npm - scm-claude-tools - Versions diffs - 1.0.0 - Mend

scm-claude-tools 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/mcp-stdio-proxy.js +489 -0
package/package.json +22 -0

package/mcp-stdio-proxy.js ADDED Viewed

@@ -0,0 +1,489 @@
+#!/usr/bin/env node
+/**
+ * MCP Stdio-to-HTTP Proxy for Claude Desktop
+ *
+ * Replaces mcp-remote by acting as a stdio MCP server that forwards
+ * all requests to a remote Streamable HTTP MCP server.
+ *
+ * Solves the dual-process race condition in mcp-remote by:
+ *   1. Using file-based OAuth state (survives process restarts)
+ *   2. Lockfile coordination so only one process does auth
+ *   3. Waiting for auth completion instead of crashing
+ *
+ * Usage in claude_desktop_config.json:
+ *   {
+ *     "mcpServers": {
+ *       "scm-tools": {
+ *         "command": "npx",
+ *         "args": [
+ *           "-y",
+ *           "scm-claude-tools",
+ *           "https://scm-mcp-server-865984515842.us-central1.run.app/mcp"
+ *         ]
+ *       }
+ *     }
+ *   }
+ *
+ * Or with node directly:
+ *   {
+ *     "mcpServers": {
+ *       "scm-tools": {
+ *         "command": "node",
+ *         "args": [
+ *           "/path/to/mcp-stdio-proxy.js",
+ *           "https://your-server.run.app/mcp"
+ *         ]
+ *       }
+ *     }
+ *   }
+ */
+const { createServer } = require("node:http");
+const { readFileSync, writeFileSync, existsSync, mkdirSync } = require("node:fs");
+const { join } = require("node:path");
+const { randomBytes, createHash } = require("node:crypto");
+const { execSync } = require("node:child_process");
+// ── Config from args ────────────────────────────────────────────────────
+const REMOTE_URL = process.argv[2];
+if (!REMOTE_URL) {
+  process.stderr.write("Usage: mcp-stdio-proxy <remote-mcp-url>\n");
+  process.stderr.write("Example: mcp-stdio-proxy https://your-server.run.app/mcp\n");
+  process.exit(1);
+}
+// Derive server base URL from the MCP endpoint
+const parsedUrl = new URL(REMOTE_URL);
+const SERVER_BASE = `${parsedUrl.protocol}//${parsedUrl.host}`;
+// Per-server auth directory (based on hostname hash to isolate credentials)
+const serverHash = createHash("sha256").update(parsedUrl.host).digest("hex").slice(0, 12);
+const AUTH_DIR = join(process.env.HOME || process.env.USERPROFILE, ".mcp-auth", serverHash);
+// Parse optional callback port from args (default: 18546)
+const portArgIdx = process.argv.indexOf("--callback-port");
+const CALLBACK_PORT = portArgIdx !== -1 ? parseInt(process.argv[portArgIdx + 1], 10) : 18546;
+const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/oauth/callback`;
+// Files for persisting OAuth state
+const CLIENT_FILE = join(AUTH_DIR, "client.json");
+const TOKENS_FILE = join(AUTH_DIR, "tokens.json");
+// ── Helpers ─────────────────────────────────────────────────────────────
+function ensureDir() {
+  if (!existsSync(AUTH_DIR)) mkdirSync(AUTH_DIR, { recursive: true });
+}
+function loadJson(path) {
+  try {
+    return JSON.parse(readFileSync(path, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function saveJson(path, data) {
+  ensureDir();
+  writeFileSync(path, JSON.stringify(data, null, 2));
+}
+function log(...args) {
+  process.stderr.write(`[mcp-proxy] ${args.join(" ")}\n`);
+}
+function generateToken() {
+  return randomBytes(32).toString("hex");
+}
+function base64url(buf) {
+  return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+// ── OAuth Discovery ─────────────────────────────────────────────────────
+async function discoverOAuth() {
+  const res = await fetch(`${SERVER_BASE}/.well-known/oauth-authorization-server`);
+  if (!res.ok) throw new Error(`OAuth discovery failed: ${res.status}`);
+  return res.json();
+}
+// ── Dynamic Client Registration ─────────────────────────────────────────
+async function registerClient(metadata) {
+  const res = await fetch(metadata.registration_endpoint, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      client_name: "Claude Desktop MCP Proxy",
+      redirect_uris: [CALLBACK_URL],
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none",
+    }),
+  });
+  if (!res.ok) throw new Error(`DCR failed: ${res.status} ${await res.text()}`);
+  const client = await res.json();
+  saveJson(CLIENT_FILE, client);
+  return client;
+}
+// ── Token Exchange ──────────────────────────────────────────────────────
+async function exchangeCode(metadata, client, code, codeVerifier) {
+  const params = new URLSearchParams({
+    grant_type: "authorization_code",
+    code,
+    redirect_uri: CALLBACK_URL,
+    client_id: client.client_id,
+    client_secret: client.client_secret,
+    code_verifier: codeVerifier,
+  });
+  const res = await fetch(metadata.token_endpoint, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: params.toString(),
+  });
+  if (!res.ok) throw new Error(`Token exchange failed: ${res.status} ${await res.text()}`);
+  const tokens = await res.json();
+  saveJson(TOKENS_FILE, tokens);
+  return tokens;
