@silver886/mcp-proxy 0.1.3 → 0.2.0

package/dist/shared/protocol.js

@@ -0,0 +1,183 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SERVER_NAME_PATTERN = exports.TOOL_NAME_SEPARATOR = exports.LineBuffer = exports.ErrorMessage = exports.ErrorCode = exports.BodyTooLargeError = exports.MAX_BODY_BYTES = exports.DEFAULT_PORT = exports.DEFAULT_HOST = exports.MCP_PROTOCOL_VERSION = exports.PACKAGE_VERSION = exports.PACKAGE_NAME = void 0;
+exports.jsonRpcError = jsonRpcError;
+exports.readBody = readBody;
+exports.getArg = getArg;
+exports.createServer = createServer;
+exports.validateServerName = validateServerName;
+const node_fs_1 = require("node:fs");
+const node_http_1 = require("node:http");
+const node_path_1 = require("node:path");
+// dist/shared/protocol.js → ../../package.json (project root, same as the
+// installed npm package's root). package.json is always shipped in the
+// tarball regardless of the `files` whitelist, so this works in both
+// local dev and installed contexts.
+const pkg = JSON.parse((0, node_fs_1.readFileSync)((0, node_path_1.resolve)(__dirname, "..", "..", "package.json"), "utf-8"));
+exports.PACKAGE_NAME = pkg.name;
+exports.PACKAGE_VERSION = pkg.version;
+exports.MCP_PROTOCOL_VERSION = "2024-11-05";
+exports.DEFAULT_HOST = "127.0.0.1";
+exports.DEFAULT_PORT = 6270;
+// Cap on the size of any single inbound HTTP request body. Both the
+// pairing endpoints and the host agent sit behind a Cloudflare tunnel
+// gated by a bearer token; without a cap, a leaked token gives an
+// attacker a trivial memory-DoS by streaming an arbitrarily large body.
+// 4 MiB is comfortably above any plausible MCP JSON-RPC request (tool
+// args, init handshakes) while keeping worst-case memory bounded.
+exports.MAX_BODY_BYTES = 4 * 1024 * 1024;
+class BodyTooLargeError extends Error {
+    limit;
+    constructor(limit) {
+        super(`request body exceeds ${limit} bytes`);
+        this.limit = limit;
+        this.name = "BodyTooLargeError";
+    }
+}
+exports.BodyTooLargeError = BodyTooLargeError;
+// JSON-RPC error codes: -32700/-32600..-32603 = spec-defined, -32000..-32099 = server-defined
+exports.ErrorCode = {
+    PARSE_ERROR: -32700, // JSON-RPC spec: invalid JSON received
+    INVALID_REQUEST: -32600, // JSON-RPC spec: malformed request envelope
+    METHOD_NOT_FOUND: -32601, // JSON-RPC spec: method not found
+    INVALID_PARAMS: -32602, // JSON-RPC spec: invalid params
+    INTERNAL: -32603, // JSON-RPC spec: internal error
+    PROXY_NOT_CONFIGURED: -32001, // Proxy has not been paired yet
+    HOST_UNREACHABLE: -32002, // Cannot reach the host agent via tunnel
+    PROCESS_EXITED: -32003, // MCP server child process exited unexpectedly
+    PROCESS_NOT_RUNNING: -32004, // MCP server child process is not running
+    REQUEST_TIMEOUT: -32005, // MCP server did not respond in time
+};
+exports.ErrorMessage = {
+    [exports.ErrorCode.PARSE_ERROR]: "Parse error",
+    [exports.ErrorCode.INVALID_REQUEST]: "Invalid request",
+    [exports.ErrorCode.METHOD_NOT_FOUND]: "Method not found",
+    [exports.ErrorCode.INVALID_PARAMS]: "Invalid params",
+    [exports.ErrorCode.INTERNAL]: "Internal error",
+    [exports.ErrorCode.PROXY_NOT_CONFIGURED]: "Proxy not configured",
+    [exports.ErrorCode.HOST_UNREACHABLE]: "Host agent unreachable",
+    [exports.ErrorCode.PROCESS_EXITED]: "Server process exited",
+    [exports.ErrorCode.PROCESS_NOT_RUNNING]: "Server process not running",
+    [exports.ErrorCode.REQUEST_TIMEOUT]: "Request timed out",
+};
+// JSON-RPC error response helper
+function jsonRpcError(code, detail, id = null) {
+    const base = exports.ErrorMessage[code] ?? "Unknown error";
+    const message = detail ? `${base}: ${detail}` : base;
+    return JSON.stringify({ jsonrpc: "2.0", error: { code, message }, id });
+}
+// Read full request body as string, rejecting with BodyTooLargeError once
+// the running total exceeds maxBytes. We pause the request once over the
+// limit so we stop accumulating into memory; the socket is torn down by
+// createServer's 413 path after the response flushes (destroying it here
+// races the response and the client never sees the 413).
