ma-mcp-remote 0.1.41

package/dist/client.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/client.js

@@ -0,0 +1,143 @@
+#!/usr/bin/env node
+import {
+  Client,
+  ListResourcesResultSchema,
+  ListToolsResultSchema,
+  NodeOAuthClientProvider,
+  connectToRemoteServer,
+  createLazyAuthCoordinator,
+  debugLog,
+  discoverOAuthServerInfo,
+  log,
+  parseCommandLineArgs,
+  setupSignalHandlers,
+  version
+} from "./chunk-AO2MMDOT.js";
+
+// src/client.ts
+import { EventEmitter } from "events";
+async function runClient(serverUrl, callbackPort, headers, transportStrategy = "http-first", host, staticOAuthClientMetadata, staticOAuthClientInfo, authTimeoutMs, serverUrlHash) {
+  const events = new EventEmitter();
+  const authCoordinator = createLazyAuthCoordinator(serverUrlHash, callbackPort, events, authTimeoutMs);
+  log("Discovering OAuth server configuration...");
+  const discoveryResult = await discoverOAuthServerInfo(serverUrl, headers);
+  if (discoveryResult.protectedResourceMetadata) {
+    log(`Discovered authorization server: ${discoveryResult.authorizationServerUrl}`);
+    if (discoveryResult.protectedResourceMetadata.scopes_supported) {
+      debugLog("Protected Resource Metadata scopes", {
+        scopes_supported: discoveryResult.protectedResourceMetadata.scopes_supported
+      });
+    }
+  } else {
+    debugLog("No Protected Resource Metadata found, using server URL as authorization server");
+  }
+  const authProvider = new NodeOAuthClientProvider({
+    serverUrl: discoveryResult.authorizationServerUrl,
+    callbackPort,
+    host,
+    clientName: "MCP CLI Client",
+    staticOAuthClientMetadata,
+    staticOAuthClientInfo,
+    serverUrlHash,
+    authorizationServerMetadata: discoveryResult.authorizationServerMetadata,
+    protectedResourceMetadata: discoveryResult.protectedResourceMetadata,
+    wwwAuthenticateScope: discoveryResult.wwwAuthenticateScope
+  });
+  const client = new Client(
+    {
+      name: "mcp-remote",
+      version
+    },
+    {
+      capabilities: {}
+    }
+  );
+  let server = null;
+  const authInitializer = async () => {
+    const authState = await authCoordinator.initializeAuth();
+    server = authState.server;
+    if (authState.skipBrowserAuth) {
+      log("Authentication was completed by another instance - will use tokens from disk...");
+      await new Promise((res) => setTimeout(res, 1e3));
+    }
+    return {
+      waitForAuthCode: authState.waitForAuthCode,
+      skipBrowserAuth: authState.skipBrowserAuth
+    };
+  };
+  try {
+    const transport = await connectToRemoteServer(client, serverUrl, authProvider, headers, authInitializer, transportStrategy);
+    transport.onmessage = (message) => {
+      log("Received message:", JSON.stringify(message, null, 2));
+    };
+    transport.onerror = (error) => {
+      log("Transport error:", error);
+    };
+    transport.onclose = () => {
+      log("Connection closed.");
+      process.exit(0);
+    };
+    const cleanup = async () => {
+      log("\nClosing connection...");
+      await client.close();
+      if (server) {
+        server.close();
+      }
+    };
+    setupSignalHandlers(cleanup);
+    log("Connected successfully!");
+    try {
+      log("Requesting tools list...");
+      const tools = await client.request({ method: "tools/list" }, ListToolsResultSchema);
+      log("Tools:", JSON.stringify(tools, null, 2));
+    } catch (e) {
+      log("Error requesting tools list:", e);
+    }
+    try {
+      log("Requesting resource list...");
+      const resources = await client.request({ method: "resources/list" }, ListResourcesResultSchema);
+      log("Resources:", JSON.stringify(resources, null, 2));
+    } catch (e) {
+      log("Error requesting resources list:", e);
+    }
+    log("Exiting OK...");
+    if (server) {
+      server.close();
+    }
+    process.exit(0);
+  } catch (error) {
+    log("Fatal error:", error);
+    if (server) {
+      server.close();
+    }
+    process.exit(1);
+  }
+}
+parseCommandLineArgs(process.argv.slice(2), "Usage: npx tsx client.ts <https://server-url> [callback-port] [--debug]").then(
+  ({
+    serverUrl,
+    callbackPort,
+    headers,
+    transportStrategy,
+    host,
+    staticOAuthClientMetadata,
+    staticOAuthClientInfo,
+    authTimeoutMs,
+    serverUrlHash
+  }) => {
+    return runClient(
+      serverUrl,
+      callbackPort,
+      headers,
+      transportStrategy,
+      host,
