mcp-proxy 5.12.5 → 6.1.9

package/jsr.json

@@ -3,5 +3,5 @@
   "include": ["src/index.ts", "src/bin/mcp-proxy.ts"],
   "license": "MIT",
   "name": "@punkpeye/mcp-proxy",
-  "version": "5.12.5"
+  "version": "6.1.9"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-proxy",
-  "version": "5.12.5",
+  "version": "6.1.9",
   "main": "dist/index.mjs",
   "scripts": {
     "build": "tsdown",
@@ -41,7 +41,7 @@
     "@eslint/js": "^9.39.1",
     "@modelcontextprotocol/sdk": "^1.24.3",
     "@sebbo2002/semantic-release-jsr": "^3.1.0",
-    "@tsconfig/node22": "^22.0.5",
+    "@tsconfig/node24": "^24.0.3",
     "@types/express": "^5.0.6",
     "@types/node": "^24.10.1",
     "@types/yargs": "^17.0.35",

package/src/bin/mcp-proxy.ts

@@ -22,9 +22,8 @@ if (!("EventSource" in global)) {
 
 const argv = await yargs(hideBin(process.argv))
   .scriptName("mcp-proxy")
-  .command("$0 <command> [args...]", "Run a command with MCP arguments")
+  .command("$0 [command] [args...]", "Proxy an MCP stdio server over HTTP")
   .positional("command", {
-    demandOption: true,
     describe: "The command to run",
     type: "string",
   })
@@ -33,6 +32,7 @@ const argv = await yargs(hideBin(process.argv))
     describe: "The arguments to pass to the command",
     type: "string",
   })
+  .usage("$0 [options] -- <command> [args...]\n       $0 <command> [args...]")
   .env("MCP_PROXY")
   .parserConfiguration({
     "populate--": true,
@@ -88,6 +88,18 @@ const argv = await yargs(hideBin(process.argv))
       describe: "The SSE endpoint to listen on",
       type: "string",
     },
+    sslCa: {
+      describe: "Filename to override the trusted CA certificates",
+      type: "string",
+    },
+    sslCert: {
+      describe: "Cert chains filename in PEM format",
+      type: "string",
+    },
+    sslKey: {
+      describe: "Private keys filename in PEM format",
+      type: "string",
+    },
     stateless: {
       default: false,
       describe:
@@ -103,15 +115,29 @@ const argv = await yargs(hideBin(process.argv))
   .help()
   .parseAsync();
 
-// Determine the final command and args
-if (!argv.command) {
-  throw new Error("No command specified");
-}
+// If -- separator was used, everything after -- is the command and its args
+const dashDashArgs = argv["--"] as string[] | undefined;
 
-const finalCommand = argv.command;
+let finalCommand: string;
+let finalArgs: string[];
 
-// If -- separator was used, args after -- are in argv["--"], otherwise use parsed args
-const finalArgs = (argv["--"] as string[]) || argv.args;
+if (dashDashArgs && dashDashArgs.length > 0) {
+  // -- was used: first item after -- is command, rest are args
+  [finalCommand, ...finalArgs] = dashDashArgs;
+} else if (argv.command) {
+  // No -- used: use positional command and args
+  finalCommand = argv.command as string;
+  finalArgs = (argv.args as string[]) || [];
+} else {
+  console.error("Error: No command specified.");
+  console.error("Usage: mcp-proxy [options] -- <command> [args...]");
+  console.error("   or: mcp-proxy <command> [args...]");
+  console.error("");
+  console.error("Examples:");
+  console.error("  mcp-proxy --port 8080 -- node server.js --port 3000");
+  console.error("  mcp-proxy node server.js");
+  process.exit(1);
+}
 
 const connect = async (client: Client) => {
   const transport = new StdioClientTransport({
@@ -180,6 +206,9 @@ const proxy = async () => {
       argv.server && argv.server !== "sse"
         ? null
         : (argv.sseEndpoint ?? argv.endpoint),
+    sslCa: argv.sslCa,
+    sslCert: argv.sslCert,
+    sslKey: argv.sslKey,
     stateless: argv.stateless,
     streamEndpoint:
       argv.server && argv.server !== "stream"

package/src/startHTTPServer.test.ts

@@ -4,7 +4,9 @@ import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { EventSource } from "eventsource";
+import fs from "fs";
 import { getRandomPort } from "get-port-please";
+import https from "https";
 import { setTimeout as delay } from "node:timers/promises";
 import { expect, it, vi } from "vitest";
 
