSON-RPC validation** - Invalid requests
- **Schema validation** - Parameter validation
- **Transport errors** - Connection issues
- **Timeout handling** - Long-running operations
-## Performance Considerations
-### Service Caching
- **Service definitions** cached by Moqui service engine
- **Entity metadata** cached by entity engine
- **Permission checks** cached for performance
- **Audit records** batched for efficiency
-### Connection Management
- **SSE connections** managed by MCP SDK
- **Async processing** for non-blocking operations
- **Connection limits** prevent resource exhaustion
- **Graceful shutdown** on servlet destroy
-### Query Optimization
- **Entity queries** limited to 100 records by default
- **Field selection** reduces data transfer
- **Pagination support** for large result sets
- **Index utilization** through proper query construction
-## Monitoring and Debugging
-### Component Status Tool
-Use the debug tool to check component status:
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "debug-1",
-       "method": "tools/call",
-       "params": {
-         "name": "debug/component",
-         "arguments": {}
-       }
-     }'
-```
-### Log Categories
- `org.moqui.mcp.McpSdkServicesServlet` - Servlet operations
- `org.moqui.mcp.McpServices` - Service operations
- `io.modelcontextprotocol.sdk` - MCP SDK operations
-### Audit Reports
-Query audit records:
-```sql
-SELECT artifactName, COUNT(*) as callCount, 
-       AVG(runningTimeMillis) as avgTime,
-       COUNT(CASE WHEN wasError = 'Y' THEN 1 END) as errorCount
-FROM moqui.server.ArtifactHit
-WHERE artifactType = 'MCP'
-GROUP BY artifactName
-ORDER BY callCount DESC;
-```
-## Comparison: Approaches
-| Feature | Custom Servlet | SDK + Custom Logic | SDK + Services |
-|---------|----------------|-------------------|-----------------|
-| **Protocol Compliance** | Manual | SDK | SDK |
-| **Business Logic** | Custom | Custom | Services |
-| **Code Reuse** | Low | Medium | High |
-| **Testing** | Complex | Medium | Simple |
-| **Maintenance** | High | Medium | Low |
-| **Security** | Custom | Custom | Moqui |
-| **Auditing** | Custom | Custom | Built-in |
-| **Performance** | Unknown | Good | Optimized |
-## Migration Guide
-### From Custom Implementation
-1. **Add MCP SDK dependency** to build.gradle
-2. **Deploy McpServices.xml** (if not already present)
-3. **Replace servlet** with `McpSdkServicesServlet`
-4. **Update web.xml** configuration
-5. **Test existing clients** for compatibility
-6. **Update documentation** with new tool names
-### Client Compatibility
-The SDK + Services approach maintains compatibility:
- **Same JSON-RPC 2.0 protocol**
- **Enhanced tool interfaces** (more services available)
- **Better error responses** (standardized)
- **Improved security** (Moqui integration)
-## Best Practices
-### 1. Service Design
- **Keep services focused** on single responsibilities
- **Use proper error handling** with meaningful messages
- **Document parameters** with descriptions and types
- **Validate inputs** before processing
-### 2. Security
- **Always check permissions** before operations
- **Use parameterized queries** to prevent injection
- **Log all access** for audit trails
- **Sanitize outputs** to prevent data leakage
-### 3. Performance
- **Limit result sets** to prevent memory issues
- **Use appropriate indexes** for entity queries
- **Cache frequently accessed data**
- **Monitor execution times** for optimization
-### 4. Error Handling
- **Provide meaningful error messages**
- **Include context** for debugging
- **Log errors appropriately**
- **Graceful degradation** for failures
-## Future Enhancements
-### Planned Features
-1. **Async Services** - Support for long-running operations
-2. **Streaming Resources** - Large dataset streaming
-3. **Tool Categories** - Organize services by domain
-4. **Dynamic Registration** - Runtime service addition
-5. **Enhanced Prompts** - More sophisticated prompt templates
-### Advanced Integration
-1. **Event-Driven Updates** - Real-time entity change notifications
-2. **Workflow Integration** - MCP-triggered Moqui workflows
-3. **Multi-tenancy** - Tenant-aware MCP operations
-4. **GraphQL Support** - GraphQL as alternative to entity access
-## References
- [MCP Java SDK Documentation](https://modelcontextprotocol.io/sdk/java/mcp-server)
- [MCP Protocol Specification](https://modelcontextprotocol.io/specification/)
- [Moqui Framework Documentation](https://moqui.org/docs/)
- [Moqui Service Engine](https://moqui.org/docs/docs/moqui-service-engine)
- [Moqui Entity Engine](https://moqui.org/docs/docs/moqui-entity-engine)
\ No newline at end of file
--- a/README-SDK-Servlet.md deleted 100644 → 0
View file @fc1526c
+++ b/README-SDK-Servlet.md deleted 100644 → 0
View file @fc1526c
-# Moqui MCP SDK Servlet
-This document describes the MCP servlet implementation using the official Java MCP SDK library (`io.modelcontextprotocol.sdk`).
