ebay-mcp 1.8.9 → 1.8.10

package/build/mcp/http-transport.js

@@ -0,0 +1,217 @@
+import cors from 'cors';
+import { randomUUID } from 'crypto';
+import express from 'express';
+import helmet from 'helmet';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { createBearerAuthMiddleware } from '../auth/oauth-middleware.js';
+import { createMetadataRouter, getProtectedResourceMetadataUrl } from '../auth/oauth-metadata.js';
+import { TokenVerifier } from '../auth/token-verifier.js';
+import { getDefaultScopes, getEbayConfig } from '../config/environment.js';
+import { createEbayMcpRuntime } from '../mcp/runtime.js';
+import { getVersion } from '../utils/version.js';
+function getProjectRoot() {
+    const filename = fileURLToPath(import.meta.url);
+    const directory = dirname(filename);
+    return join(directory, '../..');
+}
+/**
+ * Build HTTP transport configuration from process environment variables.
+ */
+export function createHttpTransportConfigFromEnv(env = process.env) {
+    return {
+        host: env.MCP_HOST || 'localhost',
+        port: Number(env.MCP_PORT) || 3000,
+        oauth: {
+            authServerUrl: env.OAUTH_AUTH_SERVER_URL ?? 'http://localhost:8080/realms/master',
+            clientId: env.OAUTH_CLIENT_ID,
+            clientSecret: env.OAUTH_CLIENT_SECRET,
+            requiredScopes: (env.OAUTH_REQUIRED_SCOPES || 'mcp:tools')
+                .split(',')
+                .map((scope) => scope.trim()),
+            useIntrospection: env.OAUTH_USE_INTROSPECTION !== 'false',
+        },
+        authEnabled: env.OAUTH_ENABLED !== 'false',
+        projectRoot: getProjectRoot(),
+    };
+}
+/**
+ * Build the public server URL used for MCP metadata and OAuth audience checks.
+ */
+export function getHttpServerUrl(config) {
+    return `http://${config.host}:${config.port}`;
+}
+/**
+ * Resolve the OAuth authorization-server metadata endpoint for the configured issuer.
+ */
+export function getAuthServerMetadataUrl(config) {
+    const baseUrl = config.oauth.authServerUrl;
+    if (baseUrl.includes('/realms/')) {
+        return `${baseUrl}/.well-known/openid-configuration`;
+    }
+    return `${baseUrl}/.well-known/oauth-authorization-server`;
+}
+function createServerConfig(serverUrl) {
+    const iconBaseUrl = `${serverUrl}/icons`;
+    const iconSizes = ['16x16', '32x32', '48x48', '128x128', '256x256', '512x512', '1024x1024'];
+    return {
+        name: 'ebay-mcp',
+        version: getVersion(),
+        title: 'eBay API MCP Server',
+        websiteUrl: 'https://github.com/YosefHayim/ebay-mcp',
+        icons: iconSizes.map((size) => ({
+            src: `${iconBaseUrl}/${size}.png`,
+            mimeType: 'image/png',
+            sizes: [size],
+        })),
+    };
+}
+async function createMcpServer(serverUrl) {
+    const runtime = createEbayMcpRuntime({
+        serverConfig: createServerConfig(serverUrl),
+    });
+    try {
+        await runtime.initializeApi();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(`Failed to initialize eBay API client: ${message}`);
+        throw error;
+    }
+    return runtime.server;
+}
+async function createAuthMiddleware(config, serverUrl) {
+    if (!config.authEnabled) {
+        console.error('OAuth is disabled. Server running in unauthenticated mode.');
+        return undefined;
+    }
+    console.log('Initializing OAuth token verifier...');
+    const tokenVerifier = new TokenVerifier({
+        authServerMetadata: getAuthServerMetadataUrl(config),
+        clientId: config.oauth.clientId,
+        clientSecret: config.oauth.clientSecret,
+        expectedAudience: serverUrl,
+        requiredScopes: config.oauth.requiredScopes,
+        useIntrospection: config.oauth.useIntrospection,
+    });
+    try {
+        await tokenVerifier.initialize();
+        console.log('Token verifier initialized');
+        return createBearerAuthMiddleware({
+            verifier: tokenVerifier,
+            resourceMetadataUrl: getProtectedResourceMetadataUrl(serverUrl),
+            realm: 'ebay-mcp',
+        });
+    }
+    catch (error) {
+        console.error('Failed to initialize token verifier:', error);
+        throw error;
+    }
+}
+function createRequestLogger() {
+    return (req, res, next) => {
+        const start = Date.now();
+        res.on('finish', () => {
+            const duration = Date.now() - start;
+            console.log(`${req.method} ${req.path} -> ${res.statusCode} (${duration}ms)`);
+        });
+        next();
+    };
+}
+function sendInvalidSession(res) {
+    res.status(400).json({
+        error: 'invalid_session',
+        error_description: 'Invalid or missing session ID',
+    });
+}
+/**
+ * Create the Express app that serves OAuth metadata and streamable HTTP MCP sessions.
+ */
+export async function createHttpMcpApp(config) {
+    const app = express();
+    const serverUrl = getHttpServerUrl(config);
+    const ebayConfig = config.ebayConfig ?? getEbayConfig();
+    app.use(cors({
+        origin: '*',
+        exposedHeaders: ['Mcp-Session-Id'],
+    }));
+    app.use(express.json());
+    app.use(helmet({ xPoweredBy: false }));
+    app.use(createRequestLogger());
+    app.use('/icons', express.static(join(config.projectRoot, 'public', 'icons')));
+    app.use(createMetadataRouter({
+        resourceServerUrl: serverUrl,
+        authServerMetadata: getAuthServerMetadataUrl(config),
+        scopesSupported: config.oauth.requiredScopes,
+        resourceDocumentation: 'https://github.com/YosefHayim/ebay-mcp',
+        resourceName: 'eBay API MCP Server',
+        ebayEnvironment: ebayConfig.environment,
+        ebayScopes: getDefaultScopes(ebayConfig.environment),
+    }));
+    app.get('/health', (_req, res) => {
+        res.json({
+            status: 'healthy',
+            timestamp: new Date().toISOString(),
+            oauth_enabled: config.authEnabled,
+        });
+    });
+    const authMiddleware = await createAuthMiddleware(config, serverUrl);
+    const transports = new Map();
+    const mcpPostHandler = async (req, res) => {
+        const sessionHeader = req.headers['mcp-session-id'];
+        const sessionId = typeof sessionHeader === 'string' ? sessionHeader : undefined;
+        let transport;
+        if (sessionId && transports.has(sessionId)) {
+            transport = transports.get(sessionId);
+        }
+        else if (!sessionId && isInitializeRequest(req.body)) {
+            transport = new StreamableHTTPServerTransport({
+                sessionIdGenerator: () => randomUUID(),
+                onsessioninitialized: (initializedSessionId) => {
+                    transports.set(initializedSessionId, transport);
+                    console.log(`New MCP session initialized: ${initializedSessionId}`);
+                },
+            });
+            transport.onclose = () => {
+                if (transport.sessionId) {
+                    transports.delete(transport.sessionId);
+                    console.log(`MCP session closed: ${transport.sessionId}`);
+                }
+            };
+            const server = await createMcpServer(serverUrl);
+            await server.connect(transport);
+        }
+        else {
+            res.status(400).json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32000,
+                    message: 'Bad Request: No valid session ID provided',
+                },
+                id: null,
+            });
+            return;
+        }
+        await transport.handleRequest(req, res, req.body);
+    };
+    const handleSessionRequest = async (req, res) => {
+        const sessionHeader = req.headers['mcp-session-id'];
+        const sessionId = typeof sessionHeader === 'string' ? sessionHeader : undefined;
+        if (!sessionId || !transports.has(sessionId)) {
+            sendInvalidSession(res);
+            return;
+        }
+        const transport = transports.get(sessionId);
+        await transport.handleRequest(req, res);
+    };
+    const mcpMiddleware = authMiddleware ? [authMiddleware, mcpPostHandler] : [mcpPostHandler];
+    const sessionMiddleware = authMiddleware
+        ? [authMiddleware, handleSessionRequest]
+        : [handleSessionRequest];
+    app.post('/', ...mcpMiddleware);
+    app.get('/', ...sessionMiddleware);
+    app.delete('/', ...sessionMiddleware);
+    return app;
+}

