@smartbear/mcp 0.17.1 → 0.18.0

package/dist/bugsnag/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { CurrentUserAPI } from "./client/api/CurrentUser.js";
 import { Configuration } from "./client/api/configuration.js";
@@ -39,7 +40,7 @@ const EXCLUDED_EVENT_FIELDS = /* @__PURE__ */ new Set([
   // This is searches multiple fields and is more a convenience for humans, we're removing to avoid over-matching
 ]);
 const ConfigurationSchema = z.object({
-  auth_token: z.string().describe("BugSnag personal authentication token"),
+  auth_token: z.string().describe("BugSnag personal access token").optional(),
   project_api_key: z.string().describe("BugSnag project API key").optional(),
   endpoint: z.string().url().describe("BugSnag endpoint URL").optional()
 });
@@ -51,6 +52,7 @@ class BugsnagClient {
   _errorsApi;
   _projectApi;
   _appEndpoint;
+  _authToken;
   get currentUserApi() {
     if (!this._currentUserApi) throw new Error("Client not configured");
     return this._currentUserApi;
@@ -78,8 +80,47 @@ class BugsnagClient {
       config.project_api_key,
       config.endpoint
     );
+    this._projectApiKey = config.project_api_key;
+    this._authToken = config.auth_token;
+    await this.initializeApis(config);
+  }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Bugsnag-Auth-Token");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("token ")) {
+        token = token.substring(6);
+      }
+      return `token ${token}`;
+    }
+    const bearerToken = this.getBearerToken();
+    if (bearerToken) {
+      return bearerToken;
+    }
+    return this._authToken ? `token ${this._authToken}` : null;
+  }
+  getBearerToken() {
+    const contextHeader = getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
+  async initializeApis(config) {
     const apiConfig = new Configuration({
-      apiKey: `token ${config.auth_token}`,
+      apiKey: (_name) => {
+        const authToken = this.getAuthToken();
+        if (authToken) {
+          return authToken;
+        }
+        throw new Error(
+          "Authentication token not found in request headers or configuration"
+        );
+      },
       headers: {
         "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`,
         "Content-Type": "application/json",
@@ -95,9 +136,7 @@ class BugsnagClient {
     this._currentUserApi = new CurrentUserAPI(apiConfig);
     this._errorsApi = new ErrorAPI(apiConfig);
     this._projectApi = new ProjectAPI(apiConfig);
-    this._projectApiKey = config.project_api_key;
     this._isConfigured = true;
-    return;
   }
   isConfigured() {
     return this._isConfigured;

package/dist/collaborator/client.js

@@ -1,8 +1,9 @@
 import { z } from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 const ConfigurationSchema = z.object({
   base_url: z.url().describe("Collaborator server base URL"),
-  username: z.string().describe("Collaborator username for authentication"),
-  login_ticket: z.string().describe("Collaborator login ticket for authentication")
+  username: z.string().describe("Collaborator username for authentication").optional(),
+  login_ticket: z.string().describe("Collaborator login ticket for authentication").optional()
 });
 class CollaboratorClient {
   name = "Collaborator";
@@ -18,7 +19,7 @@ class CollaboratorClient {
     this.loginTicket = config.login_ticket;
   }
   isConfigured() {
-    return this.baseUrl !== void 0 && this.username !== void 0 && this.loginTicket !== void 0;
+    return this.baseUrl !== void 0;
   }
   /**
    * Calls the Collaborator API with the given commands, prepending authentication automatically.
@@ -27,10 +28,20 @@ class CollaboratorClient {
    */
   async call(commands) {
     const url = `${this.baseUrl}/services/json/v1`;
+    let login = this.username;
+    let ticket = this.loginTicket;
+    const contextLogin = getRequestHeader("Collaborator-Login");
+    const contextTicket = getRequestHeader("Collaborator-Ticket");
+    if (contextLogin) {
+      login = Array.isArray(contextLogin) ? contextLogin[0] : contextLogin;
+    }
+    if (contextTicket) {
+      ticket = Array.isArray(contextTicket) ? contextTicket[0] : contextTicket;
+    }
     const body = [
       {
         command: "SessionService.authenticate",
-        args: { login: this.username, ticket: this.loginTicket }
+        args: { login, ticket }
       },
       ...commands
     ];