-## Overview
-The `McpSdkSseServlet` uses the official MCP Java SDK to provide standards-compliant MCP server functionality with:
- **Full MCP protocol compliance** using official SDK
- **SSE transport** with proper session management
- **Built-in tool/resource/prompt registration** 
- **JSON schema validation** for all inputs
- **Standard error handling** and response formatting
- **Async support** for scalable connections
-## Architecture
-### MCP SDK Integration
-The servlet uses these key MCP SDK components:
- `HttpServletSseServerTransportProvider` - SSE transport implementation
- `McpSyncServer` - Synchronous MCP server API
- `McpServerFeatures.SyncToolSpecification` - Tool definitions
- `McpServerFeatures.SyncResourceSpecification` - Resource definitions  
- `McpServerFeatures.SyncPromptSpecification` - Prompt definitions
-### Endpoint Structure
-```
-/mcp/sse           - SSE endpoint for server-to-client events (handled by SDK)
-/mcp/message        - Message endpoint for client-to-server requests (handled by SDK)
-```
-## Dependencies
-### Build Configuration
-Add to `build.gradle`:
-```gradle
-dependencies {
-    // MCP Java SDK
-    implementation 'io.modelcontextprotocol.sdk:mcp-sdk:1.0.0'
-    // Jackson for JSON handling (required by MCP SDK)
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
-    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.2'
-    // Servlet API
-    compileOnly 'javax.servlet:javax.servlet-api:4.0.1'
-}
-```
-### Maven Dependencies
-```xml
-<dependencies>
-    <dependency>
-        <groupId>io.modelcontextprotocol.sdk</groupId>
-        <artifactId>mcp-sdk</artifactId>
-        <version>1.0.0</version>
-    </dependency>
-    <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-databind</artifactId>
-        <version>2.15.2</version>
-    </dependency>
-    <dependency>
-        <groupId>com.fasterxml.jackson.datatype</groupId>
-        <artifactId>jackson-datatype-jsr310</artifactId>
-        <version>2.15.2</version>
-    </dependency>
-</dependencies>
-```
-## Configuration
-### Web.xml Configuration
-```xml
-<servlet>
-    <servlet-name>McpSdkSseServlet</servlet-name>
-    <servlet-class>org.moqui.mcp.McpSdkSseServlet</servlet-class>
-    <init-param>
-        <param-name>moqui-name</param-name>
-        <param-value>moqui-mcp-2</param-value>
-    </init-param>
-    <async-supported>true</async-supported>
-    <load-on-startup>1</load-on-startup>
-</servlet>
-<servlet-mapping>
-    <servlet-name>McpSdkSseServlet</servlet-name>
-    <url-pattern>/mcp/*</url-pattern>
-</servlet-mapping>
-```
-## Available Tools
-### Entity Tools
-| Tool | Description | Parameters |
-|------|-------------|------------|
-| `EntityFind` | Query entities | `entity` (required), `fields`, `constraint`, `limit`, `offset` |
-| `EntityCreate` | Create entity records | `entity` (required), `fields` (required) |
-| `EntityUpdate` | Update entity records | `entity` (required), `fields` (required), `constraint` |
-| `EntityDelete` | Delete entity records | `entity` (required), `constraint` |
-### Service Tools
-| Tool | Description | Parameters |
-|------|-------------|------------|
-| `ServiceCall` | Execute Moqui services | `service` (required), `parameters` |
-| `SystemStatus` | Get system statistics | `includeMetrics`, `includeCache` |
-## Available Resources
-### Entity Resources
- `entity://` - List all entities
- `entity://EntityName` - Get specific entity definition
-**Example:**
-```bash
-# List all entities
-curl -H "Accept: application/json" \
-     http://localhost:8080/mcp/resources?uri=entity://
-# Get specific entity
-curl -H "Accept: application/json" \
-     http://localhost:8080/mcp/resources?uri=entity://moqui.security.UserAccount
-```
-## Available Prompts
-### Entity Query Prompt
-Generate Moqui entity queries:
-```json
-{
-  "name": "entity-query",
-  "arguments": {
-    "entity": "mantle.order.OrderHeader",
-    "purpose": "Find recent orders",
-    "fields": "orderId, orderDate, grandTotal"
-  }
-}
-```
-### Service Definition Prompt
-Generate Moqui service definitions:
-```json
-{
-  "name": "service-definition", 
-  "arguments": {
-    "serviceName": "create#OrderItem",
-    "description": "Create a new order item",
-    "parameters": "{\"orderId\":\"string\",\"productId\":\"string\",\"quantity\":\"number\"}"
-  }
-}
-```
-## Usage Examples
-### Client Connection
-```javascript
-// Using MCP SDK client
-import { McpClient } from '@modelcontextprotocol/sdk/client/index.js';
-import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
-const transport = new StdioClientTransport({
-  command: 'curl',
-  args: ['-X', 'POST', 'http://localhost:8080/mcp/message']
-});
-const client = new McpClient(
-  transport,
-  {
-    name: "Moqui Client",
-    version: "1.0.0"
-  }
-);
-await client.connect();
-// List tools
-const tools = await client.listTools();
-console.log('Available tools:', tools.tools);
-// Call a tool
-const result = await client.callTool({
-  name: "EntityFind",
-  arguments: {
-    entity: "moqui.security.UserAccount",
-    limit: 10
-  }
-});
-console.log('Tool result:', result);
-```
-### Raw HTTP Client
-```bash
-# Initialize connection
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "init-1",
-       "method": "initialize",
-       "params": {
-         "clientInfo": {
-           "name": "Test Client",
-           "version": "1.0.0"
-         }
-       }
-     }'
-# List tools
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "tools-1",
-       "method": "tools/list",
-       "params": {}
-     }'
-# Call EntityFind tool
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "call-1",
-       "method": "tools/call",
-       "params": {
-         "name": "EntityFind",
-         "arguments": {
-           "entity": "moqui.security.UserAccount",
-           "fields": ["username", "emailAddress"],
-           "limit": 5
-         }
-       }
-     }'
-```
-## Tool Implementation Details
-### EntityFind Tool
-```groovy
-def entityFindTool = new McpServerFeatures.SyncToolSpecification(
-    new Tool("EntityFind", "Find entities in Moqui using entity queries", """
-        {
-            "type": "object",
-            "properties": {
-                "entity": {"type": "string", "description": "Entity name"},
-                "fields": {"type": "array", "items": {"type": "string"}, "description": "Fields to select"},
-                "constraint": {"type": "string", "description": "Constraint expression"},
-                "limit": {"type": "number", "description": "Maximum results"},
-                "offset": {"type": "number", "description": "Results offset"}
-            },
-            "required": ["entity"]
-        }
-        """),
-    { exchange, arguments ->
-        return executeWithEc { ec ->
-            String entityName = arguments.get("entity") as String
