@smartbear/mcp 0.17.0 → 0.18.0

package/dist/bugsnag/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { CurrentUserAPI } from "./client/api/CurrentUser.js";
 import { Configuration } from "./client/api/configuration.js";
@@ -39,7 +40,7 @@ const EXCLUDED_EVENT_FIELDS = /* @__PURE__ */ new Set([
   // This is searches multiple fields and is more a convenience for humans, we're removing to avoid over-matching
 ]);
 const ConfigurationSchema = z.object({
-  auth_token: z.string().describe("BugSnag personal authentication token"),
+  auth_token: z.string().describe("BugSnag personal access token").optional(),
   project_api_key: z.string().describe("BugSnag project API key").optional(),
   endpoint: z.string().url().describe("BugSnag endpoint URL").optional()
 });
@@ -51,6 +52,7 @@ class BugsnagClient {
   _errorsApi;
   _projectApi;
   _appEndpoint;
+  _authToken;
   get currentUserApi() {
     if (!this._currentUserApi) throw new Error("Client not configured");
     return this._currentUserApi;
@@ -78,8 +80,47 @@ class BugsnagClient {
       config.project_api_key,
       config.endpoint
     );
+    this._projectApiKey = config.project_api_key;
+    this._authToken = config.auth_token;
+    await this.initializeApis(config);
+  }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Bugsnag-Auth-Token");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("token ")) {
+        token = token.substring(6);
+      }
+      return `token ${token}`;
+    }
+    const bearerToken = this.getBearerToken();
+    if (bearerToken) {
+      return bearerToken;
+    }
+    return this._authToken ? `token ${this._authToken}` : null;
+  }
+  getBearerToken() {
+    const contextHeader = getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
+  async initializeApis(config) {
     const apiConfig = new Configuration({
-      apiKey: `token ${config.auth_token}`,
+      apiKey: (_name) => {
+        const authToken = this.getAuthToken();
+        if (authToken) {
+          return authToken;
+        }
+        throw new Error(
+          "Authentication token not found in request headers or configuration"
+        );
+      },
       headers: {
         "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`,
         "Content-Type": "application/json",
@@ -95,9 +136,7 @@ class BugsnagClient {
     this._currentUserApi = new CurrentUserAPI(apiConfig);
     this._errorsApi = new ErrorAPI(apiConfig);
     this._projectApi = new ProjectAPI(apiConfig);
-    this._projectApiKey = config.project_api_key;
     this._isConfigured = true;
-    return;
   }
   isConfigured() {
     return this._isConfigured;

package/dist/collaborator/client.js

@@ -1,8 +1,9 @@
 import { z } from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 const ConfigurationSchema = z.object({
   base_url: z.url().describe("Collaborator server base URL"),
-  username: z.string().describe("Collaborator username for authentication"),
-  login_ticket: z.string().describe("Collaborator login ticket for authentication")
+  username: z.string().describe("Collaborator username for authentication").optional(),
+  login_ticket: z.string().describe("Collaborator login ticket for authentication").optional()
 });
 class CollaboratorClient {
   name = "Collaborator";
@@ -18,7 +19,7 @@ class CollaboratorClient {
     this.loginTicket = config.login_ticket;
   }
   isConfigured() {
-    return this.baseUrl !== void 0 && this.username !== void 0 && this.loginTicket !== void 0;
+    return this.baseUrl !== void 0;
   }
   /**
    * Calls the Collaborator API with the given commands, prepending authentication automatically.
@@ -27,10 +28,20 @@ class CollaboratorClient {
    */
   async call(commands) {
     const url = `${this.baseUrl}/services/json/v1`;
+    let login = this.username;
+    let ticket = this.loginTicket;
+    const contextLogin = getRequestHeader("Collaborator-Login");
+    const contextTicket = getRequestHeader("Collaborator-Ticket");
+    if (contextLogin) {
+      login = Array.isArray(contextLogin) ? contextLogin[0] : contextLogin;
+    }
+    if (contextTicket) {
+      ticket = Array.isArray(contextTicket) ? contextTicket[0] : contextTicket;
+    }
     const body = [
       {
         command: "SessionService.authenticate",
-        args: { login: this.username, ticket: this.loginTicket }
+        args: { login, ticket }
       },
       ...commands
     ];

package/dist/common/request-context.js

@@ -0,0 +1,20 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+const requestContextStorage = new AsyncLocalStorage();
+function withRequestContext(req, fn) {
+  return requestContextStorage.run({ headers: req.headers }, fn);
+}
+function getRequestContext() {
+  return requestContextStorage.getStore();
+}
+function getRequestHeader(name) {
+  const context = getRequestContext();
+  if (!context?.headers) return void 0;
+  const headerValue = context.headers[name] || context.headers[name.toLowerCase()];
+  return headerValue;
+}
+export {
+  getRequestContext,
+  getRequestHeader,
+  requestContextStorage,
+  withRequestContext
+};

package/dist/common/server.js

@@ -56,6 +56,9 @@ class SmartBearMcpServer extends McpServer {
   isElicitationSupported() {
     return this.elicitationSupported;
   }
+  getClients() {
+    return this.clients;
+  }
   async cleanupSession(mcpSessionId) {
     for (const client of this.clients) {
       await client.cleanupSession?.(mcpSessionId);

