@zenrows/mcp 1.1.3 → 1.1.5

package/dist/http.js

@@ -24,26 +24,51 @@ function extractApiKey(req) {
     return new URL(req.url).searchParams.get("apikey") ?? undefined;
 }
 const AUTH_SERVER = process.env.OAUTH_AUTH_SERVER ?? "https://app.zenrows.com";
+const MCP_SERVER = process.env.MCP_SERVER ?? "https://mcp.zenrows.com";
 app.get("/mcp/.well-known/oauth-authorization-server", (c) => c.redirect("/.well-known/oauth-authorization-server", 301));
+// RFC 9728 — OAuth Protected Resource Metadata
+// MCP clients fetch this first to discover the authorization server(s) for this resource.
+app.get("/.well-known/oauth-protected-resource", (c) => c.json({
+    resource: MCP_SERVER,
+    authorization_servers: [MCP_SERVER],
+    bearer_methods_supported: ["header", "query"],
+    scopes_supported: [],
+}));
+// RFC 8414 — OAuth Authorization Server Metadata
+// Issuer must match the URL of the server serving this document (MCP_SERVER, not AUTH_SERVER),
+// because the MCP server acts as an authorization server proxy for client discovery purposes.
 app.get("/.well-known/oauth-authorization-server", (c) => c.json({
-    issuer: AUTH_SERVER,
+    issuer: MCP_SERVER,
     authorization_endpoint: `${AUTH_SERVER}/oauth/mcp/authorize`,
     token_endpoint: `${AUTH_SERVER}/oauth/mcp/token`,
+    registration_endpoint: `${MCP_SERVER}/register`,
     response_types_supported: ["code"],
     grant_types_supported: ["authorization_code"],
     code_challenge_methods_supported: ["S256"],
     token_endpoint_auth_methods_supported: ["none"],
 }));
+// RFC 7591 — Dynamic Client Registration
+// MCP clients (Claude.ai, Cursor, etc.) register themselves before initiating OAuth.
+// Since ZenRows API keys are the real auth mechanism, client registration is stateless —
+// we echo back a stable client_id derived from the request (or the one the client provides).
+app.post("/register", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    return c.json({
+        client_id: body.client_id ?? crypto.randomUUID(),
+        client_id_issued_at: Math.floor(Date.now() / 1000),
+        ...body,
+    }, 201);
+});
 app.all("/mcp", async (c) => {
     const apiKey = extractApiKey(c.req.raw);
     if (!apiKey) {
         return c.json({
             error: "Missing API key. Use Authorization: Bearer <key> header or ?apikey=<key> query param.",
         }, 401, {
-            "WWW-Authenticate": `Bearer realm="${AUTH_SERVER}", resource_metadata="https://mcp.zenrows.com/.well-known/oauth-authorization-server"`,
+            "WWW-Authenticate": `Bearer realm="${AUTH_SERVER}", resource_metadata="${MCP_SERVER}/.well-known/oauth-protected-resource"`,
             // CloudFront strips WWW-Authenticate — add Link header as RFC 8615 fallback
             // so MCP clients can still discover the OAuth server
-            "Link": `<https://mcp.zenrows.com/.well-known/oauth-authorization-server>; rel="oauth-authorization-server"`,
+            "Link": `<${MCP_SERVER}/.well-known/oauth-protected-resource>; rel="oauth-protected-resource"`,
         });
     }
     const transport = new WebStandardStreamableHTTPServerTransport({

package/dist/server.js

@@ -200,5 +200,60 @@ Examples:
             content: [{ type: "text", text: new TextDecoder().decode(buffer) }],
         };
     });
+    // ─── prompts ───────────────────────────────────────────────────────────────
+    server.registerPrompt("scrape_and_summarize", {
+        title: "Scrape and Summarize",
+        description: "Scrape a webpage and return a concise summary of its content.",
+        argsSchema: {
+            url: z.string().url().describe("The webpage URL to scrape and summarize"),
+        },
+    }, ({ url }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `Scrape ${url} using the ZenRows MCP scrape tool and provide a concise summary of the main content. Include key points, headings, and any important data found on the page.`,
+                },
+            },
+        ],
+    }));
+    server.registerPrompt("extract_structured_data", {
+        title: "Extract Structured Data",
+        description: "Scrape a webpage and extract specific structured data using CSS selectors.",
+        argsSchema: {
+            url: z.string().url().describe("The webpage URL to extract data from"),
+            fields: z
+                .string()
+                .describe('JSON object mapping field names to CSS selectors, e.g. \'{"title":"h1","price":".price"}\''),
+        },
+    }, ({ url, fields }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `Scrape ${url} using the ZenRows MCP scrape tool with css_extractor set to ${fields}. Return the extracted data as a clean JSON object.`,
+                },
+            },
+        ],
+    }));
+    server.registerPrompt("scrape_js_page", {
+        title: "Scrape JavaScript-Rendered Page",
+        description: "Scrape a page that requires JavaScript rendering (React, Vue, Angular, or any SPA).",
+        argsSchema: {
+            url: z.string().url().describe("The JavaScript-rendered page URL to scrape"),
+        },
+    }, ({ url }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `Scrape ${url} using the ZenRows MCP scrape tool with js_render set to true. The page requires JavaScript execution to load its content. Return the full rendered content in markdown format.`,
+                },
+            },
+        ],
+    }));
     return server;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zenrows/mcp",
-  "version": "1.1.3",
+  "version": "1.1.5",
   "description": "ZenRows MCP server — Universal Scraper API for AI coding assistants",
   "type": "module",
   "bin": {