@smartbear/mcp 0.25.0 → 0.25.1

package/dist/bearq/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { DEFAULT_API_BASE_URL, AUTHORIZATION_HEADER } from "./config/constants.js";
 import { ChatWithQaLead } from "./tool/tasks/chat-with-qa-lead.js";
@@ -15,33 +16,33 @@ import { RunTestsInFunctionalAreas } from "./tool/tasks/run-tests-in-functional-
 import { StopTask } from "./tool/tasks/stop-task.js";
 import { WaitForTask } from "./tool/tasks/wait-for-task.js";
 const ConfigurationSchema = z.object({
+  api_token: z.string().describe("BearQ workspace API token (Bearer)."),
   api_base_url: z.string().optional().describe(
     "Override the BearQ public API base URL. Defaults to https://api.bearq.smartbear.com"
   )
 });
-const AuthenticationSchema = z.object({
-  api_token: z.string().describe("BearQ workspace API token (Bearer).")
-});
 class BearQClient {
-  server;
+  _apiToken;
   _baseUrl = DEFAULT_API_BASE_URL;
   name = "BearQ";
   capabilityPrefix = "bearq";
   configPrefix = "BearQ";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
-  async configure(server, config) {
-    this.server = server;
+  async configure(_server, config) {
+    this._apiToken = config.api_token;
     if (config.api_base_url) this._baseUrl = config.api_base_url;
   }
   getAuthToken() {
-    return this.server?.getEnv("api_token", this) || this.server?.getEnv(AUTHORIZATION_HEADER) || null;
+    const contextHeader = getRequestHeader(AUTHORIZATION_HEADER);
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) token = token.substring(7);
+      return token;
+    }
+    return this._apiToken ?? null;
   }
   isConfigured() {
-    return this.server !== void 0;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
+    return true;
   }
   getBaseUrl() {
     return this._baseUrl;

package/dist/bugsnag/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { CurrentUserAPI } from "./client/api/CurrentUser.js";
 import { Configuration } from "./client/api/configuration.js";
@@ -39,14 +40,11 @@ const EXCLUDED_EVENT_FIELDS = /* @__PURE__ */ new Set([
   // This is searches multiple fields and is more a convenience for humans, we're removing to avoid over-matching
 ]);
 const ConfigurationSchema = z.object({
+  auth_token: z.string().describe("BugSnag personal access token"),
   project_api_key: z.string().describe("BugSnag project API key").optional(),
-  endpoint: z.url().describe("BugSnag endpoint URL").optional()
-});
-const AuthenticationSchema = z.object({
-  auth_token: z.string().describe("BugSnag personal access token").optional()
+  endpoint: z.string().url().describe("BugSnag endpoint URL").optional()
 });
 class BugsnagClient {
-  server;
   cache;
   _projectApiKey;
   _isConfigured = false;
@@ -54,7 +52,7 @@ class BugsnagClient {
   _errorsApi;
   _projectApi;
   _appEndpoint;
-  apiConfig;
+  _authToken;
   get currentUserApi() {
     if (!this._currentUserApi) throw new Error("Client not configured");
     return this._currentUserApi;
@@ -76,9 +74,7 @@ class BugsnagClient {
   configPrefix = "Bugsnag";
   config = ConfigurationSchema;
   defaultToolsets = ["Projects"];
-  authenticationFields = AuthenticationSchema;
   async configure(server, config) {
-    this.server = server;
     this.cache = server.getCache();
     this._appEndpoint = this.getEndpoint(
       "app",
@@ -86,17 +82,45 @@ class BugsnagClient {
       config.endpoint
     );
     this._projectApiKey = config.project_api_key;
-    this.apiConfig = new Configuration({
-      apiKey: () => {
-        const authToken = this.server?.getEnv("auth_token", this);
+    this._authToken = config.auth_token;
+    await this.initializeApis(config);
+  }
+  getAuthToken() {
+    const contextHeader = getRequestHeader("Bugsnag-Auth-Token");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("token ")) {
+        token = token.substring(6);
+      }
+      return `token ${token}`;
+    }
+    const bearerToken = this.getBearerToken();
+    if (bearerToken) {
+      return bearerToken;
+    }
+    return this._authToken ? `token ${this._authToken}` : null;
+  }
+  getBearerToken() {
+    const contextHeader = getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
+  async initializeApis(config) {
+    const apiConfig = new Configuration({
+      apiKey: (_name) => {
+        const authToken = this.getAuthToken();
         if (authToken) {
-          return `token ${authToken}`;
+          return authToken;
         }
-        const bearerToken = this.server?.getEnv("Authorization");
-        if (bearerToken) {
-          return `Bearer ${bearerToken}`;
-        }
-        return void 0;
+        throw new Error(
+          "Authentication token not found in request headers or configuration"
+        );
       },
       headers: {
         "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`,
@@ -110,17 +134,14 @@ class BugsnagClient {
         config.endpoint
       )
     });
-    this._currentUserApi = new CurrentUserAPI(this.apiConfig);
-    this._errorsApi = new ErrorAPI(this.apiConfig);
-    this._projectApi = new ProjectAPI(this.apiConfig);
+    this._currentUserApi = new CurrentUserAPI(apiConfig);
+    this._errorsApi = new ErrorAPI(apiConfig);
+    this._projectApi = new ProjectAPI(apiConfig);
     this._isConfigured = true;
   }
   isConfigured() {
     return this._isConfigured;
   }
-  hasAuth() {
-    return this.isConfigured() && !!this.apiConfig?.apiKey();
-  }
   // If the endpoint is not provided, it will use the default API endpoint based on the project API key.
   // if the project api key is not provided, the endpoint will be the default API endpoint.
   // if the endpoint is provided, it will be used as is for custom domains, or normalized for known domains.