package/dist/common/request-context.js

@@ -0,0 +1,20 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+const requestContextStorage = new AsyncLocalStorage();
+function withRequestContext(req, fn) {
+  return requestContextStorage.run({ headers: req.headers }, fn);
+}
+function getRequestContext() {
+  return requestContextStorage.getStore();
+}
+function getRequestHeader(name) {
+  const context = getRequestContext();
+  if (!context?.headers) return void 0;
+  const headerValue = context.headers[name] || context.headers[name.toLowerCase()];
+  return headerValue;
+}
+export {
+  getRequestContext,
+  getRequestHeader,
+  requestContextStorage,
+  withRequestContext
+};

package/dist/common/server.js

@@ -56,6 +56,9 @@ class SmartBearMcpServer extends McpServer {
   isElicitationSupported() {
     return this.elicitationSupported;
   }
+  getClients() {
+    return this.clients;
+  }
   async cleanupSession(mcpSessionId) {
     for (const client of this.clients) {
       await client.cleanupSession?.(mcpSessionId);

package/dist/common/transport-http.js

@@ -4,8 +4,19 @@ import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { clientRegistry } from "./client-registry.js";
+import { withRequestContext } from "./request-context.js";
 import { SmartBearMcpServer } from "./server.js";
+import { getEnvVarName } from "./transport-stdio.js";
 import { isOptionalType } from "./zod-utils.js";
+function getBaseUrl(req) {
+  const baseUrlOverride = process.env.BASE_URL;
+  if (baseUrlOverride) {
+    return baseUrlOverride;
+  }
+  const protocol = req.headers["x-forwarded-proto"] || "http";
+  const host = req.headers["x-forwarded-host"] || req.headers.host;
+  return `${protocol}://${host}`;
+}
 async function runHttpMode() {
   const PORT = process.env.PORT ? Number.parseInt(process.env.PORT, 10) : 3e3;
   const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(",") || [
@@ -20,6 +31,7 @@ async function runHttpMode() {
     // Required for StreamableHTTP
     "x-custom-auth-headers",
     // used by mcp-inspector
+    "mcp-protocol-version",
     ...allowedAuthHeaders
   ].join(", ");
   const httpServer = createServer(
@@ -39,7 +51,8 @@ async function runHttpMode() {
         res.end();
         return;
       }
-      const url = new URL(req.url || "/", `http://${req.headers.host}`);
+      const baseUrl = getBaseUrl(req);
+      const url = new URL(req.url || "/", baseUrl);
       if (req.method === "GET" && url.pathname === "/health") {
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(
@@ -47,6 +60,17 @@ async function runHttpMode() {
         );
         return;
       }
+      if (req.method === "GET" && (url.pathname === "/.well-known/oauth-protected-resource" || url.pathname === "/.well-known/oauth-protected-resource/mcp")) {
+        const authServerUrl = process.env.OAUTH_AUTHORIZATION_SERVER_URL || "http://localhost:7070";
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            resource: `${baseUrl}/mcp`,
+            authorization_servers: [authServerUrl]
+          })
+        );
+        return;
+      }
       if (url.pathname === "/mcp") {
         await handleStreamableHttpRequest(req, res, transports);
         return;
@@ -190,7 +214,10 @@ async function handleStreamableHttpRequest(req, res, transports) {
       );
       return;
     }
-    await transport.handleRequest(req, res, parsedBody);
+    await withRequestContext(
+      req,
+      async () => await transport.handleRequest(req, res, parsedBody)
+    );
   } catch (error) {
     console.error("Error handling StreamableHTTP request:", error);
     res.writeHead(500, { "Content-Type": "text/plain" });
@@ -235,10 +262,13 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
   req.on("end", async () => {
     try {
       const parsedBody = JSON.parse(body);
-      await session.transport.handlePostMessage(
+      await withRequestContext(
         req,
-        res,
-        parsedBody
+        async () => await session.transport.handlePostMessage(
+          req,
+          res,
+          parsedBody
+        )
       );
     } catch (error) {
       console.error("Error handling POST message:", error);
@@ -250,19 +280,49 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
 async function newServer(req, res) {
   const server = new SmartBearMcpServer();
   try {
-    await clientRegistry.configure(server, (client, key) => {
-      const headerName = getHeaderName(client, key);
-      const value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
-      if (typeof value === "string") {
-        return value;
-      }
-      return null;
-    });
+    const configuredCount = await withRequestContext(
+      req,
+      () => clientRegistry.configure(server, (client, key) => {
+        const headerName = getHeaderName(client, key);
+        const value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
+        if (typeof value === "string") {
+          return value;
+        }
+        const envVarName = getEnvVarName(client, key);
+        return process.env[envVarName] || null;
+      })
+    );
+    console.log(
+      `Configured ${configuredCount} clients for new server instance`
+    );
+    if (configuredCount === 0) {
+      throw new Error(
+        "No clients successfully configured. Missing authentication headers."
+      );
+    }
+    const hasAuth = withRequestContext(
+      req,
+      () => server.getClients().some((client) => {
+        if (!client.getAuthToken) return true;
+        return client.getAuthToken() !== null;
+      })
+    );
+    if (!hasAuth) {
+      throw new Error(
+        "No clients have valid authentication credentials. Please authenticate via OAuth or provide alternative auth headers (e.g. API key or personal auth token)."
+      );
+    }
   } catch (error) {
     const headerHelp = getHttpHeadersHelp();
     const errorMessage = headerHelp.length > 0 ? `Configuration error: ${error instanceof Error ? error.message : String(error)}. Please provide valid headers:
 ${headerHelp.join("\n")}` : "No clients support HTTP header configuration.";
-    res.writeHead(401, { "Content-Type": "text/plain" });
+    const headers = {
+      "Content-Type": "text/plain"
+    };
+    if (req.headers.host) {
+      headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
+    }
+    res.writeHead(401, headers);
     res.end(errorMessage);
     return null;
   }
@@ -297,5 +357,8 @@ function getHttpHeadersHelp() {
   return messages;
 }
 export {
+  getBaseUrl,
+  getHeaderName,
+  newServer,
   runHttpMode
 };

