@contextstream/mcp-server 0.3.62 → 0.3.63

package/dist/index.js

@@ -6,7 +6,7 @@ var __export = (target, all) => {
 };
 
 // src/index.ts
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { McpServer as McpServer2 } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 
 // node_modules/zod/v3/external.js
@@ -4057,16 +4057,19 @@ var configSchema = external_exports.object({
   jwt: external_exports.string().min(1).optional(),
   defaultWorkspaceId: external_exports.string().uuid().optional(),
   defaultProjectId: external_exports.string().uuid().optional(),
-  userAgent: external_exports.string().default("contextstream-mcp/0.1.0")
+  userAgent: external_exports.string().default("contextstream-mcp/0.1.0"),
+  allowHeaderAuth: external_exports.boolean().optional()
 });
 function loadConfig() {
+  const allowHeaderAuth = process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "1" || process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "true" || process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "yes";
   const parsed = configSchema.safeParse({
     apiUrl: process.env.CONTEXTSTREAM_API_URL,
     apiKey: process.env.CONTEXTSTREAM_API_KEY,
     jwt: process.env.CONTEXTSTREAM_JWT,
     defaultWorkspaceId: process.env.CONTEXTSTREAM_WORKSPACE_ID,
     defaultProjectId: process.env.CONTEXTSTREAM_PROJECT_ID,
-    userAgent: process.env.CONTEXTSTREAM_USER_AGENT
+    userAgent: process.env.CONTEXTSTREAM_USER_AGENT,
+    allowHeaderAuth
   });
   if (!parsed.success) {
     const missing = parsed.error.errors.map((e) => e.path.join(".")).join(", ");
@@ -4074,8 +4077,8 @@ function loadConfig() {
       `Invalid configuration. Set CONTEXTSTREAM_API_URL (and API key or JWT). Missing/invalid: ${missing}`
     );
   }
-  if (!parsed.data.apiKey && !parsed.data.jwt) {
-    throw new Error("Set CONTEXTSTREAM_API_KEY or CONTEXTSTREAM_JWT for authentication.");
+  if (!parsed.data.apiKey && !parsed.data.jwt && !parsed.data.allowHeaderAuth) {
+    throw new Error("Set CONTEXTSTREAM_API_KEY or CONTEXTSTREAM_JWT for authentication (or CONTEXTSTREAM_ALLOW_HEADER_AUTH=true for header-based auth).");
   }
   return parsed.data;
 }
@@ -4084,6 +4087,16 @@ function loadConfig() {
 import { randomUUID } from "node:crypto";
 import * as path3 from "node:path";
 
