@smartbear/mcp 0.24.0 → 0.25.0

package/dist/common/client-registry.js

@@ -1,28 +1,36 @@
-import { ZodURL } from "zod";
+import { ZodURL, ZodError } from "zod";
 import { fullyUnwrapZodType, isOptionalType } from "./zod-utils.js";
 class ClientRegistry {
   entries = [];
-  enabledClients = null;
+  enabledClients;
   /**
-   * Configure which clients should be enabled based on MCP_CLIENTS env var
+   * Configure which clients should be enabled based on MCP_CLIENTS env var and MCP_TOOLSETS (to enable any referenced clients)
    * If not set or empty, all clients are enabled
    * If set, should be comma-separated list of client names (case-insensitive)
    */
   constructor() {
-    const enabledClientsEnv = process.env.MCP_CLIENTS?.trim();
-    if (!enabledClientsEnv) {
-      this.enabledClients = null;
-      return;
+    let enabledClientsStr = "";
+    if (process.env.MCP_CLIENTS) {
+      enabledClientsStr = process.env.MCP_CLIENTS.trim();
+    }
+    enabledClientsStr += ",";
+    if (process.env.MCP_TOOLSETS) {
+      enabledClientsStr += process.env.MCP_TOOLSETS.trim();
     }
     this.enabledClients = new Set(
-      enabledClientsEnv.split(",").map((name) => name.trim().toLowerCase()).filter((name) => name.length > 0)
+      enabledClientsStr.trim().split(",").map((name) => {
+        if (name.includes(":")) {
+          return name.split(":")[0].trim().toLowerCase();
+        }
+        return name.trim().toLowerCase();
+      }).filter((name) => name.length > 0)
     );
   }
   /**
-   * Check if a client is enabled based on MCP_CLIENTS configuration
+   * Check if a client is enabled based on client filtering configuration
    */
   isClientEnabled(name) {
-    if (this.enabledClients === null) {
+    if (this.enabledClients.size === 0) {
       return true;
     }
     return this.enabledClients.has(name.toLowerCase());
@@ -76,31 +84,57 @@ class ClientRegistry {
     return this.entries.filter((entry) => this.isClientEnabled(entry.name));
   }
   /**
-   * Configures all enabled clients on the given MCP server
+   * Registers all enabled clients on the given MCP server
    * @param server The MCP server on which the client is registered
    * @param getConfigValue A function that obtains a configuration value for the given client and requirement name
-   * @returns The number of clients successfully configured
+   * @returns The number of clients successfully added
    */
-  async configure(server, getConfigValue, ignoreMissingRequiredConfigs = false) {
-    let configuredCount = 0;
-    entryLoop: for (const entry of this.getAll()) {
-      const config = {};
-      for (const configKey of Object.keys(entry.config.shape)) {
-        const value = getConfigValue(entry, configKey);
-        if (value !== null) {
-          this.validateAllowedEndpoint(entry.config.shape[configKey], value);
-          config[configKey] = value;
-        } else if (!ignoreMissingRequiredConfigs && !isOptionalType(entry.config.shape[configKey])) {
-          continue entryLoop;
+  async registerAll(server, getConfigValue, configure, authorizationCheck) {
+    if (authorizationCheck && !configure) {
+      throw new Error(
+        "Cannot perform authorization check without configuring clients"
+      );
+    }
+    let addedCount = 0;
+    clientLoop: for (const client of this.getAll()) {
+      if (configure) {
+        const config = {};
+        for (const configKey of Object.keys(client.config.shape)) {
+          const value = getConfigValue(configKey, client);
+          if (value) {
+            this.validateAllowedEndpoint(client.config.shape[configKey], value);
+            config[configKey] = value;
+          } else if (!isOptionalType(client.config.shape[configKey])) {
+            continue clientLoop;
+          }
+        }
+        let parsedConfig;
+        try {
+          parsedConfig = client.config.parse(config);
+        } catch (error) {
+          if (error instanceof ZodError) {
+            console.warn(
+              `Configuration for client ${client.name} is invalid: ${error.issues.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}`
+            );
+          } else {
+            console.warn(
+              `Unable to apply configuration for client ${client.name}: ${error}`
+            );
+          }
+          continue;
+        }
+        await client.configure(server, parsedConfig);
+        if (!client.isConfigured()) {
+          continue;
+        }
+        if (authorizationCheck && !client.hasAuth()) {
+          continue;
         }
       }
-      await entry.configure(server, config);
-      if (entry.isConfigured()) {
-        await server.addClient(entry);
-        configuredCount++;
-      }
+      await server.addClient(client);
+      addedCount++;
     }
-    return configuredCount;
+    return addedCount;
   }
   /**
    * Clear all registrations (useful for testing)

