@harness-fe/mcp-server 4.0.0-next.2 → 4.0.0-next.4

package/src/mcpHttp.test.ts

@@ -1,9 +1,9 @@
 import { afterEach, describe, expect, it } from 'vitest';
 import type { JSONRPCMessage } from '@modelcontextprotocol/sdk/types.js';
-import { Bridge } from './bridge.js';
+import { Bridge } from '@harness-fe/daemon';
 import { startMcpHttpServer } from './mcpHttp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
-import type { EventStore } from './store/types.js';
+import { MemoryEventStore } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 
 const cleanups: Array<() => Promise<void> | void> = [];
 
@@ -99,6 +99,55 @@ describe('mcpHttp', () => {
         expect(withAuth.status).not.toBe(401);
     });
 
+    it('supports multiple concurrent clients (per-session transports)', async () => {
+        // Regression: the old single shared transport threw "Server already
+        // initialized" on the 2nd initialize, blocking multi-agent (gateway) use
+        // and any reconnect. Per-session transports must let each client init.
+        const bridge = await startBridge();
+        const handle = await startMcpHttpServer(bridge, { path: '/mcp' });
+        cleanups.push(() => handle.close());
+        const port = bridge.getBoundPort()!;
+
+        const headers = {
+            'content-type': 'application/json',
+            accept: 'application/json, text/event-stream',
+        };
+        const initBody = (name: string) =>
+            JSON.stringify({
+                jsonrpc: '2.0',
+                method: 'initialize',
+                params: {
+                    protocolVersion: '2025-06-18',
+                    capabilities: {},
+                    clientInfo: { name, version: '1' },
+                },
+                id: 1,
+            });
+
+        const r1 = await fetch(`http://127.0.0.1:${port}/mcp`, { method: 'POST', headers, body: initBody('c1') });
+        await r1.text();
+        const sid1 = r1.headers.get('mcp-session-id');
+        expect(r1.status).toBe(200);
+        expect(sid1).toBeTruthy();
+
+        const r2 = await fetch(`http://127.0.0.1:${port}/mcp`, { method: 'POST', headers, body: initBody('c2') });
+        await r2.text();
+        const sid2 = r2.headers.get('mcp-session-id');
+        expect(r2.status).toBe(200);
+        expect(sid2).toBeTruthy();
+        // Distinct sessions — the whole point of per-session transports.
+        expect(sid2).not.toBe(sid1);
+
+        // A request carrying an unknown session id is rejected (not silently
+        // attached to some shared transport).
+        const bad = await fetch(`http://127.0.0.1:${port}/mcp`, {
+            method: 'POST',
+            headers: { ...headers, 'mcp-session-id': 'does-not-exist' },
+            body: JSON.stringify({ jsonrpc: '2.0', method: 'tools/list', id: 2 }),
+        });
+        expect(bad.status).toBe(400);
+    });
+
     // SSE Last-Event-ID resumption — end-to-end wiring proof.
     //
     // What this asserts:

package/src/mcpHttp.ts

@@ -9,11 +9,14 @@
 
 import { randomUUID } from 'node:crypto';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import type { IncomingMessage, ServerResponse } from 'node:http';
-import type { Bridge, IBridge } from './bridge.js';
+import type { Bridge, IBridge } from '@harness-fe/daemon';
 import { createMcpServer } from './mcp.js';
-import { MemoryEventStore } from './store/MemoryEventStore.js';
-import type { EventStore } from './store/types.js';
+import { identifyPrincipal } from '@harness-fe/daemon';
+import { runWithCaller } from '@harness-fe/daemon';
+import { MemoryEventStore } from '@harness-fe/daemon';
+import type { EventStore } from '@harness-fe/daemon';
 
