@youdotcom-oss/mcp 2.0.2 → 2.0.4

package/bin/stdio.js

@@ -12456,8 +12456,9 @@ var ContentsItemSchema = object({
 });
 var ContentsApiResponseSchema = array(ContentsItemSchema);
 // ../api/src/shared/api.constants.ts
-var SEARCH_API_URL = "https://ydc-index.io/v1/search";
-var CONTENTS_API_URL = "https://ydc-index.io/v1/contents";
+var SEARCH_API_URL = process.env.YDC_SEARCH_API_URL || "https://ydc-index.io/v1/search";
+var DEEP_SEARCH_API_URL = process.env.YDC_DEEP_SEARCH_API_URL || "https://api.you.com/v1/deep_search";
+var CONTENTS_API_URL = process.env.YDC_CONTENTS_API_URL || "https://ydc-index.io/v1/contents";
 
 // ../api/src/shared/check-response-for-errors.ts
 var checkResponseForErrors = (responseData) => {
@@ -12705,6 +12706,23 @@ var fetchSearchResults = async ({
       throw new Error("Rate limited by You.com API. Please try again later.");
     } else if (errorCode === 403) {
       throw new Error("Forbidden. Please check your You.com API key.");
+    } else if (errorCode === 402) {
+      let errorMessage = "Free tier limit exceeded. Please upgrade to continue.";
+      let upgradeUrl = "https://you.com/platform";
+      try {
+        const errorBody = await response.json();
+        if (errorBody?.message) {
+          errorMessage = errorBody.message;
+        }
+        if (errorBody?.upgrade_url) {
+          upgradeUrl = errorBody.upgrade_url;
+        }
+        if (errorBody?.reset_at) {
+          const resetDate = new Date(errorBody.reset_at).toLocaleDateString();
+          errorMessage += ` Limit resets on ${resetDate}.`;
+        }
+      } catch {}
+      throw new Error(`${errorMessage} Upgrade at: ${upgradeUrl}`);
     }
     throw new Error(`Failed to perform search. Error code: ${errorCode}`);
   }
@@ -20252,7 +20270,7 @@ var EMPTY_COMPLETION_RESULT = {
 // package.json
 var package_default = {
   name: "@youdotcom-oss/mcp",
-  version: "2.0.2",
+  version: "2.0.4",
   description: "You.com API Model Context Protocol Server - For programmatic API access, use @youdotcom-oss/api",
   license: "MIT",
   engines: {
@@ -20308,7 +20326,7 @@ var package_default = {
   },
   mcpName: "io.github.youdotcom-oss/mcp",
   dependencies: {
-    "@youdotcom-oss/api": "0.2.1",
+    "@youdotcom-oss/api": "0.3.0",
     zod: "^4.3.6",
     "@hono/mcp": "^0.2.3",
     "@modelcontextprotocol/sdk": "^1.25.3",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@youdotcom-oss/mcp",
-  "version": "2.0.2",
+  "version": "2.0.4",
   "description": "You.com API Model Context Protocol Server - For programmatic API access, use @youdotcom-oss/api",
   "license": "MIT",
   "engines": {
@@ -56,7 +56,7 @@
   },
   "mcpName": "io.github.youdotcom-oss/mcp",
   "dependencies": {
-    "@youdotcom-oss/api": "0.2.1",
+    "@youdotcom-oss/api": "0.3.0",
     "zod": "^4.3.6",
     "@hono/mcp": "^0.2.3",
     "@modelcontextprotocol/sdk": "^1.25.3",

package/src/http.ts

@@ -17,19 +17,20 @@ const extractBearerToken = (authHeader: string | null): string | null => {
 const handleMcpRequest = async (c: Context) => {
   const authHeader = c.req.header('Authorization')
 
-  if (!authHeader) {
-    c.status(401)
-    c.header('Content-Type', 'text/plain')
-    return c.text('Unauthorized: Authorization header required')
-  }
+  let YDC_API_KEY: string | undefined
+
+  if (authHeader) {
+    const token = extractBearerToken(authHeader)
 
-  const YDC_API_KEY = extractBearerToken(authHeader)
+    if (!token) {
+      c.status(401)
+      c.header('Content-Type', 'text/plain')
+      return c.text('Unauthorized: Invalid Bearer token format')
+    }
 