package/dist/common/server.js

@@ -11,7 +11,9 @@ class SmartBearMcpServer extends McpServer {
   samplingSupported = false;
   elicitationSupported = false;
   clients = [];
-  constructor() {
+  enabledToolsets;
+  getEnvFn;
+  constructor(getEnvFn, enabledToolsets) {
     super(
       {
         name: MCP_SERVER_NAME,
@@ -27,11 +29,26 @@ class SmartBearMcpServer extends McpServer {
         }
       }
     );
+    this.getEnvFn = getEnvFn;
     this.cache = new CacheService();
+    if (enabledToolsets) {
+      this.enabledToolsets = enabledToolsets.split(",").map((s) => s.trim().toLowerCase());
+    }
   }
   getCache() {
     return this.cache;
   }
+  /**
+   * Makes the server's getEnv function available to clients, validating that it is defined in the client's authentication fields if a client is provided
+   */
+  getEnv = (key, client) => {
+    if (client && !Object.keys(client.authenticationFields.shape).includes(key)) {
+      throw new Error(
+        `Environment variable "${key}" is not defined in the ${client.name} client's authentication schema.`
+      );
+    }
+    return this.getEnvFn(key, client);
+  };
   setSamplingSupported(supported) {
     this.samplingSupported = supported;
   }
@@ -56,6 +73,9 @@ class SmartBearMcpServer extends McpServer {
     this.clients.push(client);
     await client.registerTools(
       (params, cb) => {
+        if (!this.isToolEnabled(client, params.toolset)) {
+          return null;
+        }
         const toolName = this.getCapabilityName(client, params.title);
         const toolTitle = this.getCapabilityTitle(client, params.title);
         if (toolName.length > 64) {
@@ -236,9 +256,40 @@ ${result.instructions}`
   getCapabilityName(client, title) {
     return `${client.capabilityPrefix}_${title.replace(/\s+/g, "_").toLowerCase()}`;
   }
+  /**
+   * The tool is enabled if:
+   * - No enabled toolsets are defined on the server, or
+   * - The client is included in the enabled toolsets list, or
+   * - The toolset is included in the enabled toolsets list, or
+   * - The toolset is in the client's default list and there is at least one specific toolset enabled for the client
+   * @param client
+   * @param toolset
+   * @returns whether to register the tool based on enabled toolsets configuration
+   */
+  isToolEnabled(client, toolset) {
+    if (!this.enabledToolsets) {
+      return true;
+    }
+    const clientPrefix = client.configPrefix.toLowerCase();
+    const clientIsEnabled = this.enabledToolsets.some(
+      (ts) => !ts.includes(":") && ts === clientPrefix
+    );
+    if (clientIsEnabled) {
+      return true;
+    }
+    const toolsetEntries = this.enabledToolsets.filter(
+      (ts) => ts.includes(":") && ts.split(":")[0] === clientPrefix
+    );
+    if (toolsetEntries.length === 0) {
+      return false;
+    }
+    const toolsetName = `${clientPrefix}:${toolset.replace(/[\s\-_]/g, "")}`.toLowerCase();
+    return toolsetEntries.includes(toolsetName) || (client.defaultToolsets || [])?.includes(toolset);
+  }
   getDescription(params) {
     const {
       summary,
+      toolset,
       useCases,
       examples,
       inputSchema,
@@ -246,6 +297,11 @@ ${result.instructions}`
       outputDescription
     } = params;
     let description = summary;
+    if (toolset) {
+      description += `
+
+**Toolset:** ${toolset}`;
+    }
     if (inputSchema && inputSchema instanceof ZodObject) {
       let parameters = Object.keys(inputSchema.shape).map((key) => {
         const field = inputSchema.shape[key];

