@ivotoby/openapi-mcp-server 1.0.0 → 1.1.0

package/README.md

@@ -2,14 +2,24 @@
 
 A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP resources. This server allows Large Language Models to discover and interact with REST APIs defined by OpenAPI specifications through the MCP protocol.
 
-## Quick Start
+## Overview
 
-You do not need to clone this repository to use this MCP server. You can simply configure it in Claude Desktop:
+This MCP server supports two transport methods:
+
+1. **Stdio Transport** (default): For direct integration with AI systems like Claude Desktop that manage MCP connections through standard input/output.
+2. **Streamable HTTP Transport**: For connecting to the server over HTTP, allowing web clients and other HTTP-capable systems to use the MCP protocol.
+
+## Quick Start for Users
+
+### Option 1: Using with Claude Desktop (Stdio Transport)
+
+No need to clone this repository. Simply configure Claude Desktop to use this MCP server:
 
 1. Locate or create your Claude Desktop configuration file:
+
    - On macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
 
-2. Add the following configuration to enable the OpenAPI MCP server:
+2. Add the following configuration:
 
 ```json
 {
@@ -32,27 +42,75 @@ You do not need to clone this repository to use this MCP server. You can simply
    - `OPENAPI_SPEC_PATH`: URL or path to your OpenAPI specification
    - `API_HEADERS`: Comma-separated key:value pairs for API authentication headers
 
-## Development Tools
+### Option 2: Using with HTTP Clients (HTTP Transport)
 
-This project includes several development tools to make your workflow easier:
+To use the server with HTTP clients:
 
-### Building
+1. No installation required! Use npx to run the package directly:
 
-- `npm run build` - Builds the TypeScript source
-- `npm run clean` - Removes build artifacts
-- `npm run typecheck` - Runs TypeScript type checking
+```bash
+npx @ivotoby/openapi-mcp-server \
+  --api-base-url https://api.example.com \
+  --openapi-spec https://api.example.com/openapi.json \
+  --headers "Authorization:Bearer token123" \
+  --transport http \
+  --port 3000
+```
 
-### Development Mode
+2. Interact with the server using HTTP requests:
 
-- `npm run dev` - Watches source files and rebuilds on changes
-- `npm run inspect-watch` - Runs the inspector with auto-reload on changes
+```bash
+# Initialize a session (first request)
+curl -X POST http://localhost:3000/mcp \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","id":0,"method":"initialize","params":{"client":{"name":"curl-client","version":"1.0.0"},"protocol":{"name":"mcp","version":"2025-03-26"}}}'
+
+# The response includes a Mcp-Session-Id header that you must use for subsequent requests
+# and the InitializeResult directly in the POST response body.
+
+# Send a request to list tools
+# This also receives its response directly on this POST request.
+curl -X POST http://localhost:3000/mcp \
+  -H "Content-Type: application/json" \
+  -H "Mcp-Session-Id: your-session-id" \
+  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
+
+# Open a streaming connection for other server responses (e.g., tool execution results)
+# This uses Server-Sent Events (SSE).
+curl -N http://localhost:3000/mcp -H "Mcp-Session-Id: your-session-id"
+
+# Example: Execute a tool (response will arrive on the GET stream)
+# curl -X POST http://localhost:3000/mcp \
+#  -H "Content-Type: application/json" \
+#  -H "Mcp-Session-Id: your-session-id" \
+#  -d '{"jsonrpc":"2.0","id":2,"method":"tools/execute","params":{"name":"yourToolName", "arguments": {}}}'
+
+# Terminate the session when done
+curl -X DELETE http://localhost:3000/mcp -H "Mcp-Session-Id: your-session-id"
+```
 
-### Code Quality
+## Transport Types
 
-- `npm run lint` - Runs ESLint
-- `npm run typecheck` - Verifies TypeScript types
+### Stdio Transport (Default)
+
+The stdio transport is designed for direct integration with AI systems like Claude Desktop that manage MCP connections through standard input/output. This is the simplest setup and requires no network configuration.
+
+**When to use**: When integrating with Claude Desktop or other systems that support stdio-based MCP communication.