+//
+// Settles on the first of: end (resolve), error (reject), close-without-end
+// (reject as ECONNRESET-style), or oversize (reject as BodyTooLargeError).
+// All four listeners are torn down on settle so a paused/aborted upload
+// can't leave the closure (and the accumulated chunks) pinned in memory.
+function readBody(req, maxBytes = exports.MAX_BODY_BYTES) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let total = 0;
+        let settled = false;
+        const cleanup = () => {
+            req.off("data", onData);
+            req.off("end", onEnd);
+            req.off("error", onError);
+            req.off("close", onClose);
+        };
+        const settleResolve = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(value);
+        };
+        const settleReject = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            reject(err);
+        };
+        const onData = (c) => {
+            if (settled)
+                return;
+            total += c.length;
+            if (total > maxBytes) {
+                // Pause so we stop accumulating; rejection runs the 413 path in
+                // createServer, which destroys the socket after the response flushes.
+                req.pause();
+                settleReject(new BodyTooLargeError(maxBytes));
+                return;
+            }
+            chunks.push(c);
+        };
+        const onEnd = () => settleResolve(Buffer.concat(chunks).toString("utf-8"));
+        const onError = (err) => settleReject(err);
+        // 'close' fires after end OR after an abort. If end ran first we're
+        // already settled and this is a no-op; otherwise the client disconnected
+        // mid-upload and we must reject so the handler doesn't hang forever.
+        const onClose = () => settleReject(new Error("client closed connection before request body completed"));
+        req.on("data", onData);
+        req.on("end", onEnd);
+        req.on("error", onError);
+        req.on("close", onClose);
+    });
+}
+// Parse CLI argument by name: --flag value
+function getArg(name) {
+    const idx = process.argv.indexOf(name);
+    return idx !== -1 && idx + 1 < process.argv.length ? process.argv[idx + 1] : undefined;
+}
+// Create HTTP server with async handler and error catching. BodyTooLargeError
+// is special-cased to 413 + Connection: close so the client sees a clean
+// "payload too large" instead of the catch-all 500. After the response
+// flushes we destroy the socket so an attacker can't keep streaming bytes
+// into the kernel buffer beyond the limit we just enforced.
+function createServer(handler) {
+    return (0, node_http_1.createServer)((req, res) => {
+        handler(req, res).catch((err) => {
+            console.error(`Request handler error: ${err.message}`);
+            if (!res.headersSent) {
+                if (err instanceof BodyTooLargeError) {
+                    res.writeHead(413, { "Content-Type": "application/json", Connection: "close" });
+                    res.end(JSON.stringify({ error: err.message }), () => {
+                        req.socket?.destroy();
+                    });
+                    return;
+                }
+                res.writeHead(500, { "Content-Type": "application/json" });
+                res.end(jsonRpcError(exports.ErrorCode.INTERNAL));
+            }
+        });
+    });
+}
+// Line-buffered reader: accumulates chunks and yields complete lines
+class LineBuffer {
+    buffer = "";
+    push(chunk) {
+        this.buffer += chunk;
+        const parts = this.buffer.split("\n");
+        this.buffer = parts.pop(); // Keep incomplete trailing segment
+        return parts.filter((line) => line.trim().length > 0);
+    }
+}
+exports.LineBuffer = LineBuffer;
+// Single source of truth for the server-name policy enforced everywhere
+// (host config load, proxy discovery filter, and the Pages function path
+// allowlist). Keeping these in lockstep prevents valid host config entries
+// from silently disappearing during discovery.
+exports.TOOL_NAME_SEPARATOR = "__";
+exports.SERVER_NAME_PATTERN = /^[A-Za-z0-9._-]+$/;
+// Returns null if the name is acceptable, else a human-readable reason.
