create-multicast 0.4.0 → 0.4.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-multicast",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "Create a Multicast MCP gateway — one command to scaffold, configure, and deploy your parallel MCP server.",
   "type": "module",
   "bin": "./dist/cli.js",

package/templates/default/src/index.ts

@@ -73,6 +73,33 @@ function getRegisteredServers(env: Env): Map<string, RegisteredServer> {
   return servers;
 }
 
+// ── SSE Response Parser ──────────────────────────────────────
+// MCP Streamable HTTP servers may respond with either application/json
+// or text/event-stream. This helper parses both formats.
+
+async function parseJsonOrSse(response: Response): Promise<unknown> {
+  const contentType = response.headers.get("content-type") || "";
+
+  if (contentType.includes("text/event-stream")) {
+    // Parse SSE: extract the last JSON data line
+    const text = await response.text();
+    const lines = text.split("\n");
+    let lastData = "";
+    for (const line of lines) {
+      if (line.startsWith("data: ")) {
+        lastData = line.slice(6);
+      }
+    }
+    if (lastData) {
+      return JSON.parse(lastData);
+    }
+    throw new Error("No data in SSE response");
+  }
+
+  // Plain JSON
+  return response.json();
+}
+
 // ── OAuth Token Management ───────────────────────────────────
 // Resolves auth for OAuth servers: checks D1 for cached token,
 // refreshes if expired, returns a valid Bearer header.
@@ -253,7 +280,7 @@ async function callMcpServer(
           };
         }
 
-        const setupData = (await setupResponse.json()) as {
+        const setupData = (await parseJsonOrSse(setupResponse)) as {
           result?: { content?: Array<{ text?: string }>; isError?: boolean };
           error?: { message?: string };
         };
@@ -297,7 +324,7 @@ async function callMcpServer(
       };
     }
 
-    const data = (await response.json()) as {
+    const data = (await parseJsonOrSse(response)) as {
       result?: unknown;
       error?: { message?: string; code?: number };
     };
@@ -391,7 +418,15 @@ async function discoverServerTools(
       "Content-Type": "application/json",
       "Accept": "application/json, text/event-stream",
     };
-    if (server.auth) {
+
+    // Resolve auth: static header OR OAuth token from D1
+    if (server.isOAuth) {
+      const oauthResult = await resolveOAuthToken(server.name, db);
+      if (oauthResult.error) {
+        return { tool_count: 0, error: oauthResult.error };
+      }
+      headers["Authorization"] = oauthResult.auth!;
+    } else if (server.auth) {
       headers["Authorization"] = server.auth;
     }
 
@@ -445,7 +480,7 @@ async function discoverServerTools(
       return { tool_count: 0, error: errText };
     }
 
-    const data = (await response.json()) as {
+    const data = (await parseJsonOrSse(response)) as {
       result?: { tools?: Array<{ name: string; description?: string; inputSchema?: unknown }> };
       error?: { message?: string };
     };
@@ -989,6 +1024,13 @@ export default {
       );
     }
 
+    // Return clean 404 for OAuth discovery and other non-MCP paths
+    // Claude Code's HTTP transport probes /.well-known/oauth-authorization-server
+    // If this returns a JSON-RPC error, Claude Code's OAuth parser breaks.
+    if (url.pathname.startsWith("/.well-known/")) {
+      return new Response("Not found", { status: 404 });
+    }
+
     // Delegate MCP traffic
     return mcpHandler.fetch(request, env, ctx);
   },