-  if (!YDC_API_KEY) {
-    c.status(401)
-    c.header('Content-Type', 'text/plain')
-    return c.text('Unauthorized: Bearer token required')
+    YDC_API_KEY = token
   }
+
   const mcp = getMCpServer()
   const getUserAgent = useGetClientVersion(mcp)
 
@@ -52,6 +53,20 @@ const handleMcpRequest = async (c: Context) => {
   return response
 }
 
+const return405MethodNotAllowed = (c: Context) => {
+  c.status(405)
+  c.header('Allow', 'POST')
+  c.header('Content-Type', 'application/json')
+  return c.json({
+    jsonrpc: '2.0',
+    error: {
+      code: -32000,
+      message: 'Method Not Allowed: Use POST to send MCP requests',
+    },
+    id: null,
+  })
+}
+
 const app = new Hono()
 app.use(trimTrailingSlash())
 
@@ -64,7 +79,14 @@ app.get('/mcp-health', async (c) => {
   })
 })
 
-app.all('/mcp', handleMcpRequest)
-app.all('/mcp/', handleMcpRequest)
+// POST handler for MCP requests (per MCP Streamable HTTP spec)
+app.post('/mcp', handleMcpRequest)
+app.post('/mcp/', handleMcpRequest)
+
+// Fallback for other methods - returns 405 per MCP spec
+// Spec: "The server MUST either return Content-Type: text/event-stream
+// or else return HTTP 405 Method Not Allowed"
+app.all('/mcp', return405MethodNotAllowed)
+app.all('/mcp/', return405MethodNotAllowed)
 
 export default app

package/src/tests/http.spec.ts

@@ -1,11 +1,15 @@
 import { afterAll, beforeAll, describe, expect, setDefaultTimeout, test } from 'bun:test'
+import { Client } from '@modelcontextprotocol/sdk/client/index.js'
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'
 import httpApp from '../http.ts'
+import type { SearchStructuredContent } from '../search/search.schema.ts'
 
 // Increase default timeout for hooks to prevent intermittent failures
 setDefaultTimeout(15_000)
 
 let server: ReturnType<typeof Bun.serve>
 let baseUrl: string
+let mcpClient: Client
 const testApiKey = process.env.YDC_API_KEY
 
 beforeAll(async () => {
@@ -21,9 +25,29 @@ beforeAll(async () => {
 
   // Wait a bit for server to start
   await new Promise((resolve) => setTimeout(resolve, 500))
+
+  // Create MCP client with HTTP transport for e2e testing
+  const transport = new StreamableHTTPClientTransport(new URL(`${baseUrl}/mcp`), {
+    requestInit: {
+      headers: {
+        Authorization: `Bearer ${testApiKey}`,
+      },
+    },
+  })
+
+  mcpClient = new Client({
+    name: 'test-http-client',
+    version: '1.0.0',
+  })
+
+  await mcpClient.connect(transport)
 })
 
 afterAll(async () => {
+  if (mcpClient) {
+    await mcpClient.close()
+  }
+
   if (server) {
     server.stop()
     // Wait a bit for server to fully stop
@@ -52,23 +76,39 @@ describe('HTTP Server Endpoints', () => {
     expect(typeof data.version).toBe('string')
   })
 
-  test('mcp endpoint requires authorization header', async () => {
+  test('mcp endpoint allows requests without authorization (free tier)', async () => {
     const response = await fetch(`${baseUrl}/mcp`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
+        Accept: 'application/json, text/event-stream',
       },
-      body: JSON.stringify({}),
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        method: 'initialize',
+        id: 1,
+        params: {
+          protocolVersion: '2024-11-05',
+          capabilities: {},
+          clientInfo: {
+            name: 'test-client',
+            version: '1.0.0',
+          },
+        },
+      }),
     })
 
-    expect(response.status).toBe(401)
-    expect(response.headers.get('content-type')).toContain('text/plain')
+    // Should succeed without auth header (free tier)
+    expect(response.status).toBe(200)
+    expect(response.headers.get('content-type')).toContain('text/event-stream')
 
     const text = await response.text()
-    expect(text).toBe('Unauthorized: Authorization header required')
+    expect(text).toContain('data:')
+    expect(text).toContain('jsonrpc')
+    expect(text).toContain('result')
   })
 