+}
+async function refreshAccessToken(metadata, client, refreshToken) {
+  const params = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: client.client_id,
+    client_secret: client.client_secret,
+  });
+  const res = await fetch(metadata.token_endpoint, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: params.toString(),
+  });
+  if (!res.ok) return null;
+  const tokens = await res.json();
+  saveJson(TOKENS_FILE, tokens);
+  return tokens;
+}
+// ── Browser Auth Flow ───────────────────────────────────────────────────
+function doAuthFlow(metadata, client) {
+  return new Promise((resolve, reject) => {
+    const codeVerifier = base64url(randomBytes(32));
+    const codeChallenge = base64url(createHash("sha256").update(codeVerifier).digest());
+    const state = generateToken();
+    const url = new URL(metadata.authorization_endpoint);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", client.client_id);
+    url.searchParams.set("redirect_uri", CALLBACK_URL);
+    url.searchParams.set("code_challenge", codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("state", state);
+    url.searchParams.set("scope", "mcp:tools");
+    const server = createServer(async (req, res) => {
+      try {
+        const reqUrl = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
+        if (reqUrl.pathname !== "/oauth/callback") {
+          res.writeHead(404);
+          res.end("Not found");
+          return;
+        }
+        const code = reqUrl.searchParams.get("code");
+        const returnedState = reqUrl.searchParams.get("state");
+        if (returnedState !== state) {
+          res.writeHead(400);
+          res.end("Invalid state");
+          return;
+        }
+        if (!code) {
+          const error = reqUrl.searchParams.get("error");
+          res.writeHead(400);
+          res.end(`Auth error: ${error}`);
+          reject(new Error(`Auth error: ${error}`));
+          server.close();
+          return;
+        }
+        const tokens = await exchangeCode(metadata, client, code, codeVerifier);
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<html><body style='font-family:sans-serif;text-align:center;padding:40px'>" +
+          "<h2>Authentication successful!</h2>" +
+          "<p>You can close this tab and return to Claude Desktop.</p>" +
+          "</body></html>"
+        );
+        server.close();
+        resolve(tokens);
+      } catch (err) {
+        res.writeHead(500);
+        res.end("Error during auth");
+        server.close();
+        reject(err);
+      }
+    });
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        log("Another auth process is running, waiting for tokens...");
+        server.close();
+        waitForTokens(60000).then(resolve).catch(reject);
+        return;
+      }
+      reject(err);
+    });
+    server.listen(CALLBACK_PORT, "127.0.0.1", () => {
+      log(`Callback server on port ${CALLBACK_PORT}`);
+      log(`Opening browser for auth...`);
+      const authUrl = url.toString();
+      try {
+        if (process.platform === "win32") {
+          execSync(`start "" "${authUrl}"`, { stdio: "ignore" });
+        } else if (process.platform === "darwin") {
+          execSync(`open "${authUrl}"`, { stdio: "ignore" });
+        } else {
+          execSync(`xdg-open "${authUrl}"`, { stdio: "ignore" });
+        }
+      } catch {
+        log(`Please open this URL in your browser:\n${authUrl}`);
+      }
+    });
+    setTimeout(() => {
+      server.close();
+      reject(new Error("Auth timeout — no response within 2 minutes"));
+    }, 120000);
+  });
+}
+function waitForTokens(timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const start = Date.now();
+    const check = () => {
+      const tokens = loadJson(TOKENS_FILE);
+      if (tokens && tokens.access_token) {
+        resolve(tokens);
+        return;
+      }
+      if (Date.now() - start > timeoutMs) {
+        reject(new Error("Timed out waiting for auth from other process"));
+        return;
+      }
+      setTimeout(check, 500);
+    };
+    check();
+  });
+}
+// ── Get Valid Access Token ──────────────────────────────────────────────
+async function getAccessToken() {
+  ensureDir();
+  const metadata = await discoverOAuth();
+  let client = loadJson(CLIENT_FILE);
+  if (!client || !client.client_id) {
+    log("Registering new OAuth client...");
+    client = await registerClient(metadata);
+  }
+  let tokens = loadJson(TOKENS_FILE);
+  if (tokens && tokens.access_token) {
+    // Test if token still works
+    const testRes = await fetch(REMOTE_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${tokens.access_token}`,
+      },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        method: "initialize",
+        params: {
+          protocolVersion: "2025-11-25",
+          capabilities: {},
+          clientInfo: { name: "token-test", version: "0.0.1" },
+        },
+        id: "test",
+      }),
+    });
