fix(v1.2.4): Fix critical session ID mismatch and SSE transport issues

CRITICAL FIXES:
- Session ID mismatch: Use transport.sessionId consistently (was creating custom sessionId but storing with transport's ID)
- Store transport BEFORE connecting to prevent race condition
- Remove manual keep-alive interference (SSEServerTransport handles internally)
- Remove duplicate express.json() middleware

Root Cause: v1.2.1-1.2.3 "bugfixes" exposed pre-existing session ID mismatch bug.
SSEServerTransport generates its own UUID internally, our custom sessionId was orphaned.

Impact: Should resolve connection regression from v1.2.3 (0% → expected 100% test success)

Files changed:
- src/index.js: Session ID consistency, cleanup race condition fix, keep-alive removal
- package.json: Version bump to 1.2.4

Author: PhilflowIO

package.json

@@ -1,6 +1,6 @@
 {
   "name": "tsdav-mcp-server",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Model Context Protocol (MCP) server for CalDAV/CardDAV/VTODO integration via tsdav - enables AI systems to manage calendars, contacts, and tasks",
   "type": "module",
   "main": "src/index.js",

src/index.js

@@ -237,80 +237,67 @@ app.get('/health', (req, res) => {
  * SSE endpoint - GET /sse
  */
 app.get('/sse', authenticateBearer, async (req, res) => {
-  const sessionId = `session-${Date.now()}-${Math.random().toString(36).substring(7)}`;
-  const sessionLogger = createSessionLogger(sessionId);
-
-  sessionLogger.info({
-    ip: req.ip,
-    userAgent: req.get('user-agent') || 'unknown',
-  }, 'New SSE connection established');
-
   try {
-    // Set SSE headers
+    // Set SSE headers FIRST
     res.setHeader('Content-Type', 'text/event-stream');
     res.setHeader('Cache-Control', 'no-cache');
     res.setHeader('Connection', 'keep-alive');
     res.setHeader('X-Accel-Buffering', 'no');
+
+    // Create SSE transport (this generates the sessionId internally)
+    const transport = new SSEServerTransport('/messages', res);
+
+    // Use transport's sessionId consistently everywhere
+    const sessionId = transport.sessionId;
+    const sessionLogger = createSessionLogger(sessionId);
+
+    sessionLogger.info({
+      ip: req.ip,
+      userAgent: req.get('user-agent') || 'unknown',
+      sessionId: sessionId,
+    }, 'New SSE connection established');
+
     sessionLogger.debug('SSE headers set');
 
+    // Store transport BEFORE connecting (prevents race condition)
+    transports[sessionId] = transport;
+    updateSessionActivity(sessionId);
+    sessionLogger.debug('Transport stored');
+
     // Create MCP server for this session
     sessionLogger.debug('Creating MCP server');
     const mcpServer = createMCPServer(sessionId);
 
-    // Create SSE transport
-    sessionLogger.debug('Creating SSE transport');
-    const transport = new SSEServerTransport('/messages', res);
-
-    // Store transport with its sessionId (from the transport itself)
-    sessionLogger.debug({ transportSessionId: transport.sessionId }, 'Transport created');
-    transports[transport.sessionId] = transport;
-    updateSessionActivity(transport.sessionId);
-
     // Connect MCP server to transport
     sessionLogger.debug('Connecting MCP server to transport');
     await mcpServer.connect(transport);
     sessionLogger.info('MCP server connected successfully, session active');
 
-    // Keep connection alive
-    const keepAliveInterval = setInterval(() => {
-      if (!res.writableEnded) {
-        res.write(': keepalive\n\n');
-        sessionLogger.debug('Keepalive sent');
-      } else {
-        clearInterval(keepAliveInterval);
-      }
-    }, 30000); // Every 30 seconds
-
     // Cleanup on disconnect
     req.on('close', () => {
-      sessionLogger.info({ transportSessionId: transport.sessionId }, 'SSE connection closed by client');
-      clearInterval(keepAliveInterval);
-      delete transports[transport.sessionId];
-      sessionActivity.delete(transport.sessionId);
+      sessionLogger.info('SSE connection closed by client');
+      delete transports[sessionId];
+      sessionActivity.delete(sessionId);
     });
 
     req.on('error', (error) => {
       sessionLogger.error({
         error: error.message,
         code: error.code,
-        transportSessionId: transport.sessionId,
       }, 'SSE connection error');
-      clearInterval(keepAliveInterval);
-      delete transports[transport.sessionId];
-      sessionActivity.delete(transport.sessionId);
+      delete transports[sessionId];
+      sessionActivity.delete(sessionId);
     });
 
     res.on('finish', () => {
       sessionLogger.debug('Response finished');
-      clearInterval(keepAliveInterval);
     });
 
     res.on('close', () => {
       sessionLogger.debug('Response closed');
-      clearInterval(keepAliveInterval);
     });
   } catch (error) {
-    sessionLogger.error({ error: error.message, stack: error.stack }, 'Error setting up SSE connection');
+    logger.error({ error: error.message, stack: error.stack }, 'Error setting up SSE connection');
     if (!res.headersSent) {
       const errorResponse = createHTTPErrorResponse(error);
       res.status(errorResponse.statusCode).json(errorResponse.body);
@@ -322,7 +309,7 @@ app.get('/sse', authenticateBearer, async (req, res) => {
  * Message endpoint - POST /messages
  * Used by SSE clients to send messages back to the server
  */
-app.post('/messages', authenticateBearer, express.json(), async (req, res) => {
+app.post('/messages', authenticateBearer, async (req, res) => {
   const sessionId = req.query.sessionId;
   const requestLogger = createSessionLogger(sessionId || 'unknown');