modelcontextprotocol · mattzcarey · May 15, 2026 · claude · May 15, 2026
@@ -36,7 +36,7 @@ Include what changed, why, and how to migrate. Search for related sections and g
 - **TypeScript**: Strict type checking, ES modules, explicit return types
 - **Naming**: PascalCase for classes/types, camelCase for functions/variables
 - **Files**: Lowercase with hyphens, test files with `.test.ts` suffix
-- **Imports**: ES module style, include `.js` extension, group imports logically
+- **Imports**: ES module style, no `.js` extension on relative imports (project uses `moduleResolution: bundler`), group imports logically
 - **Formatting**: 2-space indentation, semicolons required, single quotes preferred
 - **Testing**: Place tests under each package's `test/` directory (vitest only includes `test/**/*.test.ts`), use descriptive test names
 - **Comments**: JSDoc for public APIs, inline comments for complex logic

@@ -2,8 +2,8 @@
     "compilerOptions": {
         "target": "esnext",
         "lib": ["esnext"],
-        "module": "NodeNext",
-        "moduleResolution": "NodeNext",
+        "module": "ESNext",
+        "moduleResolution": "bundler",
         "noFallthroughCasesInSwitch": true,
         "noUncheckedIndexedAccess": true,
         "noImplicitOverride": true,

@@ -2,8 +2,8 @@
     "compilerOptions": {
         "target": "ES2023",
         "lib": ["ES2023"],
-        "module": "Node16",
-        "moduleResolution": "Node16",
+        "module": "ESNext",
+        "moduleResolution": "bundler",
         "outDir": "./build",
         "rootDir": "./src",
         "strict": true,

@@ -27,7 +27,7 @@ import {
 } from '@modelcontextprotocol/client';
 import open from 'open';
 
-import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';
+import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider';
 
 // Set up OAuth (required for this example)
 const OAUTH_CALLBACK_PORT = 8090; // Use different port than auth server (3001)

@@ -8,7 +8,7 @@ import type { CallToolResult, ListToolsRequest, OAuthClientMetadata } from '@mod
 import { Client, StreamableHTTPClientTransport, UnauthorizedError } from '@modelcontextprotocol/client';
 import open from 'open';
 
-import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';
+import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider';
 
 // Configuration
 const DEFAULT_SERVER_URL = 'http://localhost:3000/mcp';

@@ -1,8 +1,8 @@
 {
     "compilerOptions": {
         "target": "ES2022",
-        "module": "Node16",
-        "moduleResolution": "Node16",
+        "module": "ESNext",
+        "moduleResolution": "bundler",
         "outDir": "./build",
         "rootDir": "./src",
         "strict": true,

@@ -19,7 +19,7 @@ import type { Request, Response } from 'express';
 import express from 'express';
 import * as z from 'zod/v4';
 
-import { InMemoryEventStore } from './inMemoryEventStore.js';
+import { InMemoryEventStore } from './inMemoryEventStore';
 
 // Create an MCP server with implementation details
 const getServer = () => {

@@ -16,7 +16,7 @@ import cors from 'cors';
 import type { Request, Response } from 'express';
 import * as z from 'zod/v4';
 
-import { InMemoryEventStore } from './inMemoryEventStore.js';
+import { InMemoryEventStore } from './inMemoryEventStore';
 
 // Check for OAuth flag
 const useOAuth = process.argv.includes('--oauth');

@@ -21,7 +21,7 @@ import { McpServer } from '@modelcontextprotocol/server';
 import cors from 'cors';
 import type { Request, Response } from 'express';
 
-import { InMemoryEventStore } from './inMemoryEventStore.js';
+import { InMemoryEventStore } from './inMemoryEventStore';
 
 // Create a fresh MCP server per client connection to avoid shared state between clients
 const getServer = () => {

@@ -18,8 +18,8 @@ import cors from 'cors';
 import type { Request, Response as ExpressResponse, Router } from 'express';
 import express from 'express';
 
-import type { DemoAuth } from './auth.js';
-import { createDemoAuth, DEMO_USER_CREDENTIALS } from './auth.js';
+import type { DemoAuth } from './auth';
+import { createDemoAuth, DEMO_USER_CREDENTIALS } from './auth';
 
 export interface SetupAuthServerOptions {
     authServerUrl: URL;

@@ -1,7 +1,7 @@
 // Auth configuration
-export type { CreateDemoAuthOptions, DemoAuth } from './auth.js';
-export { createDemoAuth } from './auth.js';
+export type { CreateDemoAuthOptions, DemoAuth } from './auth';
+export { createDemoAuth } from './auth';
 