+
+### Streamable HTTP Transport
+
+The HTTP transport allows the MCP server to be accessed over HTTP, enabling web applications and other HTTP-capable clients to interact with the MCP protocol. It supports session management, streaming responses, and standard HTTP methods.
 
-## Configuration
+**Key features**:
+
+- Session management with Mcp-Session-Id header
+- HTTP responses for `initialize` and `tools/list` requests are sent synchronously on the POST.
+- Other server-to-client messages (e.g., `tools/execute` results, notifications) are streamed over a GET connection using Server-Sent Events (SSE).
+- Support for POST/GET/DELETE methods
+
+**When to use**: When you need to expose the MCP server to web clients or systems that communicate over HTTP rather than stdio.
+
+## Configuration Options
 
 The server can be configured through environment variables or command line arguments:
 
@@ -63,51 +121,70 @@ The server can be configured through environment variables or command line argum
 - `API_HEADERS` - Comma-separated key:value pairs for API headers
 - `SERVER_NAME` - Name for the MCP server (default: "mcp-openapi-server")
 - `SERVER_VERSION` - Version of the server (default: "1.0.0")
+- `TRANSPORT_TYPE` - Transport type to use: "stdio" or "http" (default: "stdio")
+- `HTTP_PORT` - Port for HTTP transport (default: 3000)
+- `HTTP_HOST` - Host for HTTP transport (default: "127.0.0.1")
+- `ENDPOINT_PATH` - Endpoint path for HTTP transport (default: "/mcp")
 
 ### Command Line Arguments
 
 ```bash
-npm run inspect -- \
+npx @ivotoby/openapi-mcp-server \
   --api-base-url https://api.example.com \
   --openapi-spec https://api.example.com/openapi.json \
   --headers "Authorization:Bearer token123,X-API-Key:your-api-key" \
   --name "my-mcp-server" \
-  --version "1.0.0"
+  --version "1.0.0" \
+  --transport http \
+  --port 3000 \
+  --host 127.0.0.1 \
+  --path /mcp
 ```
 
-## Development Workflow
-
-1. Start the development environment:
-```bash
-npm run inspect-watch
-```
+## Security Considerations
 
-2. Make changes to the TypeScript files in `src/`
-3. The server will automatically rebuild and restart
-4. Use the MCP Inspector UI to test your changes
+- The HTTP transport validates Origin headers to prevent DNS rebinding attacks
+- By default, HTTP transport only binds to localhost (127.0.0.1)
+- If exposing to other hosts, consider implementing additional authentication
 
 ## Debugging
 
-The server outputs debug logs to stderr. To see these logs:
+To see debug logs:
 
-1. In development mode:
-   - Logs appear in the terminal running `inspect-watch`
-   
-2. When running directly:
+1. When using stdio transport with Claude Desktop:
+
+   - Logs appear in the Claude Desktop logs
+
+2. When using HTTP transport:
    ```bash
-   npm run inspect 2>debug.log
+   npx @ivotoby/openapi-mcp-server --transport http 2>debug.log
    ```
 
-## Contributing
+## For Developers
+
+### Development Tools
+
+- `npm run build` - Builds the TypeScript source
+- `npm run clean` - Removes build artifacts
+- `npm run typecheck` - Runs TypeScript type checking
+- `npm run lint` - Runs ESLint
+- `npm run dev` - Watches source files and rebuilds on changes
+- `npm run inspect-watch` - Runs the inspector with auto-reload on changes
+
+### Development Workflow
+
+1. Clone the repository
+2. Install dependencies: `npm install`
+3. Start the development environment: `npm run inspect-watch`
+4. Make changes to the TypeScript files in `src/`
+5. The server will automatically rebuild and restart
+
+### Contributing
 
 1. Fork the repository
 2. Create a feature branch
 3. Make your changes
-4. Run tests and linting:
-   ```bash
-   npm run typecheck
-   npm run lint
-   ```
+4. Run tests and linting: `npm run typecheck && npm run lint`
 5. Submit a pull request
 
 ## License

package/dist/bundle.js

@@ -9991,7 +9991,7 @@ var require_form_data = __commonJS({
     var CombinedStream = require_combined_stream();
     var util3 = __require("util");
     var path = __require("path");
-    var http2 = __require("http");
+    var http3 = __require("http");
     var https2 = __require("https");
     var parseUrl = __require("url").parse;
     var fs = __require("fs");
@@ -10263,7 +10263,7 @@ var require_form_data = __commonJS({
       if (options.protocol == "https:") {