package/dist/common/transport-stdio.js

@@ -60,5 +60,6 @@ function getEnvVarName(client, key) {
   return `${client.configPrefix.toUpperCase().replace(/-/g, "_")}_${key.toUpperCase()}`;
 }
 export {
+  getEnvVarName,
   runStdioMode
 };

package/dist/package.json.js

@@ -1,4 +1,4 @@
-const version = "0.17.1";
+const version = "0.18.0";
 const config = { "mcpServerName": "SmartBear MCP Server" };
 const packageJson = {
   version,

package/dist/pactflow/client.js

@@ -1,6 +1,7 @@
 import zod__default from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
 import { isSamplingPolyfillResult } from "../common/pollyfills.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { getOADMatcherRecommendations, getUserMatcherSelection } from "./client/prompt-utils.js";
 import { PROMPTS } from "./client/prompts.js";
@@ -18,7 +19,9 @@ class PactflowClient {
   toolPrefix = "contract-testing";
   configPrefix = "Pact-Broker";
   config = ConfigurationSchema;
-  headers;
+  token;
+  username;
+  password;
   aiBaseUrl;
   baseUrl;
   _clientType;
@@ -37,23 +40,15 @@ class PactflowClient {
    * @param config - Connection config (base_url + token OR username/password).
    */
   async configure(server, config) {
+    this.token = config.token;
+    this.username = config.username;
+    this.password = config.password;
     if (typeof config.token === "string") {
-      this.headers = {
-        Authorization: `Bearer ${config.token}`,
-        "Content-Type": "application/json",
-        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
-      };
       this._clientType = "pactflow";
     } else if (typeof config.username === "string" && typeof config.password === "string") {
-      const authString = `${config.username}:${config.password}`;
-      this.headers = {
-        Authorization: `Basic ${Buffer.from(authString).toString("base64")}`,
-        "Content-Type": "application/json",
-        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
-      };
       this._clientType = "pact_broker";
     } else {
-      return;
+      this._clientType = "pactflow";
     }
     this.baseUrl = config.base_url;
     this.aiBaseUrl = `${this.baseUrl}/api/ai`;
@@ -155,7 +150,7 @@ class PactflowClient {
   async getStatus(statusUrl) {
     const response = await fetch(statusUrl, {
       method: "HEAD",
-      headers: this.headers
+      headers: this.requestHeaders
     });
     return {
       status: response.status,
@@ -164,7 +159,40 @@ class PactflowClient {
   }
   /** Returns the current auth/content-type headers used for all requests. */
   get requestHeaders() {
-    return this.headers;
+    let contextToken = getRequestHeader("Pact-Token") || getRequestHeader("Authorization");
+    if (Array.isArray(contextToken)) {
+      contextToken = contextToken[0];
+    }
+    if (contextToken) {
+      let authHeader = contextToken;
+      if (!contextToken.startsWith("Basic ") && !contextToken.startsWith("Bearer ")) {
+        authHeader = `Bearer ${contextToken}`;
+      }
+      return {
+        Authorization: authHeader,
+        "Content-Type": "application/json",
+        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+      };
+    }
+    if (this.token) {