 // Auth server setup + demo token verifier (pass to `requireBearerAuth` from @modelcontextprotocol/express)
-export type { SetupAuthServerOptions } from './authServer.js';
-export { createProtectedResourceMetadataRouter, demoTokenVerifier, getAuth, setupAuthServer } from './authServer.js';
+export type { SetupAuthServerOptions } from './authServer';
+export { createProtectedResourceMetadataRouter, demoTokenVerifier, getAuth, setupAuthServer } from './authServer';
@@ -9,8 +9,8 @@
 
 import { describe, expect, it } from 'vitest';
 
-import type { CreateDemoAuthOptions } from '../src/auth.js';
-import { createDemoAuth } from '../src/auth.js';
+import type { CreateDemoAuthOptions } from '../src/auth';
+import { createDemoAuth } from '../src/auth';
 
 describe('createDemoAuth', () => {
     const validOptions: CreateDemoAuthOptions = {

@@ -9,8 +9,8 @@
 
 import type { AuthorizationServerMetadata } from '@modelcontextprotocol/core';
 
-import type { OAuthClientProvider } from './auth.js';
-import { fetchToken } from './auth.js';
+import type { OAuthClientProvider } from './auth';
+import { fetchToken } from './auth';
 
 /**
  * Base class providing no-op implementations of required OAuthClientProvider methods.

@@ -7,8 +7,8 @@
  * @module
  */
 
-import { ClientCredentialsProvider, createPrivateKeyJwtAuth, PrivateKeyJwtProvider } from './authExtensions.js';
-import { StreamableHTTPClientTransport } from './streamableHttp.js';
+import { ClientCredentialsProvider, createPrivateKeyJwtAuth, PrivateKeyJwtProvider } from './authExtensions';
+import { StreamableHTTPClientTransport } from './streamableHttp';
 
 /**
  * Example: Creating a private key JWT authentication function.

@@ -8,7 +8,7 @@
 import type { FetchLike, OAuthClientInformation, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/core';
 import type { CryptoKey, JWK } from 'jose';
 
-import type { AddClientAuthentication, OAuthClientProvider } from './auth.js';
+import type { AddClientAuthentication, OAuthClientProvider } from './auth';
 
 /**
  * Helper to produce a `private_key_jwt` client authentication function.

@@ -9,10 +9,10 @@
 
 import type { Prompt, Resource, Tool } from '@modelcontextprotocol/core';
 
-import { Client } from './client.js';
-import { SSEClientTransport } from './sse.js';
-import { StdioClientTransport } from './stdio.js';
-import { StreamableHTTPClientTransport } from './streamableHttp.js';
+import { Client } from './client';
+import { SSEClientTransport } from './sse';
+import { StdioClientTransport } from './stdio';
+import { StreamableHTTPClientTransport } from './streamableHttp';
 
 /**
  * Example: Using listChanged to automatically track tool and prompt updates.

@@ -65,7 +65,7 @@ import {
     SdkErrorCode
 } from '@modelcontextprotocol/core';
 
-import { ExperimentalClientTasks } from '../experimental/tasks/client.js';
+import { ExperimentalClientTasks } from '../experimental/tasks/client';
 
 /**
  * Elicitation default application helper. Applies defaults to the `data` based on the `schema`.

@@ -11,8 +11,8 @@
 import type { FetchLike } from '@modelcontextprotocol/core';
 import { IdJagTokenExchangeResponseSchema, OAuthErrorResponseSchema, OAuthTokensSchema } from '@modelcontextprotocol/core';
 
-import type { ClientAuthMethod } from './auth.js';
-import { applyClientAuthentication, discoverAuthorizationServerMetadata } from './auth.js';
+import type { ClientAuthMethod } from './auth';
+import { applyClientAuthentication, discoverAuthorizationServerMetadata } from './auth';
 
 /**
  * Options for requesting a JWT Authorization Grant via RFC 8693 Token Exchange.

@@ -7,8 +7,8 @@
  * @module
  */
 
-import type { Middleware } from './middleware.js';
-import { applyMiddlewares, createMiddleware } from './middleware.js';
+import type { Middleware } from './middleware';
+import { applyMiddlewares, createMiddleware } from './middleware';
 
 // Stubs for hypothetical application middleware
 declare function withOAuth(provider: unknown, url: string): Middleware;

@@ -1,7 +1,7 @@
 import type { FetchLike } from '@modelcontextprotocol/core';
 
-import type { OAuthClientProvider } from './auth.js';
-import { auth, extractWWWAuthenticateParams, UnauthorizedError } from './auth.js';
+import type { OAuthClientProvider } from './auth';
+import { auth, extractWWWAuthenticateParams, UnauthorizedError } from './auth';
 
 /**
  * Middleware function that wraps and enhances fetch functionality.