+function validateServerName(name) {
+    if (!exports.SERVER_NAME_PATTERN.test(name)) {
+        return `must match ${exports.SERVER_NAME_PATTERN} (letters, digits, '.', '_', '-')`;
+    }
+    if (name.includes(exports.TOOL_NAME_SEPARATOR)) {
+        return `must not contain '${exports.TOOL_NAME_SEPARATOR}' (reserved as tool-name separator)`;
+    }
+    return null;
+}

package/dist/wrapper.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/wrapper.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// Cloudflared wrapper. Owns the cloudflared child for the proxy's pairing
+// tunnel, and guarantees the child cannot outlive its parent (proxy).
+//
+// Lifecycle protocol on stdio:
+//   parent -> wrapper: writes "stop\n" to request a clean shutdown
+//   parent dies      : stdin closes, wrapper sees EOF and tears the child down
+//   wrapper -> parent: prints "URL <tunnel-url>\n" once the tunnel is ready
+//   wrapper -> parent: prints "ERR <message>\n" for each cloudflared error
+//                      so the parent can include the actual cause in any
+//                      rejection / unexpected-exit log instead of a generic
+//                      "exited before becoming ready"
+//   wrapper -> parent: prints "EXIT <code>\n" when cloudflared exits
+//
+// Detection latency for parent death is 0ms on Linux/macOS/Windows because
+// stdin EOF is delivered by the kernel at the moment the parent's pipe FD
+// is closed; no polling is needed.
+const cloudflared_1 = require("cloudflared");
+const protocol_js_1 = require("./shared/protocol.js");
+function main() {
+    const port = parseInt(process.argv[2] ?? "", 10);
+    if (!port || Number.isNaN(port)) {
+        process.stderr.write("Usage: wrapper.js <port>\n");
+        process.exit(2);
+    }
+    const tunnel = cloudflared_1.Tunnel.quick(`http://localhost:${port}`);
+    let stopping = false;
+    const stop = (code = 0) => {
+        if (stopping)
+            return;
+        stopping = true;
+        try {
+            tunnel.stop();
+        }
+        catch { /* already stopped */ }
+        // Give cloudflared a moment to flush, then exit.
+        setTimeout(() => process.exit(code), 250).unref();
+    };
+    tunnel.once("url", (url) => {
+        process.stdout.write(`URL ${url}\n`);
+    });
+    tunnel.on("error", (err) => {
+        // Forward to parent on the structured channel (stdout) so PairingTunnel
+        // can include the cause in its rejection. Also keep the human-readable
+        // line on stderr — stdio is inherited, so operators tailing logs still
+        // see the full cloudflared diagnostic context.
+        const message = err.message.replace(/\r?\n/g, " ");
+        process.stdout.write(`ERR ${message}\n`);
+        process.stderr.write(`tunnel error: ${err.message}\n`);
+    });
+    tunnel.on("exit", (code) => {
+        process.stdout.write(`EXIT ${code ?? ""}\n`);
+        stop(typeof code === "number" ? code : 0);
+    });
+    // Detect parent death via stdin EOF; also accept a "stop" line for clean
+    // shutdown initiated by the parent after pairing completes.