-            List<String> fields = arguments.get("fields") as List<String>
-            String constraint = arguments.get("constraint") as String
-            Integer limit = arguments.get("limit") as Integer
-            Integer offset = arguments.get("offset") as Integer
-            def finder = ec.entity.find(entityName).selectFields(fields ?: ["*"])
-            if (constraint) {
-                finder.condition(constraint)
-            }
-            if (offset) {
-                finder.offset(offset)
-            }
-            if (limit) {
-                finder.limit(limit)
-            }
-            def result = finder.list()
-            new CallToolResult([
-                new TextContent("Found ${result.size()} records in ${entityName}: ${result}")
-            ], false)
-        }
-    }
-)
-```
-## Error Handling
-The MCP SDK provides standardized error handling:
-### JSON-RPC Errors
-| Code | Description | Example |
-|------|-------------|---------|
-| `-32600` | Invalid Request | Malformed JSON-RPC |
-| `-32601` | Method Not Found | Unknown method name |
-| `-32602` | Invalid Params | Missing required parameters |
-| `-32603` | Internal Error | Server-side exception |
-### Tool Execution Errors
-```groovy
-return new CallToolResult([
-    new TextContent("Error: " + e.message)
-], true)  // isError = true
-```
-### Resource Errors
-```groovy
-throw new IllegalArgumentException("Entity not found: ${entityName}")
-```
-## Security
-### Authentication Integration
-The servlet integrates with Moqui's security framework:
-```groovy
-// Authenticate as admin for MCP operations
-if (!ec.user?.userId) {
-    try {
-        ec.user.loginUser("admin", "admin")
-    } catch (Exception e) {
-        logger.warn("MCP Admin login failed: ${e.message}")
-    }
-}
-```
-### CORS Support
-```groovy
-private static boolean handleCors(HttpServletRequest request, HttpServletResponse response, String webappName) {
-    String originHeader = request.getHeader("Origin")
-    if (originHeader) {
-        response.setHeader("Access-Control-Allow-Origin", originHeader)
-        response.setHeader("Access-Control-Allow-Credentials", "true")
-    }
-    String methodHeader = request.getHeader("Access-Control-Request-Method")
-    if (methodHeader) {
-        response.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
-        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id, MCP-Protocol-Version, Accept")
-        response.setHeader("Access-Control-Max-Age", "3600")
-        return true
-    }
-    return false
-}
-```
-## Monitoring and Logging
-### Log Categories
- `org.moqui.mcp.McpSdkSseServlet` - Servlet operations
- `io.modelcontextprotocol.sdk` - MCP SDK operations
-### Key Log Messages
-```
-INFO  - McpSdkSseServlet initialized for webapp moqui-mcp-2
-INFO  - MCP Server started with SSE transport
-INFO  - Registered 6 Moqui tools
-INFO  - Registered Moqui resources
-INFO  - Registered Moqui prompts
-```
-## Performance Considerations
-### Connection Management
- **Async processing** for non-blocking operations
- **Connection pooling** handled by servlet container
- **Session management** provided by MCP SDK
- **Graceful shutdown** on servlet destroy
-### Memory Usage
- **Tool definitions** loaded once at startup
- **ExecutionContext** created per request
- **JSON parsing** handled by Jackson
- **SSE connections** managed efficiently by SDK
-## Comparison: Custom vs SDK Implementation
-| Feature | Custom Implementation | SDK Implementation |
-|---------|---------------------|-------------------|
-| **Protocol Compliance** | Manual implementation | Guaranteed by SDK |
-| **Error Handling** | Custom code | Standardized |
-| **JSON Schema** | Manual validation | Automatic |
-| **SSE Transport** | Custom implementation | Built-in |
-| **Session Management** | Manual code | Built-in |
-| **Testing** | Custom tests | SDK tested |
-| **Maintenance** | High effort | Low effort |
-| **Standards Updates** | Manual updates | Automatic with SDK |
-## Migration from Custom Servlet
-### Benefits of SDK Migration
-1. **Standards Compliance** - Guaranteed MCP protocol compliance
-2. **Reduced Maintenance** - Less custom code to maintain
-3. **Better Error Handling** - Standardized error responses
-4. **Future Compatibility** - Automatic updates with SDK releases
-5. **Testing** - SDK includes comprehensive test suite
-### Migration Steps
-1. **Add MCP SDK dependency** to build.gradle
-2. **Replace servlet class** with `McpSdkSseServlet`
-3. **Update web.xml** configuration
-4. **Test existing clients** for compatibility
-5. **Update documentation** with new endpoints
-### Client Compatibility
-The SDK implementation maintains compatibility with existing MCP clients:
- Same JSON-RPC 2.0 protocol
- Same tool/resource/prompt interfaces
- Same authentication patterns
- Better error responses and validation
-## Troubleshooting
-### Common Issues
-1. **Dependency Conflicts**
-   ```bash
-   # Check for Jackson version conflicts
-   ./gradlew dependencies | grep jackson
-   ```
-2. **Async Support Issues**
-   ```xml
-   <!-- Ensure async is enabled in web.xml -->
-   <async-supported>true</async-supported>
-   ```
-3. **Servlet Container Compatibility**
-   - Requires Servlet 3.0+ for async support
-   - Test with Tomcat 8.5+, Jetty 9.4+, or similar
-4. **MCP SDK Version**
-   ```gradle
-   // Use latest stable version
-   implementation 'io.modelcontextprotocol.sdk:mcp-sdk:1.0.0'
-   ```
-### Debug Mode
-Enable debug logging:
-```xml
-<Logger name="org.moqui.mcp.McpSdkSseServlet" level="DEBUG"/>
-<Logger name="io.modelcontextprotocol.sdk" level="DEBUG"/>
-```
-## Future Enhancements
-### Planned Features
-1. **Async Tools** - Use `McpServerFeatures.AsyncToolSpecification`
-2. **Streaming Resources** - Large data set streaming
-3. **Tool Categories** - Organize tools by domain
-4. **Dynamic Registration** - Runtime tool/resource addition
-5. **Metrics Collection** - Performance and usage metrics
-### Advanced Integration
-1. **Spring Integration** - Use MCP SDK Spring starters
-2. **WebFlux Support** - Reactive transport providers
-3. **WebSocket Transport** - Alternative to SSE
-4. **Load Balancing** - Multi-instance deployment
-## References
- [MCP Java SDK Documentation](https://modelcontextprotocol.io/sdk/java/mcp-server)
- [MCP Protocol Specification](https://modelcontextprotocol.io/specification/)
- [Moqui Framework Documentation](https://moqui.org/docs/)
- [Servlet 3.0 Specification](https://jakarta.ee/specifications/servlet/3.0/)
\ No newline at end of file
--- a/README-SSE-Servlet.md deleted 100644 → 0
View file @fc1526c
+++ b/README-SSE-Servlet.md deleted 100644 → 0
View file @fc1526c
-# Moqui MCP SSE Servlet
-This document describes the new MCP SSE (Server-Sent Events) servlet implementation based on the official Java MCP SDK SSE Servlet approach.