+      let authHeader = this.token;
+      if (!authHeader.startsWith("Basic ") && !authHeader.startsWith("Bearer ")) {
+        authHeader = `Bearer ${authHeader}`;
+      }
+      return {
+        Authorization: authHeader,
+        "Content-Type": "application/json",
+        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+      };
+    } else if (this.username && this.password) {
+      const authString = `${this.username}:${this.password}`;
+      return {
+        Authorization: `Basic ${Buffer.from(authString).toString("base64")}`,
+        "Content-Type": "application/json",
+        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+      };
+    }
+    return void 0;
   }
   /**
    * Fetches the final result of a completed async operation.
@@ -176,7 +204,7 @@ class PactflowClient {
   async getResult(resultUrl) {
     const response = await fetch(resultUrl, {
       method: "GET",
-      headers: this.headers
+      headers: this.requestHeaders
     });
     if (!response.ok) {
       throw new ToolError(`HTTP error! status: ${response.status}`);
@@ -224,7 +252,7 @@ class PactflowClient {
     try {
       const response = await fetch(url, {
         method,
-        headers: this.headers,
+        headers: this.requestHeaders,
         ...body && { body: JSON.stringify(body) }
       });
       if (!response.ok) {
@@ -374,7 +402,7 @@ class PactflowClient {
     try {
       const response = await fetch(url, {
         method: "GET",
-        headers: this.headers
+        headers: this.requestHeaders
       });
       if (!response.ok) {
         const errorText = await response.text().catch(() => "");
@@ -399,7 +427,7 @@ class PactflowClient {
     try {
       const response = await fetch(url, {
         method: "GET",
-        headers: this.headers
+        headers: this.requestHeaders
       });
       if (!response.ok) {
         const errorText = await response.text().catch(() => "");

package/dist/qmetry/client.js

@@ -1,11 +1,12 @@
 import zod__default from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 import { findAutoResolveConfig, autoResolveViewIdAndFolderPath } from "./client/auto-resolve.js";
 import { QMETRY_HANDLER_MAP } from "./client/handlers.js";
 import { getProjectInfo } from "./client/project.js";
 import { TOOLS } from "./client/tools/index.js";
 import { QMETRY_DEFAULTS } from "./config/constants.js";
 const ConfigurationSchema = zod__default.object({
-  api_key: zod__default.string().describe("QMetry API key for authentication"),
+  api_key: zod__default.string().describe("QMetry API key for authentication").optional(),
   base_url: zod__default.string().url().optional().describe(
     "Optional QMetry base URL for custom or region-specific endpoints"
   )
@@ -25,9 +26,16 @@ class QmetryClient {
     }
   }
   isConfigured() {
-    return this.token !== void 0;
+    return true;
   }
   getToken() {
+    let contextToken = getRequestHeader("Qmetry-Token") || getRequestHeader("apikey");
+    if (Array.isArray(contextToken)) {
+      contextToken = contextToken[0];
+    }
+    if (contextToken) {
+      return contextToken;
+    }
     if (!this.token) throw new Error("Client not configured");
     return this.token;
   }

