npm - firecrawl-mcp - Versions diffs - 3.20.0 → 3.20.2 - Mend

firecrawl-mcp 3.20.0 → 3.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -428,6 +428,7 @@ Scrape content from a single URL with advanced options.
 ```
 **Branding format:** Extracts comprehensive brand identity (colors, fonts, typography, spacing, logo, UI components) for design analysis or style replication.
+**Privacy:** Set `redactPII: true` to return content with personally identifiable information redacted.
 **Returns:**
@@ -565,7 +566,8 @@ Search the web and optionally extract content from search results.
     "country": "us",
     "scrapeOptions": {
       "formats": ["markdown"],
-      "onlyMainContent": true
+      "onlyMainContent": true,
+      "redactPII": true
     }
   }
 }

package/dist/index.js CHANGED Viewed

@@ -187,11 +187,19 @@ const server = new FastMCP({
         protectedResourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(),
     },
     authenticate: async (request) => {
-        const headerCred = await resolveCredentialFromHeaders(request.headers);
+        // FastMCP invokes `authenticate(undefined)` for the stdio transport
+        // because there is no HTTP request context. Without this null guard,
+        // accessing `request.headers` throws a TypeError, FastMCP silently
+        // swallows it, and every subsequent tool call fails with
+        // "Unauthorized: API key is required when not using a self-hosted
+        // instance" even though `FIRECRAWL_API_KEY` is set in env.
+        const headerCred = request?.headers
+            ? await resolveCredentialFromHeaders(request.headers)
+            : undefined;
         const envCred = resolveCredentialFromEnv();
         if (process.env.CLOUD_SERVICE === 'true') {
             if (!headerCred) {
-                throw new Error('Firecrawl credentials required: OAuth access token (Authorization: Bearer fco_…) or API key (x-firecrawl-api-key)');
+                throw new Error('Firecrawl credentials required: OAuth access token (Authorization: Bearer fco_...) or API key (x-firecrawl-api-key)');
             }
             return { firecrawlApiKey: headerCred };
         }
@@ -205,7 +213,7 @@ const server = new FastMCP({
             process.exit(1);
         }
         if (httpStreaming && !credential && !process.env.FIRECRAWL_API_URL) {
-            console.error('HTTP MCP transport requires FIRECRAWL_API_URL and/or credentials (OAuth: Authorization Bearer fco_…, or FIRECRAWL_API_KEY / FIRECRAWL_OAUTH_TOKEN)');
+            console.error('HTTP MCP transport requires FIRECRAWL_API_URL and/or credentials (OAuth: Authorization Bearer fco_..., or FIRECRAWL_API_KEY / FIRECRAWL_OAUTH_TOKEN)');
             process.exit(1);
         }
         return { firecrawlApiKey: credential };
@@ -372,6 +380,7 @@ const scrapeParamsSchema = z.object({
     })
         .optional(),
     onlyMainContent: z.boolean().optional(),
+    redactPII: z.boolean().optional(),
     includeTags: z.array(z.string()).optional(),
     excludeTags: z.array(z.string()).optional(),
     waitFor: z.number().optional(),
@@ -517,6 +526,7 @@ If JSON extraction returns empty, minimal, or just navigation content, the page
 **Branding format:** Extracts comprehensive brand identity (colors, fonts, typography, spacing, logo, UI components) for design analysis or style replication.
 **Performance:** Add maxAge parameter for 500% faster scrapes using cached data.
 **Lockdown mode:** Set \`lockdown: true\` to serve the request only from the existing index/cache without any outbound network request. For air-gapped or compliance-constrained use where the request URL itself is considered sensitive. Errors on cache miss. Billed at 5 credits.
+**Privacy:** Set \`redactPII: true\` to return content with personally identifiable information redacted.
 **Returns:** JSON structured data, markdown, branding profile, or other formats as specified.
 ${SAFE_MODE
         ? '**Safe Mode:** Read-only content extraction. Interactive actions (click, write, executeJavascript) are disabled for security.'
@@ -1353,6 +1363,7 @@ if (process.env.CLOUD_SERVICE !== 'true') {
         })
             .optional(),
         onlyMainContent: z.boolean().optional(),
+        redactPII: z.boolean().optional(),
         includeTags: z.array(z.string()).optional(),
         excludeTags: z.array(z.string()).optional(),
         removeBase64Images: z.boolean().optional(),
@@ -1394,6 +1405,7 @@ This is the fastest and most reliable way to extract content from a document on
 **Supported file types:** .html, .htm, .xhtml, .pdf, .docx, .doc, .odt, .rtf, .xlsx, .xls
 **Unsupported options:** actions, screenshot/branding/changeTracking formats, waitFor > 0, location, mobile, proxy values other than "auto" or "basic".
+**Privacy:** Set \`redactPII: true\` to return content with personally identifiable information redacted.
 **CRITICAL - Format Selection (same rules as firecrawl_scrape):**
 When the user asks for SPECIFIC data points from a document, you MUST use JSON format with a schema. Only use markdown when the user needs the ENTIRE document content.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "firecrawl-mcp",
-  "version": "3.20.0",
+  "version": "3.20.2",
   "description": "MCP server for Firecrawl — search, scrape, and interact with the web. Supports both cloud and self-hosted instances. Features include web search, scraping, page interaction, batch processing, and LLM-powered content analysis.",
   "type": "module",
   "mcpName": "io.github.firecrawl/firecrawl-mcp-server",