-## Overview
-The `McpSseServlet` implements the MCP SSE transport specification using the traditional Servlet API, providing:
- **Asynchronous message handling** using Servlet async support
- **Session management** for multiple client connections  
- **Two types of endpoints**:
-  - SSE endpoint (`/sse`) for server-to-client events
-  - Message endpoint (`/mcp/message`) for client-to-server requests
- **Error handling** and response formatting
- **Graceful shutdown** support
- **Keep-alive pings** to maintain connections
- **Connection limits** to prevent resource exhaustion
-## Architecture
-### Endpoint Structure
-```
-/sse              - SSE endpoint for server-to-client events
-/mcp/message      - Message endpoint for client-to-server requests
-```
-### Connection Flow
-1. **Client connects** to `/sse` endpoint
-2. **Server establishes** SSE connection with unique session ID
-3. **Client sends** JSON-RPC messages to `/mcp/message`
-4. **Server processes** messages and sends responses via SSE
-5. **Keep-alive pings** maintain connection health
-## Configuration
-### Servlet Configuration Parameters
-| Parameter | Default | Description |
-|-----------|---------|-------------|
-| `moqui-name` | - | Moqui webapp name (required) |
-| `sseEndpoint` | `/sse` | SSE endpoint path |
-| `messageEndpoint` | `/mcp/message` | Message endpoint path |
-| `keepAliveIntervalSeconds` | `30` | Keep-alive ping interval |
-| `maxConnections` | `100` | Maximum concurrent SSE connections |
-### Web.xml Configuration
-```xml
-<servlet>
-    <servlet-name>McpSseServlet</servlet-name>
-    <servlet-class>org.moqui.mcp.McpSseServlet</servlet-class>
-    <init-param>
-        <param-name>moqui-name</param-name>
-        <param-value>moqui-mcp-2</param-value>
-    </init-param>
-    <init-param>
-        <param-name>keepAliveIntervalSeconds</param-name>
-        <param-value>30</param-value>
-    </init-param>
-    <async-supported>true</async-supported>
-</servlet>
-<servlet-mapping>
-    <servlet-name>McpSseServlet</servlet-name>
-    <url-pattern>/sse/*</url-pattern>
-</servlet-mapping>
-<servlet-mapping>
-    <servlet-name>McpSseServlet</servlet-name>
-    <url-pattern>/mcp/message/*</url-pattern>
-</servlet-mapping>
-```
-## Usage Examples
-### Client Connection Flow
-#### 1. Establish SSE Connection
-```bash
-curl -N -H "Accept: text/event-stream" \
-     http://localhost:8080/sse
-```
-**Response:**
-```
-event: connect
-data: {"type":"connected","sessionId":"uuid-123","timestamp":1234567890,"serverInfo":{"name":"Moqui MCP SSE Server","version":"2.0.0","protocolVersion":"2025-06-18"}}
-event: ping
-data: {"type":"ping","timestamp":1234567890,"connections":1}
-```
-#### 2. Initialize MCP Session
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "init-1",
-       "method": "initialize",
-       "params": {
-         "clientInfo": {
-           "name": "Test Client",
-           "version": "1.0.0"
-         }
-       }
-     }'
-```
-**Response:**
-```json
-{
-  "jsonrpc": "2.0",
-  "id": "init-1",
-  "result": {
-    "protocolVersion": "2025-06-18",
-    "capabilities": {
-      "tools": {"listChanged": true},
-      "resources": {"subscribe": true, "listChanged": true},
-      "logging": {},
-      "notifications": {}
-    },
-    "serverInfo": {
-      "name": "Moqui MCP SSE Server",
-      "version": "2.0.0"
-    },
-    "sessionId": "uuid-123"
-  }
-}
-```
-#### 3. List Available Tools
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "tools-1",
-       "method": "tools/list",
-       "params": {}
-     }'
-```
-#### 4. Call a Tool
-```bash
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{
-       "jsonrpc": "2.0",
-       "id": "call-1",
-       "method": "tools/call",
-       "params": {
-         "name": "EntityFind",
-         "arguments": {
-           "entity": "moqui.security.UserAccount",
-           "fields": ["username", "emailAddress"],
-           "limit": 10
-         }
-       }
-     }'
-```
-### JavaScript Client Example
-```javascript
-class McpSseClient {
-    constructor(baseUrl) {
-        this.baseUrl = baseUrl;
-        this.sessionId = null;
-        this.eventSource = null;
-        this.messageId = 0;
-    }
-    async connect() {
-        // Establish SSE connection
-        this.eventSource = new EventSource(`${this.baseUrl}/sse`);
-        this.eventSource.addEventListener('connect', (event) => {
-            const data = JSON.parse(event.data);
-            console.log('Connected:', data);
-        });
-        this.eventSource.addEventListener('ping', (event) => {
-            const data = JSON.parse(event.data);
-            console.log('Ping:', data);
-        });
-        this.eventSource.addEventListener('initialized', (event) => {
-            const data = JSON.parse(event.data);
-            console.log('Server initialized:', data);
-        });
-        // Initialize MCP session
-        const initResponse = await this.sendMessage('initialize', {
-            clientInfo: {
-                name: 'JavaScript Client',
-                version: '1.0.0'
-            }
-        });
-        this.sessionId = initResponse.sessionId;
-        return initResponse;
-    }
-    async sendMessage(method, params = {}) {
-        const id = `msg-${++this.messageId}`;
-        const payload = {
-            jsonrpc: "2.0",
-            id: id,
-            method: method,
-            params: params
-        };
-        const response = await fetch(`${this.baseUrl}/mcp/message`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json'
-            },
-            body: JSON.stringify(payload)
-        });
-        return await response.json();
-    }
-    async listTools() {
-        return await this.sendMessage('tools/list');
-    }
-    async callTool(name, arguments) {
-        return await this.sendMessage('tools/call', {
-            name: name,
-            arguments: arguments
-        });
-    }
-    disconnect() {
-        if (this.eventSource) {
-            this.eventSource.close();
-        }
-    }
-}
-// Usage
-const client = new McpSseClient('http://localhost:8080');
-client.connect().then(() => {
-    console.log('MCP client connected');
-    // List tools
-    return client.listTools();
-}).then(tools => {
-    console.log('Available tools:', tools);
-    // Call a tool
-    return client.callTool('EntityFind', {
-        entity: 'moqui.security.UserAccount',
-        limit: 5
-    });
-}).then(result => {
-    console.log('Tool result:', result);
-}).catch(error => {
-    console.error('MCP client error:', error);
-});
-```
-## Features
-### Session Management
- **Unique session IDs** generated for each connection
- **Connection tracking** with metadata (user agent, timestamps)
- **Automatic cleanup** on connection close/error
- **Connection limits** to prevent resource exhaustion
-### Event Types
-| Event Type | Description | Data |
-|------------|-------------|------|
-| `connect` | Initial connection established | Session info, server details |
-| `ping` | Keep-alive ping | Timestamp, connection count |
-| `initialized` | Server initialization notification | Session info, client details |
-| `subscribed` | Subscription confirmation | Session, event type |
-| `tool_result` | Tool execution result | Tool name, result data |
-| `resource_update` | Resource change notification | Resource URI, change data |
-### Error Handling
- **JSON-RPC 2.0 compliant** error responses
- **Connection error recovery** with automatic cleanup