package/dist/collaborator/client.js

@@ -1,29 +1,26 @@
 import { z } from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 const ConfigurationSchema = z.object({
-  base_url: z.url().describe("Collaborator server base URL")
-});
-const AuthenticationSchema = z.object({
-  login: z.string().describe("Collaborator username for authentication").optional(),
-  ticket: z.string().describe("Collaborator login ticket for authentication").optional()
+  base_url: z.url().describe("Collaborator server base URL"),
+  username: z.string().describe("Collaborator username for authentication").optional(),
+  login_ticket: z.string().describe("Collaborator login ticket for authentication").optional()
 });
 class CollaboratorClient {
   name = "Collaborator";
   capabilityPrefix = "collaborator";
   configPrefix = "Collaborator";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
   baseUrl;
-  server;
-  async configure(server, config) {
+  username;
+  loginTicket;
+  async configure(_server, config, _cache) {
     this.baseUrl = config.base_url;
-    this.server = server;
+    this.username = config.username;
+    this.loginTicket = config.login_ticket;
   }
   isConfigured() {
     return this.baseUrl !== void 0;
   }
-  hasAuth() {
-    return this.isConfigured() && this.server?.getEnv("Login", this) !== void 0 && this.server?.getEnv("Ticket", this) !== void 0;
-  }
   /**
    * Calls the Collaborator API with the given commands, prepending authentication automatically.
    * @param commands Array of Collaborator API commands (excluding authentication)
@@ -31,8 +28,16 @@ class CollaboratorClient {
    */
   async call(commands) {
     const url = `${this.baseUrl}/services/json/v1`;
-    const login = this.server?.getEnv("Login", this);
-    const ticket = this.server?.getEnv("Ticket", this);
+    let login = this.username;
+    let ticket = this.loginTicket;
+    const contextLogin = getRequestHeader("Collaborator-Login");
+    const contextTicket = getRequestHeader("Collaborator-Ticket");
+    if (contextLogin) {
+      login = Array.isArray(contextLogin) ? contextLogin[0] : contextLogin;
+    }
+    if (contextTicket) {
+      ticket = Array.isArray(contextTicket) ? contextTicket[0] : contextTicket;
+    }
     const body = [
       {
         command: "SessionService.authenticate",

package/dist/common/client-registry.js

@@ -1,4 +1,4 @@
-import { ZodURL, ZodError } from "zod";
+import { ZodURL } from "zod";
 import { fullyUnwrapZodType, isOptionalType } from "./zod-utils.js";
 class ClientRegistry {
   entries = [];
@@ -84,57 +84,31 @@ class ClientRegistry {
     return this.entries.filter((entry) => this.isClientEnabled(entry.name));
   }
   /**
-   * Registers all enabled clients on the given MCP server
+   * Configures all enabled clients on the given MCP server
    * @param server The MCP server on which the client is registered
    * @param getConfigValue A function that obtains a configuration value for the given client and requirement name
-   * @returns The number of clients successfully added
+   * @returns The number of clients successfully configured
    */
-  async registerAll(server, getConfigValue, configure, authorizationCheck) {
-    if (authorizationCheck && !configure) {
-      throw new Error(
-        "Cannot perform authorization check without configuring clients"
-      );
-    }
-    let addedCount = 0;
-    clientLoop: for (const client of this.getAll()) {
-      if (configure) {
-        const config = {};
-        for (const configKey of Object.keys(client.config.shape)) {
-          const value = getConfigValue(configKey, client);
-          if (value) {
-            this.validateAllowedEndpoint(client.config.shape[configKey], value);
-            config[configKey] = value;
-          } else if (!isOptionalType(client.config.shape[configKey])) {
-            continue clientLoop;
-          }
-        }
-        let parsedConfig;
-        try {
-          parsedConfig = client.config.parse(config);
-        } catch (error) {
-          if (error instanceof ZodError) {
-            console.warn(
-              `Configuration for client ${client.name} is invalid: ${error.issues.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}`
-            );
-          } else {
-            console.warn(
-              `Unable to apply configuration for client ${client.name}: ${error}`
-            );
-          }
-          continue;
-        }
-        await client.configure(server, parsedConfig);
-        if (!client.isConfigured()) {
-          continue;
-        }
-        if (authorizationCheck && !client.hasAuth()) {
-          continue;
+  async configure(server, getConfigValue, ignoreMissingRequiredConfigs = false) {
+    let configuredCount = 0;
+    entryLoop: for (const entry of this.getAll()) {
+      const config = {};
+      for (const configKey of Object.keys(entry.config.shape)) {
+        const value = getConfigValue(entry, configKey);
+        if (value !== null) {
+          this.validateAllowedEndpoint(entry.config.shape[configKey], value);
+          config[configKey] = value;
+        } else if (!ignoreMissingRequiredConfigs && !isOptionalType(entry.config.shape[configKey])) {
+          continue entryLoop;
         }
       }
-      await server.addClient(client);
-      addedCount++;
+      await entry.configure(server, config);
+      if (entry.isConfigured()) {
+        await server.addClient(entry);
+        configuredCount++;
+      }
     }
-    return addedCount;
+    return configuredCount;
   }
   /**
    * Clear all registrations (useful for testing)