package/build/mcp/runtime.js

@@ -0,0 +1,71 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { EbaySellerApi } from '../api/index.js';
+import { getEbayConfig, mcpConfig } from '../config/environment.js';
+import { getToolEntries } from '../tools/registry.js';
+import { serverLogger, toolLogger } from '../utils/logger.js';
+function formatToolSuccess(result) {
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify(result, null, 2),
+            },
+        ],
+    };
+}
+function formatToolFailure(error) {
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify({ error: errorMessage }, null, 2),
+            },
+        ],
+        isError: true,
+    };
+}
+function registerTool(server, api, entry, logToolExecution) {
+    const { definition, handler } = entry;
+    server.registerTool(definition.name, {
+        description: definition.description,
+        inputSchema: definition.inputSchema,
+    }, async (args) => {
+        if (logToolExecution) {
+            toolLogger.debug(`Executing tool: ${definition.name}`, { args });
+        }
+        try {
+            const result = await handler(api, args);
+            if (logToolExecution) {
+                toolLogger.debug(`Tool ${definition.name} completed successfully`);
+            }
+            return formatToolSuccess(result);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            if (logToolExecution) {
+                toolLogger.error(`Tool ${definition.name} failed`, { error: errorMessage });
+            }
+            return formatToolFailure(error);
+        }
+    });
+}
+/**
+ * Create an MCP server runtime and register all eBay tool handlers.
+ */
+export function createEbayMcpRuntime(options = {}) {
+    const api = options.api ?? new EbaySellerApi(getEbayConfig());
+    const server = new McpServer(options.serverConfig ?? mcpConfig);
+    const entries = getToolEntries();
+    serverLogger.info(`Registering ${entries.length} tools`);
+    for (const entry of entries) {
+        registerTool(server, api, entry, options.logToolExecution ?? false);
+    }
+    return {
+        api,
+        server,
+        async initializeApi() {
+            await api.initialize();
+        },
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ebay-mcp",
-  "version": "1.8.9",
+  "version": "1.8.10",
   "description": "Model Context Protocol (MCP) server that exposes 100% of eBay's Sell APIs (325 tools across 270 endpoints) to AI assistants like Claude, Cursor, and Cline, covering inventory, order fulfillment, marketing, analytics, and developer tools with OAuth authentication and refresh-token support.",
   "type": "module",
   "main": "build/index.js",
@@ -29,6 +29,7 @@
     "build/api/**/*.js",
     "build/auth/**/*.js",
     "build/config/**/*.js",
+    "build/mcp/**/*.js",
     "build/schemas/**/*.js",
     "build/scripts/**/*.js",
     "build/tools/**/*.js",