- **Resource exhaustion protection** with connection limits
- **Graceful degradation** on service failures
-### Security
- **CORS support** for cross-origin requests
- **Moqui authentication integration** with admin fallback
- **Session isolation** between clients
- **Input validation** for all requests
-## Monitoring
-### Connection Status
-Get current server status:
-```bash
-curl http://localhost:8080/mcp/message
-```
-**Response:**
-```json
-{
-  "serverInfo": {
-    "name": "Moqui MCP SSE Server",
-    "version": "2.0.0",
-    "protocolVersion": "2025-06-18"
-  },
-  "connections": {
-    "active": 3,
-    "max": 100
-  },
-  "endpoints": {
-    "sse": "/sse",
-    "message": "/mcp/message"
-  }
-}
-```
-### Logging
-The servlet provides detailed logging for:
- Connection establishment/cleanup
- Message processing
- Error conditions
- Performance metrics
-Log levels:
- `INFO`: Connection events, message processing
- `WARN`: Connection errors, authentication issues
- `ERROR`: System errors, service failures
- `DEBUG`: Detailed request/response data
-## Comparison with Existing Servlet
-| Feature | MoquiMcpServlet | McpSseServlet |
-|---------|------------------|---------------|
-| **Transport** | HTTP POST/GET | SSE + HTTP |
-| **Async Support** | Limited | Full async |
-| **Session Management** | Basic | Advanced |
-| **Real-time Events** | No | Yes |
-| **Connection Limits** | No | Yes |
-| **Keep-alive** | No | Yes |
-| **Standards Compliance** | Custom | MCP SSE Spec |
-## Migration Guide
-### From MoquiMcpServlet to McpSseServlet
-1. **Update web.xml** to use the new servlet
-2. **Update client code** to handle SSE connections
-3. **Modify endpoints** from `/mcp/rpc` to `/mcp/message`
-4. **Add SSE handling** for real-time events
-5. **Update authentication** if using custom auth
-### Client Migration
-**Old approach:**
-```bash
-curl -X POST http://localhost:8080/mcp/rpc \
-     -H "Content-Type: application/json" \
-     -d '{"jsonrpc":"2.0","method":"ping","id":1}'
-```
-**New approach:**
-```bash
-# 1. Establish SSE connection
-curl -N -H "Accept: text/event-stream" http://localhost:8080/sse &
-# 2. Send messages
-curl -X POST http://localhost:8080/mcp/message \
-     -H "Content-Type: application/json" \
-     -d '{"jsonrpc":"2.0","method":"ping","id":1}'
-```
-## Troubleshooting
-### Common Issues
-1. **SSE Connection Fails**
-   - Check async support is enabled in web.xml
-   - Verify servlet container supports Servlet 3.0+
-   - Check firewall/proxy settings
-2. **Messages Not Received**
-   - Verify session ID is valid
-   - Check connection is still active
-   - Review server logs for errors
-3. **High Memory Usage**
-   - Reduce `maxConnections` parameter
-   - Check for connection leaks
-   - Monitor session cleanup
-4. **Authentication Issues**
-   - Verify Moqui security configuration
-   - Check admin user credentials
-   - Review webapp security settings
-### Debug Mode
-Enable debug logging by adding to log4j2.xml:
-```xml
-<Logger name="org.moqui.mcp.McpSseServlet" level="DEBUG" additivity="false">
-    <AppenderRef ref="Console"/>
-</Logger>
-```
-## Performance Considerations
-### Connection Scaling
- **Default limit**: 100 concurrent connections
- **Memory usage**: ~1KB per connection
- **CPU overhead**: Minimal for idle connections
- **Network bandwidth**: Low (keep-alive pings only)
-### Optimization Tips
-1. **Adjust keep-alive interval** based on network conditions
-2. **Monitor connection counts** and adjust limits
-3. **Use connection pooling** for high-frequency clients
-4. **Implement backpressure** for high-volume scenarios
-## Future Enhancements
-Planned improvements:
-1. **WebSocket support** as alternative to SSE
-2. **Message queuing** for offline clients
-3. **Load balancing** support for multiple instances
-4. **Advanced authentication** with token-based auth
-5. **Metrics and monitoring** integration
-6. **Message compression** for large payloads
-## References
- [MCP Specification](https://modelcontextprotocol.io/)
- [Java MCP SDK](https://modelcontextprotocol.io/sdk/java/mcp-server)
- [Servlet 3.0 Specification](https://jakarta.ee/specifications/servlet/3.0/)
- [Server-Sent Events](https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events)
\ No newline at end of file
--- a/component.xml
View file @cf4f312
+++ b/component.xml
View file @cf4f312
@@ -11,52 +11,13 @@
     <https://creativecommons.org/publicdomain/zero/1.0/>. -->
 <component xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/component-definition-3.xsd"
+          xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/moqui-conf-3.xsd"
-         name="moqui-mcp-2">
+          name="moqui-mcp-2" version="1.0.0">
-    <!-- MCP SDK dependencies -->
-    <dependency>
-        <groupId>io.modelcontextprotocol.sdk</groupId>
-        <artifactId>mcp</artifactId>
-        <version>0.16.0</version>
-    </dependency>
-    <dependency>
-        <groupId>io.modelcontextprotocol.sdk</groupId>
-        <artifactId>mcp-core</artifactId>
-        <version>0.16.0</version>
-    </dependency>
-    <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-databind</artifactId>
-        <version>2.15.2</version>
-    </dependency>
-    <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-core</artifactId>
-        <version>2.15.2</version>
-    </dependency>
-    <dependency>
-        <groupId>io.projectreactor</groupId>
-        <artifactId>reactor-core</artifactId>
-        <version>3.5.10</version>
-    </dependency>
    <entity-factory load-path="entity/" />
    <service-factory load-path="service/" />
-    <!-- <screen-factory load-path="screen/" /> -->
    <!-- Load seed data -->
    <entity-factory load-data="data/McpSecuritySeedData.xml" />
-    <!-- Register MCP filter
-    <webapp-list>
-        <webapp name="webroot">
-            <filter name="McpFilter" class="org.moqui.mcp.McpFilter">
-                <url-pattern>/mcpservlet/*</url-pattern>
-            </filter>
-        </webapp>
-    </webapp-list> -->
 </component>
--- a/data/McpSecuritySeedData.xml
View file @cf4f312
+++ b/data/McpSecuritySeedData.xml
View file @cf4f312
@@ -22,7 +22,6 @@
    <moqui.security.ArtifactGroup artifactGroupId="McpScreenTransitions" description="MCP Screen Transitions"/>
    <!-- MCP Artifact Group Members -->
-    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="mo-mcp.mo-mcp.*" artifactTypeEnumId="AT_SERVICE"/>
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.*" artifactTypeEnumId="AT_SERVICE"/>
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#Ping" artifactTypeEnumId="AT_SERVICE"/>
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.handle#McpRequest" artifactTypeEnumId="AT_SERVICE"/>
@@ -31,10 +30,8 @@
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ToolsCall" artifactTypeEnumId="AT_SERVICE"/>
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesList" artifactTypeEnumId="AT_SERVICE"/>
    <moqui.security.ArtifactGroupMember artifactGroupId="McpServices" artifactName="McpServices.mcp#ResourcesRead" artifactTypeEnumId="AT_SERVICE"/>
-    <moqui.security.ArtifactGroupMember artifactGroupId="McpRestPaths" artifactName="/mcp/rpc" artifactTypeEnumId="AT_REST_PATH"/>
+    <moqui.security.ArtifactGroupMember artifactGroupId="McpRestPaths" artifactName="/mcp" artifactTypeEnumId="AT_REST_PATH"/>
-    <moqui.security.ArtifactGroupMember artifactGroupId="McpRestPaths" artifactName="/mcp/rpc/*" artifactTypeEnumId="AT_REST_PATH"/>