         request = https2.request(options);
       } else {
-        request = http2.request(options);
+        request = http3.request(options);
       }
       this.getLength(function(err, length) {
         if (err && err !== "Unknown stream") {
@@ -11160,7 +11160,7 @@ var require_follow_redirects = __commonJS({
   "node_modules/follow-redirects/index.js"(exports, module) {
     var url2 = __require("url");
     var URL2 = url2.URL;
-    var http2 = __require("http");
+    var http3 = __require("http");
     var https2 = __require("https");
     var Writable = __require("stream").Writable;
     var assert = __require("assert");
@@ -11646,7 +11646,7 @@ var require_follow_redirects = __commonJS({
     function isURL(value) {
       return URL2 && value instanceof URL2;
     }
-    module.exports = wrap2({ http: http2, https: https2 });
+    module.exports = wrap2({ http: http3, https: https2 });
     module.exports.wrap = wrap2;
   }
 });
@@ -15007,21 +15007,24 @@ var OpenAPISpecLoader = class {
           }
         };
         if (op.parameters) {
+          const requiredParams = [];
           for (const param of op.parameters) {
             if ("name" in param && "in" in param) {
               const paramSchema = param.schema;
-              tool.inputSchema.properties[param.name] = {
-                type: paramSchema.type || "string",
-                description: param.description || `${param.name} parameter`
-              };
+              if (tool.inputSchema && tool.inputSchema.properties) {
+                tool.inputSchema.properties[param.name] = {
+                  type: paramSchema.type || "string",
+                  description: param.description || `${param.name} parameter`
+                };
+              }
               if (param.required === true) {
-                if (!tool.inputSchema.required) {
-                  tool.inputSchema.required = [];
-                }
-                tool.inputSchema.required.push(param.name);
+                requiredParams.push(param.name);
               }
             }
           }
+          if (requiredParams.length > 0 && tool.inputSchema) {
+            tool.inputSchema.required = requiredParams;
+          }
         }
         tools.set(toolId, tool);
       }
@@ -15087,7 +15090,6 @@ var ApiClient = class {
    * @param headers - Optional headers to include with every request
    */
   constructor(baseUrl, headers = {}) {
-    this.baseUrl = baseUrl;
     this.headers = headers;
     this.axiosInstance = axios_default.create({
       baseURL: baseUrl.endsWith("/") ? baseUrl : `${baseUrl}/`
@@ -15159,13 +15161,18 @@ var ApiClient = class {
 
 // src/server.ts
 var OpenAPIServer = class {
+  server;
+  toolsManager;
+  apiClient;
   constructor(config) {
-    this.config = config;
     this.server = new Server(
       { name: config.name, version: config.version },
       {
         capabilities: {
-          tools: {}
+          tools: {
+            list: true,
+            execute: true
+          }
         }
       }
     );
@@ -15173,9 +15180,6 @@ var OpenAPIServer = class {
     this.apiClient = new ApiClient(config.apiBaseUrl, config.headers);
     this.initializeHandlers();
   }
-  server;
-  toolsManager;
-  apiClient;
   /**
    * Initialize request handlers
    */
@@ -15189,7 +15193,7 @@ var OpenAPIServer = class {
       const { id, name, arguments: params } = request.params;
       console.error("Received request:", request.params);
       console.error("Using parameters from arguments:", params);
-      const idOrName = id || name;
+      const idOrName = typeof id === "string" ? id : typeof name === "string" ? name : "";
       if (!idOrName) {
         throw new Error("Tool ID or name is required");
       }
@@ -20098,7 +20102,22 @@ function parseHeaders(headerStr) {
   return headers;
 }
 function loadConfig() {
-  const argv = yargs_default(hideBin(process.argv)).option("api-base-url", {
+  const argv = yargs_default(hideBin(process.argv)).option("transport", {
+    alias: "t",
+    type: "string",
+    choices: ["stdio", "http"],
+    description: "Transport type to use (stdio or http)"
+  }).option("port", {
+    alias: "p",
+    type: "number",
+    description: "HTTP port for HTTP transport"
+  }).option("host", {
+    type: "string",