@@ -2085,3 +2087,63 @@ it("supports custom methods and maxAge", async () => {
 
   await httpServer.close();
 });
+
+// SSL Tests
+
+it("supports creating an SSL server", async () => {
+  const port = await getRandomPort();
+
+  const httpServer = await startHTTPServer({
+    createServer: async () => {
+      const mcpServer = new Server(
+        { name: "test", version: "1.0.0" },
+        { capabilities: {} },
+      );
+      return mcpServer;
+    },
+    port,
+    sslCert: "src/fixtures/certs/server-cert.pem",
+    sslKey: "src/fixtures/certs/server-key.pem",
+  });
+
+  const options = {
+    ca: fs.readFileSync("src/fixtures/certs/ca-cert.pem"),
+    cert: fs.readFileSync("src/fixtures/certs/client-cert.pem"),
+    hostname: "localhost",
+    key: fs.readFileSync("src/fixtures/certs/client-key.pem"),
+    method: "GET",
+    path: "/ping",
+    port,
+  };
+
+  // Use https.get to test client certificate authentication
+  // (Node's fetch API doesn't support custom HTTPS agents with client certs)
+  const response = await new Promise<{ statusCode?: number; text: string }>(
+    (resolve, reject) => {
+      https
+        .get(options, (res) => {
+          let data = "";
+
+          res.on("data", (chunk) => {
+            data += chunk;
+          });
+
+          res.on("end", () => {
+            resolve({ statusCode: res.statusCode, text: data });
+          });
+
+          res.on("error", (err) => {
+            reject(err);
+          });
+        })
+        .on("error", (err) => {
+          reject(err);
+        });
+    },
+  );
+
+  expect(response.statusCode).toBe(200);
+  expect(response.text).toBe("pong");
+
+  await httpServer.close();
+});

package/src/startHTTPServer.ts

@@ -5,7 +5,9 @@ import {
   StreamableHTTPServerTransport,
 } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+import fs from "fs";
 import http from "http";
+import https from "https";
 import { randomUUID } from "node:crypto";
 
 import { AuthConfig, AuthenticationMiddleware } from "./authentication.js";
@@ -857,6 +859,9 @@ export const startHTTPServer = async <T extends ServerLike>({
   onUnhandledRequest,
   port,
   sseEndpoint = "/sse",
+  sslCa,
+  sslCert,
+  sslKey,
   stateless,
   streamEndpoint = "/mcp",
 }: {
@@ -876,6 +881,9 @@ export const startHTTPServer = async <T extends ServerLike>({
   ) => Promise<void>;
   port: number;
   sseEndpoint?: null | string;
+  sslCa?: null | string;
+  sslCert?: null | string;
+  sslKey?: null | string;
   stateless?: boolean;
   streamEndpoint?: null | string;
 }): Promise<SSEServer> => {
@@ -894,7 +902,7 @@ export const startHTTPServer = async <T extends ServerLike>({
   /**
    * @author https://dev.classmethod.jp/articles/mcp-sse/
    */
-  const httpServer = http.createServer(async (req, res) => {
+  const requestListener: http.RequestListener = async (req, res) => {
     // Apply CORS headers
     applyCorsHeaders(req, res, cors);
 
@@ -958,7 +966,42 @@ export const startHTTPServer = async <T extends ServerLike>({
     } else {
       res.writeHead(404).end();
     }
-  });
+  };
+
+  let httpServer;
+  if (sslCa || sslCert || sslKey) {
+    const options: https.ServerOptions = {};
+    if (sslCa) {
+      try {
+        options.ca = fs.readFileSync(sslCa);
+      } catch (error) {
+        throw new Error(
+          `Failed to read CA file '${sslCa}': ${(error as Error).message}`,
+        );
+      }
+    }
+    if (sslCert) {
+      try {
+        options.cert = fs.readFileSync(sslCert);
+      } catch (error) {
+        throw new Error(
+          `Failed to read certificate file '${sslCert}': ${(error as Error).message}`,
+        );
+      }
+    }
+    if (sslKey) {
+      try {
+        options.key = fs.readFileSync(sslKey);
+      } catch (error) {
+        throw new Error(
+          `Failed to read key file '${sslKey}': ${(error as Error).message}`,
+        );
+      }
+    }
+    httpServer = https.createServer(options, requestListener);
+  } else {
+    httpServer = http.createServer(requestListener);
+  }
 
   await new Promise((resolve) => {
     httpServer.listen(port, host, () => {

package/tsconfig.json

@@ -1,5 +1,5 @@
 {
-  "extends": "@tsconfig/node22/tsconfig.json",
+  "extends": "@tsconfig/node24/tsconfig.json",
   "compilerOptions": {
     "noEmit": true,
     "noUnusedLocals": true,