 export interface McpHttpOptions {
     /** URL path the transport listens on. Default `/mcp`. */
@@ -56,44 +59,120 @@ export async function startMcpHttpServer(
 ): Promise<McpHttpHandle> {
     const path = opts.path ?? '/mcp';
     const stateful = opts.stateful !== false;
-    const eventStore =
-        opts.eventStore === null
-            ? undefined
-            : opts.eventStore ?? new MemoryEventStore();
-
-    // Pass the daemon's auth so MCP tools can identify the per-call principal
-    // from request headers (4.0 · P4). stdio (startMcpStdioServer) omits this,
-    // so stdio calls resolve to the local principal.
-    const server = createMcpServer(bridge, {
-        experimentalEnvVar: opts.experimentalEnvVar,
-        auth: (bridge as Bridge).getAuthOptions(),
-    });
-    const transport = new StreamableHTTPServerTransport({
-        sessionIdGenerator: stateful ? () => randomUUID() : undefined,
-        eventStore,
-    });
-    await server.connect(transport);
-
     const b = bridge as Bridge;
     if (typeof b.prependHttpHandler !== 'function') {
         throw new Error(
             'mcpHttp: bridge does not support prependHttpHandler (need a Bridge instance with HTTP server)',
         );
     }
+    // Pass the daemon's auth so MCP tools can identify the per-call principal
+    // from request headers (4.0 · P4). stdio (startMcpStdioServer) omits this,
+    // so stdio calls resolve to the local principal.
+    const auth = b.getAuthOptions();
+
+    // Per-session transports (4.0) — the MCP HTTP spec's stateful model: each
+    // client gets its own transport + server keyed by `mcp-session-id`, created
+    // on `initialize`. The old shape shared ONE transport for the whole daemon,
+    // which locked after the first initialize — a second agent (or any reconnect)
+    // hit "Server already initialized". Per-session is what lets multiple agents
+    // share one daemon through the gateway, and lets a client reconnect.
+    type Session = { transport: StreamableHTTPServerTransport; server: ReturnType<typeof createMcpServer> };
+    const sessions = new Map<string, Session>();
+
+    function newSession(): Session {
+        const server = createMcpServer(bridge, { experimentalEnvVar: opts.experimentalEnvVar, auth });
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: stateful ? () => randomUUID() : undefined,
+            // null → resumability off; an explicit store → use it; default → a
+            // fresh per-session MemoryEventStore.
+            eventStore: opts.eventStore === null ? undefined : (opts.eventStore ?? new MemoryEventStore()),
+            onsessioninitialized: (sid: string) => {
+                sessions.set(sid, { transport, server });
+            },
+        });
+        transport.onclose = () => {
+            const sid = transport.sessionId;
+            if (sid) sessions.delete(sid);
+        };
+        return { transport, server };
+    }
 
     b.prependHttpHandler(async (req: IncomingMessage, res: ServerResponse) => {
         const url = req.url ?? '';
         const qi = url.indexOf('?');
         const reqPath = qi < 0 ? url : url.slice(0, qi);
         if (reqPath !== path) return false;
-        await transport.handleRequest(req, res);
+
+        // Per-call caller for command-target scoping (4.0 · A): every sendCommand
+        // within this request reads it via currentCaller().
+        const principal = identifyPrincipal(req.headers, auth);
+        const sid = req.headers['mcp-session-id'];
+
+        // Established session — route by id (POST follow-ups, GET SSE, DELETE).
+        if (typeof sid === 'string' && sessions.has(sid)) {
+            const { transport } = sessions.get(sid)!;
+            await runWithCaller(principal, () => transport.handleRequest(req, res));
+            return true;
+        }
+
+        // No (known) session id. A POST `initialize` opens one; anything else is invalid.
+        if (req.method === 'POST') {
+            let body: unknown;
+            try {
+                body = await readJsonBody(req);
+            } catch {
+                sendMcpError(res, 400, -32700, 'Parse error');
+                return true;
+            }
+            if (stateful && !isInitializeRequest(body)) {
+                sendMcpError(res, 400, -32600, 'Bad Request: no valid mcp-session-id (initialize first)');
+                return true;
+            }
+            const { server, transport } = newSession();
+            await server.connect(transport);
+            if (!stateful) {
+                // Stateless one-shot: tear down when the response ends.
+                res.on('close', () => {
+                    void transport.close();
+                    void server.close();
+                });
+            }
+            await runWithCaller(principal, () => transport.handleRequest(req, res, body));
+            return true;
+        }
+
+        // GET/DELETE without a known session — nothing to attach to.
+        sendMcpError(res, 400, -32600, 'Bad Request: unknown or missing mcp-session-id');
         return true;
     });
 
     return {
         path,
         async close() {
-            await server.close();
+            for (const { server } of sessions.values()) {
+                await server.close().catch(() => undefined);
+            }
+            sessions.clear();
         },
     };
 }
+
+async function readJsonBody(req: IncomingMessage): Promise<unknown> {
+    const chunks: Buffer[] = [];
+    let total = 0;
+    const MAX = 4 * 1024 * 1024; // 4 MiB cap — MCP requests are small
+    for await (const c of req) {
+        const buf = c as Buffer;
+        total += buf.length;
+        if (total > MAX) throw new Error('mcp body too large');
+        chunks.push(buf);
+    }
+    const raw = Buffer.concat(chunks).toString('utf8');
+    return raw ? (JSON.parse(raw) as unknown) : undefined;
+}
+
+function sendMcpError(res: ServerResponse, status: number, code: number, message: string): void {
+    res.statusCode = status;
+    res.setHeader('content-type', 'application/json');
+    res.end(JSON.stringify({ jsonrpc: '2.0', error: { code, message }, id: null }));
+}