+    description: "HTTP host for HTTP transport"
+  }).option("path", {
+    type: "string",
+    description: "HTTP endpoint path for HTTP transport"
+  }).option("api-base-url", {
     alias: "u",
     type: "string",
     description: "Base URL for the API"
@@ -20118,7 +20137,16 @@ function loadConfig() {
     alias: "v",
     type: "string",
     description: "Server version"
-  }).help().argv;
+  }).help().parseSync();
+  let transportType;
+  if (argv.transport === "http" || process.env.TRANSPORT_TYPE === "http") {
+    transportType = "http";
+  } else {
+    transportType = "stdio";
+  }
+  const httpPort = argv.port ?? (process.env.HTTP_PORT ? parseInt(process.env.HTTP_PORT, 10) : 3e3);
+  const httpHost = argv.host || process.env.HTTP_HOST || "127.0.0.1";
+  const endpointPath = argv.path || process.env.ENDPOINT_PATH || "/mcp";
   const apiBaseUrl = argv["api-base-url"] || process.env.API_BASE_URL;
   const openApiSpec = argv["openapi-spec"] || process.env.OPENAPI_SPEC_PATH;
   if (!apiBaseUrl) {
@@ -20133,18 +20161,582 @@ function loadConfig() {
     version: argv.version || process.env.SERVER_VERSION || "1.0.0",
     apiBaseUrl,
     openApiSpec,
-    headers
+    headers,
+    transportType,
+    httpPort,
+    httpHost,
+    endpointPath
   };
 }
 
+// src/transport/StreamableHttpServerTransport.ts
+import {
+  isInitializeRequest,
+  isJSONRPCRequest,
+  isJSONRPCResponse
+} from "@modelcontextprotocol/sdk/types.js";
+import * as http2 from "http";
+import { randomUUID } from "crypto";
+var StreamableHttpServerTransport = class {
+  // Maps request IDs to session IDs
+  /**
+   * Initialize a new StreamableHttpServerTransport
+   *
+   * @param port HTTP port to listen on
+   * @param host Host to bind to (default: 127.0.0.1)
+   * @param endpointPath Endpoint path (default: /mcp)
+   */
+  constructor(port, host = "127.0.0.1", endpointPath = "/mcp") {
+    this.port = port;
+    this.host = host;
+    this.endpointPath = endpointPath;
+    this.server = http2.createServer(this.handleRequest.bind(this));
+  }
+  server;
+  sessions = /* @__PURE__ */ new Map();
+  started = false;
+  maxBodySize = 4 * 1024 * 1024;
+  // 4MB max request size
+  requestSessionMap = /* @__PURE__ */ new Map();
+  /**
+   * Callback when message is received
+   */
+  onmessage;
+  /**
+   * Callback when error occurs
+   */
+  onerror;
+  /**
+   * Callback when transport closes
+   */
+  onclose;
+  /**
+   * Start the transport
+   */
+  async start() {
+    if (this.started) {
+      throw new Error("Transport already started");
+    }
+    return new Promise((resolve5, reject) => {
+      this.server.listen(this.port, this.host, () => {
+        this.started = true;
+        console.error(
+          `Streamable HTTP transport listening on http://${this.host}:${this.port}${this.endpointPath}`
+        );
+        resolve5();
+      });
+      this.server.on("error", (err) => {
+        reject(err);
+        if (this.onerror) {
+          this.onerror(err);
+        }
+      });
+    });
+  }
+  /**
+   * Close the transport
+   */
+  async close() {
+    for (const session of this.sessions.values()) {
+      for (const response of session.activeResponses) {
+        try {
+          response.end();
+        } catch (err) {
+        }
+      }
+    }
+    this.sessions.clear();
+    return new Promise((resolve5, reject) => {
+      this.server.close((err) => {
+        if (err) {
+          reject(err instanceof Error ? err : new Error(String(err)));
+        } else {
+          this.started = false;
+          if (this.onclose) {
+            this.onclose();
+          }
+          resolve5();
+        }
+      });
+    });
+  }
+  /**
+   * Send message to client(s)
+   *
+   * @param message JSON-RPC message
+   */
+  async send(message) {
+    console.error(`StreamableHttpServerTransport: Sending message: ${JSON.stringify(message)}`);
+    let targetSessionId;
+    let messageIdForThisResponse = null;
+    if (isJSONRPCResponse(message) && message.id !== null) {
+      messageIdForThisResponse = message.id;
+      targetSessionId = this.requestSessionMap.get(messageIdForThisResponse);
+      console.error(
+        `StreamableHttpServerTransport: Potential target session for response ID ${messageIdForThisResponse}: ${targetSessionId}`
