npm - mcp-proxy - Versions diffs - 5.11.2 → 5.12.1 - Mend

mcp-proxy 5.11.2 → 5.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +71 -49
package/dist/bin/mcp-proxy.js +31 -35
package/dist/bin/mcp-proxy.js.map +1 -1
package/dist/index.d.ts +5 -0
package/dist/index.js +516 -295
package/dist/index.js.map +1 -1
package/dist/{stdio-DQCs94rj.js → stdio-BAyQuMKu.js} +11135 -8848
package/dist/stdio-BAyQuMKu.js.map +1 -0
package/jsr.json +1 -1
package/package.json +19 -19
package/src/InMemoryEventStore.test.ts +58 -50
package/src/InMemoryEventStore.ts +2 -3
package/src/authentication.test.ts +275 -18
package/src/authentication.ts +57 -5
package/src/bin/mcp-proxy.ts +2 -1
package/src/proxyServer.test.ts +40 -22
package/src/startHTTPServer.test.ts +41 -23
package/src/startHTTPServer.ts +132 -52
package/src/startStdioServer.test.ts +8 -5
package/dist/stdio-DQCs94rj.js.map +0 -1

package/README.md CHANGED Viewed

@@ -56,7 +56,7 @@ npx mcp-proxy --port 8080 -- my-command -v
 ### Stateless Mode
-By default, MCP Proxy maintains persistent sessions for HTTP streamable transport, where each client connection is associated with a server instance that stays alive for the duration of the session.
+By default, MCP Proxy maintains persistent sessions for HTTP streamable transport, where each client connection is associated with a server instance that stays alive for the duration of the session.
 Stateless mode (`--stateless`) changes this behavior:
@@ -94,11 +94,13 @@ MCP Proxy supports optional API key authentication to secure your endpoints. Whe
 Authentication is disabled by default for backward compatibility. To enable it, provide an API key via:
 **Command-line:**
 ```bash
 npx mcp-proxy --port 8080 --apiKey "your-secret-key" tsx server.js
 ```
 **Environment variable:**
 ```bash
 export MCP_PROXY_API_KEY="your-secret-key"
 npx mcp-proxy --port 8080 tsx server.js
@@ -111,28 +113,26 @@ Clients must include the API key in the `X-API-Key` header:
 ```typescript
 // For streamable HTTP transport
 const transport = new StreamableHTTPClientTransport(
-  new URL('http://localhost:8080/mcp'),
+  new URL("http://localhost:8080/mcp"),
   {
     headers: {
-      'X-API-Key': 'your-secret-key'
-    }
-  }
+      "X-API-Key": "your-secret-key",
+    },
+  },
 );
 // For SSE transport
-const transport = new SSEClientTransport(
-  new URL('http://localhost:8080/sse'),
-  {
-    headers: {
-      'X-API-Key': 'your-secret-key'
-    }
-  }
-);
+const transport = new SSEClientTransport(new URL("http://localhost:8080/sse"), {
+  headers: {
+    "X-API-Key": "your-secret-key",
+  },
+});
 ```
 #### Exempt Endpoints
 The following endpoints do not require authentication:
 - `/ping` - Health check endpoint
 - `OPTIONS` requests - CORS preflight requests
@@ -150,6 +150,7 @@ MCP Proxy provides flexible CORS (Cross-Origin Resource Sharing) configuration t
 #### Default Behavior
 By default, CORS is enabled with the following settings:
 - **Origin**: `*` (allow all origins)
 - **Methods**: `GET, POST, OPTIONS`
 - **Headers**: `Content-Type, Authorization, Accept, Mcp-Session-Id, Last-Event-Id`
@@ -159,24 +160,30 @@ By default, CORS is enabled with the following settings:
 #### Basic Configuration
 ```typescript
-import { startHTTPServer } from 'mcp-proxy';
+import { startHTTPServer } from "mcp-proxy";
 // Use default CORS settings (backward compatible)
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
 });
 // Explicitly enable default CORS
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: true,
 });
 // Disable CORS completely
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: false,
 });
@@ -187,44 +194,46 @@ await startHTTPServer({