-  test('mcp endpoint requires Bearer token format', async () => {
+  test('mcp endpoint requires Bearer token format when auth header provided', async () => {
     const response = await fetch(`${baseUrl}/mcp`, {
       method: 'POST',
       headers: {
@@ -82,7 +122,7 @@ describe('HTTP Server Endpoints', () => {
     expect(response.headers.get('content-type')).toContain('text/plain')
 
     const text = await response.text()
-    expect(text).toBe('Unauthorized: Bearer token required')
+    expect(text).toBe('Unauthorized: Invalid Bearer token format')
   })
 
   test('mcp endpoint accepts valid Bearer token', async () => {
@@ -154,20 +194,104 @@ describe('HTTP Server Endpoints', () => {
     expect(text).toContain('capabilities')
   })
 
-  test('mcp endpoint with trailing slash requires authorization', async () => {
+  test('mcp endpoint with trailing slash allows requests without authorization', async () => {
     const response = await fetch(`${baseUrl}/mcp/`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
+        Accept: 'application/json, text/event-stream',
       },
-      body: JSON.stringify({}),
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        method: 'initialize',
+        id: 1,
+        params: {
+          protocolVersion: '2024-11-05',
+          capabilities: {},
+          clientInfo: {
+            name: 'test-client',
+            version: '1.0.0',
+          },
+        },
+      }),
     })
 
-    expect(response.status).toBe(401)
-    expect(response.headers.get('content-type')).toContain('text/plain')
+    // Should succeed without auth header (free tier)
+    expect(response.status).toBe(200)
+    expect(response.headers.get('content-type')).toContain('text/event-stream')
 
     const text = await response.text()
-    expect(text).toBe('Unauthorized: Authorization header required')
+    expect(text).toContain('data:')
+    expect(text).toContain('jsonrpc')
+  })
+})
+
+describe('HTTP Method Handling', () => {
+  test('mcp endpoint returns 405 for GET requests per MCP spec', async () => {
+    const response = await fetch(`${baseUrl}/mcp`, {
+      method: 'GET',
+      headers: {
+        Accept: 'text/event-stream',
+        Authorization: `Bearer ${testApiKey}`,
+      },
+    })
+
+    // Verify 405 status
+    expect(response.status).toBe(405)
+
+    // Verify Allow header (RFC 9110 §15.5.6)
+    expect(response.headers.get('allow')).toBe('POST')
+
+    // Verify JSON-RPC error format
+    expect(response.headers.get('content-type')).toContain('application/json')
+
+    const data = (await response.json()) as {
+      jsonrpc: string
+      error: { code: number; message: string }
+      id: null
+    }
+    expect(data).toHaveProperty('jsonrpc', '2.0')
+    expect(data).toHaveProperty('error')
+    expect(data.error).toHaveProperty('code', -32000)
+    expect(data.error.message).toContain('Method Not Allowed')
+  })
+
+  test('mcp endpoint returns 405 for DELETE requests', async () => {
+    const response = await fetch(`${baseUrl}/mcp`, {
+      method: 'DELETE',
+      headers: {
+        Authorization: `Bearer ${testApiKey}`,
+      },
+    })
+
+    expect(response.status).toBe(405)
+    expect(response.headers.get('allow')).toBe('POST')
+  })
+
+  test('mcp endpoint returns 405 for PUT requests', async () => {
+    const response = await fetch(`${baseUrl}/mcp`, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${testApiKey}`,
+      },
+      body: JSON.stringify({}),
+    })
+
+    expect(response.status).toBe(405)
+    expect(response.headers.get('allow')).toBe('POST')
+  })
+
+  test('mcp endpoint with trailing slash returns 405 for GET', async () => {
+    const response = await fetch(`${baseUrl}/mcp/`, {
+      method: 'GET',
+      headers: {
+        Accept: 'text/event-stream',
+      },
+    })
+
+    expect(response.status).toBe(405)
+    expect(response.headers.get('allow')).toBe('POST')
   })
 })
 