package/dist/common/request-context.js

@@ -0,0 +1,20 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+const requestContextStorage = new AsyncLocalStorage();
+function withRequestContext(req, fn) {
+  return requestContextStorage.run({ headers: req.headers }, fn);
+}
+function getRequestContext() {
+  return requestContextStorage.getStore();
+}
+function getRequestHeader(name) {
+  const context = getRequestContext();
+  if (!context?.headers) return void 0;
+  const headerValue = context.headers[name] || context.headers[name.toLowerCase()];
+  return headerValue;
+}
+export {
+  getRequestContext,
+  getRequestHeader,
+  requestContextStorage,
+  withRequestContext
+};

package/dist/common/server.js

@@ -12,8 +12,7 @@ class SmartBearMcpServer extends McpServer {
   elicitationSupported = false;
   clients = [];
   enabledToolsets;
-  getEnvFn;
-  constructor(getEnvFn, enabledToolsets) {
+  constructor(enabledToolsets) {
     super(
       {
         name: MCP_SERVER_NAME,
@@ -29,7 +28,6 @@ class SmartBearMcpServer extends McpServer {
         }
       }
     );
-    this.getEnvFn = getEnvFn;
     this.cache = new CacheService();
     if (enabledToolsets) {
       this.enabledToolsets = enabledToolsets.split(",").map((s) => s.trim().toLowerCase());
@@ -38,17 +36,6 @@ class SmartBearMcpServer extends McpServer {
   getCache() {
     return this.cache;
   }
-  /**
-   * Makes the server's getEnv function available to clients, validating that it is defined in the client's authentication fields if a client is provided
-   */
-  getEnv = (key, client) => {
-    if (client && !Object.keys(client.authenticationFields.shape).includes(key)) {
-      throw new Error(
-        `Environment variable "${key}" is not defined in the ${client.name} client's authentication schema.`
-      );
-    }
-    return this.getEnvFn(key, client);
-  };
   setSamplingSupported(supported) {
     this.samplingSupported = supported;
   }