+      );
+      if (targetSessionId && this.initResponseHandlers.has(targetSessionId)) {
+        console.error(
+          `StreamableHttpServerTransport: Session ${targetSessionId} has initResponseHandlers. Invoking them for message ID ${messageIdForThisResponse}.`
+        );
+        const handlers = this.initResponseHandlers.get(targetSessionId);
+        [...handlers].forEach((handler) => handler(message));
+        if (!this.requestSessionMap.has(messageIdForThisResponse)) {
+          console.error(
+            `StreamableHttpServerTransport: Response for ID ${messageIdForThisResponse} was handled by an initResponseHandler (e.g., synchronous POST response for initialize or tools/list).`
+          );
+          return;
+        } else {
+          console.error(
+            `StreamableHttpServerTransport: Response for ID ${messageIdForThisResponse} was NOT exclusively handled by an initResponseHandler or handler did not remove from requestSessionMap. Proceeding to GET stream / broadcast if applicable.`
+          );
+        }
+      }
+      if (this.requestSessionMap.has(messageIdForThisResponse)) {
+        console.error(
+          `StreamableHttpServerTransport: Deleting request ID ${messageIdForThisResponse} from requestSessionMap as it's being processed for GET stream or broadcast.`
+        );
+        this.requestSessionMap.delete(messageIdForThisResponse);
+      }
+    }
+    if (!targetSessionId) {
+      const idForLog = messageIdForThisResponse !== null ? messageIdForThisResponse : isJSONRPCRequest(message) ? message.id : "N/A";
+      console.warn(
+        `StreamableHttpServerTransport: No specific target session for message (ID: ${idForLog}). Broadcasting to all applicable sessions.`
+      );
+      for (const [sid, session2] of this.sessions.entries()) {
+        if (session2.initialized && session2.activeResponses.size > 0) {
+          this.sendMessageToSession(sid, session2, message);
+        }
+      }
+      return;
+    }
+    const session = this.sessions.get(targetSessionId);
+    if (session && session.activeResponses.size > 0) {
+      console.error(
+        `StreamableHttpServerTransport: Sending message (ID: ${messageIdForThisResponse}) to GET stream for session ${targetSessionId} (${session.activeResponses.size} active connections).`
+      );
+      this.sendMessageToSession(targetSessionId, session, message);
+    } else if (targetSessionId) {
+      console.error(
+        `StreamableHttpServerTransport: No active GET connections for session ${targetSessionId} to send message (ID: ${messageIdForThisResponse}). Message might not be delivered if not handled by POST.`
+      );
+    }
+  }
+  /**
+   * Helper method to send a message to a specific session
+   */
+  sendMessageToSession(sessionId, session, message) {
+    const messageStr = `data: ${JSON.stringify(message)}
+
+`;
+    for (const response of session.activeResponses) {
+      try {
+        response.write(messageStr);
+      } catch (err) {
+        session.activeResponses.delete(response);
+        if (this.onerror) {
+          this.onerror(new Error(`Failed to write to response: ${err.message}`));
+        }
+      }
+    }
+  }
+  /**
+   * Handle HTTP request
+   */
+  handleRequest(req, res) {
+    if (req.url !== this.endpointPath) {
+      res.writeHead(404);
+      res.end();
+      return;
+    }
+    this.validateOrigin(req, res);
+    switch (req.method) {
+      case "POST":
+        this.handlePostRequest(req, res);
+        break;
+      case "GET":
+        this.handleGetRequest(req, res);
+        break;
+      case "DELETE":
+        this.handleDeleteRequest(req, res);
+        break;
+      default:
+        res.writeHead(405, { Allow: "POST, GET, DELETE" });
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            error: {
+              code: -32e3,
+              message: "Method not allowed"
+            },
+            id: null
+          })
+        );
+    }
+  }
+  /**
+   * Validate origin header to prevent DNS rebinding attacks
+   */
+  validateOrigin(req, res) {
+    const origin2 = req.headers.origin;
+    if (!origin2) {
+      return true;
+    }
+    try {
+      const originUrl = new URL(origin2);
+      const isLocalhost = originUrl.hostname === "localhost" || originUrl.hostname === "127.0.0.1";