@@ -320,3 +444,140 @@ describe('HTTP MCP Endpoint Basic Functionality', () => {
     { retry: 2 },
   )
 })
+
+describe('HTTP MCP Client E2E Tests', () => {
+  test('mcp client can initialize and list tools', async () => {
+    const tools = await mcpClient.listTools()
+
+    expect(tools.tools).toBeDefined()
+    expect(Array.isArray(tools.tools)).toBe(true)
+    expect(tools.tools.length).toBeGreaterThan(0)
+
+    // Verify search tool is available
+    const searchTool = tools.tools.find((t) => t.name === 'you-search')
+    expect(searchTool).toBeDefined()
+    expect(searchTool?.title).toBe('Web Search')
+
+    // Verify contents tool is available
+    const contentsTool = tools.tools.find((t) => t.name === 'you-contents')
+    expect(contentsTool).toBeDefined()
+    expect(contentsTool?.title).toBe('Extract Web Page Contents')
+  })
+
+  test(
+    'mcp client can call search tool successfully',
+    async () => {
+      const result = await mcpClient.callTool({
+        name: 'you-search',
+        arguments: {
+          query: 'typescript tutorial',
+          count: 2,
+        },
+      })
+
+      expect(result).toHaveProperty('content')
+      expect(result).toHaveProperty('structuredContent')
+
+      const content = result.content as { type: string; text: string }[]
+      expect(Array.isArray(content)).toBe(true)
+      expect(content[0]).toHaveProperty('type', 'text')
+      expect(content[0]).toHaveProperty('text')
+
+      const text = content[0]?.text
+      expect(text).toContain('Search Results for')
+      expect(text).toContain('typescript tutorial')
+
+      const structuredContent = result.structuredContent as SearchStructuredContent
+      expect(structuredContent).toHaveProperty('resultCounts')
+      expect(structuredContent.resultCounts).toHaveProperty('web')
+      expect(structuredContent.resultCounts).toHaveProperty('total')
+    },
+    { retry: 2 },
+  )
+
+  test(
+    'mcp client handles search with multiple results',
+    async () => {
+      const result = await mcpClient.callTool({
+        name: 'you-search',
+        arguments: {
+          query: 'javascript frameworks',
+          count: 3,
+        },
+      })
+
+      const content = result.content as { type: string; text: string }[]
+      const text = content[0]?.text
+
+      expect(text).toContain('WEB RESULTS:')
+      expect(text).toContain('Title:')
+      expect(text).toContain('URL:')
+
+      const structuredContent = result.structuredContent as SearchStructuredContent
+      expect(structuredContent.resultCounts.web).toBeGreaterThan(0)
+      expect(structuredContent.results?.web).toBeDefined()
+      expect(structuredContent.results?.web?.length).toBeGreaterThanOrEqual(1)
+    },
+    { retry: 2 },
+  )
+
+  test(
+    'mcp client handles search parameters correctly',
+    async () => {
+      const result = await mcpClient.callTool({
+        name: 'you-search',
+        arguments: {
+          query: 'programming tutorials',
+          count: 2,
+          safesearch: 'strict',
+          freshness: 'month',
+        },
+      })
+
+      const content = result.content as { type: string; text: string }[]
+      expect(content[0]?.text).toContain('programming tutorials')
+
+      const structuredContent = result.structuredContent as SearchStructuredContent
+      expect(structuredContent).toHaveProperty('resultCounts')
+    },
+    { retry: 2 },
+  )
+
+  test('mcp client maintains connection across multiple requests', async () => {
+    // First request
+    const result1 = await mcpClient.callTool({
+      name: 'you-search',
+      arguments: {
+        query: 'test query 1',
+        count: 1,
+      },
+    })
+
+    expect(result1).toHaveProperty('content')
+
+    // Second request - should work without reconnecting
+    const result2 = await mcpClient.callTool({
+      name: 'you-search',
+      arguments: {
+        query: 'test query 2',
+        count: 1,
+      },
+    })
+
+    expect(result2).toHaveProperty('content')
+
+    // Both should have succeeded
+    const content1 = result1.content as { type: string; text: string }[]
+    const content2 = result2.content as { type: string; text: string }[]
+
+    expect(content1[0]?.text).toContain('test query 1')
+    expect(content2[0]?.text).toContain('test query 2')
+  })
+
+  test('mcp client can list server capabilities', async () => {
+    // The client should have received server info during initialization
+    // We can verify this by checking that tools are available
+    const tools = await mcpClient.listTools()
+    expect(tools.tools.length).toBeGreaterThan(0)
+  })
+})