+    const buf = new protocol_js_1.LineBuffer();
+    process.stdin.setEncoding("utf-8");
+    process.stdin.on("data", (chunk) => {
+        for (const line of buf.push(chunk)) {
+            if (line.trim() === "stop")
+                stop(0);
+        }
+    });
+    process.stdin.on("end", () => stop(0));
+    process.stdin.on("close", () => stop(0));
+    process.on("SIGINT", () => stop(0));
+    process.on("SIGTERM", () => stop(0));
+}
+main();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@silver886/mcp-proxy",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "MCP proxy bridge: forward MCP requests across network boundaries via Cloudflare tunnel",
   "repository": {
     "type": "git",
@@ -26,17 +26,25 @@
   },
   "homepage": "https://github.com/silver886/mcp-proxy#readme",
   "bin": {
-    "host": "mcp/dist/host.js",
-    "proxy": "mcp/dist/proxy.js"
+    "host": "dist/host.js",
+    "proxy": "dist/proxy.js"
   },
   "files": [
-    "mcp/dist"
+    "dist",
+    "static"
   ],
+  "engines": {
+    "node": ">=20.3.0"
+  },
   "dependencies": {
-    "cloudflared": "^0.7.1"
+    "cloudflared": "^0.7.1",
+    "eventsource-parser": "^3.0.8"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.5.0"
   },
   "scripts": {
-    "build": "pnpm --filter @silver886/mcp-proxy-mcp build",
-    "deploy:pages": "pnpm --filter @silver886/mcp-proxy-pages run deploy"
+    "build": "tsc"
   }
 }

package/static/setup.css

@@ -0,0 +1,233 @@
+/* Setup page layout. Base styles (button, banner, hint, card, etc.) live in
+   style.css; this file owns layout that's specific to the pairing flow:
+   host rows in step 1, server/tool selection in step 2. */
+
+.step {
+   display: none;
+}
+.step.active {
+   display: block;
+}
+
+/* Hosts flow as a grid so wider viewports can show multiple hosts side by
+   side. minmax(280px, 1fr) collapses to a single column on mobile (one
+   host = full width) and auto-fits extra columns when the card grows on
+   tablet/desktop. auto-fit (not auto-fill) collapses empty tracks so a
+   single host stretches to the full row instead of leaving a gap. */
+#hosts-container {
+   display: grid;
+   grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+   gap: 0.875rem;
+   margin-top: 0.875rem;
+}
+.host-row {
+   border: 1px solid #334155;
+   border-radius: 8px;
+   padding: 0.875rem 1rem 1rem;
+}
+.host-row .host-head {
+   display: flex;
+   align-items: center;
+   justify-content: space-between;
+   gap: 0.5rem;
+}
+.host-row .host-id {
+   font-weight: 600;
+   color: #38bdf8;
+   font-size: 0.95rem;
+}
+.host-row .host-remove {
+   background: transparent;
+   color: #f87171;
+   border: 1px solid #4b5563;
+   border-radius: 6px;
+   padding: 0.25rem 0.5rem;
+   font-size: 0.75rem;
+   width: auto;
+   margin: 0;
+}
+.host-row .host-remove:hover {
+   background: #3f1d1d;
+}
+.host-row label {
+   margin-top: 0.625rem;
+}
+.host-row .host-status {
+   font-size: 0.75rem;
+   margin-top: 0.5rem;
+   color: #94a3b8;
+}
+.host-row .host-status.error {
+   color: #fca5a5;
+}
+.host-row .host-status.partial {
+   color: #fbbf24;
+}
+.host-row .host-status.ok {
+   color: #6ee7b7;
+}
+
+#add-host-btn {
+   background: #334155;
+   margin-top: 0.75rem;
+}
+
+.step2-actions {
+   display: flex;
+   gap: 0.5rem;
+   margin-top: 1.5rem;
+}
+.step2-actions button {
+   margin-top: 0;
+   width: auto;
+}
+.step2-actions #back-btn {
+   flex: 0 0 auto;
+   background: #334155;
+}
+.step2-actions #save-btn {
+   flex: 1;
+}
+
+.host-block {
+   margin-top: 1.25rem;
+   padding-top: 0.75rem;
+   border-top: 1px solid #334155;
+}
+.host-block:first-of-type {
+   border-top: none;
+   margin-top: 0;
+   padding-top: 0;
+}
+.host-block > .host-block-head {
+   font-size: 0.8rem;
+   color: #94a3b8;
+   text-transform: uppercase;
+   letter-spacing: 0.04em;
+   margin-bottom: 0.25rem;
+}
+
+.server-group {
+   margin-top: 1rem;
+   padding-left: 0.25rem;
+}
+
+/* On wider viewports, lay each host's server groups out as a grid so
+   multiple servers can sit side by side. auto-fit collapses empty tracks
+   so a host with one server still stretches edge-to-edge. The block-head
+   spans the full width because it's the host-id label, not a server. */
+@media (min-width: 768px) {
+   .host-block {
+      display: grid;