+      staticOAuthClientMetadata,
+      staticOAuthClientInfo,
+      authTimeoutMs,
+      serverUrlHash
+    );
+  }
+).catch((error) => {
+  console.error("Fatal error:", error);
+  process.exit(1);
+});

package/dist/proxy.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/proxy.js

@@ -0,0 +1,234 @@
+#!/usr/bin/env node
+import {
+  JSONRPCMessageSchema,
+  NodeOAuthClientProvider,
+  connectToRemoteServer,
+  createLazyAuthCoordinator,
+  debugLog,
+  discoverOAuthServerInfo,
+  log,
+  mcpProxy,
+  parseCommandLineArgs,
+  setupSignalHandlers
+} from "./chunk-AO2MMDOT.js";
+
+// src/proxy.ts
+import { EventEmitter } from "events";
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
+import process2 from "process";
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
+var ReadBuffer = class {
+  append(chunk) {
+    this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
+  }
+  readMessage() {
+    if (!this._buffer) {
+      return null;
+    }
+    const index = this._buffer.indexOf("\n");
+    if (index === -1) {
+      return null;
+    }
+    const line = this._buffer.toString("utf8", 0, index).replace(/\r$/, "");
+    this._buffer = this._buffer.subarray(index + 1);
+    return deserializeMessage(line);
+  }
+  clear() {
+    this._buffer = void 0;
+  }
+};
+function deserializeMessage(line) {
+  return JSONRPCMessageSchema.parse(JSON.parse(line));
+}
+function serializeMessage(message) {
+  return JSON.stringify(message) + "\n";
+}
+
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
+var StdioServerTransport = class {
+  constructor(_stdin = process2.stdin, _stdout = process2.stdout) {
+    this._stdin = _stdin;
+    this._stdout = _stdout;
+    this._readBuffer = new ReadBuffer();
+    this._started = false;
+    this._ondata = (chunk) => {
+      this._readBuffer.append(chunk);
+      this.processReadBuffer();
+    };
+    this._onerror = (error) => {
+      this.onerror?.(error);
+    };
+  }
+  /**
+   * Starts listening for messages on stdin.
+   */
+  async start() {
+    if (this._started) {
+      throw new Error("StdioServerTransport already started! If using Server class, note that connect() calls start() automatically.");
+    }
+    this._started = true;
+    this._stdin.on("data", this._ondata);
+    this._stdin.on("error", this._onerror);
+  }
+  processReadBuffer() {
+    while (true) {
+      try {
+        const message = this._readBuffer.readMessage();
+        if (message === null) {
+          break;
+        }
+        this.onmessage?.(message);
+      } catch (error) {
+        this.onerror?.(error);
+      }
+    }
+  }
+  async close() {
+    this._stdin.off("data", this._ondata);
+    this._stdin.off("error", this._onerror);
+    const remainingDataListeners = this._stdin.listenerCount("data");
+    if (remainingDataListeners === 0) {
+      this._stdin.pause();
+    }
+    this._readBuffer.clear();
+    this.onclose?.();
+  }
+  send(message) {
+    return new Promise((resolve) => {
+      const json = serializeMessage(message);
+      if (this._stdout.write(json)) {
+        resolve();
+      } else {
+        this._stdout.once("drain", resolve);
+      }
+    });
+  }
+};
+
+// src/proxy.ts
+async function runProxy(serverUrl, callbackPort, headers, transportStrategy = "http-first", host, staticOAuthClientMetadata, staticOAuthClientInfo, authorizeResource, ignoredTools, authTimeoutMs, serverUrlHash) {
+  const events = new EventEmitter();
+  const authCoordinator = createLazyAuthCoordinator(serverUrlHash, callbackPort, events, authTimeoutMs);
+  log("Discovering OAuth server configuration...");
+  const discoveryResult = await discoverOAuthServerInfo(serverUrl, headers);
+  if (discoveryResult.protectedResourceMetadata) {
+    log(`Discovered authorization server: ${discoveryResult.authorizationServerUrl}`);
+    if (discoveryResult.protectedResourceMetadata.scopes_supported) {
+      debugLog("Protected Resource Metadata scopes", {
+        scopes_supported: discoveryResult.protectedResourceMetadata.scopes_supported
+      });
+    }
+  } else {
+    debugLog("No Protected Resource Metadata found, using server URL as authorization server");
+  }
+  const authProvider = new NodeOAuthClientProvider({
+    serverUrl: discoveryResult.authorizationServerUrl,
+    callbackPort,
+    host,
+    clientName: "MCP CLI Proxy",
+    staticOAuthClientMetadata,
+    staticOAuthClientInfo,
+    authorizeResource,
+    serverUrlHash,