 For more control over CORS behavior, you can provide a detailed configuration:
 ```typescript
-import { startHTTPServer, CorsOptions } from 'mcp-proxy';
+import { startHTTPServer, CorsOptions } from "mcp-proxy";
 const corsOptions: CorsOptions = {
   // Allow specific origins
-  origin: ['https://app.example.com', 'https://admin.example.com'],
+  origin: ["https://app.example.com", "https://admin.example.com"],
   // Or use a function for dynamic origin validation
-  origin: (origin: string) => origin.endsWith('.example.com'),
+  origin: (origin: string) => origin.endsWith(".example.com"),
   // Specify allowed methods
-  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
   // Allow any headers (useful for browser clients with custom headers)
-  allowedHeaders: '*',
+  allowedHeaders: "*",
   // Or specify exact headers
   allowedHeaders: [
-    'Content-Type',
-    'Authorization',
-    'Accept',
-    'Mcp-Session-Id',
-    'Last-Event-Id',
-    'X-Custom-Header',
-    'X-API-Key'
+    "Content-Type",
+    "Authorization",
+    "Accept",
+    "Mcp-Session-Id",
+    "Last-Event-Id",
+    "X-Custom-Header",
+    "X-API-Key",
   ],
   // Headers to expose to the client
-  exposedHeaders: ['Mcp-Session-Id', 'X-Total-Count'],
+  exposedHeaders: ["Mcp-Session-Id", "X-Total-Count"],
   // Allow credentials
   credentials: true,
   // Cache preflight requests for 24 hours
   maxAge: 86400,
 };
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: corsOptions,
 });
@@ -233,36 +242,45 @@ await startHTTPServer({
 #### Common Use Cases
 **Allow any custom headers (solves browser CORS issues):**
 ```typescript
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: {
-    allowedHeaders: '*', // Allows X-Custom-Header, X-API-Key, etc.
+    allowedHeaders: "*", // Allows X-Custom-Header, X-API-Key, etc.
   },
 });
 ```
 **Restrict to specific domains:**
 ```typescript
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: {
-    origin: ['https://myapp.com', 'https://admin.myapp.com'],
-    allowedHeaders: '*',
+    origin: ["https://myapp.com", "https://admin.myapp.com"],
+    allowedHeaders: "*",
   },
 });
 ```
 **Development-friendly settings:**
 ```typescript
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: {
-    origin: ['http://localhost:3000', 'http://localhost:5173'], // Common dev ports
-    allowedHeaders: '*',
+    origin: ["http://localhost:3000", "http://localhost:5173"], // Common dev ports
+    allowedHeaders: "*",
     credentials: true,
   },
 });
@@ -275,16 +293,20 @@ If you were using mcp-proxy 5.5.6 and want the same permissive behavior in 5.9.0
 ```typescript
 // Old behavior (5.5.6) - automatic wildcard headers
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
 });
 // New equivalent (5.9.0+) - explicit wildcard headers
 await startHTTPServer({
-  createServer: async () => { /* ... */ },
+  createServer: async () => {
+    /* ... */
+  },
   port: 3000,
   cors: {
-    allowedHeaders: '*',
+    allowedHeaders: "*",
   },
 });
 ```

package/dist/bin/mcp-proxy.js CHANGED Viewed

@@ -1,13 +1,13 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-DQCs94rj.js";
+import { D as __toESM, E as __commonJS, a as startHTTPServer, i as Client, n as serializeMessage, o as proxyServer, r as Server, t as ReadBuffer, w as InMemoryEventStore } from "../stdio-BAyQuMKu.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";
-import { fileURLToPath } from "url";
 import { setTimeout as setTimeout$1 } from "node:timers";
 import util from "node:util";
 import { notStrictEqual, strictEqual } from "assert";
 import { readFileSync, readdirSync, statSync, writeFile } from "fs";
+import { fileURLToPath } from "url";