package/dist/reflect/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { API_KEY_HEADER } from "./config/constants.js";
 import { SapTest } from "./prompt/sap-test.js";
@@ -18,11 +19,10 @@ import { ListSegments } from "./tool/tests/list-segments.js";
 import { ListTests } from "./tool/tests/list-tests.js";
 import { RunTest } from "./tool/tests/run-test.js";
 const ConfigurationSchema = z.object({
-  api_token: z.string().describe("Reflect API authentication token")
+  api_token: z.string().describe("Reflect API authentication token").optional()
 });
 class ReflectClient {
-  headers = {};
-  apiToken = "";
+  _apiToken;
   activeConnections = /* @__PURE__ */ new Map();
   sessionStates = /* @__PURE__ */ new Map();
   mcpSessionConnections = /* @__PURE__ */ new Map();
@@ -31,21 +31,35 @@ class ReflectClient {
   configPrefix = "Reflect";
   config = ConfigurationSchema;
   async configure(_server, config, _cache) {
-    this.apiToken = config.api_token;
-    this.headers = {
-      [API_KEY_HEADER]: `${config.api_token}`,
-      "Content-Type": "application/json",
-      "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
-    };
+    this._apiToken = config.api_token;
+  }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Reflect-Api-Token") || getRequestHeader("X-API-KEY") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiToken || null;
   }
   isConfigured() {
-    return Object.keys(this.headers).length !== 0;
+    return true;
   }
   getApiToken() {
-    return this.apiToken;
+    return this.getAuthToken() || "";
   }
   getHeaders() {
-    return this.headers;
+    const token = this.getAuthToken();
+    if (!token) {
+      throw new Error("Reflect API token not found");
+    }
+    return {
+      [API_KEY_HEADER]: token,
+      "Content-Type": "application/json",
+      "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+    };
   }
   getSessionState(sessionId) {
     return this.sessionStates.get(sessionId);

package/dist/swagger/client/api.js

@@ -11,10 +11,13 @@ function hasErrorsFound(value) {
 }
 class SwaggerAPI {
   config;
-  headers;
+  userAgent;
   constructor(config, userAgent) {
     this.config = config;
-    this.headers = config.getHeaders(userAgent);
+    this.userAgent = userAgent;
+  }
+  get headers() {
+    return this.config.getHeaders(this.userAgent);
   }
   /**
    * Core response parsing logic shared between different response handlers.

package/dist/swagger/client/configuration.js

@@ -1,28 +1,36 @@
 class SwaggerConfiguration {
-  token;
+  tokenProvider;
   portalBasePath;
   registryBasePath;
   uiBasePath;
   userManagementBasePath;
-  headers;
+  defaultHeaders;
   constructor(param) {
-    this.token = param.token;
+    if (typeof param.token === "string") {
+      this.tokenProvider = () => param.token;
+    } else {
+      this.tokenProvider = param.token;
+    }
     this.portalBasePath = param.portalBasePath || "https://api.portal.swaggerhub.com/v1";
     this.registryBasePath = param.registryBasePath || "https://api.swaggerhub.com";
     this.uiBasePath = param.uiBasePath || "https://app.swaggerhub.com";
     this.userManagementBasePath = param.userManagementBasePath || `${this.registryBasePath}/user-management/v1`;
-    this.headers = {
-      Authorization: `Bearer ${this.token}`,
+    this.defaultHeaders = {
       "Content-Type": "application/json",
       ...param.headers
     };
   }
   /**
-   * Get headers with User-Agent included
+   * Get headers with User-Agent included and dynamic Auth token
    */
   getHeaders(userAgent) {
+    const token = this.tokenProvider();
+    if (!token) {
+      throw new Error("Swagger API token not found");
+    }
     return {
-      ...this.headers,
+      Authorization: `Bearer ${token}`,
+      ...this.defaultHeaders,
       "User-Agent": userAgent
     };
   }

package/dist/swagger/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import "./config-utils.js";
 import { SwaggerAPI } from "./client/api.js";
 import { SwaggerConfiguration } from "./client/configuration.js";
@@ -8,21 +9,23 @@ import "./client/registry-types.js";
 import { TOOLS } from "./client/tools.js";
 import "./client/user-management-types.js";
 const ConfigurationSchema = z.object({
-  api_key: z.string().describe("Swagger API key for authentication"),
+  api_key: z.string().describe("Swagger API key for authentication").optional(),
   portal_base_path: z.string().optional().describe("Base path for Portal API requests (optional)"),
   registry_base_path: z.string().optional().describe("Base path for Registry API requests (optional)"),
   ui_base_path: z.string().optional().describe("Base URL for the SwaggerHub UI (optional)")
 });
 class SwaggerClient {
   api;
+  _apiKey;
   name = "Swagger";
   toolPrefix = "swagger";
   configPrefix = "Swagger";
   config = ConfigurationSchema;
   async configure(_server, config, _cache) {
+    this._apiKey = config.api_key;
     this.api = new SwaggerAPI(
       new SwaggerConfiguration({
-        token: config.api_key,
+        token: () => this.getAuthToken(),
         portalBasePath: config.portal_base_path,
         registryBasePath: config.registry_base_path,
         uiBasePath: config.ui_base_path
@@ -30,6 +33,17 @@ class SwaggerClient {
       `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
     );
   }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Swagger-Api-Key") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiKey || null;
+  }
   isConfigured() {
     return this.api !== void 0;
   }