package/dist/common/transport-http.js

@@ -4,8 +4,19 @@ import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { clientRegistry } from "./client-registry.js";
+import { withRequestContext } from "./request-context.js";
 import { SmartBearMcpServer } from "./server.js";
+import { getEnvVarName } from "./transport-stdio.js";
 import { isOptionalType } from "./zod-utils.js";
+function getBaseUrl(req) {
+  const baseUrlOverride = process.env.BASE_URL;
+  if (baseUrlOverride) {
+    return baseUrlOverride;
+  }
+  const protocol = req.headers["x-forwarded-proto"] || "http";
+  const host = req.headers["x-forwarded-host"] || req.headers.host;
+  return `${protocol}://${host}`;
+}
 async function runHttpMode() {
   const PORT = process.env.PORT ? Number.parseInt(process.env.PORT, 10) : 3e3;
   const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(",") || [
@@ -20,6 +31,7 @@ async function runHttpMode() {
     // Required for StreamableHTTP
     "x-custom-auth-headers",
     // used by mcp-inspector
+    "mcp-protocol-version",
     ...allowedAuthHeaders
   ].join(", ");
   const httpServer = createServer(
@@ -39,7 +51,8 @@ async function runHttpMode() {
         res.end();
         return;
       }
-      const url = new URL(req.url || "/", `http://${req.headers.host}`);
+      const baseUrl = getBaseUrl(req);
+      const url = new URL(req.url || "/", baseUrl);
       if (req.method === "GET" && url.pathname === "/health") {
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(
@@ -47,6 +60,17 @@ async function runHttpMode() {
         );
         return;
       }
+      if (req.method === "GET" && (url.pathname === "/.well-known/oauth-protected-resource" || url.pathname === "/.well-known/oauth-protected-resource/mcp")) {
+        const authServerUrl = process.env.OAUTH_AUTHORIZATION_SERVER_URL || "http://localhost:7070";
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            resource: `${baseUrl}/mcp`,
+            authorization_servers: [authServerUrl]
+          })
+        );
+        return;
+      }
       if (url.pathname === "/mcp") {
         await handleStreamableHttpRequest(req, res, transports);
         return;
@@ -190,7 +214,10 @@ async function handleStreamableHttpRequest(req, res, transports) {
       );
       return;
     }
-    await transport.handleRequest(req, res, parsedBody);
+    await withRequestContext(
+      req,
+      async () => await transport.handleRequest(req, res, parsedBody)
+    );
   } catch (error) {
     console.error("Error handling StreamableHTTP request:", error);
     res.writeHead(500, { "Content-Type": "text/plain" });
@@ -235,10 +262,13 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
   req.on("end", async () => {
     try {
       const parsedBody = JSON.parse(body);
-      await session.transport.handlePostMessage(
+      await withRequestContext(
         req,
-        res,
-        parsedBody
+        async () => await session.transport.handlePostMessage(
+          req,
+          res,
+          parsedBody
+        )
       );
     } catch (error) {
       console.error("Error handling POST message:", error);
@@ -250,19 +280,49 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
 async function newServer(req, res) {
   const server = new SmartBearMcpServer();
   try {
-    await clientRegistry.configure(server, (client, key) => {
-      const headerName = getHeaderName(client, key);
-      const value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
-      if (typeof value === "string") {
-        return value;
-      }
-      return null;
-    });
+    const configuredCount = await withRequestContext(
+      req,
+      () => clientRegistry.configure(server, (client, key) => {
+        const headerName = getHeaderName(client, key);
+        const value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
+        if (typeof value === "string") {
+          return value;
+        }
+        const envVarName = getEnvVarName(client, key);
+        return process.env[envVarName] || null;
+      })
+    );
+    console.log(
+      `Configured ${configuredCount} clients for new server instance`
+    );
+    if (configuredCount === 0) {
+      throw new Error(
+        "No clients successfully configured. Missing authentication headers."
+      );
+    }
+    const hasAuth = withRequestContext(
+      req,
+      () => server.getClients().some((client) => {
+        if (!client.getAuthToken) return true;
+        return client.getAuthToken() !== null;
+      })
+    );
+    if (!hasAuth) {
+      throw new Error(
+        "No clients have valid authentication credentials. Please authenticate via OAuth or provide alternative auth headers (e.g. API key or personal auth token)."
+      );
+    }
   } catch (error) {
     const headerHelp = getHttpHeadersHelp();
     const errorMessage = headerHelp.length > 0 ? `Configuration error: ${error instanceof Error ? error.message : String(error)}. Please provide valid headers:
 ${headerHelp.join("\n")}` : "No clients support HTTP header configuration.";
-    res.writeHead(401, { "Content-Type": "text/plain" });
+    const headers = {
+      "Content-Type": "text/plain"
+    };
+    if (req.headers.host) {
+      headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
+    }
+    res.writeHead(401, headers);
     res.end(errorMessage);
     return null;
   }
@@ -297,5 +357,8 @@ function getHttpHeadersHelp() {
   return messages;
 }
 export {
+  getBaseUrl,
+  getHeaderName,
+  newServer,
   runHttpMode
 };

package/dist/common/transport-stdio.js

@@ -60,5 +60,6 @@ function getEnvVarName(client, key) {
   return `${client.configPrefix.toUpperCase().replace(/-/g, "_")}_${key.toUpperCase()}`;
 }
 export {
+  getEnvVarName,
   runStdioMode
 };

package/dist/package.json.js

@@ -1,4 +1,4 @@
-const version = "0.17.0";
+const version = "0.18.0";
 const config = { "mcpServerName": "SmartBear MCP Server" };
 const packageJson = {
   version,