+      grid-template-columns: repeat(auto-fit, minmax(320px, 1fr));
+      gap: 1rem;
+      align-items: start;
+   }
+   .host-block > .host-block-head {
+      grid-column: 1 / -1;
+   }
+   .server-group {
+      margin-top: 0;
+   }
+}
+.server-group h3 {
+   font-size: 0.95rem;
+   color: #e2e8f0;
+   word-break: break-all;
+}
+.server-group h3 .scope {
+   color: #38bdf8;
+   font-weight: 500;
+}
+.server-group .server-counts {
+   color: #64748b;
+   font-size: 0.8rem;
+   margin-top: 0.125rem;
+   margin-bottom: 0.5rem;
+}
+.server-group.disabled .tool-list {
+   opacity: 0.4;
+   pointer-events: none;
+}
+.server-group.disabled .select-actions {
+   opacity: 0.4;
+   pointer-events: none;
+}
+.server-toggle {
+   display: flex;
+   align-items: center;
+   gap: 0.5rem;
+   font-size: 0.85rem;
+   color: #cbd5e1;
+   margin-bottom: 0.5rem;
+}
+.server-toggle input[type='checkbox'] {
+   accent-color: #38bdf8;
+   cursor: pointer;
+   width: auto;
+   flex: 0 0 auto;
+}
+
+.tool-list {
+   max-height: 280px;
+   overflow-y: auto;
+   border: 1px solid #334155;
+   border-radius: 6px;
+}
+.tool-item {
+   display: flex;
+   align-items: center;
+   border-bottom: 1px solid #1e293b;
+}
+.tool-item:last-child {
+   border-bottom: none;
+}
+.tool-item:hover {
+   background: #253348;
+}
+.tool-check {
+   display: flex;
+   align-items: center;
+   justify-content: center;
+   padding: 0.5rem 0.625rem;
+   flex-shrink: 0;
+}
+.tool-check input[type='checkbox'] {
+   accent-color: #38bdf8;
+   cursor: pointer;
+}
+.tool-label {
+   display: flex;
+   flex-direction: column;
+   justify-content: center;
+   gap: 0.125rem;
+   margin: 0;
+   padding: 0.5rem 0.75rem 0.5rem 0;
+   cursor: pointer;
+   font-size: 0.85rem;
+   flex: 1;
+   min-width: 0;
+}
+.tool-name {
+   font-weight: 600;
+   color: #e2e8f0;
+}
+.tool-desc {
+   font-size: 0.75rem;
+   color: #64748b;
+   line-height: 1.3;
+}
+
+.select-actions {
+   display: flex;
+   gap: 0.5rem;
+   margin-top: 0.5rem;
+   margin-bottom: 0.5rem;
+}
+.select-actions button {
+   flex: 1;
+   padding: 0.375rem;
+   font-size: 0.8rem;
+   background: #334155;
+   margin-top: 0;
+}

package/static/setup.html

@@ -0,0 +1,57 @@
+<!doctype html>
+<html lang="en">
+   <head>
+      <meta charset="utf-8" />
+      <meta name="viewport" content="width=device-width, initial-scale=1" />
+      <title>MCP Proxy – Setup</title>
+      <link rel="stylesheet" href="/style.css" />
+      <link rel="stylesheet" href="/setup.css" />
+   </head>
+   <body>
+      <div class="card">
+         <h1>MCP Proxy Setup</h1>
+
+         <div id="step1" class="step active">
+            <p class="desc">
+               Add one or more host agents. Each host has its own tunnel URL and
+               auth token. Tools will be namespaced by host id when exposed to
+               the MCP client.
+            </p>
+            <form id="tunnel-form">
+               <div id="hosts-container"></div>
+               <button type="button" id="add-host-btn">
+                  + Add another host
+               </button>
+               <button type="submit" id="tunnel-btn">Discover Servers</button>
+            </form>
+         </div>
+
+         <div id="step2" class="step">
+            <p class="desc">
+               Select the servers and tools to expose through the proxy.
+               Unchecking a server hides every capability it offers — tools,
+               prompts, and resources alike.
+            </p>
+            <div id="servers-container"></div>
+            <p id="save-hint" class="hint">
+               Select at least one server to continue.
+            </p>
+            <div class="step2-actions">
+               <button type="button" id="back-btn">← Back</button>
+               <button id="save-btn" disabled>Complete Setup</button>
+            </div>
+         </div>
+
+         <div id="result-section" style="display: none"></div>
+
+         <div id="error-section" style="display: none">
+            <div class="banner error">
+               Invalid setup link. The URL must contain the proxy's bearer token
+               in the hash fragment (e.g. <code>/#token=...</code>).
+            </div>
+         </div>
+      </div>
+
+      <script src="/setup.js"></script>
+   </body>
+</html>