package/dist/zephyr/client.js

@@ -1,4 +1,5 @@
 import zod__default from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 import { ApiClient } from "./common/api-client.js";
 import { GetEnvironments } from "./tool/environment/get-environments.js";
 import { CreateFolder } from "./tool/folder/create-folder.js";
@@ -37,21 +38,34 @@ import { UpdateTestExecution } from "./tool/test-execution/update-test-execution
 import { UpdateTestExecutionSteps } from "./tool/test-execution/update-test-steps.js";
 const BASE_URL_DEFAULT = "https://api.zephyrscale.smartbear.com/v2";
 const ConfigurationSchema = zod__default.object({
-  api_token: zod__default.string().describe("Zephyr Scale API token for authentication"),
+  api_token: zod__default.string().describe("Zephyr Scale API token for authentication").optional(),
   base_url: zod__default.string().url().optional().describe("Zephyr Scale API base URL").default(BASE_URL_DEFAULT)
 });
 class ZephyrClient {
   apiClient;
+  _apiToken;
   name = "Zephyr";
   toolPrefix = "zephyr";
   configPrefix = "Zephyr";
   config = ConfigurationSchema;
   async configure(_server, config, _cache) {
+    this._apiToken = config.api_token;
     this.apiClient = new ApiClient(
-      config.api_token,
+      () => this.getAuthToken(),
       config.base_url || BASE_URL_DEFAULT
     );
   }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Zephyr-Api-Token") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiToken || null;
+  }
   isConfigured() {
     return this.apiClient !== void 0;
   }

package/dist/zephyr/common/api-client.js

@@ -2,10 +2,24 @@ import { ToolError } from "../../common/tools.js";
 import { AuthService } from "./auth-service.js";
 class ApiClient {
   baseUrl;
-  defaultHeaders;
-  constructor(bearerToken, baseUrl) {
+  tokenProvider;
+  constructor(tokenOrProvider, baseUrl) {
     this.baseUrl = baseUrl.trim().replace(/\/$/, "");
-    this.defaultHeaders = new AuthService(bearerToken).getAuthHeaders();
+    if (typeof tokenOrProvider === "string") {
+      this.tokenProvider = () => tokenOrProvider;
+    } else {
+      this.tokenProvider = tokenOrProvider;
+    }
+  }
+  get defaultHeaders() {
+    return this.getHeaders();
+  }
+  getHeaders() {
+    const token = this.tokenProvider();
+    if (!token) {
+      throw new ToolError("Zephyr API token not found");
+    }
+    return new AuthService(token).getAuthHeaders();
   }
   getUrl(endpoint, params) {
     const url = new URL(this.baseUrl + endpoint);
@@ -21,7 +35,7 @@ class ApiClient {
   async get(endpoint, params) {
     const response = await fetch(this.getUrl(endpoint, params), {
       method: "GET",
-      headers: this.defaultHeaders
+      headers: this.getHeaders()
     });
     return await this.validateAndGetResponseBody(response);
   }
@@ -29,7 +43,7 @@ class ApiClient {
     const response = await fetch(this.getUrl(endpoint), {
       method: "POST",
       headers: {
-        ...this.defaultHeaders,
+        ...this.getHeaders(),
         "Content-Type": "application/json"
       },
       body: JSON.stringify(body)
@@ -40,7 +54,7 @@ class ApiClient {
     const response = await fetch(this.getUrl(endpoint), {
       method: "PUT",
       headers: {
-        ...this.defaultHeaders,
+        ...this.getHeaders(),
         "Content-Type": "application/json"
       },
       body: JSON.stringify(body)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smartbear/mcp",
-  "version": "0.17.1",
+  "version": "0.18.0",
   "description": "MCP server for interacting SmartBear Products",
   "keywords": [
     "smartbear",