@@ -3,8 +3,8 @@ import { createFetchWithInit, JSONRPCMessageSchema, normalizeHeaders, SdkError,
 import type { ErrorEvent, EventSourceInit } from 'eventsource';
 import { EventSource } from 'eventsource';
 
-import type { AuthProvider, OAuthClientProvider } from './auth.js';
-import { adaptOAuthProvider, auth, extractWWWAuthenticateParams, isOAuthClientProvider, UnauthorizedError } from './auth.js';
+import type { AuthProvider, OAuthClientProvider } from './auth';
+import { adaptOAuthProvider, auth, extractWWWAuthenticateParams, isOAuthClientProvider, UnauthorizedError } from './auth';
 
 export class SseError extends Error {
     constructor(

@@ -9,7 +9,7 @@
 
 /* eslint-disable unicorn/consistent-function-scoping -- examples must live inside region blocks */
 
-import type { ReconnectionScheduler } from './streamableHttp.js';
+import type { ReconnectionScheduler } from './streamableHttp';
 
 // Stub for a hypothetical platform-specific background scheduling API
 declare const platformBackgroundTask: {

@@ -14,8 +14,8 @@ import {
 } from '@modelcontextprotocol/core';
 import { EventSourceParserStream } from 'eventsource-parser/stream';
 
-import type { AuthProvider, OAuthClientProvider } from './auth.js';
-import { adaptOAuthProvider, auth, extractWWWAuthenticateParams, isOAuthClientProvider, UnauthorizedError } from './auth.js';
+import type { AuthProvider, OAuthClientProvider } from './auth';
+import { adaptOAuthProvider, auth, extractWWWAuthenticateParams, isOAuthClientProvider, UnauthorizedError } from './auth';
 
 // Default reconnection options for StreamableHTTP connections
 const DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS: StreamableHTTPReconnectionOptions = {

@@ -10,4 +10,4 @@
  * @experimental
  */
 
-export * from './tasks/client.js';
+export * from './tasks/client';
@@ -9,7 +9,7 @@
 
 import type { RequestOptions } from '@modelcontextprotocol/core';
 
-import type { Client } from '../../client/client.js';
+import type { Client } from '../../client/client';
 
 /**
  * Example: Using callToolStream to execute a tool with task lifecycle events.

@@ -28,7 +28,7 @@ import {
     ProtocolErrorCode
 } from '@modelcontextprotocol/core';
 
-import type { Client } from '../../client/client.js';
+import type { Client } from '../../client/client';
 
 /**
  * Internal interface for accessing {@linkcode Client}'s private methods.

@@ -14,7 +14,7 @@ export type {
     OAuthClientProvider,
     OAuthDiscoveryState,
     OAuthServerInfo
-} from './client/auth.js';
+} from './client/auth';
 export {
     auth,
     buildDiscoveryUrls,
@@ -36,46 +36,46 @@ export {
     startAuthorization,
     UnauthorizedError,
     validateClientMetadataUrl
-} from './client/auth.js';
+} from './client/auth';
 export type {
     AssertionCallback,
     ClientCredentialsProviderOptions,
     CrossAppAccessContext,
     CrossAppAccessProviderOptions,
     PrivateKeyJwtProviderOptions,
     StaticPrivateKeyJwtProviderOptions
-} from './client/authExtensions.js';
+} from './client/authExtensions';
 export {
     ClientCredentialsProvider,
     createPrivateKeyJwtAuth,
     CrossAppAccessProvider,
     PrivateKeyJwtProvider,
     StaticPrivateKeyJwtProvider
-} from './client/authExtensions.js';
-export type { ClientOptions } from './client/client.js';
-export { Client } from './client/client.js';
-export { getSupportedElicitationModes } from './client/client.js';
-export type { DiscoverAndRequestJwtAuthGrantOptions, JwtAuthGrantResult, RequestJwtAuthGrantOptions } from './client/crossAppAccess.js';
-export { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from './client/crossAppAccess.js';
-export type { LoggingOptions, Middleware, RequestLogger } from './client/middleware.js';
-export { applyMiddlewares, createMiddleware, withLogging, withOAuth } from './client/middleware.js';
-export type { SSEClientTransportOptions } from './client/sse.js';
-export { SSEClientTransport, SseError } from './client/sse.js';
+} from './client/authExtensions';
+export type { ClientOptions } from './client/client';
+export { Client } from './client/client';
+export { getSupportedElicitationModes } from './client/client';
+export type { DiscoverAndRequestJwtAuthGrantOptions, JwtAuthGrantResult, RequestJwtAuthGrantOptions } from './client/crossAppAccess';
+export { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from './client/crossAppAccess';
+export type { LoggingOptions, Middleware, RequestLogger } from './client/middleware';
+export { applyMiddlewares, createMiddleware, withLogging, withOAuth } from './client/middleware';
+export type { SSEClientTransportOptions } from './client/sse';
+export { SSEClientTransport, SseError } from './client/sse';
 // StdioClientTransport, getDefaultEnvironment, DEFAULT_INHERITED_ENV_VARS, StdioServerParameters are exported from
 // the './stdio' subpath to keep the root entry free of process-spawning runtime dependencies (child_process, cross-spawn).
 export type {
     ReconnectionScheduler,
     StartSSEOptions,
     StreamableHTTPClientTransportOptions,
     StreamableHTTPReconnectionOptions
-} from './client/streamableHttp.js';
-export { StreamableHTTPClientTransport } from './client/streamableHttp.js';
+} from './client/streamableHttp';
+export { StreamableHTTPClientTransport } from './client/streamableHttp';
 