package/dist/common/transport-http.js

@@ -5,12 +5,11 @@ import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { clientRegistry } from "./client-registry.js";
+import { withRequestContext } from "./request-context.js";
 import { SmartBearMcpServer } from "./server.js";
 import { isDraining, registerShutdownHandler } from "./shutdown.js";
 import { getEnvVarName } from "./transport-stdio.js";
-import { getTypeDescription, isOptionalType } from "./zod-utils.js";
-class AuthorizationError extends Error {
-}
+import { isOptionalType, getTypeDescription } from "./zod-utils.js";
 const PROBE_HEADERS = {
   "Content-Type": "application/json",
   "Cache-Control": "no-store"
@@ -281,7 +280,10 @@ async function handleStreamableHttpRequest(req, res, transports) {
       );
       return;
     }
-    await transport.handleRequest(req, res, parsedBody);
+    await withRequestContext(
+      req,
+      async () => await transport.handleRequest(req, res, parsedBody)
+    );
   } catch (error) {
     console.error("Error handling StreamableHTTP request:", error);
     res.writeHead(500, { "Content-Type": "text/plain" });
@@ -326,10 +328,13 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
   req.on("end", async () => {
     try {
       const parsedBody = JSON.parse(body);
-      await session.transport.handlePostMessage(
+      await withRequestContext(
         req,
-        res,
-        parsedBody
+        async () => await session.transport.handlePostMessage(
+          req,
+          res,
+          parsedBody
+        )
       );
     } catch (error) {
       console.error("Error handling POST message:", error);
@@ -338,118 +343,97 @@ async function handleLegacyMessageRequest(req, res, url, transports) {
     }
   });
 }
-function resolveFromRequest(req, key, prefix) {
-  const queryStringName = getQueryStringName(key, prefix);
+function getConfigValue(clientPrefix, key, req) {
+  const queryStringName = getQueryStringName(clientPrefix, key);
   const queryParams = querystring.parse(req.url?.split("?")[1] || "");
   let value = queryParams[queryStringName] || queryParams[queryStringName.toLowerCase()];
   if (typeof value === "string") {
     return value;
   }
-  const headerName = getHeaderName(key, prefix);
+  const headerName = getHeaderName(clientPrefix, key);
   value = req.headers[headerName] || req.headers[headerName.toLowerCase()];
   if (typeof value === "string") {
-    if (value.toLowerCase().startsWith("bearer ")) {
-      value = value.slice("bearer ".length);
-    } else if (value.toLowerCase().startsWith("token ")) {
-      value = value.slice("token ".length);
-    } else if (value.toLowerCase().startsWith("basic ")) {
-      value = value.slice("basic ".length);
-    }
     return value;
   }
-  const envVarName = getEnvVarName(key, prefix);
-  return process.env[envVarName];
-}
-function makeConfigFn(req) {
-  return (key, client) => resolveFromRequest(req, key, client?.configPrefix);
+  const envVarName = getEnvVarName(clientPrefix, key);
+  return process.env[envVarName] || null;
 }
 async function newServer(req, res) {
-  const configFn = makeConfigFn(req);
-  const enabledToolsets = resolveFromRequest(req, "toolsets", "smartbear") || void 0;
-  const server = new SmartBearMcpServer(configFn, enabledToolsets);
+  const enabledToolsets = getConfigValue("smartbear", "toolsets", req) || void 0;
+  const server = new SmartBearMcpServer(enabledToolsets);
   try {
-    const configuredCount = await clientRegistry.registerAll(
-      server,
-      configFn,
-      true,
-      false
+    const configuredCount = await withRequestContext(
+      req,
+      () => clientRegistry.configure(
+        server,
+        (client, key) => {
+          return getConfigValue(client.configPrefix, key, req);
+        },
+        true
+        // ignoreMissingRequiredConfigs
+      )
+    );
+    console.log(
+      `Configured ${configuredCount} clients for new server instance`
     );
     if (configuredCount === 0) {
       throw new Error(
-        "No clients successfully configured. The request headers are missing the required configuration."
+        "No clients successfully configured. Missing authentication headers."
       );
     }
-    console.log(
-      `Configured ${configuredCount} clients for new server instance`
+    const hasAuth = withRequestContext(
+      req,
+      () => server.getClients().some((client) => {
+        if (!client.getAuthToken) return true;
+        return client.getAuthToken() !== null;
+      })
     );
-    const hasNoAuth = !server.getClients().some((client) => client.hasAuth());
-    if (hasNoAuth) {
-      throw new AuthorizationError(
+    if (!hasAuth) {
+      throw new Error(
         "No clients have valid authentication credentials. Please authenticate via OAuth or provide alternative auth headers (e.g. API key or personal auth token)."
       );
     }
-    return server;
   } catch (error) {
+    const headerHelp = getHttpHeadersHelp();
+    const errorMessage = headerHelp.length > 0 ? `Configuration error: ${error instanceof Error ? error.message : String(error)}. Please provide valid headers:
+${headerHelp.join("\n")}` : "No clients support HTTP header configuration.";
     const headers = {
       "Content-Type": "text/plain"
     };
-    if (error instanceof AuthorizationError) {
-      if (req.headers.host) {
-        headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
-      }
-      res.writeHead(401, headers);
-      res.end(error.message);
-    } else {
-      const headerHelp = getHttpHeadersHelp();
-      let errorMessage = `Configuration error: ${error instanceof Error ? error.message : String(error)}.`;
-      if (headerHelp.length > 0) {
-        errorMessage += ` Please provide valid headers:
-${headerHelp.join("\n")}`;
-      }
-      res.writeHead(500, headers);
-      res.end(errorMessage);
+    if (req.headers.host) {
+      headers["WWW-Authenticate"] = `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`;
     }
+    res.writeHead(401, headers);
+    res.end(errorMessage);
     return null;
   }
+  return server;
 }
-function getHeaderName(key, clientPrefix) {
-  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`;
-  return prefix.split(/[\s\-_]/).map(
+function getHeaderName(clientPrefix, key) {
+  return `${clientPrefix}-${key.split("_").map(
     (part) => part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
-  ).join("-");
+  ).join("-")}`;
 }
-function getQueryStringName(key, clientPrefix) {
-  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`;
-  return prefix.split(/[\s\-_]/).map(
-    (part, i) => i === 0 ? part.toLowerCase() : part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
-  ).join("");
+function getQueryStringName(clientPrefix, key) {
+  return `${clientPrefix.toLowerCase()}${key.split("_").map(
+    (part) => part.charAt(0).toUpperCase() + part.slice(1).toLowerCase()
+  ).join("")}`;
 }
 function getHttpHeaders() {
   const headers = /* @__PURE__ */ new Set();
-  for (const client of clientRegistry.getAll()) {
-    for (const key of [
-      ...Object.keys(client.config.shape),
-      ...Object.keys(client.authenticationFields.shape)
-    ]) {
-      headers.add(getHeaderName(key, client.configPrefix));
+  for (const entry of clientRegistry.getAll()) {
+    for (const configKey of Object.keys(entry.config.shape)) {
+      headers.add(getHeaderName(entry.configPrefix, configKey));
     }
   }
   return Array.from(headers).sort((a, b) => a.localeCompare(b));
 }
 function getHttpHeadersHelp() {
   const messages = [];
-  for (const client of clientRegistry.getAll()) {
-    messages.push(` - ${client.name}:`);
-    for (const [authKey, requirement] of Object.entries(
-      client.authenticationFields.shape
-    )) {
-      const headerName = getHeaderName(authKey, client.configPrefix);
-      messages.push(`    - ${headerName}: ${getTypeDescription(requirement)}`);
-    }
-    for (const [configKey, requirement] of Object.entries(
-      client.config.shape
-    )) {
-      const headerName = getHeaderName(configKey, client.configPrefix);
+  for (const entry of clientRegistry.getAll()) {
+    messages.push(` - ${entry.name}:`);
+    for (const [configKey, requirement] of Object.entries(entry.config.shape)) {
+      const headerName = getHeaderName(entry.configPrefix, configKey);
       const requiredTag = isOptionalType(requirement) ? " (optional)" : " (required)";
       messages.push(
         `    - ${headerName}${requiredTag}: ${getTypeDescription(requirement)}`
@@ -459,7 +443,6 @@ function getHttpHeadersHelp() {
   return messages;
 }
 export {
-  AuthorizationError,
   drainHttpTransport,
   getBaseUrl,
   getHeaderName,