+      if (!isLocalhost) {
+        res.writeHead(403);
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            error: {
+              code: -32e3,
+              message: "Origin not allowed"
+            },
+            id: null
+          })
+        );
+        return false;
+      }
+      return true;
+    } catch (err) {
+      res.writeHead(400);
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32e3,
+            message: "Invalid origin"
+          },
+          id: null
+        })
+      );
+      return false;
+    }
+  }
+  /**
+   * Handle POST request
+   */
+  handlePostRequest(req, res) {
+    const contentType = req.headers["content-type"];
+    if (!contentType || !contentType.includes("application/json")) {
+      res.writeHead(415);
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32e3,
+            message: "Unsupported Media Type: Content-Type must be application/json"
+          },
+          id: null
+        })
+      );
+      return;
+    }
+    let body = "";
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > this.maxBodySize) {
+        res.writeHead(413);
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            error: {
+              code: -32e3,
+              message: "Request entity too large"
+            },
+            id: null
+          })
+        );
+        req.destroy();
+        return;
+      }
+      body += chunk.toString();
+    });
+    req.on("end", () => {
+      try {
+        const message = JSON.parse(body);
+        if (isInitializeRequest(message)) {
+          this.handleInitializeRequest(message, req, res);
+        } else if (isJSONRPCRequest(message) && message.method === "tools/list") {
+          const sessionId = req.headers["mcp-session-id"];
+          if (!sessionId || !this.sessions.has(sessionId)) {
+            res.writeHead(400);
+            res.end(
+              JSON.stringify({
+                jsonrpc: "2.0",
+                error: {
+                  code: -32e3,
+                  message: "Invalid session. A valid Mcp-Session-Id header is required."
+                },
+                id: "id" in message ? message.id : null
+              })
+            );
+            return;
+          }
+          const session = this.sessions.get(sessionId);
+          if (message.id !== void 0 && message.id !== null) {
+            this.requestSessionMap.set(message.id, sessionId);
+            if (!session.pendingRequests) {
+              session.pendingRequests = /* @__PURE__ */ new Set();
+            }
+            session.pendingRequests.add(message.id);
+          }
+          const responseHandler = (responseMessage) => {
+            if (isJSONRPCResponse(responseMessage) && responseMessage.id === message.id) {
+              res.setHeader("Content-Type", "application/json");
+              res.writeHead(200);
+              res.end(JSON.stringify(responseMessage));
+              this.removeInitResponseHandler(sessionId, responseHandler);
+              if (message.id !== void 0 && message.id !== null) {
+                this.requestSessionMap.delete(message.id);
+                session.pendingRequests.delete(message.id);
+              }
+            }
+          };
+          this.addInitResponseHandler(sessionId, responseHandler);
+          if (session.messageHandler) {
+            session.messageHandler(message);
+          } else {
+            this.removeInitResponseHandler(sessionId, responseHandler);
+            res.writeHead(500);
+            res.end(
+              JSON.stringify({
+                jsonrpc: "2.0",
+                error: {
+                  code: -32603,
+                  message: "Internal error: No message handler available"
+                },
+                id: "id" in message ? message.id : null
+              })
+            );
+          }
+        } else {
+          const sessionId = req.headers["mcp-session-id"];
+          if (!sessionId || !this.sessions.has(sessionId)) {
+            res.writeHead(400);
+            res.end(
+              JSON.stringify({
+                jsonrpc: "2.0",
+                error: {
+                  code: -32e3,
+                  message: "Invalid session. A valid Mcp-Session-Id header is required."