+    authorizationServerMetadata: discoveryResult.authorizationServerMetadata,
+    protectedResourceMetadata: discoveryResult.protectedResourceMetadata,
+    wwwAuthenticateScope: discoveryResult.wwwAuthenticateScope
+  });
+  const localTransport = new StdioServerTransport();
+  let server = null;
+  const authInitializer = async () => {
+    const authState = await authCoordinator.initializeAuth();
+    server = authState.server;
+    if (authState.skipBrowserAuth) {
+      log("Authentication was completed by another instance - will use tokens from disk");
+      await new Promise((res) => setTimeout(res, 1e3));
+    }
+    return {
+      waitForAuthCode: authState.waitForAuthCode,
+      skipBrowserAuth: authState.skipBrowserAuth
+    };
+  };
+  try {
+    const remoteTransport = await connectToRemoteServer(null, serverUrl, authProvider, headers, authInitializer, transportStrategy);
+    mcpProxy({
+      transportToClient: localTransport,
+      transportToServer: remoteTransport,
+      ignoredTools
+    });
+    await localTransport.start();
+    log("Local STDIO server running");
+    log(`Proxy established successfully between local STDIO and remote ${remoteTransport.constructor.name}`);
+    log("Press Ctrl+C to exit");
+    const cleanup = async () => {
+      await remoteTransport.close();
+      await localTransport.close();
+      if (server) {
+        server.close();
+      }
+    };
+    setupSignalHandlers(cleanup);
+  } catch (error) {
+    log("Fatal error:", error);
+    if (error instanceof Error && error.message.includes("self-signed certificate in certificate chain")) {
+      log(`You may be behind a VPN!
+
+If you are behind a VPN, you can try setting the NODE_EXTRA_CA_CERTS environment variable to point
+to the CA certificate file. If using claude_desktop_config.json, this might look like:
+
+{
+  "mcpServers": {
+    "\${mcpServerName}": {
+      "command": "npx",
+      "args": [
+        "mcp-remote",
+        "https://remote.mcp.server/sse"
+      ],
+      "env": {
+        "NODE_EXTRA_CA_CERTS": "\${your CA certificate file path}.pem"
+      }
+    }
+  }
+}
+        `);
+    }
+    if (server) {
+      server.close();
+    }
+    process.exit(1);
+  }
+}
+parseCommandLineArgs(process.argv.slice(2), "Usage: npx tsx proxy.ts <https://server-url> [callback-port] [--debug]").then(
+  ({
+    serverUrl,
+    callbackPort,
+    headers,
+    transportStrategy,
+    host,
+    debug,
+    staticOAuthClientMetadata,
+    staticOAuthClientInfo,
+    authorizeResource,
+    ignoredTools,
+    authTimeoutMs,
+    serverUrlHash
+  }) => {
+    return runProxy(
+      serverUrl,
+      callbackPort,
+      headers,
+      transportStrategy,
+      host,
+      staticOAuthClientMetadata,
+      staticOAuthClientInfo,
+      authorizeResource,
+      ignoredTools,
+      authTimeoutMs,
+      serverUrlHash
+    );
+  }
+).catch((error) => {
+  log("Fatal error:", error);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "ma-mcp-remote",
+  "version": "0.1.41",
+  "description": "Remote proxy for Model Context Protocol, allowing local-only clients to connect to remote servers using oAuth",
+  "keywords": [
+    "mcp",
+    "stdio",
+    "sse",
+    "remote",
+    "oauth"
+  ],
+  "author": "tomerr",
+  "license": "MIT",
+  "repository": "https://github.com/geelen/mcp-remote",
+  "type": "module",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "main": "dist/index.js",
+  "bin": {
+    "mcp-remote": "dist/proxy.js",
+    "mcp-remote-client": "dist/client.js"
+  },
+  "scripts": {
+    "build": "tsup",
+    "build:watch": "tsup --watch",
+    "check": "prettier --check . && tsc",
+    "lint-fix": "prettier --check . --write",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest"
+  },
+  "dependencies": {
+    "express": "^4.21.2",
+    "open": "^10.1.0",
+    "strict-url-sanitise": "^0.0.1",
+    "undici": "^7.12.0"
+  },
+  "devDependencies": {
+    "@modelcontextprotocol/sdk": "^1.23.0",
+    "zod": "^4.0.0",
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.13.10",
+    "prettier": "^3.5.3",
+    "tsup": "^8.4.0",
+    "tsx": "^4.19.3",
+    "typescript": "^5.8.2",
+    "vitest": "^3.2.3"
+  },
+  "tsup": {
+    "entry": [
+      "src/client.ts",
+      "src/proxy.ts"
+    ],
+    "format": [
+      "esm"
+    ],
+    "dts": true,
+    "clean": true,
+    "outDir": "dist",
+    "external": []
+  },
+  "packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977"
+}