+    if (testRes.ok) {
+      return tokens.access_token;
+    }
+    // Token expired — try refresh
+    if (tokens.refresh_token) {
+      log("Access token expired, refreshing...");
+      const refreshed = await refreshAccessToken(metadata, client, tokens.refresh_token);
+      if (refreshed && refreshed.access_token) {
+        return refreshed.access_token;
+      }
+    }
+  }
+  // Need full auth flow
+  log("No valid tokens, starting browser auth flow...");
+  tokens = await doAuthFlow(metadata, client);
+  return tokens.access_token;
+}
+// ── MCP Stdio ↔ HTTP Proxy ─────────────────────────────────────────────
+async function main() {
+  log(`Connecting to ${REMOTE_URL}`);
+  let accessToken;
+  try {
+    accessToken = await getAccessToken();
+  } catch (err) {
+    log(`Auth failed: ${err.message}`);
+    process.exit(1);
+  }
+  log("Authenticated, proxying stdio <-> HTTP");
+  let sessionId = null;
+  let inputBuffer = "";
+  let stdinEnded = false;
+  // Serialize requests so session ID from initialize propagates
+  let requestQueue = Promise.resolve();
+  let pendingRequests = 0;
+  function maybeExit() {
+    if (stdinEnded && pendingRequests === 0) {
+      log("All requests complete, exiting.");
+      process.exit(0);
+    }
+  }
+  function enqueueRequest(message) {
+    pendingRequests++;
+    requestQueue = requestQueue
+      .then(() => forwardToRemote(message))
+      .catch((err) => log(`Request error: ${err.message}`))
+      .finally(() => {
+        pendingRequests--;
+        maybeExit();
+      });
+  }
+  process.stdin.setEncoding("utf8");
+  process.stdin.on("data", (chunk) => {
+    inputBuffer += chunk;
+    let newlineIdx;
+    while ((newlineIdx = inputBuffer.indexOf("\n")) !== -1) {
+      const line = inputBuffer.slice(0, newlineIdx).trim();
+      inputBuffer = inputBuffer.slice(newlineIdx + 1);
+      if (!line) continue;
+      try {
+        const message = JSON.parse(line);
+        enqueueRequest(message);
+      } catch (err) {
+        log(`Parse error: ${err.message}`);
+      }
+    }
+  });
+  process.stdin.on("end", () => {
+    stdinEnded = true;
+    maybeExit();
+  });
+  async function forwardToRemote(message) {
+    try {
+      const headers = {
+        "Content-Type": "application/json",
+        Accept: "application/json, text/event-stream",
+        Authorization: `Bearer ${accessToken}`,
+      };
+      if (sessionId) {
+        headers["mcp-session-id"] = sessionId;
+      }
+      const res = await fetch(REMOTE_URL, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(message),
+      });
+      // Check for auth failure BEFORE reading body
+      if (res.status === 401 || res.status === 403) {
+        log("Token expired, attempting refresh...");
+        try {
+          accessToken = await getAccessToken();
+          await forwardToRemote(message);
+        } catch {
+          log("Re-auth failed");
+          process.exit(1);
+        }
+        return;
+      }
+      const respSessionId = res.headers.get("mcp-session-id");
+      if (respSessionId) {
+        sessionId = respSessionId;
+      }
+      const contentType = res.headers.get("content-type") || "";
+      if (contentType.includes("text/event-stream")) {
+        const text = await res.text();
+        // SSE format: "event: message\ndata: {...}\n\n"
+        // Extract all data: lines
+        for (const line of text.split("\n")) {
+          const trimmed = line.trim();
+          if (trimmed.startsWith("data:")) {
+            const data = trimmed.slice(5).trim();
+            if (data) {
+              process.stdout.write(data + "\n");
+            }
+          }
+        }
+      } else if (contentType.includes("application/json")) {
+        const body = await res.text();
+        if (body.trim()) {
+          process.stdout.write(body.trim() + "\n");
+        }
+      } else if (res.status === 202) {
+        // Accepted (notifications) — no response body
+      } else {
+        log(`Unexpected response: ${res.status} ${contentType}`);
+      }
+    } catch (err) {
+      log(`Forward error: ${err.message}`);
+      if (message.id !== undefined) {
+        const errorResp = {
+          jsonrpc: "2.0",
+          error: { code: -32603, message: `Proxy error: ${err.message}` },
+          id: message.id,
+        };
+        process.stdout.write(JSON.stringify(errorResp) + "\n");
+      }
+    }
+  }
+}
+main().catch((err) => {
+  log(`Fatal: ${err.message}`);
+  process.exit(1);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "name": "scm-claude-tools",
+  "version": "1.0.0",
+  "description": "MCP proxy for State & Liberty SCM tools — connects Claude Desktop to the remote SCM MCP server",
+  "bin": {
+    "scm-claude-tools": "mcp-stdio-proxy.js"
+  },
+  "files": [
+    "mcp-stdio-proxy.js"
+  ],
+  "keywords": [
+    "mcp",
+    "claude",
+    "claude-desktop",
+    "scm",
+    "supply-chain"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}