package/dist/common/transport-stdio.js

@@ -4,17 +4,16 @@ import { clientRegistry } from "./client-registry.js";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "./info.js";
 import { SmartBearMcpServer } from "./server.js";
 import { registerShutdownHandler } from "./shutdown.js";
-import { getTypeDescription } from "./zod-utils.js";
-function getConfigMessage() {
+import { isOptionalType, getTypeDescription } from "./zod-utils.js";
+function getNoConfigMessage() {
   const messages = [];
-  for (const client of clientRegistry.getAll()) {
-    messages.push(` - ${client.name}:`);
-    for (const [configKey, requirement] of [
-      ...Object.entries(client.authenticationFields.shape),
-      ...Object.entries(client.config.shape)
-    ]) {
+  for (const entry of clientRegistry.getAll()) {
+    messages.push(` - ${entry.name}:`);
+    for (const [configKey, requirement] of Object.entries(entry.config.shape)) {
+      const envVarName = getEnvVarName(entry.configPrefix, configKey);
+      const requiredTag = isOptionalType(requirement) ? " (optional)" : " (required)";
       messages.push(
-        `    - ${getEnvVarName(configKey, client.configPrefix)}: ${getTypeDescription(requirement)}`
+        `    - ${envVarName}${requiredTag}: ${getTypeDescription(requirement)}`
       );
     }
   }
@@ -28,28 +27,27 @@ async function runStdioMode() {
     console.log(
       "The following environment variables can be set to configure each of the SmartBear clients:"
     );
-    console.log(getConfigMessage().join("\n"));
+    console.log(getNoConfigMessage().join("\n"));
     process.exit(0);
   }
   enableCompileCache();
-  const configFn = (key, client) => {
-    const envVarName = getEnvVarName(key, client?.configPrefix);
-    return process.env[envVarName];
-  };
-  const server = new SmartBearMcpServer(configFn, process.env.MCP_TOOLSETS);
-  const addedCount = await clientRegistry.registerAll(
+  const server = new SmartBearMcpServer(process.env.MCP_TOOLSETS);
+  const configuredCount = await clientRegistry.configure(
     server,
-    configFn,
-    true,
-    true
+    (client, key) => {
+      const envVarName = getEnvVarName(client.configPrefix, key);
+      return process.env[envVarName] || null;
+    }
   );
-  if (addedCount === 0) {
-    const message = getConfigMessage();
+  if (configuredCount === 0) {
+    const message = getNoConfigMessage();
     console.warn(
-      `No clients configured. Please provide valid environment variables for at least one client:
-${message.join("\n")}`
+      message.length > 0 ? `No clients configured. Please provide valid environment variables for at least one client:
+${message.join("\n")}` : "No clients support environment variable configuration."
     );
-    await clientRegistry.registerAll(server, configFn, false, false);
+    for (const entry of clientRegistry.getAll()) {
+      await server.addClient(entry);
+    }
   }
   const transport = new StdioServerTransport();
   registerShutdownHandler("stdio-transport", async () => {
@@ -74,9 +72,8 @@ ${message.join("\n")}`
   };
   await server.connect(transport);
 }
-function getEnvVarName(key, clientPrefix) {
-  const prefix = `${clientPrefix ? `${clientPrefix}-${key}` : key}`.toUpperCase();
-  return prefix.replace(/[\s\-_]/g, "_");
+function getEnvVarName(clientPrefix, key) {
+  return `${clientPrefix.toUpperCase().replace(/-/g, "_")}_${key.toUpperCase()}`;
 }
 export {
   getEnvVarName,

package/dist/package.json.js

@@ -1,4 +1,4 @@
-const version = "0.25.0";
+const version = "0.25.1";
 const config = { "mcpServerName": "SmartBear MCP Server" };
 const packageJson = {
   version,

package/dist/pactflow/client.js

@@ -1,26 +1,27 @@
 import zod__default from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
 import { isSamplingPolyfillResult } from "../common/pollyfills.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
 import { getOADMatcherRecommendations, getUserMatcherSelection } from "./client/prompt-utils.js";
 import { PROMPTS } from "./client/prompts.js";
 import { TOOLS } from "./client/tools.js";
 const ConfigurationSchema = zod__default.object({
-  base_url: zod__default.url().describe("Pact Broker or PactFlow base URL")
-});
-const AuthenticationSchema = zod__default.object({
-  username: zod__default.string().describe("Username for Pact Broker").optional(),
-  password: zod__default.string().describe("Password for Pact Broker").optional(),
-  token: zod__default.string().describe(
+  base_url: zod__default.url().describe("Pact Broker or PactFlow base URL"),
+  token: zod__default.string().optional().describe(
     "Bearer token for PactFlow authentication (use this OR username/password)"
-  ).optional()
+  ),
+  username: zod__default.string().optional().describe("Username for Pact Broker"),
+  password: zod__default.string().optional().describe("Password for Pact Broker")
 });
 class PactflowClient {
   name = "Contract Testing";
   capabilityPrefix = "contract-testing";
   configPrefix = "Pact-Broker";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
+  token;
+  username;
+  password;
   aiBaseUrl;
   baseUrl;
   _clientType;
@@ -31,7 +32,7 @@ class PactflowClient {
     return this._server;
   }
   /**
-   * Initializes the client with auth credentials and the MCP server reference.
+   * Initialises the client with auth credentials and the MCP server reference.
    * Accepts either a Bearer token (PactFlow) or username/password (Pact Broker).
    * Does nothing if neither is supplied.
    *
@@ -39,21 +40,23 @@ class PactflowClient {
    * @param config - Connection config (base_url + token OR username/password).
    */
   async configure(server, config) {
-    this._server = server;
-    if (this._server.getEnv("username", this) && this._server.getEnv("password", this)) {
+    this.token = config.token;
+    this.username = config.username;
+    this.password = config.password;
+    if (typeof config.token === "string") {
+      this._clientType = "pactflow";
+    } else if (typeof config.username === "string" && typeof config.password === "string") {
       this._clientType = "pact_broker";
     } else {
       this._clientType = "pactflow";
     }
     this.baseUrl = config.base_url;
     this.aiBaseUrl = `${this.baseUrl}/api/ai`;
+    this._server = server;
   }
   /** Returns true if the client has been configured with a base URL and credentials. */
   isConfigured() {
-    return !!this._server;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.requestHeaders;
+    return this.baseUrl !== void 0;
   }
   // PactFlow AI client methods
   /**
@@ -163,28 +166,38 @@ class PactflowClient {
   }
   /** Returns the current auth/content-type headers used for all requests. */
   get requestHeaders() {
-    const token = this.server?.getEnv("token", this) || this.server?.getEnv("Authorization");
-    if (token) {
-      let authHeader = token;
-      if (!token.startsWith("Basic ") && !token.startsWith("Bearer ")) {
-        authHeader = `Bearer ${token}`;
+    let contextToken = getRequestHeader("Pact-Token") || getRequestHeader("Authorization");
+    if (Array.isArray(contextToken)) {
+      contextToken = contextToken[0];
+    }
+    if (contextToken) {
+      let authHeader = contextToken;
+      if (!contextToken.startsWith("Basic ") && !contextToken.startsWith("Bearer ")) {
+        authHeader = `Bearer ${contextToken}`;
       }
       return {
         Authorization: authHeader,
         "Content-Type": "application/json",
         "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
       };
-    } else {
-      const username = this.server?.getEnv("username", this);
-      const password = this.server?.getEnv("password", this);
-      if (username && password) {
-        const authString = `${username}:${password}`;
-        return {
-          Authorization: `Basic ${Buffer.from(authString).toString("base64")}`,
-          "Content-Type": "application/json",
-          "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
-        };
+    }
+    if (this.token) {
+      let authHeader = this.token;
+      if (!authHeader.startsWith("Basic ") && !authHeader.startsWith("Bearer ")) {
+        authHeader = `Bearer ${authHeader}`;
       }
+      return {
+        Authorization: authHeader,
+        "Content-Type": "application/json",
+        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+      };
+    } else if (this.username && this.password) {
+      const authString = `${this.username}:${this.password}`;
+      return {
+        Authorization: `Basic ${Buffer.from(authString).toString("base64")}`,
+        "Content-Type": "application/json",
+        "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+      };
     }
     return void 0;
   }