 import { readFileSync as readFileSync$1, readdirSync as readdirSync$1 } from "node:fs";
 import { spawn } from "node:child_process";
 import { PassThrough, Transform } from "node:stream";
@@ -39,8 +39,8 @@ function createParser(callbacks) {
 		}
 		const fieldSeparatorIndex = line.indexOf(":");
 		if (fieldSeparatorIndex !== -1) {
-			const field = line.slice(0, fieldSeparatorIndex), offset = line[fieldSeparatorIndex + 1] === " " ? 2 : 1, value = line.slice(fieldSeparatorIndex + offset);
-			processField(field, value, line);
+			const field = line.slice(0, fieldSeparatorIndex), offset = line[fieldSeparatorIndex + 1] === " " ? 2 : 1;
+			processField(field, line.slice(fieldSeparatorIndex + offset), line);
 			return;
 		}
 		processField(line, "", line);
@@ -110,7 +110,7 @@ function splitLines(chunk) {
 }
 //#endregion
-//#region node_modules/.pnpm/eventsource@4.0.0/node_modules/eventsource/dist/index.js
+//#region node_modules/.pnpm/eventsource@4.1.0/node_modules/eventsource/dist/index.js
 var ErrorEvent = class extends Event {
 	/**
 	* Constructs a new `ErrorEvent` instance. This is typically not called directly,
@@ -336,6 +336,12 @@ _readyState = /* @__PURE__ */ new WeakMap(), _url = /* @__PURE__ */ new WeakMap(
 	});
 	(_a$1 = __privateGet(this, _onError)) == null || _a$1.call(this, errorEvent), this.dispatchEvent(errorEvent), __privateSet(this, _reconnectTimer, setTimeout(__privateGet(this, _reconnect), __privateGet(this, _reconnectInterval)));
 }, _reconnect = /* @__PURE__ */ new WeakMap(), EventSource.CONNECTING = 0, EventSource.OPEN = 1, EventSource.CLOSED = 2;
+Object.defineProperty(EventSource, Symbol.for("eventsource.supports-fetch-override"), {
+	value: !0,
+	writable: !1,
+	configurable: !1,
+	enumerable: !1
+});
 function getBaseURL() {
 	const doc = "document" in globalThis ? globalThis.document : void 0;
 	return doc && typeof doc == "object" && "baseURI" in doc && typeof doc.baseURI == "string" ? doc.baseURI : void 0;
@@ -1355,18 +1361,14 @@ var YargsParser = class {
 			return i;
 		}
 		function setArg(key, val, shouldStripQuotes = inputIsString) {
-			if (/-/.test(key) && configuration["camel-case-expansion"]) {
-				const alias = key.split(".").map(function(prop) {
-					return camelCase(prop);
-				}).join(".");
-				addNewAlias(key, alias);
-			}
+			if (/-/.test(key) && configuration["camel-case-expansion"]) addNewAlias(key, key.split(".").map(function(prop) {
+				return camelCase(prop);
+			}).join("."));
 			const value = processValue(key, val, shouldStripQuotes);
 			const splitKey = key.split(".");
 			setKey(argv$1, splitKey, value);
 			if (flags.aliases[key]) flags.aliases[key].forEach(function(x) {
-				const keyProperties = x.split(".");
-				setKey(argv$1, keyProperties, value);
+				setKey(argv$1, x.split("."), value);
 			});
 			if (splitKey.length > 1 && configuration["dot-notation"]) (flags.aliases[splitKey[0]] || []).forEach(function(x) {
 				let keyProperties = x.split(".");
@@ -2076,15 +2078,13 @@ function argsert(arg1, arg2, arg3) {
 		const totalCommands = parsed.demanded.length + parsed.optional.length;
 		if (length > totalCommands) throw new YError(`Too many arguments provided. Expected max ${totalCommands} but received ${length}.`);
 		parsed.demanded.forEach((demanded) => {
-			const arg = args.shift();
-			const observedType = guessType(arg);
+			const observedType = guessType(args.shift());
 			if (demanded.cmd.filter((type) => type === observedType || type === "*").length === 0) argumentTypeError(observedType, demanded.cmd, position);
 			position += 1;
 		});
 		parsed.optional.forEach((optional) => {
 			if (args.length === 0) return;
-			const arg = args.shift();
-			const observedType = guessType(arg);