+// src/auth-context.ts
+import { AsyncLocalStorage } from "node:async_hooks";
+var authContext = new AsyncLocalStorage();
+function runWithAuthOverride(override, fn) {
+  return authContext.run(override, fn);
+}
+function getAuthOverride() {
+  return authContext.getStore() ?? null;
+}
+
 // src/http.ts
 var HttpError = class extends Error {
   constructor(status, message, body) {
@@ -4139,7 +4152,10 @@ async function sleep(ms) {
   return new Promise((resolve3) => setTimeout(resolve3, ms));
 }
 async function request(config, path7, options = {}) {
-  const { apiUrl, apiKey, jwt, userAgent } = config;
+  const { apiUrl, userAgent } = config;
+  const authOverride = getAuthOverride();
+  const apiKey = authOverride?.apiKey ?? config.apiKey;
+  const jwt = authOverride?.jwt ?? config.jwt;
   const apiPath = path7.startsWith("/api/") ? path7 : `/api/v1${path7}`;
   const url = `${apiUrl.replace(/\/$/, "")}${apiPath}`;
   const maxRetries = options.retries ?? MAX_RETRIES;
@@ -4151,7 +4167,7 @@ async function request(config, path7, options = {}) {
   };
   if (apiKey) headers["X-API-Key"] = apiKey;
   if (jwt) headers["Authorization"] = `Bearer ${jwt}`;
-  const workspaceId = options.workspaceId || inferWorkspaceIdFromBody(options.body) || inferWorkspaceIdFromPath(apiPath) || config.defaultWorkspaceId;
+  const workspaceId = authOverride?.workspaceId || options.workspaceId || inferWorkspaceIdFromBody(options.body) || inferWorkspaceIdFromPath(apiPath) || config.defaultWorkspaceId;
   if (workspaceId) headers["X-Workspace-Id"] = workspaceId;
   const fetchOptions = {
     method: options.method || (options.body ? "POST" : "GET"),
@@ -7772,6 +7788,34 @@ function getCoreToolsHint() {
 // src/tools.ts
 var LESSON_DEDUP_WINDOW_MS = 2 * 60 * 1e3;
 var recentLessonCaptures = /* @__PURE__ */ new Map();
+function normalizeHeaderValue(value) {
+  if (!value) return void 0;
+  return Array.isArray(value) ? value[0] : value;
+}
+function resolveAuthOverride(extra) {
+  const token = extra?.authInfo?.token;
+  const tokenType = extra?.authInfo?.extra?.tokenType;
+  const headers = extra?.requestInfo?.headers;
+  const existing = getAuthOverride();
+  const workspaceId = normalizeHeaderValue(headers?.["x-contextstream-workspace-id"]) || normalizeHeaderValue(headers?.["x-workspace-id"]);
+  const projectId = normalizeHeaderValue(headers?.["x-contextstream-project-id"]) || normalizeHeaderValue(headers?.["x-project-id"]);
+  if (token) {
+    if (tokenType === "jwt") {
+      return { jwt: token, workspaceId, projectId };
+    }
+    return { apiKey: token, workspaceId, projectId };
+  }
+  if (existing?.apiKey || existing?.jwt) {
+    return {
+      apiKey: existing.apiKey,
+      jwt: existing.jwt,
+      workspaceId: workspaceId ?? existing.workspaceId,
+      projectId: projectId ?? existing.projectId
+    };
+  }
+  if (!workspaceId && !projectId) return null;
+  return { workspaceId, projectId };
+}
 var LIGHT_TOOLSET = /* @__PURE__ */ new Set([
   // Core session tools (13)
   "session_init",
@@ -8149,29 +8193,35 @@ function registerTools(server, client, sessionManager) {
   }
   function wrapWithAutoContext(toolName, handler) {
     if (!sessionManager) {
-      return handler;
-    }
-    return async (input) => {
-      const skipAutoInit = toolName === "session_init";
-      let contextPrefix = "";
-      if (!skipAutoInit) {
-        const autoInitResult = await sessionManager.autoInitialize();
-        if (autoInitResult) {
-          contextPrefix = autoInitResult.contextSummary + "\n\n";
-        }
-      }
-      sessionManager.warnIfContextSmartNotCalled(toolName);
-      const result = await handler(input);
-      if (contextPrefix && result && typeof result === "object") {
-        const r = result;
-        if (r.content && r.content.length > 0 && r.content[0].type === "text") {
-          r.content[0] = {
-            ...r.content[0],
-            text: contextPrefix + "--- Tool Response ---\n\n" + r.content[0].text
-          };
+      return async (input, extra) => {
+        const authOverride = resolveAuthOverride(extra);
+        return runWithAuthOverride(authOverride, async () => handler(input, extra));
+      };
+    }
+    return async (input, extra) => {
+      const authOverride = resolveAuthOverride(extra);
+      return runWithAuthOverride(authOverride, async () => {
+        const skipAutoInit = toolName === "session_init";
+        let contextPrefix = "";
+        if (!skipAutoInit) {
+          const autoInitResult = await sessionManager.autoInitialize();
+          if (autoInitResult) {
+            contextPrefix = autoInitResult.contextSummary + "\n\n";
+          }
         }
-      }
-      return result;
+        sessionManager.warnIfContextSmartNotCalled(toolName);
+        const result = await handler(input, extra);
+        if (contextPrefix && result && typeof result === "object") {
+          const r = result;
+          if (r.content && r.content.length > 0 && r.content[0].type === "text") {
+            r.content[0] = {
+              ...r.content[0],
+              text: contextPrefix + "--- Tool Response ---\n\n" + r.content[0].text
+            };
+          }
+        }
+        return result;
+      });
     };
   }
   function registerTool(name, config, handler) {
@@ -8187,11 +8237,11 @@ function registerTools(server, client, sessionManager) {
 