package/dist/qmetry/client.js

@@ -1,45 +1,43 @@
 import zod__default from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 import { findAutoResolveConfig, autoResolveViewIdAndFolderPath } from "./client/auto-resolve.js";
 import { QMETRY_HANDLER_MAP } from "./client/handlers.js";
 import { getProjectInfo } from "./client/project.js";
 import { TOOLS } from "./client/tools/index.js";
 import { QMETRY_DEFAULTS } from "./config/constants.js";
 const ConfigurationSchema = zod__default.object({
+  api_key: zod__default.string().describe("QMetry API key for authentication"),
   base_url: zod__default.string().url().optional().describe(
     "Optional QMetry base URL for custom or region-specific endpoints"
   )
 });
-const AuthenticationSchema = zod__default.object({
-  api_key: zod__default.string().describe("QMetry API key for authentication").optional()
-});
 class QmetryClient {
   name = "QMetry";
   capabilityPrefix = "qmetry";
   configPrefix = "Qmetry";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
+  token;
   projectApiKey = QMETRY_DEFAULTS.PROJECT_KEY;
   endpoint = QMETRY_DEFAULTS.BASE_URL;
-  server;
-  async configure(server, config) {
-    this.server = server;
+  async configure(_server, config, _cache) {
+    this.token = config.api_key;
     if (config.base_url) {
       this.endpoint = config.base_url;
     }
   }
   isConfigured() {
-    return !!this.server;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
-  }
-  getAuthToken() {
-    return this.server?.getEnv("api_key", this);
+    return true;
   }
-  getAuthTokenOrThrow() {
-    const token = this.getAuthToken();
-    if (!token) throw new Error("Client not configured");
-    return token;
+  getToken() {
+    let contextToken = getRequestHeader("Qmetry-Token") || getRequestHeader("apikey");
+    if (Array.isArray(contextToken)) {
+      contextToken = contextToken[0];
+    }
+    if (contextToken) {
+      return contextToken;
+    }
+    if (!this.token) throw new Error("Client not configured");
+    return this.token;
   }
   getBaseUrl() {
     return this.endpoint;
@@ -86,7 +84,7 @@ class QmetryClient {
               let projectInfo;
               try {
                 projectInfo = await getProjectInfo(
-                  this.getAuthTokenOrThrow(),
+                  this.getToken(),
                   baseUrl,
                   projectKey
                 );
@@ -107,7 +105,7 @@ class QmetryClient {
           }
           const { projectKey: _, baseUrl: __, ...cleanArgs } = a;
           const result = await handlerFn(
-            this.getAuthTokenOrThrow(),
+            this.getToken(),
             baseUrl,
             projectKey,
             cleanArgs