+			const observedType = guessType(args.shift());
 			if (optional.cmd.filter((type) => type === observedType || type === "*").length === 0) argumentTypeError(observedType, optional.cmd, position);
 			position += 1;
 		});
@@ -2781,27 +2781,25 @@ function usage(yargs, shim$2) {
 		addUngroupedKeys(keys, options.alias, groups, defaultGroup);
 		const isLongSwitch = (sw) => /^--/.test(getText(sw));
 		const displayedGroups = Object.keys(groups).filter((groupName) => groups[groupName].length > 0).map((groupName) => {
-			const normalizedKeys = groups[groupName].filter(filterHiddenOptions).map((key) => {
-				if (aliasKeys.includes(key)) return key;
-				for (let i = 0, aliasKey; (aliasKey = aliasKeys[i]) !== void 0; i++) if ((options.alias[aliasKey] || []).includes(key)) return aliasKey;
-				return key;
-			});
 			return {
 				groupName,
-				normalizedKeys
+				normalizedKeys: groups[groupName].filter(filterHiddenOptions).map((key) => {
+					if (aliasKeys.includes(key)) return key;
+					for (let i = 0, aliasKey; (aliasKey = aliasKeys[i]) !== void 0; i++) if ((options.alias[aliasKey] || []).includes(key)) return aliasKey;
+					return key;
+				})
 			};
 		}).filter(({ normalizedKeys }) => normalizedKeys.length > 0).map(({ groupName, normalizedKeys }) => {
-			const switches = normalizedKeys.reduce((acc, key) => {
-				acc[key] = [key].concat(options.alias[key] || []).map((sw) => {
-					if (groupName === self.getPositionalGroupName()) return sw;
-					else return (/^[0-9]$/.test(sw) ? options.boolean.includes(key) ? "-" : "--" : sw.length > 1 ? "--" : "-") + sw;
-				}).sort((sw1, sw2) => isLongSwitch(sw1) === isLongSwitch(sw2) ? 0 : isLongSwitch(sw1) ? 1 : -1).join(", ");
-				return acc;
-			}, {});
 			return {
 				groupName,
 				normalizedKeys,
-				switches
+				switches: normalizedKeys.reduce((acc, key) => {
+					acc[key] = [key].concat(options.alias[key] || []).map((sw) => {
+						if (groupName === self.getPositionalGroupName()) return sw;
+						else return (/^[0-9]$/.test(sw) ? options.boolean.includes(key) ? "-" : "--" : sw.length > 1 ? "--" : "-") + sw;
+					}).sort((sw1, sw2) => isLongSwitch(sw1) === isLongSwitch(sw2) ? 0 : isLongSwitch(sw1) ? 1 : -1).join(", ");
+					return acc;
+				}, {})
 			};
 		});
 		if (displayedGroups.filter(({ groupName }) => groupName !== self.getPositionalGroupName()).some(({ normalizedKeys, switches }) => !normalizedKeys.every((key) => isLongSwitch(switches[key])))) displayedGroups.filter(({ groupName }) => groupName !== self.getPositionalGroupName()).forEach(({ normalizedKeys, switches }) => {
@@ -3748,8 +3746,7 @@ var YargsInstance = class {
 		__classPrivateFieldGet(this, _YargsInstance_options, "f").key[coerceKey] = true;
 		__classPrivateFieldGet(this, _YargsInstance_globalMiddleware, "f").addCoerceMiddleware((argv$1, yargs) => {
 			var _a$1;
-			const coerceKeyAliases = (_a$1 = yargs.getAliases()[coerceKey]) !== null && _a$1 !== void 0 ? _a$1 : [];
-			const argvKeys = [coerceKey, ...coerceKeyAliases].filter((key) => Object.prototype.hasOwnProperty.call(argv$1, key));
+			const argvKeys = [coerceKey, ...(_a$1 = yargs.getAliases()[coerceKey]) !== null && _a$1 !== void 0 ? _a$1 : []].filter((key) => Object.prototype.hasOwnProperty.call(argv$1, key));
 			if (argvKeys.length === 0) return argv$1;
 			return maybeAsyncResult(() => {
 				return value(argv$1[argvKeys[0]]);
@@ -5140,9 +5137,8 @@ const createGracefulShutdown = ({ server, timeout }) => {
 };
 const main = async () => {
 	try {
-		const server = await proxy();
 		createGracefulShutdown({
-			server,
+			server: await proxy(),
 			timeout: argv.gracefulShutdownTimeout
 		});
 	} catch (error) {