package/dist/common/transport-http.js

@@ -5,11 +5,12 @@ import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { clientRegistry } from "./client-registry.js";
-import { withRequestContext } from "./request-context.js";
 import { SmartBearMcpServer } from "./server.js";
 import { isDraining, registerShutdownHandler } from "./shutdown.js";
 import { getEnvVarName } from "./transport-stdio.js";
-import { isOptionalType, getTypeDescription } from "./zod-utils.js";
+import { getTypeDescription, isOptionalType } from "./zod-utils.js";
+class AuthorizationError extends Error {
+}
 const PROBE_HEADERS = {
   "Content-Type": "application/json",
   "Cache-Control": "no-store"
@@ -280,10 +281,7 @@ async function handleStreamableHttpRequest(req, res, transports) {
       );
       return;
     }
-    await withRequestContext(
-      req,
-      async () => await transport.handleRequest(req, res, parsedBody)
-    );
+    await transport.handleRequest(req, res, parsedBody);
   } catch (error) {
     console.error("Error handling StreamableHTTP request:", error);
     res.writeHead(500, { "Content-Type": "text/plain" });
@@ -328,13 +326,10 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
   req.on("end", async () => {
     try {
       const parsedBody = JSON.parse(body);
-      await withRequestContext(
+      await session.transport.handlePostMessage(
         req,
-        async () => await session.transport.handlePostMessage(
-          req,
-          res,
-          parsedBody
-        )
+        res,
+        parsedBody
       );
     } catch (error) {
       console.error("Error handling POST message:", error);
@@ -343,93 +338,118 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
     }
   });
 }
+function resolveFromRequest(req, key, prefix) {
+  const queryStringName = getQueryStringName(key, prefix);
+  const queryParams = querystring.parse(req.url?.split("?")[1] || "");
+  let value = queryParams[queryStringName] || queryParams[queryStringName.toLowerCase()];
+  if (typeof value === "string") {
+    return value;
+  }
+  const headerName = getHeaderName(key, prefix);
+  value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
+  if (typeof value === "string") {
+    if (value.toLowerCase().startsWith("bearer ")) {
+      value = value.slice("bearer ".length);
+    } else if (value.toLowerCase().startsWith("token ")) {
+      value = value.slice("token ".length);
+    } else if (value.toLowerCase().startsWith("basic ")) {
+      value = value.slice("basic ".length);
+    }
+    return value;
+  }
+  const envVarName = getEnvVarName(key, prefix);
+  return process.env[envVarName];
+}
+function makeConfigFn(req) {
+  return (key, client) => resolveFromRequest(req, key, client?.configPrefix);
+}
 async function newServer(req, res) {
-  const server = new SmartBearMcpServer();
+  const configFn = makeConfigFn(req);
+  const enabledToolsets = resolveFromRequest(req, "toolsets", "smartbear") || void 0;
+  const server = new SmartBearMcpServer(configFn, enabledToolsets);
   try {
-    const configuredCount = await withRequestContext(
-      req,
-      () => clientRegistry.configure(
-        server,
-        (client, key) => {
-          const queryStringName = getQueryStringName(client, key);
-          const queryParams = querystring.parse(req.url?.split("?")[1] || "");
-          let value = queryParams[queryStringName] || queryParams[queryStringName.toLowerCase()];
-          if (typeof value === "string") {
-            return value;
-          }
-          const headerName = getHeaderName(client, key);
-          value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
-          if (typeof value === "string") {
-            return value;
-          }
-          const envVarName = getEnvVarName(client, key);
-          return process.env[envVarName] || null;
-        },
-        true
-        // ignoreMissingRequiredConfigs
-      )
-    );
-    console.log(
-      `Configured ${configuredCount} clients for new server instance`
+    const configuredCount = await clientRegistry.registerAll(
+      server,
+      configFn,
+      true,
+      false
     );
     if (configuredCount === 0) {
       throw new Error(
-        "No clients successfully configured. Missing authentication headers."
+        "No clients successfully configured. The request headers are missing the required configuration."
       );
     }