+    <moqui.security.ArtifactGroupMember artifactGroupId="McpRestPaths" artifactName="/mcp/*" artifactTypeEnumId="AT_REST_PATH"/>
-    <moqui.security.ArtifactGroupMember artifactGroupId="McpScreenTransitions" artifactName="component://moqui-mcp-2/screen/webroot/mcp.xml/rpc" artifactTypeEnumId="AT_XML_SCREEN_TRANS"/>
-    <moqui.security.ArtifactGroupMember artifactGroupId="McpScreenTransitions" artifactName="component://moqui-mcp-2/screen/webroot/mcp.xml" artifactTypeEnumId="AT_XML_SCREEN"/>
    <!-- MCP Artifact Authz -->
    <moqui.security.ArtifactAuthz userGroupId="McpUser" artifactGroupId="McpServices" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
--- a/service/McpServices.xml
View file @cf4f312
+++ b/service/McpServices.xml
View file @cf4f312
@@ -258,8 +258,8 @@
                def userAccountId = userId ? userId : null
                // Get user-specific tools and resources
-                def toolsResult = ec.service.sync().name("org.moqui.mcp.McpServices.mcp#ToolsList").parameters([:]).call()
+                def toolsResult = ec.service.sync().name("McpServices.mcp#ToolsList").parameters([:]).call()
-                def resourcesResult = ec.service.sync().name("org.moqui.mcp.McpServices.mcp#ResourcesList").parameters([:]).call()
+                def resourcesResult = ec.service.sync().name("McpServices.mcp#ResourcesList").parameters([:]).call()
                // Build server capabilities based on what user can access
                def serverCapabilities = [
--- a/src/main/groovy/org/moqui/mcp/EnhancedMcpServlet.groovy
View file @cf4f312
+++ b/src/main/groovy/org/moqui/mcp/EnhancedMcpServlet.groovy
View file @cf4f312
@@ -82,21 +82,42 @@ class EnhancedMcpServlet extends HttpServlet {
        ExecutionContextImpl ec = ecfi.getEci()
+try {
+            // Handle Basic Authentication directly without triggering screen system
+            String authzHeader = request.getHeader("Authorization")
+            boolean authenticated = false
+            if (authzHeader != null && authzHeader.length() > 6 && authzHeader.startsWith("Basic ")) {
+                String basicAuthEncoded = authzHeader.substring(6).trim()
+                String basicAuthAsString = new String(basicAuthEncoded.decodeBase64())
+                int indexOfColon = basicAuthAsString.indexOf(":")
+                if (indexOfColon > 0) {
+                    String username = basicAuthAsString.substring(0, indexOfColon)
+                    String password = basicAuthAsString.substring(indexOfColon + 1)
                    try {
-            // Initialize web facade for authentication
+                        ec.user.loginUser(username, password)
-            ec.initWebFacade(webappName, request, response)
+                        authenticated = true
+                        logger.info("Enhanced MCP Basic auth successful for user: ${ec.user?.username}")
-            logger.info("Enhanced MCP Request authenticated user: ${ec.user?.username}, userId: ${ec.user?.userId}")
-            // If no user authenticated, try to authenticate as admin for MCP requests
-            if (!ec.user?.userId) {
-                logger.info("No user authenticated, attempting admin login for Enhanced MCP")
-                try {
-                    ec.user.loginUser("admin", "admin")
-                    logger.info("Enhanced MCP Admin login successful, user: ${ec.user?.username}")
                    } catch (Exception e) {
-                    logger.warn("Enhanced MCP Admin login failed: ${e.message}")
+                        logger.warn("Enhanced MCP Basic auth failed for user ${username}: ${e.message}")
                    }
+                } else {
+                    logger.warn("Enhanced MCP got bad Basic auth credentials string")
+                }
+            }
+            // Check if user is authenticated
+            if (!authenticated || !ec.user?.userId) {
+                logger.warn("Enhanced MCP authentication failed - no valid user authenticated")
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
+                response.setContentType("application/json")
+                response.setHeader("WWW-Authenticate", "Basic realm=\"Moqui MCP\"")
+                response.writer.write(groovy.json.JsonOutput.toJson([
+                    jsonrpc: "2.0",
+                    error: [code: -32003, message: "Authentication required. Use Basic auth with valid Moqui credentials."],
+                    id: null
+                ]))
+                return
            }
            // Route based on request method and path
@@ -107,6 +128,12 @@ class EnhancedMcpServlet extends HttpServlet {
                handleSseConnection(request, response, ec)
            } else if ("POST".equals(method) && requestURI.endsWith("/message")) {
                handleMessage(request, response, ec)
+            } else if ("POST".equals(method) && (requestURI.equals("/mcp") || requestURI.endsWith("/mcp"))) {
+                // Handle POST requests to /mcp for JSON-RPC
+                handleJsonRpc(request, response, ec)
+            } else if ("GET".equals(method) && (requestURI.equals("/mcp") || requestURI.endsWith("/mcp"))) {
+                // Handle GET requests to /mcp - maybe for server info or SSE fallback
+                handleSseConnection(request, response, ec)
            } else {
                // Fallback to JSON-RPC handling
                handleJsonRpc(request, response, ec)
@@ -157,31 +184,42 @@ class EnhancedMcpServlet extends HttpServlet {
        logger.info("Handling Enhanced SSE connection from ${request.remoteAddr}")
+        // Enable async support for SSE
+        if (request.isAsyncSupported()) {
+            request.startAsync()
+        }
        // Set SSE headers
        response.setContentType("text/event-stream")
        response.setCharacterEncoding("UTF-8")
        response.setHeader("Cache-Control", "no-cache")
        response.setHeader("Connection", "keep-alive")
        response.setHeader("Access-Control-Allow-Origin", "*")
+        response.setHeader("X-Accel-Buffering", "no") // Disable nginx buffering
        String sessionId = UUID.randomUUID().toString()
-        String visitId = ec.web?.visitId
+        String visitId = ec.user?.visitId
        // Create Visit-based session transport
        VisitBasedMcpSession session = new VisitBasedMcpSession(sessionId, visitId, response.writer, ec)
        sessionManager.registerSession(session)
        try {
-            // Send initial connection event with endpoint info
+            // Send initial connection event
-            sendSseEvent(response.writer, "endpoint", "/mcp-sse/message?sessionId=" + sessionId)
+            def connectData = [
+                type: "connected",
-            // Send initial resources list
+                sessionId: sessionId,
-            def resourcesResult = processMcpMethod("resources/list", [:], ec)
+                timestamp: System.currentTimeMillis(),
-            sendSseEvent(response.writer, "resources", groovy.json.JsonOutput.toJson(resourcesResult))
+                serverInfo: [
+                    name: "Moqui MCP SSE Server",
+                    version: "2.0.0",
+                    protocolVersion: "2025-06-18"
+                ]
+            ]
+            sendSseEvent(response.writer, "connect", groovy.json.JsonOutput.toJson(connectData), 0)
-            // Send initial tools list