 Access: ${accessLabel}${showUpgrade ? ` (upgrade: ${upgradeUrl})` : ""}`
     };
-    const safeHandler = async (input) => {
+    const safeHandler = async (input, extra) => {
       try {
         const gated = await gateIfProTool(name);
         if (gated) return gated;
-        return await handler(input);
+        return await handler(input, extra);
       } catch (error) {
         const errorMessage = error?.message || String(error);
         const errorDetails = error?.body || error?.details || null;
@@ -11407,6 +11457,163 @@ var SessionManager = class {
   }
 };
 
+// src/http-gateway.ts
+import { createServer } from "node:http";
+import { randomUUID as randomUUID2 } from "node:crypto";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+var HOST = process.env.MCP_HTTP_HOST || "0.0.0.0";
+var PORT = Number.parseInt(process.env.MCP_HTTP_PORT || "8787", 10);
+var MCP_PATH = process.env.MCP_HTTP_PATH || "/mcp";
+var REQUIRE_AUTH = (process.env.MCP_HTTP_REQUIRE_AUTH || "true").toLowerCase() !== "false";
+var ENABLE_JSON_RESPONSE = (process.env.MCP_HTTP_JSON_RESPONSE || "false").toLowerCase() === "true";
+var sessions = /* @__PURE__ */ new Map();
+function normalizeHeaderValue2(value) {
+  if (!value) return void 0;
+  return Array.isArray(value) ? value[0] : value;
+}
+function looksLikeJwt(token) {
+  const parts = token.split(".");
+  return parts.length === 3 && parts.every((part) => part.length > 0);
+}
+function extractAuthOverride(req, fallback) {
+  const apiKey = normalizeHeaderValue2(req.headers["x-api-key"]) || normalizeHeaderValue2(req.headers["x-contextstream-api-key"]);
+  const jwtHeader = normalizeHeaderValue2(req.headers["x-contextstream-jwt"]);
+  const authHeader = normalizeHeaderValue2(req.headers["authorization"]);
+  let token;
+  if (authHeader) {
+    const [type, ...rest] = authHeader.split(" ");
+    if (type && type.toLowerCase() === "bearer" && rest.length > 0) {
+      token = rest.join(" ").trim();
+    }
+  }
+  const workspaceId = normalizeHeaderValue2(req.headers["x-contextstream-workspace-id"]) || normalizeHeaderValue2(req.headers["x-workspace-id"]);
+  const projectId = normalizeHeaderValue2(req.headers["x-contextstream-project-id"]) || normalizeHeaderValue2(req.headers["x-project-id"]);
+  if (jwtHeader) {
+    return { override: { jwt: jwtHeader, workspaceId, projectId }, tokenType: "jwt" };
+  }
+  if (apiKey) {
+    return { override: { apiKey, workspaceId, projectId }, tokenType: "api_key" };
+  }
+  if (token) {
+    if (looksLikeJwt(token)) {
+      return { override: { jwt: token, workspaceId, projectId }, tokenType: "jwt" };
+    }
+    return { override: { apiKey: token, workspaceId, projectId }, tokenType: "api_key" };
+  }
+  if (workspaceId || projectId) {
+    return { override: { workspaceId, projectId }, tokenType: void 0 };
+  }
+  return { override: fallback, tokenType: void 0 };
+}
+function attachAuthInfo(req, token, tokenType) {
+  req.auth = {
+    token,
+    clientId: "contextstream-mcp-http",
+    scopes: [],
+    extra: { tokenType }
+  };
+}
+async function createSession() {
+  const config = loadConfig();
+  const client = new ContextStreamClient(config);
+  const server = new McpServer({
+    name: "contextstream-mcp",
+    version: VERSION
+  });
+  const sessionManager = new SessionManager(server, client);
+  registerTools(server, client, sessionManager);
+  registerResources(server, client, config.apiUrl);