-    const hasAuth = withRequestContext(
-      req,
-      () => server.getClients().some((client) => {
-        if (!client.getAuthToken) return true;
-        return client.getAuthToken() !== null;
-      })
+    console.log(
+      `Configured ${configuredCount} clients for new server instance`
     );
-    if (!hasAuth) {
-      throw new Error(
+    const hasNoAuth = !server.getClients().some((client) => client.hasAuth());
+    if (hasNoAuth) {
+      throw new AuthorizationError(
         "No clients have valid authentication credentials. Please authenticate via OAuth or provide alternative auth headers (e.g. API key or personal auth token)."
       );
     }
+    return server;
   } catch (error) {
-    const headerHelp = getHttpHeadersHelp();
-    const errorMessage = headerHelp.length > 0 ? `Configuration error: ${error instanceof Error ? error.message : String(error)}. Please provide valid headers:
-${headerHelp.join("\n")}` : "No clients support HTTP header configuration.";
     const headers = {
       "Content-Type": "text/plain"
     };
-    if (req.headers.host) {
-      headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
+    if (error instanceof AuthorizationError) {
+      if (req.headers.host) {
+        headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
+      }
+      res.writeHead(401, headers);
+      res.end(error.message);
+    } else {
+      const headerHelp = getHttpHeadersHelp();
+      let errorMessage = `Configuration error: ${error instanceof Error ? error.message : String(error)}.`;
+      if (headerHelp.length > 0) {
+        errorMessage += ` Please provide valid headers:
+${headerHelp.join("\n")}`;
+      }
+      res.writeHead(500, headers);
+      res.end(errorMessage);
     }
-    res.writeHead(401, headers);
-    res.end(errorMessage);
     return null;
   }
-  return server;
 }
-function getHeaderName(client, key) {
-  return `${client.configPrefix}-${key.split("_").map(
+function getHeaderName(key, clientPrefix) {
+  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`;
+  return prefix.split(/[\s\-_]/).map(
     (part) => part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
-  ).join("-")}`;
+  ).join("-");
 }
-function getQueryStringName(client, key) {
-  return `${client.configPrefix.toLowerCase()}${key.split("_").map(
-    (part) => part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
-  ).join("")}`;
+function getQueryStringName(key, clientPrefix) {
+  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`;
+  return prefix.split(/[\s\-_]/).map(
+    (part, i) => i === 0 ? part.toLowerCase() : part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
+  ).join("");
 }
 function getHttpHeaders() {
   const headers = /* @__PURE__ */ new Set();
-  for (const entry of clientRegistry.getAll()) {
-    for (const configKey of Object.keys(entry.config.shape)) {
-      headers.add(getHeaderName(entry, configKey));
+  for (const client of clientRegistry.getAll()) {
+    for (const key of [
+      ...Object.keys(client.config.shape),
+      ...Object.keys(client.authenticationFields.shape)
+    ]) {
+      headers.add(getHeaderName(key, client.configPrefix));
     }
   }
   return Array.from(headers).sort((a, b) => a.localeCompare(b));
 }
 function getHttpHeadersHelp() {
   const messages = [];
-  for (const entry of clientRegistry.getAll()) {
-    messages.push(` - ${entry.name}:`);
-    for (const [configKey, requirement] of Object.entries(entry.config.shape)) {
-      const headerName = getHeaderName(entry, configKey);
+  for (const client of clientRegistry.getAll()) {
+    messages.push(` - ${client.name}:`);
+    for (const [authKey, requirement] of Object.entries(
+      client.authenticationFields.shape
+    )) {
+      const headerName = getHeaderName(authKey, client.configPrefix);
+      messages.push(`    - ${headerName}: ${getTypeDescription(requirement)}`);
+    }
+    for (const [configKey, requirement] of Object.entries(
+      client.config.shape
+    )) {
+      const headerName = getHeaderName(configKey, client.configPrefix);
       const requiredTag = isOptionalType(requirement) ? " (optional)" : " (required)";
       messages.push(
         `    - ${headerName}${requiredTag}: ${getTypeDescription(requirement)}`
@@ -439,6 +459,7 @@ function getHttpHeadersHelp() {
   return messages;
 }
 export {
+  AuthorizationError,
   drainHttpTransport,
   getBaseUrl,
   getHeaderName,