+                },
+                id: "id" in message ? message.id : null
+              })
+            );
+            return;
+          }
+          const session = this.sessions.get(sessionId);
+          if (isJSONRPCRequest(message)) {
+            if (session.messageHandler) {
+              if (message.id !== void 0 && message.id !== null) {
+                this.requestSessionMap.set(message.id, sessionId);
+                if (!session.pendingRequests) {
+                  session.pendingRequests = /* @__PURE__ */ new Set();
+                }
+                session.pendingRequests.add(message.id);
+              }
+              session.messageHandler(message);
+              res.writeHead(202);
+              res.end();
+            }
+          } else {
+            if (session.messageHandler) {
+              session.messageHandler(message);
+              res.writeHead(202);
+              res.end();
+            }
+          }
+        }
+      } catch (err) {
+        res.writeHead(400);
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            error: {
+              code: -32700,
+              message: "Parse error",
+              data: String(err)
+            },
+            id: null
+          })
+        );
+        if (this.onerror) {
+          this.onerror(new Error(`Parse error: ${String(err)}`));
+        }
+      }
+    });
+    req.on("error", (err) => {
+      if (this.onerror) {
+        this.onerror(err instanceof Error ? err : new Error(String(err)));
+      }
+    });
+  }
+  /**
+   * Handle initialization request
+   */
+  handleInitializeRequest(message, _req, res) {
+    const sessionId = randomUUID();
+    this.sessions.set(sessionId, {
+      // eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+      messageHandler: this.onmessage || (() => {
+      }),
+      activeResponses: /* @__PURE__ */ new Set(),
+      initialized: true,
+      pendingRequests: /* @__PURE__ */ new Set()
+    });
+    if ("id" in message && message.id !== null && message.id !== void 0) {
+      this.requestSessionMap.set(message.id, sessionId);
+    }
+    res.setHeader("Content-Type", "application/json");
+    res.setHeader("Mcp-Session-Id", sessionId);
+    const responseHandler = (responseMessage) => {
+      if (isJSONRPCResponse(responseMessage) && "id" in message && responseMessage.id === message.id) {
+        res.writeHead(200);
+        res.end(JSON.stringify(responseMessage));
+        this.removeInitResponseHandler(sessionId, responseHandler);
+        this.requestSessionMap.delete(message.id);
+      }
+    };
+    this.addInitResponseHandler(sessionId, responseHandler);
+    if (this.onmessage) {
+      this.onmessage(message);
+    } else {
+      this.removeInitResponseHandler(sessionId, responseHandler);
+      res.writeHead(500);
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32603,
+            message: "Internal error: No message handler available"
+          },
+          id: "id" in message ? message.id : null
+        })
+      );
+    }
+  }
+  /**
+   * Add initialize response handler
+   */
+  initResponseHandlers = /* @__PURE__ */ new Map();
+  addInitResponseHandler(sessionId, handler) {
+    if (!this.initResponseHandlers.has(sessionId)) {
+      this.initResponseHandlers.set(sessionId, []);
+    }
+    this.initResponseHandlers.get(sessionId).push(handler);
+  }
+  removeInitResponseHandler(sessionId, handler) {
+    if (this.initResponseHandlers.has(sessionId)) {
+      const handlers = this.initResponseHandlers.get(sessionId);
+      const index = handlers.indexOf(handler);
+      if (index !== -1) {
+        handlers.splice(index, 1);
+      }
+      if (handlers.length === 0) {
+        this.initResponseHandlers.delete(sessionId);
+      }
+    }
+  }
+  /**
+   * Handle GET request (streaming connection)
+   */
+  handleGetRequest(req, res) {
+    const sessionId = req.headers["mcp-session-id"];
+    if (!sessionId || !this.sessions.has(sessionId)) {
+      res.writeHead(400);
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32e3,
+            message: "Invalid session. A valid Mcp-Session-Id header is required."