package/dist/qtm4j/client.js

@@ -1,21 +1,20 @@
 import zod__default from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 import { CONFIG_KEYS, API_CONFIG, SCHEMA_DESCRIPTIONS, CLIENT_CONFIG, ERROR_MESSAGES } from "./config/constants.js";
 import { ApiClient } from "./http/api-client.js";
 import { ResolverRegistry } from "./resolver/resolver-registry.js";
 const ConfigurationSchema = zod__default.object({
+  [CONFIG_KEYS.API_KEY]: zod__default.string().describe(SCHEMA_DESCRIPTIONS.API_KEY),
+  [CONFIG_KEYS.AUTOMATION_API_KEY]: zod__default.string().optional().describe(SCHEMA_DESCRIPTIONS.AUTOMATION_API_KEY),
   [CONFIG_KEYS.BASE_URL]: zod__default.string().url().optional().default(API_CONFIG.DEFAULT_BASE_URL).describe(SCHEMA_DESCRIPTIONS.BASE_URL)
 });
-const AuthenticationSchema = zod__default.object({
-  api_key: zod__default.string().describe(SCHEMA_DESCRIPTIONS.API_KEY).optional(),
-  automation_api_key: zod__default.string().describe(SCHEMA_DESCRIPTIONS.AUTOMATION_API_KEY).optional()
-});
 class Qtm4jClient {
   name = CLIENT_CONFIG.NAME;
   capabilityPrefix = CLIENT_CONFIG.TOOL_PREFIX;
   configPrefix = CLIENT_CONFIG.CONFIG_PREFIX;
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
-  server;
+  _apiKey;
+  _automationApiKey;
   baseUrl = API_CONFIG.DEFAULT_BASE_URL;
   apiClient;
   resolverRegistry;
@@ -25,7 +24,8 @@ class Qtm4jClient {
    * @param config - Configuration object containing API key and optional base URL
    */
   async configure(server, config) {
-    this.server = server;
+    this._apiKey = config[CONFIG_KEYS.API_KEY];
+    this._automationApiKey = config[CONFIG_KEYS.AUTOMATION_API_KEY];
     if (config[CONFIG_KEYS.BASE_URL]) {
       this.baseUrl = config[CONFIG_KEYS.BASE_URL];
     }
@@ -40,20 +40,34 @@ class Qtm4jClient {
     );
   }
   /**
-   * Check if the client is properly configured
-   * @returns true if API key is set and client is ready
+   * Get authentication token with request-scoped override support
+   * Checks request headers first, then falls back to configured API key
+   * @returns API key or null if not found
    */
-  isConfigured() {
-    return !!this.apiClient;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
-  }
   getAuthToken() {
-    return this.server?.getEnv(CONFIG_KEYS.API_KEY, this) || this.server?.getEnv("Authorization") || null;
+    const contextHeader = getRequestHeader("Qtm4j-Api-Key") || getRequestHeader("apiKey") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiKey || null;
   }
   getAutomationApiKey() {
-    return this.server?.getEnv(CONFIG_KEYS.AUTOMATION_API_KEY, this) || null;
+    const headerKey = getRequestHeader("Qtm4j-Automation-Api-Key");
+    if (headerKey) {
+      return Array.isArray(headerKey) ? headerKey[0] : headerKey;
+    }
+    return this._automationApiKey || null;
+  }
+  /**
+   * Check if the client is properly configured
+   * @returns true if API key is set and client is ready
+   */
+  isConfigured() {
+    return this.apiClient !== void 0;
   }
   /**
    * Get the configured API client instance

package/dist/reflect/client.js

@@ -1,7 +1,8 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import { ToolError } from "../common/tools.js";
-import { API_KEY_HEADER, AUTHORIZATION_HEADER } from "./config/constants.js";
+import { API_KEY_HEADER, REFLECT_API_TOKEN_HEADER, AUTHORIZATION_HEADER } from "./config/constants.js";
 import { SapTest } from "./prompt/sap-test.js";
 import { AddPromptStep } from "./tool/recording/add-prompt-step.js";
 import { AddSegment } from "./tool/recording/add-segment.js";
@@ -17,12 +18,11 @@ import { GetTestStatus } from "./tool/tests/get-test-status.js";
 import { ListSegments } from "./tool/tests/list-segments.js";
 import { ListTests } from "./tool/tests/list-tests.js";
 import { RunTest } from "./tool/tests/run-test.js";
-const ConfigurationSchema = z.object({});
-const AuthenticationSchema = z.object({
-  api_token: z.string().describe("Reflect API authentication token").optional()
+const ConfigurationSchema = z.object({
+  api_token: z.string().describe("Reflect API authentication token")
 });
 class ReflectClient {
-  _server;
+  _apiToken;
   activeConnections = /* @__PURE__ */ new Map();
   sessionStates = /* @__PURE__ */ new Map();
   mcpSessionConnections = /* @__PURE__ */ new Map();
@@ -30,24 +30,33 @@ class ReflectClient {
   capabilityPrefix = "reflect";
   configPrefix = "Reflect";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
-  async configure(server, _config) {
-    this._server = server;
+  async configure(_server, config, _cache) {
+    this._apiToken = config.api_token;
   }
   getAuthToken() {
-    return this._server?.getEnv("api_token", this) || this._server?.getEnv(API_KEY_HEADER) || this._server?.getEnv(AUTHORIZATION_HEADER) || null;
+    const contextHeader = getRequestHeader(REFLECT_API_TOKEN_HEADER) || getRequestHeader(API_KEY_HEADER) || getRequestHeader(AUTHORIZATION_HEADER);
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiToken || null;
   }
   isConfigured() {
-    return !!this._server;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
+    return true;
   }
   isOAuthRequest() {
-    if (this._server?.getEnv("api_token", this) || this._server?.getEnv(API_KEY_HEADER)) {
+    if (getRequestHeader(REFLECT_API_TOKEN_HEADER) || getRequestHeader(API_KEY_HEADER)) {
+      return false;
+    }
+    const authHeader = getRequestHeader(AUTHORIZATION_HEADER);
+    if (!authHeader) {
       return false;
     }
-    return !!this._server?.getEnv(AUTHORIZATION_HEADER);
+    const headerValue = Array.isArray(authHeader) ? authHeader[0] : authHeader;
+    return headerValue.toLowerCase().startsWith("bearer ");
   }
   getAuthHeader() {
     const token = this.getAuthToken();

package/dist/reflect/config/constants.js

@@ -1,4 +1,5 @@
 const API_KEY_HEADER = "X-API-KEY";
+const REFLECT_API_TOKEN_HEADER = "Reflect-Api-Token";
 const AUTHORIZATION_HEADER = "Authorization";
 const API_HOSTNAME = "api.reflect.run";
 const WEBSOCKET_HOSTNAME = "recording.us-east-1.reflect.run";
@@ -7,6 +8,7 @@ export {
   API_HOSTNAME,
   API_KEY_HEADER,
   AUTHORIZATION_HEADER,
+  REFLECT_API_TOKEN_HEADER,
   WEBSOCKET_HOSTNAME,
   WEB_APP_HOSTNAME
 };