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID2(),
+    enableJsonResponse: ENABLE_JSON_RESPONSE,
+    onsessionclosed: (sessionId) => {
+      sessions.delete(sessionId);
+    }
+  });
+  await server.connect(transport);
+  const now = Date.now();
+  return {
+    server,
+    transport,
+    sessionManager,
+    client,
+    authOverride: null,
+    createdAt: now,
+    lastSeenAt: now
+  };
+}
+function writeJson(res, status, payload) {
+  res.writeHead(status, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(payload));
+}
+async function handleMcpRequest(req, res) {
+  const sessionId = normalizeHeaderValue2(req.headers["mcp-session-id"]);
+  const existingSession = sessionId ? sessions.get(sessionId) : void 0;
+  const { override, tokenType } = extractAuthOverride(req, existingSession?.authOverride ?? null);
+  const token = override?.jwt || override?.apiKey;
+  if (REQUIRE_AUTH && !token) {
+    writeJson(res, 401, { error: "Missing authorization token. Use Authorization: Bearer <API_KEY> or X-API-Key." });
+    return;
+  }
+  if (sessionId && !existingSession) {
+    writeJson(res, 404, { error: "Unknown MCP session. Re-initialize your MCP connection." });
+    return;
+  }
+  let entry = existingSession;
+  if (!entry) {
+    entry = await createSession();
+  }
+  entry.lastSeenAt = Date.now();
+  if (override) {
+    entry.authOverride = override;
+  }
+  if (token && tokenType) {
+    attachAuthInfo(req, token, tokenType);
+  }
+  await runWithAuthOverride(override ?? null, async () => {
+    await entry.transport.handleRequest(req, res);
+  });
+  const newSessionId = entry.transport.sessionId;
+  if (!existingSession && newSessionId) {
+    sessions.set(newSessionId, entry);
+  }
+}
+async function runHttpGateway() {
+  const config = loadConfig();
+  console.error(`[ContextStream] MCP HTTP gateway v${VERSION} starting...`);
+  console.error(`[ContextStream] API URL: ${config.apiUrl}`);
+  console.error(`[ContextStream] Auth: ${config.apiKey ? "API Key" : config.jwt ? "JWT" : "Header-based"}`);
+  console.error(`[ContextStream] MCP endpoint: http://${HOST}:${PORT}${MCP_PATH}`);
+  const server = createServer(async (req, res) => {
+    if (!req.url) {
+      writeJson(res, 404, { error: "Not found" });
+      return;
+    }
+    const url = new URL(req.url, `http://${req.headers.host || "localhost"}`);
+    if (url.pathname === "/health") {
+      writeJson(res, 200, { status: "ok", version: VERSION });
+      return;
+    }
+    if (url.pathname !== MCP_PATH) {
+      writeJson(res, 404, { error: "Not found" });
+      return;
+    }
+    if (!["GET", "POST", "DELETE"].includes(req.method || "")) {
+      writeJson(res, 405, { error: "Method not allowed" });
+      return;
+    }
+    try {
+      await handleMcpRequest(req, res);
+    } catch (error) {
+      writeJson(res, 500, { error: error?.message || "Internal server error" });
+    }
+  });
+  server.listen(PORT, HOST, () => {
+    console.error(`[ContextStream] MCP HTTP gateway listening on http://${HOST}:${PORT}${MCP_PATH}`);
+  });
+}
+
 // src/index.ts
 import { existsSync as existsSync4, mkdirSync as mkdirSync4, writeFileSync as writeFileSync4 } from "fs";
 import { homedir as homedir4 } from "os";
@@ -12475,20 +12682,28 @@ Usage:
   npx -y @contextstream/mcp-server
   contextstream-mcp
   contextstream-mcp setup
+  contextstream-mcp http
 