package/src/mcpLayer.e2e.test.ts

@@ -16,8 +16,8 @@ import { join } from 'node:path';
 import { randomUUID } from 'node:crypto';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { InMemoryTransport } from '@modelcontextprotocol/sdk/inMemory.js';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import { createMcpServer } from './mcp.js';
 import type {
     EventFrame,

package/src/newCapabilities.e2e.test.ts

@@ -14,8 +14,8 @@ import { mkdtempSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { randomUUID } from 'node:crypto';
-import { Bridge } from './bridge.js';
-import { JsonlStore } from './store/index.js';
+import { Bridge } from '@harness-fe/daemon';
+import { JsonlStore } from '@harness-fe/daemon';
 import type {
     EventFrame,
     HelloAckFrame,
@@ -23,7 +23,7 @@ import type {
     StorageEntry,
     WsEntry,
 } from '@harness-fe/protocol';
-import { buildVisitorTimeline } from './visitorTimeline.js';
+import { buildVisitorTimeline } from '@harness-fe/daemon';
 
 interface TestEnv {
     bridge: Bridge;

package/dist/auth.d.ts

@@ -1,53 +0,0 @@
-/**
- * Token-based auth for the bridge's HTTP + WS surfaces.
- *
- * Loopback (127.*, localhost, ::1) — auth disabled by default; the daemon
- * trusts everything that can reach the loopback socket. As soon as the
- * daemon is bound to a non-loopback host (e.g. 0.0.0.0 for LAN debugging),
- * the CLI requires a token and this module enforces it on every HTTP route
- * and WS upgrade.
- *
- * Why a single module: dashboard / replay viewer / events handler /
- * MCP HTTP transport all live behind the same bridge HTTP server. Bridge
- * wraps requests with `isAuthorized` once, so individual handlers never
- * see unauthenticated traffic and don't carry auth code.
- */
-import type { IncomingMessage, ServerResponse } from 'node:http';
-export declare const DEFAULT_COOKIE_NAME = "harness_fe_token";
-export declare const DEFAULT_LOGIN_PATH = "/__auth";
-export interface AuthOptions {
-    /** Expected token. Empty/undefined disables token auth. */
-    token?: string;
-    /**
-     * Custom authorization predicate. When supplied, runs *instead of* the
-     * token check on every HTTP request and WS upgrade. Synchronous: the
-     * WS upgrade handshake completes inline. For host-injected auth that
-     * needs an async lookup, cache the result in a cookie via the host's
-     * own middleware and have `authorize` read the cookie.
-     */
-    authorize?: (req: IncomingMessage) => boolean;
-    /** Cookie name set after a successful login. Default: harness_fe_token. */
-    cookieName?: string;
-    /** POST path that consumes the login form. Default: /__auth. */
-    loginPath?: string;
-}
-export declare function isAuthEnabled(opts: AuthOptions): boolean;
-/** Pull token from header / cookie / query / WS subprotocol (first match wins). */
-export declare function extractToken(req: IncomingMessage, opts?: AuthOptions): string | undefined;
-/**
- * Constant-time token compare. Hashing both sides first means we always
- * compare equal-length buffers, sidestepping the length-leak that a raw
- * timingSafeEqual on user input would have.
- */
-export declare function verifyToken(provided: string | undefined, expected: string): boolean;
-/** True if request is allowed (auth disabled, custom predicate accepts, or token matches). */
-export declare function isAuthorized(req: IncomingMessage, opts: AuthOptions): boolean;
-/**
- * Write a 401 response. Browsers (Accept: text/html) get a minimal login
- * form they can post the token through; everything else gets JSON.
- */
-export declare function sendUnauthorized(req: IncomingMessage, res: ServerResponse, opts: AuthOptions): void;
-/**
- * Handle POST {loginPath}: read form body, verify token, set cookie, 303 → next.
- */
-export declare function handleLoginPost(req: IncomingMessage, res: ServerResponse, opts: AuthOptions): Promise<void>;