package/dist/swagger/client.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info.js";
+import { getRequestHeader } from "../common/request-context.js";
 import "./config-utils.js";
 import { SwaggerAPI } from "./client/api.js";
 import { SwaggerConfiguration } from "./client/configuration.js";
@@ -8,45 +9,47 @@ import "./client/registry-types.js";
 import { TOOLS } from "./client/tools.js";
 import "./client/user-management-types.js";
 const ConfigurationSchema = z.object({
+  api_key: z.string().describe("Swagger API key for authentication"),
   portal_base_path: z.string().optional().describe("Base path for Portal API requests (optional)"),
   registry_base_path: z.string().optional().describe("Base path for Registry API requests (optional)"),
   ui_base_path: z.string().optional().describe("Base URL for the SwaggerHub UI (optional)")
 });
-const AuthenticationSchema = z.object({
-  api_key: z.string().describe("Swagger API key for authentication").optional()
-});
 class SwaggerClient {
-  apiConfig;
-  server;
+  api;
+  _apiKey;
   name = "Swagger";
   capabilityPrefix = "swagger";
   configPrefix = "Swagger";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
-  async configure(server, config) {
-    this.server = server;
-    this.apiConfig = new SwaggerConfiguration({
-      token: () => this.getAuthToken(),
-      portalBasePath: config.portal_base_path,
-      registryBasePath: config.registry_base_path,
-      uiBasePath: config.ui_base_path
-    });
-  }
-  isConfigured() {
-    return this.apiConfig !== void 0;
+  async configure(_server, config, _cache) {
+    this._apiKey = config.api_key;
+    this.api = new SwaggerAPI(
+      new SwaggerConfiguration({
+        token: () => this.getAuthToken(),
+        portalBasePath: config.portal_base_path,
+        registryBasePath: config.registry_base_path,
+        uiBasePath: config.ui_base_path
+      }),
+      `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
+    );
   }
   getAuthToken() {
-    return this.server?.getEnv("api_key", this) || this.server?.getEnv("Authorization") || null;
+    const contextHeader = getRequestHeader("Swagger-Api-Key") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiKey || null;
   }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
+  isConfigured() {
+    return this.api !== void 0;
   }
   getApi() {
-    if (!this.apiConfig) throw new Error("Client not configured");
-    return new SwaggerAPI(
-      this.apiConfig,
-      `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`
-    );
+    if (!this.api) throw new Error("Client not configured");
+    return this.api;
   }
   // Delegate API methods to the SwaggerAPI instance
   async getPortals() {

package/dist/zephyr/client.js

@@ -1,4 +1,5 @@
 import zod__default from "zod";
+import { getRequestHeader } from "../common/request-context.js";
 import { ApiClient } from "./common/api-client.js";
 import { GetEnvironments } from "./tool/environment/get-environments.js";
 import { CreateFolder } from "./tool/folder/create-folder.js";
@@ -35,32 +36,38 @@ import { GetTestExecutions } from "./tool/test-execution/get-test-executions.js"
 import { GetTestExecutionSteps } from "./tool/test-execution/get-test-steps.js";
 import { UpdateTestExecution } from "./tool/test-execution/update-test-execution.js";
 import { UpdateTestExecutionSteps } from "./tool/test-execution/update-test-steps.js";
+const BASE_URL_DEFAULT = "https://api.zephyrscale.smartbear.com/v2";
 const ConfigurationSchema = zod__default.object({
-  base_url: zod__default.url().optional().describe("Zephyr Scale API base URL").default("https://api.zephyrscale.smartbear.com/v2")
-});
-const AuthenticationSchema = zod__default.object({
-  api_token: zod__default.string().describe("Zephyr Scale API token for authentication").optional()
+  api_token: zod__default.string().describe("Zephyr Scale API token for authentication"),
+  base_url: zod__default.string().url().optional().describe("Zephyr Scale API base URL").default(BASE_URL_DEFAULT)
 });
 class ZephyrClient {
   apiClient;
-  server;
+  _apiToken;
   name = "Zephyr";
   capabilityPrefix = "zephyr";
   configPrefix = "Zephyr";
   config = ConfigurationSchema;
-  authenticationFields = AuthenticationSchema;
-  async configure(server, config) {
-    this.server = server;
-    this.apiClient = new ApiClient(() => this.getAuthToken(), config.base_url);
+  async configure(_server, config, _cache) {
+    this._apiToken = config.api_token;
+    this.apiClient = new ApiClient(
+      () => this.getAuthToken(),
+      config.base_url || process.env.ZEPHYR_CUSTOM_BASE_URL || BASE_URL_DEFAULT
+    );
   }
   getAuthToken() {
-    return this.server?.getEnv("api_token", this) || this.server?.getEnv("Authorization") || null;
+    const contextHeader = getRequestHeader("Zephyr-Api-Token") || getRequestHeader("Authorization");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader) ? contextHeader[0] : contextHeader;
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+      return token;
+    }
+    return this._apiToken || null;
   }
   isConfigured() {
-    return !!this.apiClient;
-  }
-  hasAuth() {
-    return this.isConfigured() && !!this.getAuthToken();
+    return this.apiClient !== void 0;
   }
   getApiClient() {
     if (!this.apiClient) throw new Error("Client not configured");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smartbear/mcp",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "description": "MCP server for interacting SmartBear Products",
   "keywords": [
     "smartbear",