+            // Send endpoint info for message posting
-            def toolsResult = processMcpMethod("tools/list", [:], ec)
+            sendSseEvent(response.writer, "endpoint", "/mcp/message?sessionId=" + sessionId, 1)
-            sendSseEvent(response.writer, "tools", groovy.json.JsonOutput.toJson(toolsResult))
            // Keep connection alive with periodic pings
            int pingCount = 0
@@ -189,30 +227,42 @@ class EnhancedMcpServlet extends HttpServlet {
                Thread.sleep(5000) // Wait 5 seconds
                if (!response.isCommitted() && !sessionManager.isShuttingDown()) {
-                    def pingMessage = new McpSchema.JSONRPCMessage([
+                    def pingData = [
                        type: "ping",
-                        count: pingCount, 
+                        timestamp: System.currentTimeMillis(),
-                        timestamp: System.currentTimeMillis()
+                        connections: sessionManager.getActiveSessionCount()
-                    ], null)
+                    ]
-                    session.sendMessage(pingMessage)
+                    sendSseEvent(response.writer, "ping", groovy.json.JsonOutput.toJson(pingData), pingCount + 2)
                    pingCount++
                }
            }
+        } catch (InterruptedException e) {
+            logger.info("SSE connection interrupted for session ${sessionId}")
+            Thread.currentThread().interrupt()
        } catch (Exception e) {
-            logger.warn("Enhanced SSE connection interrupted: ${e.message}")
+            logger.warn("Enhanced SSE connection error: ${e.message}", e)
        } finally {
            // Clean up session
            sessionManager.unregisterSession(sessionId)
            try {
-                def closeMessage = new McpSchema.JSONRPCMessage([
+                def closeData = [
                    type: "disconnected", 
                    timestamp: System.currentTimeMillis()
-                ], null)
+                ]
-                session.sendMessage(closeMessage)
+                sendSseEvent(response.writer, "disconnect", groovy.json.JsonOutput.toJson(closeData), -1)
            } catch (Exception e) {
                // Ignore errors during cleanup
            }
+            // Complete async context if available
+            if (request.isAsyncStarted()) {
+                try {
+                    request.getAsyncContext().complete()
+                } catch (Exception e) {
+                    logger.debug("Error completing async context: ${e.message}")
+                }
+            }
        }
    }
@@ -224,6 +274,19 @@ class EnhancedMcpServlet extends HttpServlet {
            return
        }
+        // Get sessionId from request parameter or header
+        String sessionId = request.getParameter("sessionId") ?: request.getHeader("Mcp-Session-Id")
+        if (!sessionId) {
+            response.setContentType("application/json")
+            response.setCharacterEncoding("UTF-8")
+            response.setStatus(HttpServletResponse.SC_BAD_REQUEST)
+            response.writer.write(groovy.json.JsonOutput.toJson([
+                error: "Missing sessionId parameter or header",
+                activeSessions: sessionManager.getActiveSessionCount()
+            ]))
+            return
+        }
        // Get session from session manager
        VisitBasedMcpSession session = sessionManager.getSession(sessionId)
        if (session == null) {
@@ -239,15 +302,68 @@ class EnhancedMcpServlet extends HttpServlet {
        try {
            // Read request body
-            BufferedReader reader = request.getReader()
            StringBuilder body = new StringBuilder()
+            try {
+                BufferedReader reader = request.getReader()
                String line
                while ((line = reader.readLine()) != null) {
                    body.append(line)
                }
+            } catch (IOException e) {
+                logger.error("Failed to read request body: ${e.message}")
+                response.setContentType("application/json")
+                response.setCharacterEncoding("UTF-8")
+                response.setStatus(HttpServletResponse.SC_BAD_REQUEST)
+                response.writer.write(groovy.json.JsonOutput.toJson([
+                    jsonrpc: "2.0",
+                    error: [code: -32700, message: "Failed to read request body: " + e.message],
+                    id: null
+                ]))
+                return
+            }
+            String requestBody = body.toString()
+            if (!requestBody.trim()) {
+                response.setContentType("application/json")
+                response.setCharacterEncoding("UTF-8")
+                response.setStatus(HttpServletResponse.SC_BAD_REQUEST)
+                response.writer.write(groovy.json.JsonOutput.toJson([
+                    jsonrpc: "2.0",
+                    error: [code: -32602, message: "Empty request body"],
+                    id: null
+                ]))
+                return
+            }
            // Parse JSON-RPC message
-            def rpcRequest = jsonSlurper.parseText(body.toString())
+            def rpcRequest
+            try {
+                rpcRequest = jsonSlurper.parseText(requestBody)
+            } catch (Exception e) {
+                logger.error("Failed to parse JSON-RPC message: ${e.message}")
+                response.setContentType("application/json")
+                response.setCharacterEncoding("UTF-8")
+                response.setStatus(HttpServletResponse.SC_BAD_REQUEST)
+                response.writer.write(groovy.json.JsonOutput.toJson([
+                    jsonrpc: "2.0",
+                    error: [code: -32700, message: "Invalid JSON: " + e.message],
+                    id: null
+                ]))
+                return
+            }
+            // Validate JSON-RPC 2.0 structure
+            if (!rpcRequest?.jsonrpc || rpcRequest.jsonrpc != "2.0" || !rpcRequest?.method) {
+                response.setContentType("application/json")
+                response.setCharacterEncoding("UTF-8")
+                response.setStatus(HttpServletResponse.SC_BAD_REQUEST)
+                response.writer.write(groovy.json.JsonOutput.toJson([
+                    jsonrpc: "2.0",
+                    error: [code: -32600, message: "Invalid JSON-RPC 2.0 request"],
+                    id: rpcRequest?.id ?: null
+                ]))
+                return
+            }
            // Process the method
            def result = processMcpMethod(rpcRequest.method, rpcRequest.params, ec)
@@ -256,15 +372,24 @@ class EnhancedMcpServlet extends HttpServlet {
            def responseMessage = new McpSchema.JSONRPCMessage(result, rpcRequest.id)
            session.sendMessage(responseMessage)
+            response.setContentType("application/json")
+            response.setCharacterEncoding("UTF-8")
            response.setStatus(HttpServletResponse.SC_OK)
+            response.writer.write(groovy.json.JsonOutput.toJson([
+                jsonrpc: "2.0",
+                id: rpcRequest.id,
+                result: [status: "processed", sessionId: sessionId]
+            ]))
        } catch (Exception e) {
-            logger.error("Error processing message: ${e.message}")
+            logger.error("Error processing message for session ${sessionId}: ${e.message}", e)
            response.setContentType("application/json")