 Commands:
   setup   Interactive onboarding wizard (rules + workspace mapping)
+  http    Run HTTP MCP gateway (streamable HTTP transport)
 
 Environment variables:
   CONTEXTSTREAM_API_URL   Base API URL (e.g. https://api.contextstream.io)
   CONTEXTSTREAM_API_KEY   API key for authentication (or use CONTEXTSTREAM_JWT)
   CONTEXTSTREAM_JWT       JWT for authentication (alternative to API key)
+  CONTEXTSTREAM_ALLOW_HEADER_AUTH  Allow header-based auth when no API key/JWT is set
   CONTEXTSTREAM_WORKSPACE_ID  Optional default workspace ID
   CONTEXTSTREAM_PROJECT_ID    Optional default project ID
   CONTEXTSTREAM_TOOLSET       Tool mode: light|standard|complete (default: standard)
   CONTEXTSTREAM_TOOL_ALLOWLIST Optional comma-separated tool names to expose (overrides toolset)
   CONTEXTSTREAM_PRO_TOOLS     Optional comma-separated PRO tool names (default: AI tools)
   CONTEXTSTREAM_UPGRADE_URL   Optional upgrade URL shown for PRO tools on Free plan
+  MCP_HTTP_HOST          HTTP gateway host (default: 0.0.0.0)
+  MCP_HTTP_PORT          HTTP gateway port (default: 8787)
+  MCP_HTTP_PATH          HTTP gateway path (default: /mcp)
+  MCP_HTTP_REQUIRE_AUTH  Require auth headers for HTTP gateway (default: true)
+  MCP_HTTP_JSON_RESPONSE Enable JSON responses (default: false)
 
 Examples:
   CONTEXTSTREAM_API_URL="https://api.contextstream.io" \\
@@ -12517,9 +12732,16 @@ async function main() {
     await runSetupWizard(args.slice(1));
     return;
   }
+  if (args[0] === "http") {
+    if (!process.env.CONTEXTSTREAM_API_KEY && !process.env.CONTEXTSTREAM_JWT && !process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH) {
+      process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH = "true";
+    }
+    await runHttpGateway();
+    return;
+  }
   const config = loadConfig();
   const client = new ContextStreamClient(config);
-  const server = new McpServer({
+  const server = new McpServer2({
     name: "contextstream-mcp",
     version: VERSION
   });

package/dist/test-server.js

@@ -4057,16 +4057,19 @@ var configSchema = external_exports.object({
   jwt: external_exports.string().min(1).optional(),
   defaultWorkspaceId: external_exports.string().uuid().optional(),
   defaultProjectId: external_exports.string().uuid().optional(),
-  userAgent: external_exports.string().default("contextstream-mcp/0.1.0")
+  userAgent: external_exports.string().default("contextstream-mcp/0.1.0"),
+  allowHeaderAuth: external_exports.boolean().optional()
 });
 function loadConfig() {
+  const allowHeaderAuth = process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "1" || process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "true" || process.env.CONTEXTSTREAM_ALLOW_HEADER_AUTH === "yes";
   const parsed = configSchema.safeParse({
     apiUrl: process.env.CONTEXTSTREAM_API_URL,
     apiKey: process.env.CONTEXTSTREAM_API_KEY,
     jwt: process.env.CONTEXTSTREAM_JWT,
     defaultWorkspaceId: process.env.CONTEXTSTREAM_WORKSPACE_ID,
     defaultProjectId: process.env.CONTEXTSTREAM_PROJECT_ID,
-    userAgent: process.env.CONTEXTSTREAM_USER_AGENT
+    userAgent: process.env.CONTEXTSTREAM_USER_AGENT,
+    allowHeaderAuth
   });
   if (!parsed.success) {
     const missing = parsed.error.errors.map((e) => e.path.join(".")).join(", ");
@@ -4074,8 +4077,8 @@ function loadConfig() {
       `Invalid configuration. Set CONTEXTSTREAM_API_URL (and API key or JWT). Missing/invalid: ${missing}`
     );
   }
-  if (!parsed.data.apiKey && !parsed.data.jwt) {
-    throw new Error("Set CONTEXTSTREAM_API_KEY or CONTEXTSTREAM_JWT for authentication.");
+  if (!parsed.data.apiKey && !parsed.data.jwt && !parsed.data.allowHeaderAuth) {
+    throw new Error("Set CONTEXTSTREAM_API_KEY or CONTEXTSTREAM_JWT for authentication (or CONTEXTSTREAM_ALLOW_HEADER_AUTH=true for header-based auth).");
   }
   return parsed.data;
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@contextstream/mcp-server",
   "mcpName": "io.github.contextstreamio/mcp-server",
-  "version": "0.3.62",
+  "version": "0.3.63",
   "description": "MCP server exposing ContextStream public API - code context, memory, search, and AI tools for developers",
   "type": "module",
   "license": "MIT",