package/dist/auth.js

@@ -1,212 +0,0 @@
-/**
- * Token-based auth for the bridge's HTTP + WS surfaces.
- *
- * Loopback (127.*, localhost, ::1) — auth disabled by default; the daemon
- * trusts everything that can reach the loopback socket. As soon as the
- * daemon is bound to a non-loopback host (e.g. 0.0.0.0 for LAN debugging),
- * the CLI requires a token and this module enforces it on every HTTP route
- * and WS upgrade.
- *
- * Why a single module: dashboard / replay viewer / events handler /
- * MCP HTTP transport all live behind the same bridge HTTP server. Bridge
- * wraps requests with `isAuthorized` once, so individual handlers never
- * see unauthenticated traffic and don't carry auth code.
- */
-import { createHash, timingSafeEqual } from 'node:crypto';
-export const DEFAULT_COOKIE_NAME = 'harness_fe_token';
-export const DEFAULT_LOGIN_PATH = '/__auth';
-const WS_SUBPROTOCOL_PREFIX = 'harness-fe.token.';
-export function isAuthEnabled(opts) {
-    return !!(opts.token || opts.authorize);
-}
-/** Pull token from header / cookie / query / WS subprotocol (first match wins). */
-export function extractToken(req, opts = {}) {
-    const auth = req.headers.authorization;
-    if (typeof auth === 'string' && auth.startsWith('Bearer ')) {
-        const v = auth.slice(7).trim();
-        if (v)
-            return v;
-    }
-    const cookieName = opts.cookieName ?? DEFAULT_COOKIE_NAME;
-    const cookies = parseCookieHeader(req.headers.cookie);
-    if (cookies[cookieName])
-        return decodeURIComponent(cookies[cookieName]);
-    const url = req.url ?? '';
-    const qi = url.indexOf('?');
-    if (qi >= 0) {
-        const params = new URLSearchParams(url.slice(qi + 1));
-        const t = params.get('token');
-        if (t)
-            return t;
-    }
-    const subproto = req.headers['sec-websocket-protocol'];
-    if (typeof subproto === 'string') {
-        for (const p of subproto.split(',')) {
-            const trimmed = p.trim();
-            if (trimmed.startsWith(WS_SUBPROTOCOL_PREFIX)) {
-                return trimmed.slice(WS_SUBPROTOCOL_PREFIX.length);
-            }
-        }
-    }
-    return undefined;
-}
-/**
- * Constant-time token compare. Hashing both sides first means we always
- * compare equal-length buffers, sidestepping the length-leak that a raw
- * timingSafeEqual on user input would have.
- */
-export function verifyToken(provided, expected) {
-    if (!provided || !expected)
-        return false;
-    const a = createHash('sha256').update(provided).digest();
-    const b = createHash('sha256').update(expected).digest();
-    return timingSafeEqual(a, b);
-}
-/** True if request is allowed (auth disabled, custom predicate accepts, or token matches). */
-export function isAuthorized(req, opts) {
-    if (!isAuthEnabled(opts))
-        return true;
-    // Custom predicate wins when supplied. Hosts that embed the daemon pass
-    // their own check here (e.g. JWT verification reading from a cookie).
-    if (opts.authorize)
-        return opts.authorize(req);
-    return verifyToken(extractToken(req, opts), opts.token);
-}
-/**
- * Write a 401 response. Browsers (Accept: text/html) get a minimal login
- * form they can post the token through; everything else gets JSON.
- */
-export function sendUnauthorized(req, res, opts) {
-    // Custom-authorize mode is for host apps that own their own login UX —
-    // the built-in token form is never the right answer there. Always 401
-    // as JSON and let the host redirect.
-    const wantsLoginForm = !opts.authorize;
-    const accept = (req.headers.accept ?? '').toLowerCase();
-    const wantsHtml = accept.includes('text/html') && wantsLoginForm;
-    if (wantsHtml) {
-        res.statusCode = 401;
-        res.setHeader('content-type', 'text/html; charset=utf-8');
-        res.setHeader('cache-control', 'no-store');
-        res.end(renderLoginPage(opts, req.url ?? '/'));
-        return;
-    }
-    res.statusCode = 401;
-    res.setHeader('content-type', 'application/json; charset=utf-8');
-    res.setHeader('www-authenticate', 'Bearer realm="harness-fe"');
-    res.end(JSON.stringify({
-        error: 'unauthorized',
-        message: 'Missing or invalid token. Provide Authorization: Bearer <token>, ?token=<token>, or the harness_fe_token cookie.',