            response.setCharacterEncoding("UTF-8")
            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR)
            response.writer.write(groovy.json.JsonOutput.toJson([
-                error: e.message
+                jsonrpc: "2.0",
+                error: [code: -32603, message: "Internal error: " + e.message],
+                id: null
            ]))
        }
    }
@@ -368,6 +493,8 @@ class EnhancedMcpServlet extends HttpServlet {
    private Map<String, Object> processMcpMethod(String method, Map params, ExecutionContextImpl ec) {
        logger.info("Enhanced METHOD: ${method} with params: ${params}")
+        try {
            switch (method) {
                case "initialize":
                    return callMcpService("mcp#Initialize", params, ec)
@@ -381,8 +508,24 @@ class EnhancedMcpServlet extends HttpServlet {
                    return callMcpService("mcp#ResourcesList", params, ec)
                case "resources/read":
                    return callMcpService("mcp#ResourcesRead", params, ec)
+                case "notifications/initialized":
+                    // Handle notification initialization - return success for now
+                    return [initialized: true]
+                case "notifications/send":
+                    // Handle notification sending - return success for now  
+                    return [sent: true]
+                case "notifications/subscribe":
+                    // Handle notification subscription - return success for now
+                    return [subscribed: true]
+                case "notifications/unsubscribe":
+                    // Handle notification unsubscription - return success for now
+                    return [unsubscribed: true]
                default:
-                throw new IllegalArgumentException("Unknown MCP method: ${method}")
+                    throw new IllegalArgumentException("Method not found: ${method}")
+            }
+        } catch (Exception e) {
+            logger.error("Error processing MCP method ${method}: ${e.message}", e)
+            throw e
        }
    }
@@ -390,7 +533,7 @@ class EnhancedMcpServlet extends HttpServlet {
        logger.info("Enhanced Calling MCP service: ${serviceName} with params: ${params}")
        try {
-            def result = ec.service.sync().name("org.moqui.mcp.McpServices.${serviceName}")
+            def result = ec.service.sync().name("McpServices.${serviceName}")
                .parameters(params ?: [:])
                .call()
@@ -402,7 +545,11 @@ class EnhancedMcpServlet extends HttpServlet {
        }
    }
-    private void sendSseEvent(PrintWriter writer, String eventType, String data) throws IOException {
+    private void sendSseEvent(PrintWriter writer, String eventType, String data, long eventId = -1) throws IOException {
+        try {
+            if (eventId >= 0) {
+                writer.write("id: " + eventId + "\n")
+            }
            writer.write("event: " + eventType + "\n")
            writer.write("data: " + data + "\n\n")
            writer.flush()
@@ -410,6 +557,9 @@ class EnhancedMcpServlet extends HttpServlet {
            if (writer.checkError()) {
                throw new IOException("Client disconnected")
            }
+        } catch (Exception e) {
+            throw new IOException("Failed to send SSE event: " + e.message, e)
+        }
    }
    // CORS handling based on MoquiServlet pattern
@@ -439,11 +589,6 @@ class EnhancedMcpServlet extends HttpServlet {
        super.destroy()
    }
-        }
-        sessions.clear()
-        super.destroy()
-    }
    /**
     * Broadcast message to all active sessions
--- a/src/main/groovy/org/moqui/mcp/ServiceBasedMcpServlet.groovy
View file @cf4f312
+++ b/src/main/groovy/org/moqui/mcp/ServiceBasedMcpServlet.groovy
View file @cf4f312
@@ -22,7 +22,7 @@ import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import javax.servlet.AsyncContext
-import javax.servlet.AsyncContextListener
+import javax.servlet.AsyncListener
 import javax.servlet.AsyncEvent
 import javax.servlet.ServletConfig
 import javax.servlet.ServletException
@@ -205,7 +205,7 @@ class ServiceBasedMcpServlet extends HttpServlet {
        ])
        // Set up connection close handling
-        asyncContext.addListener(new AsyncContextListener() {
+        asyncContext.addListener(new AsyncListener() {
            @Override
            void onComplete(AsyncEvent event) throws IOException {
                sseConnections.remove(sessionId)
--- a/web-sdk-services.xml deleted 100644 → 0
View file @fc1526c
+++ b/web-sdk-services.xml deleted 100644 → 0
View file @fc1526c
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-         http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
-         version="4.0">
-    <!-- MCP SDK Services Servlet Configuration -->
-    <servlet>
-        <servlet-name>McpSdkServicesServlet</servlet-name>
-        <servlet-class>org.moqui.mcp.McpSdkServicesServlet</servlet-class>
-        <!-- Configuration parameters -->
-        <init-param>
-            <param-name>moqui-name</param-name>
-            <param-value>moqui-mcp-2</param-value>
-        </init-param>
-        <!-- Enable async support (required for SSE) -->
-        <async-supported>true</async-supported>
-        <!-- Load on startup to initialize MCP server -->
-        <load-on-startup>1</load-on-startup>
-    </servlet>
-    <!-- Servlet mappings for MCP SDK Services endpoints -->
-    <!-- The MCP SDK will handle both SSE and message endpoints through this servlet -->
-    <servlet-mapping>
-        <servlet-name>McpSdkServicesServlet</servlet-name>
-        <url-pattern>/mcp/*</url-pattern>
-    </servlet-mapping>
-    <!-- Session configuration -->
-    <session-config>
-        <session-timeout>30</session-timeout>
-        <cookie-config>
-            <http-only>true</http-only>
-            <secure>false</secure>
-        </cookie-config>
-    </session-config>
-</web-app>
\ No newline at end of file
--- a/web-sdk-sse.xml deleted 100644 → 0
View file @fc1526c
+++ b/web-sdk-sse.xml deleted 100644 → 0
View file @fc1526c
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-         http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
-         version="4.0">
-    <!-- MCP SDK SSE Servlet Configuration -->
-    <servlet>
-        <servlet-name>McpSdkSseServlet</servlet-name>
-        <servlet-class>org.moqui.mcp.McpSdkSseServlet</servlet-class>
-        <!-- Configuration parameters -->
-        <init-param>
-            <param-name>moqui-name</param-name>
-            <param-value>moqui-mcp-2</param-value>
-        </init-param>
-        <!-- Enable async support (required for SSE) -->
-        <async-supported>true</async-supported>
-        <!-- Load on startup to initialize MCP server -->
-        <load-on-startup>1</load-on-startup>
-    </servlet>
-    <!-- Servlet mappings for MCP SDK SSE endpoints -->
-    <!-- The MCP SDK will handle both SSE and message endpoints through this servlet -->
-    <servlet-mapping>
-        <servlet-name>McpSdkSseServlet</servlet-name>
-        <url-pattern>/mcp/*</url-pattern>
-    </servlet-mapping>
-    <!-- Session configuration -->
-    <session-config>
-        <session-timeout>30</session-timeout>
-        <cookie-config>
-            <http-only>true</http-only>
-            <secure>false</secure>
-        </cookie-config>
-    </session-config>
-</web-app>
\ No newline at end of file