+          },
+          id: null
+        })
+      );
+      return;
+    }
+    const session = this.sessions.get(sessionId);
+    res.setHeader("Content-Type", "text/event-stream");
+    res.setHeader("Connection", "keep-alive");
+    res.setHeader("Cache-Control", "no-cache, no-transform");
+    res.setHeader("Transfer-Encoding", "chunked");
+    res.setHeader("Mcp-Session-Id", sessionId);
+    res.writeHead(200);
+    session.activeResponses.add(res);
+    req.on("close", () => {
+      session.activeResponses.delete(res);
+    });
+    res.on("error", (err) => {
+      session.activeResponses.delete(res);
+      if (this.onerror) {
+        this.onerror(err);
+      }
+    });
+  }
+  /**
+   * Handle DELETE request (session termination)
+   */
+  handleDeleteRequest(req, res) {
+    const sessionId = req.headers["mcp-session-id"];
+    if (!sessionId || !this.sessions.has(sessionId)) {
+      res.writeHead(400);
+      res.end(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32e3,
+            message: "Invalid session. A valid Mcp-Session-Id header is required."
+          },
+          id: null
+        })
+      );
+      return;
+    }
+    const session = this.sessions.get(sessionId);
+    for (const response of session.activeResponses) {
+      try {
+        response.end();
+      } catch (err) {
+      }
+    }
+    if (session.pendingRequests) {
+      for (const requestId of session.pendingRequests) {
+        this.requestSessionMap.delete(requestId);
+      }
+    }
+    this.sessions.delete(sessionId);
+    res.writeHead(204);
+    res.end();
+  }
+};
+
 // src/index.ts
 async function main() {
   try {
     const config = loadConfig();
     const server = new OpenAPIServer(config);
-    const transport = new StdioServerTransport();
-    await server.start(transport);
-    console.error("OpenAPI MCP Server running on stdio");
+    let transport;
+    if (config.transportType === "http") {
+      transport = new StreamableHttpServerTransport(
+        config.httpPort,
+        config.httpHost,
+        config.endpointPath
+      );
+      await server.start(transport);
+      console.error(
+        `OpenAPI MCP Server running on http://${config.httpHost}:${config.httpPort}${config.endpointPath}`
+      );
+    } else {
+      transport = new StdioServerTransport();
+      await server.start(transport);
+      console.error("OpenAPI MCP Server running on stdio");
+    }
   } catch (error) {
     console.error("Failed to start server:", error);
     process.exit(1);
@@ -20155,6 +20747,7 @@ export {
   ApiClient,
   OpenAPIServer,
   OpenAPISpecLoader,
+  StreamableHttpServerTransport,
   ToolsManager,
   loadConfig,
   parseHeaders

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ivotoby/openapi-mcp-server",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "An MCP server that exposes OpenAPI endpoints as resources",
   "license": "MIT",
   "type": "module",
@@ -44,10 +44,8 @@
     "@semantic-release/github": "^9.2.6",
     "@semantic-release/npm": "^11.0.3",
     "@semantic-release/release-notes-generator": "^12.1.0",
-    "@types/chai": "^4.3.11",
-    "@types/mocha": "^10.0.6",
     "@types/node": "^22.13.11",
-    "@types/sinon": "^17.0.3",
+    "@types/yargs": "^17.0.33",
     "@typescript-eslint/eslint-plugin": "^6.12.0",
     "@typescript-eslint/parser": "^6.12.0",
     "dotenv": "^16.4.7",
@@ -56,13 +54,10 @@
     "eslint-config-prettier": "^10.1.5",
     "eslint-plugin-perfectionist": "^4.7.0",
     "eslint-plugin-prettier": "^5.4.0",
-    "jest": "^29.7.0",
     "msw": "^2.7.0",
     "nodemon": "^3.1.7",
     "prettier": "^3.4.2",
     "semantic-release": "^22.0.12",
-    "sinon": "^17.0.1",
-    "ts-jest": "^29.1.1",
     "typescript": "^5.3.2",
     "typescript-eslint": "^8.22.0",
     "vitest": "^3.1.3"