package/dist/common/transport-stdio.js

@@ -1,18 +1,20 @@
+import { enableCompileCache } from "node:module";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { clientRegistry } from "./client-registry.js";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "./info.js";
 import { SmartBearMcpServer } from "./server.js";
 import { registerShutdownHandler } from "./shutdown.js";
-import { isOptionalType, getTypeDescription } from "./zod-utils.js";
-function getNoConfigMessage() {
+import { getTypeDescription } from "./zod-utils.js";
+function getConfigMessage() {
   const messages = [];
-  for (const entry of clientRegistry.getAll()) {
-    messages.push(` - ${entry.name}:`);
-    for (const [configKey, requirement] of Object.entries(entry.config.shape)) {
-      const envVarName = getEnvVarName(entry, configKey);
-      const requiredTag = isOptionalType(requirement) ? " (optional)" : " (required)";
+  for (const client of clientRegistry.getAll()) {
+    messages.push(` - ${client.name}:`);
+    for (const [configKey, requirement] of [
+      ...Object.entries(client.authenticationFields.shape),
+      ...Object.entries(client.config.shape)
+    ]) {
       messages.push(
-        `    - ${envVarName}${requiredTag}: ${getTypeDescription(requirement)}`
+        `    - ${getEnvVarName(configKey, client.configPrefix)}: ${getTypeDescription(requirement)}`
       );
     }
   }
@@ -26,26 +28,28 @@ async function runStdioMode() {
     console.log(
       "The following environment variables can be set to configure each of the SmartBear clients:"
     );
-    console.log(getNoConfigMessage().join("\n"));
+    console.log(getConfigMessage().join("\n"));
     process.exit(0);
   }
-  const server = new SmartBearMcpServer();
-  const configuredCount = await clientRegistry.configure(
+  enableCompileCache();
+  const configFn = (key, client) => {
+    const envVarName = getEnvVarName(key, client?.configPrefix);
+    return process.env[envVarName];
+  };
+  const server = new SmartBearMcpServer(configFn, process.env.MCP_TOOLSETS);
+  const addedCount = await clientRegistry.registerAll(
     server,
-    (client, key) => {
-      const envVarName = getEnvVarName(client, key);
-      return process.env[envVarName] || null;
-    }
+    configFn,
+    true,
+    true
   );
-  if (configuredCount === 0) {
-    const message = getNoConfigMessage();
+  if (addedCount === 0) {
+    const message = getConfigMessage();
     console.warn(
-      message.length > 0 ? `No clients configured. Please provide valid environment variables for at least one client:
-${message.join("\n")}` : "No clients support environment variable configuration."
+      `No clients configured. Please provide valid environment variables for at least one client:
+${message.join("\n")}`
     );
-    for (const entry of clientRegistry.getAll()) {
-      await server.addClient(entry);
-    }
+    await clientRegistry.registerAll(server, configFn, false, false);
   }
   const transport = new StdioServerTransport();
   registerShutdownHandler("stdio-transport", async () => {
@@ -70,8 +74,9 @@ ${message.join("\n")}` : "No clients support environment variable configuration.
   };
   await server.connect(transport);
 }
-function getEnvVarName(client, key) {
-  return `${client.configPrefix.toUpperCase().replace(/-/g, "_")}_${key.toUpperCase()}`;
+function getEnvVarName(key, clientPrefix) {
+  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`.toUpperCase();
+  return prefix.replace(/[\s\-_]/g, "_");
 }
 export {
   getEnvVarName,

package/dist/package.json.js

@@ -1,4 +1,4 @@
-const version = "0.24.0";
+const version = "0.25.0";
 const config = { "mcpServerName": "SmartBear MCP Server" };
 const packageJson = {
   version,