 // experimental exports
-export { ExperimentalClientTasks } from './experimental/tasks/client.js';
+export { ExperimentalClientTasks } from './experimental/tasks/client';
 
 // runtime-aware wrapper (shadows core/public's fromJsonSchema with optional validator)
-export { fromJsonSchema } from './fromJsonSchema.js';
+export { fromJsonSchema } from './fromJsonSchema';
 
 // re-export curated public API from core
 export * from '@modelcontextprotocol/core/public';
@@ -4,5 +4,5 @@
 // Cloudflare Workers targets does not pull in `node:child_process`, `node:stream`, or `cross-spawn`. Import
 // from `@modelcontextprotocol/client/stdio` only in process-spawning runtimes (Node.js, Bun, Deno).
 
-export type { StdioServerParameters } from './client/stdio.js';
-export { DEFAULT_INHERITED_ENV_VARS, getDefaultEnvironment, StdioClientTransport } from './client/stdio.js';
+export type { StdioServerParameters } from './client/stdio';
+export { DEFAULT_INHERITED_ENV_VARS, getDefaultEnvironment, StdioClientTransport } from './client/stdio';
@@ -3,7 +3,7 @@ import { LATEST_PROTOCOL_VERSION, OAuthError, OAuthErrorCode } from '@modelconte
 import type { Mock } from 'vitest';
 import { expect, vi } from 'vitest';
 
-import type { OAuthClientProvider } from '../../src/client/auth.js';
+import type { OAuthClientProvider } from '../../src/client/auth';
 import {
     auth,
     buildDiscoveryUrls,
@@ -20,8 +20,8 @@ import {
     selectClientAuthMethod,
     startAuthorization,
     validateClientMetadataUrl
-} from '../../src/client/auth.js';
-import { createPrivateKeyJwtAuth } from '../../src/client/authExtensions.js';
+} from '../../src/client/auth';
+import { createPrivateKeyJwtAuth } from '../../src/client/authExtensions';
 
 // Mock pkce-challenge
 vi.mock('pkce-challenge', () => ({

@@ -1,14 +1,14 @@
 import { createMockOAuthFetch } from '@modelcontextprotocol/test-helpers';
 import { describe, expect, it, vi } from 'vitest';
 
-import { auth } from '../../src/client/auth.js';
+import { auth } from '../../src/client/auth';
 import {
     ClientCredentialsProvider,
     createPrivateKeyJwtAuth,
     CrossAppAccessProvider,
     PrivateKeyJwtProvider,
     StaticPrivateKeyJwtProvider
-} from '../../src/client/authExtensions.js';
+} from '../../src/client/authExtensions';
 
 const RESOURCE_SERVER_URL = 'https://resource.example.com/';
 const AUTH_SERVER_URL = 'https://auth.example.com';

@@ -1,7 +1,7 @@
 import type { FetchLike } from '@modelcontextprotocol/core';
 import { describe, expect, it, vi } from 'vitest';
 
-import { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from '../../src/client/crossAppAccess.js';
+import { discoverAndRequestJwtAuthGrant, exchangeJwtAuthGrant, requestJwtAuthorizationGrant } from '../../src/client/crossAppAccess';
 
 describe('crossAppAccess', () => {
     describe('requestJwtAuthorizationGrant', () => {

@@ -4,7 +4,7 @@ import type { JSONRPCMessage } from '@modelcontextprotocol/core';
 import spawn from 'cross-spawn';
 import type { Mock, MockedFunction } from 'vitest';
 
-import { getDefaultEnvironment, StdioClientTransport } from '../../src/client/stdio.js';
+import { getDefaultEnvironment, StdioClientTransport } from '../../src/client/stdio';
 
 // mock cross-spawn
 vi.mock('cross-spawn');