-    }));
-}
-/**
- * Handle POST {loginPath}: read form body, verify token, set cookie, 303 → next.
- */
-export async function handleLoginPost(req, res, opts) {
-    if (!isAuthEnabled(opts) || opts.authorize) {
-        // Auth disabled, or the host owns auth via a custom predicate — the
-        // built-in login form isn't meaningful here. Redirect home.
-        res.statusCode = 303;
-        res.setHeader('location', '/');
-        res.end();
-        return;
-    }
-    const chunks = [];
-    let total = 0;
-    const MAX = 4096;
-    for await (const c of req) {
-        const buf = c;
-        total += buf.length;
-        if (total > MAX) {
-            res.statusCode = 413;
-            res.setHeader('content-type', 'text/plain; charset=utf-8');
-            res.end('payload too large');
-            return;
-        }
-        chunks.push(buf);
-    }
-    const body = Buffer.concat(chunks).toString('utf8');
-    const form = new URLSearchParams(body);
-    const token = form.get('token') ?? '';
-    const next = safeNext(form.get('next') ?? '/');
-    if (!verifyToken(token, opts.token)) {
-        res.statusCode = 401;
-        res.setHeader('content-type', 'text/html; charset=utf-8');
-        res.setHeader('cache-control', 'no-store');
-        res.end(renderLoginPage(opts, next, 'Invalid token. Try again.'));
-        return;
-    }
-    const cookieName = opts.cookieName ?? DEFAULT_COOKIE_NAME;
-    // 30 days. HttpOnly so JS can't read it; SameSite=Lax so cross-tab nav works.
-    const cookie = `${cookieName}=${encodeURIComponent(token)}; Path=/; HttpOnly; SameSite=Lax; Max-Age=2592000`;
-    res.statusCode = 303;
-    res.setHeader('set-cookie', cookie);
-    res.setHeader('location', next);
-    res.end();
-}
-/**
- * Allow only same-origin relative paths as the post-login redirect. Anything
- * else degrades to "/" so a crafted form can't redirect to an external site.
- */
-function safeNext(next) {
-    if (typeof next !== 'string')
-        return '/';
-    if (!next.startsWith('/'))
-        return '/';
-    if (next.startsWith('//'))
-        return '/';
-    return next;
-}
-function parseCookieHeader(raw) {
-    if (!raw)
-        return {};
-    const out = {};
-    for (const part of raw.split(';')) {
-        const eq = part.indexOf('=');
-        if (eq < 0)
-            continue;
-        const k = part.slice(0, eq).trim();
-        const v = part.slice(eq + 1).trim();
-        if (k)
-            out[k] = v;
-    }
-    return out;
-}
-function escapeHtml(s) {
-    return s.replace(/[&<>"']/g, (c) => {
-        switch (c) {
-            case '&': return '&amp;';
-            case '<': return '&lt;';
-            case '>': return '&gt;';
-            case '"': return '&quot;';
-            default: return '&#39;';
-        }
-    });
-}
-function renderLoginPage(opts, next, error) {
-    const loginPath = opts.loginPath ?? DEFAULT_LOGIN_PATH;
-    const safeN = escapeHtml(safeNext(next));
-    const errBlock = error
-        ? `<p style="color:#c0392b;margin:0 0 12px">${escapeHtml(error)}</p>`
-        : '';
-    return `<!doctype html>
-<html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
-<title>harness-fe — sign in</title>
-<style>
-body{font:14px/1.4 -apple-system,BlinkMacSystemFont,system-ui,sans-serif;background:#fafafa;color:#222;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0}
-form{background:#fff;border:1px solid #e5e7eb;border-radius:8px;padding:24px;max-width:360px;width:100%;box-shadow:0 4px 12px rgba(0,0,0,.04)}
-h1{font-size:16px;margin:0 0 12px}
-input[type=password]{display:block;width:100%;box-sizing:border-box;padding:10px;border:1px solid #d1d5db;border-radius:6px;font-size:14px;margin-bottom:12px}
-button{display:block;width:100%;padding:10px;background:#111;color:#fff;border:0;border-radius:6px;font-size:14px;cursor:pointer}
-.muted{color:#666;font-size:12px;margin-top:12px}
-</style></head>
-<body>
-<form method="post" action="${escapeHtml(loginPath)}" autocomplete="off">
-  <h1>harness-fe</h1>
-  ${errBlock}
-  <input type="password" name="token" placeholder="token" autofocus required>
-  <input type="hidden" name="next" value="${safeN}">
-  <button type="submit">Sign in</button>
-  <p class="muted">Paste the token from the daemon startup banner.</p>
-</form>
-</body></html>`;
-}