diff --git a/package-lock.json b/package-lock.json index a3bf7466..1c8b7d0b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@bugsnag/js": "^8.2.0", - "@modelcontextprotocol/sdk": "^1.15.0", + "@modelcontextprotocol/sdk": "^1.26.0", "node-cache": "^5.1.2", "swagger-client": "^3.35.6", "vite": "^7.3.1", @@ -755,10 +755,9 @@ } }, "node_modules/@hono/node-server": { - "version": "1.19.7", - "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz", - "integrity": "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==", - "license": "MIT", + "version": "1.19.9", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.9.tgz", + "integrity": "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==", "engines": { "node": ">=18.14.1" }, @@ -834,12 +833,11 @@ } }, "node_modules/@modelcontextprotocol/sdk": { - "version": "1.25.2", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.2.tgz", - "integrity": "sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==", - "license": "MIT", + "version": "1.26.0", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz", + "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==", "dependencies": { - "@hono/node-server": "^1.19.7", + "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", @@ -847,14 +845,15 @@ "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", - "express": "^5.0.1", - "express-rate-limit": "^7.5.0", - "jose": "^6.1.1", + "express": "^5.2.1", + "express-rate-limit": "^8.2.1", + "hono": "^4.11.4", + "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", - "zod-to-json-schema": "^3.25.0" + "zod-to-json-schema": "^3.25.1" }, "engines": { "node": ">=18" @@ -2048,7 +2047,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz", "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", - "license": "MIT", "dependencies": { "mime-types": "^3.0.0", "negotiator": "^1.0.0" @@ -2174,10 +2172,9 @@ "license": "MIT" }, "node_modules/body-parser": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz", - "integrity": "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==", - "license": "MIT", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz", + "integrity": "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==", "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", @@ -2185,7 +2182,7 @@ "http-errors": "^2.0.0", "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", - "qs": "^6.14.0", + "qs": "^6.14.1", "raw-body": "^3.0.1", "type-is": "^2.0.1" }, @@ -2221,7 +2218,6 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -2253,7 +2249,6 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", - "license": "MIT", "dependencies": { "call-bind-apply-helpers": "^1.0.2", "get-intrinsic": "^1.3.0" @@ -2344,7 +2339,6 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.1.tgz", "integrity": "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q==", - "license": "MIT", "engines": { "node": ">=18" }, @@ -2357,7 +2351,6 @@ "version": "1.0.5", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -2366,7 +2359,6 @@ "version": "0.7.2", "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -2375,7 +2367,6 @@ "version": "1.2.2", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", - "license": "MIT", "engines": { "node": ">=6.6.0" } @@ -2467,7 +2458,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -2496,8 +2486,7 @@ "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", - "license": "MIT" + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" }, "node_modules/emoji-regex": { "version": "9.2.2", @@ -2510,7 +2499,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -2629,8 +2617,7 @@ "node_modules/escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", - "license": "MIT" + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" }, "node_modules/estree-walker": { "version": "3.0.3", @@ -2646,7 +2633,6 @@ "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -2686,7 +2672,6 @@ "version": "5.2.1", "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz", "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", - "license": "MIT", "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.1", @@ -2726,10 +2711,12 @@ } }, "node_modules/express-rate-limit": { - "version": "7.5.1", - "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz", - "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==", - "license": "MIT", + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz", + "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==", + "dependencies": { + "ip-address": "10.0.1" + }, "engines": { "node": ">= 16" }, @@ -2789,7 +2776,6 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz", "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==", - "license": "MIT", "dependencies": { "debug": "^4.4.0", "encodeurl": "^2.0.0", @@ -2884,7 +2870,6 @@ "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -2893,7 +2878,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -3062,11 +3046,9 @@ } }, "node_modules/hono": { - "version": "4.11.3", - "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.3.tgz", - "integrity": "sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==", - "license": "MIT", - "peer": true, + "version": "4.11.9", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.9.tgz", + "integrity": "sha512-Eaw2YTGM6WOxA6CXbckaEvslr2Ne4NFsKrvc0v97JD5awbmeBLO5w9Ho9L9kmKonrwF9RJlW6BxT1PVv/agBHQ==", "engines": { "node": ">=16.9.0" } @@ -3082,7 +3064,6 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", - "license": "MIT", "dependencies": { "depd": "~2.0.0", "inherits": "~2.0.4", @@ -3099,10 +3080,9 @@ } }, "node_modules/iconv-lite": { - "version": "0.7.1", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz", - "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==", - "license": "MIT", + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz", + "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==", "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" }, @@ -3142,11 +3122,18 @@ "node": ">= 0.10" } }, + "node_modules/ip-address": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz", + "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==", + "engines": { + "node": ">= 12" + } + }, "node_modules/ipaddr.js": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", - "license": "MIT", "engines": { "node": ">= 0.10" } @@ -3180,8 +3167,7 @@ "node_modules/is-promise": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", - "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", - "license": "MIT" + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==" }, "node_modules/iserror": { "version": "0.0.2", @@ -3376,7 +3362,6 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -3385,7 +3370,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz", "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", - "license": "MIT", "engines": { "node": ">=18" }, @@ -3397,7 +3381,6 @@ "version": "1.54.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -3406,7 +3389,6 @@ "version": "3.0.2", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz", "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", - "license": "MIT", "dependencies": { "mime-db": "^1.54.0" }, @@ -3491,7 +3473,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -3595,7 +3576,6 @@ "version": "1.13.4", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", - "license": "MIT", "engines": { "node": ">= 0.4" }, @@ -3607,7 +3587,6 @@ "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", - "license": "MIT", "dependencies": { "ee-first": "1.1.1" }, @@ -3659,7 +3638,6 @@ "version": "1.3.3", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -3711,7 +3689,6 @@ "version": "8.3.0", "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz", "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==", - "license": "MIT", "funding": { "type": "opencollective", "url": "https://opencollective.com/express" @@ -3802,7 +3779,6 @@ "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "license": "MIT", "dependencies": { "forwarded": "0.2.0", "ipaddr.js": "1.9.1" @@ -3831,7 +3807,6 @@ "version": "6.14.1", "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", - "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" }, @@ -3872,7 +3847,6 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -3881,7 +3855,6 @@ "version": "3.0.2", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz", "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", - "license": "MIT", "dependencies": { "bytes": "~3.1.2", "http-errors": "~2.0.1", @@ -3982,7 +3955,6 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", - "license": "MIT", "dependencies": { "debug": "^4.4.0", "depd": "^2.0.0", @@ -3997,8 +3969,7 @@ "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "license": "MIT" + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/semver": { "version": "7.7.3", @@ -4017,7 +3988,6 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz", "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==", - "license": "MIT", "dependencies": { "debug": "^4.4.3", "encodeurl": "^2.0.0", @@ -4043,7 +4013,6 @@ "version": "2.2.1", "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz", "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==", - "license": "MIT", "dependencies": { "encodeurl": "^2.0.0", "escape-html": "^1.0.3", @@ -4061,8 +4030,7 @@ "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", - "license": "ISC" + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" }, "node_modules/shebang-command": { "version": "2.0.0", @@ -4134,7 +4102,6 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", - "license": "MIT", "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", @@ -4153,7 +4120,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", - "license": "MIT", "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3" @@ -4169,7 +4135,6 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", - "license": "MIT", "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", @@ -4187,7 +4152,6 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", - "license": "MIT", "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", @@ -4257,7 +4221,6 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", - "license": "MIT", "engines": { "node": ">= 0.8" } @@ -4564,7 +4527,6 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", - "license": "MIT", "engines": { "node": ">=0.6" } @@ -4617,7 +4579,6 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", - "license": "MIT", "dependencies": { "content-type": "^1.0.5", "media-typer": "^1.1.0", @@ -4661,7 +4622,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", - "license": "MIT", "engines": { "node": ">= 0.8" } diff --git a/package.json b/package.json index 199a67c3..d16ebeb7 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ }, "dependencies": { "@bugsnag/js": "^8.2.0", - "@modelcontextprotocol/sdk": "^1.15.0", + "@modelcontextprotocol/sdk": "^1.26.0", "node-cache": "^5.1.2", "swagger-client": "^3.35.6", "vite": "^7.3.1", diff --git a/src/bugsnag/client.ts b/src/bugsnag/client.ts index 7f97ee3a..030202e4 100644 --- a/src/bugsnag/client.ts +++ b/src/bugsnag/client.ts @@ -9,18 +9,20 @@ import type { RegisterResourceFunction, RegisterToolsFunction, } from "../common/types"; +import type { + Build, + EventField, + Organization, + Project, + Release, + TraceField, +} from "./client/api/index"; import { - type Build, Configuration, CurrentUserAPI, ErrorAPI, ErrorUpdateRequest, - type EventField, - type Organization, - type Project, ProjectAPI, - type Release, - type TraceField, } from "./client/api/index"; import { type FilterObject, toUrlSearchParams } from "./client/filters"; import { toolInputParameters } from "./input-schemas"; @@ -72,7 +74,12 @@ interface StabilityData { } const ConfigurationSchema = z.object({ - auth_token: z.string().describe("BugSnag personal authentication token"), + auth_token: z + .string() + .describe( + "BugSnag authentication token (personal access token or OAuth token)", + ) + .optional(), project_api_key: z.string().describe("BugSnag project API key").optional(), endpoint: z.url().describe("BugSnag endpoint URL").optional(), }); @@ -121,8 +128,22 @@ export class BugsnagClient implements Client { config.project_api_key, config.endpoint, ); + + const authToken = config.auth_token; + + if (!authToken) { + return; + } + + await this.initializeApis(authToken, config); + } + + private async initializeApis( + authToken: string, + config: z.infer, + ) { const apiConfig = new Configuration({ - apiKey: `token ${config.auth_token}`, + apiKey: `token ${authToken}`, headers: { "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`, "Content-Type": "application/json", @@ -140,7 +161,6 @@ export class BugsnagClient implements Client { this._projectApi = new ProjectAPI(apiConfig); this._projectApiKey = config.project_api_key; this._isConfigured = true; - return; } isConfigured(): boolean { diff --git a/src/common/transport-http.ts b/src/common/transport-http.ts index ed1bb40e..a5ab1383 100644 --- a/src/common/transport-http.ts +++ b/src/common/transport-http.ts @@ -11,6 +11,16 @@ import { SmartBearMcpServer } from "./server"; import type { Client } from "./types"; import { isOptionalType } from "./zod-utils"; +/** + * Helper to construct the base URL from the request, respecting proxy headers. + * This is critical for cloud deployments where SSL termination happens at the load balancer. + */ +function getBaseUrl(req: IncomingMessage): string { + const protocol = (req.headers["x-forwarded-proto"] as string) || "http"; + const host = (req.headers["x-forwarded-host"] as string) || req.headers.host; + return `${protocol}://${host}`; +} + /** * Run server in HTTP mode with Streamable HTTP transport * Supports both SSE (legacy) and StreamableHTTP transports for backwards compatibility @@ -20,6 +30,7 @@ export async function runHttpMode() { const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(",") || [ "http://localhost:3000", ]; + const baseUrlOverride = process.env.BASE_URL; // Allow explicit override if headers are unreliable // Store transports by session ID const transports = new Map< @@ -37,6 +48,7 @@ export async function runHttpMode() { "Authorization", "MCP-Session-Id", // Required for StreamableHTTP "x-custom-auth-headers", // used by mcp-inspector + "mcp-protocol-version", ...allowedAuthHeaders, ].join(", "); @@ -60,7 +72,10 @@ export async function runHttpMode() { return; } - const url = new URL(req.url || "/", `http://${req.headers.host}`); + // Determine the public URL of this server + // Use env override if set, otherwise detect from request headers + const baseUrl = baseUrlOverride || getBaseUrl(req); + const url = new URL(req.url || "/", baseUrl); // HEALTH CHECK ENDPOINT if (req.method === "GET" && url.pathname === "/health") { @@ -71,6 +86,131 @@ export async function runHttpMode() { return; } + // OAUTH DISCOVERY ENDPOINT (RFC 8414) + if ( + req.method === "GET" && + (url.pathname === "/.well-known/oauth-authorization-server" || + url.pathname === "/.well-known/oauth-authorization-server/mcp") + ) { + const issuer = + process.env.OAUTH_ISSUER || "https://oauth.smartbear.com"; + const authEndpoint = + process.env.OAUTH_AUTHORIZATION_ENDPOINT || `${issuer}/authorize`; + const tokenEndpoint = + process.env.OAUTH_TOKEN_ENDPOINT || `${issuer}/token`; + const jwksUri = + process.env.OAUTH_JWKS_URI || `${issuer}/.well-known/jwks.json`; + + // We provide a local registration endpoint to satisfy MCP Inspector + // which returns a pre-configured client ID + const registrationEndpoint = `${baseUrl}/oauth/register`; + + res.writeHead(200, { "Content-Type": "application/json" }); + res.end( + JSON.stringify({ + issuer: issuer, + authorization_endpoint: authEndpoint, + token_endpoint: tokenEndpoint, + jwks_uri: jwksUri, + registration_endpoint: registrationEndpoint, + response_types_supported: ["code"], + grant_types_supported: ["authorization_code", "refresh_token"], + code_challenge_methods_supported: ["S256"], + token_endpoint_auth_methods_supported: ["none"], + scopes_supported: process.env.OAUTH_SCOPES + ? process.env.OAUTH_SCOPES.split(",") + : ["api"], + }), + ); + return; + } + + // PROTECTED RESOURCE METADATA ENDPOINT (RFC 9293) + // This endpoint tells the client where to find the Authorization Server. + // The Inspector hits this first to find the Auth Server, then hits /.well-known/oauth-authorization-server. + // We point to ourselves (or the configured issuer) so the client can find the metadata above. + if ( + req.method === "GET" && + (url.pathname === "/.well-known/oauth-protected-resource" || + url.pathname === "/.well-known/oauth-protected-resource/mcp") + ) { + // In this architecture, the MCP server acts as the discovery gateway for the Auth Server. + // We point the client to this server's host to fetch the authorization server metadata. + // Note: The 'issuer' in the metadata above might be different (external), but we want + // the client to discover the metadata *here* first to get our registration_endpoint. + // If we pointed directly to an external issuer, we'd lose the ability to inject the + // mock registration endpoint. + const authServerUrl = baseUrl; + + res.writeHead(200, { "Content-Type": "application/json" }); + res.end( + JSON.stringify({ + resource: `${baseUrl}/mcp`, + authorization_servers: [authServerUrl], + }), + ); + return; + } + + // DYNAMIC CLIENT REGISTRATION ENDPOINT + // This endpoint implements a stateless version of RFC 7591 dynamic client registration. + // It allows clients (like MCP Inspector) to register themselves to obtain a client_id. + // Since this server is stateless, we return a deterministic or configured client_id + // rather than persisting client records in a database. + // The Inspector calls this to get the client_id before constructing the authorization URL. + if (req.method === "POST" && url.pathname === "/oauth/register") { + try { + // Consume the body + const body = (await parseRequestBody(req)) as Record; + const redirectUris = body?.redirect_uris as string[] | undefined; + + // RFC 7591: redirect_uris is required for web clients + if ( + !redirectUris || + !Array.isArray(redirectUris) || + redirectUris.length === 0 + ) { + res.writeHead(400, { "Content-Type": "application/json" }); + res.end( + JSON.stringify({ + error: "invalid_redirect_uri", + error_description: "redirect_uris parameter is required", + }), + ); + return; + } + + // Use configured client ID or default to a static one for stateless operation + const clientId = process.env.OAUTH_CLIENT_ID || "mcp-client"; + + // Determine scopes: Use requested scopes if valid, or default to all supported + // const supportedScopes = process.env.OAUTH_SCOPES + // ? process.env.OAUTH_SCOPES.split(",") + // : ["api", "offline_access"]; + + res.writeHead(201, { "Content-Type": "application/json" }); + res.end( + JSON.stringify({ + client_id: clientId, + client_name: body.client_name || "MCP Client", + redirect_uris: redirectUris, + // scope: supportedScopes.join(" "), + // client_secret_expires_at: 0, + client_id_issued_at: Math.floor(Date.now() / 1000), + grant_types: ["authorization_code", "refresh_token"], + response_types: ["code"], + token_endpoint_auth_method: "none", + // application_type: "web", + }), + ); + } catch (error) { + console.error("Error handling registration request:", error); + res.writeHead(400, { "Content-Type": "application/json" }); + res.end(JSON.stringify({ error: "invalid_request" })); + } + return; + } + // STREAMABLE HTTP ENDPOINT (modern, preferred) if (url.pathname === "/mcp") { await handleStreamableHttpRequest(req, res, transports); @@ -450,17 +590,60 @@ async function newServer( const server = new SmartBearMcpServer(); try { // Configure server with values from HTTP headers - await clientRegistry.configure(server, (client, key) => { - const headerName = getHeaderName(client, key); - // Check both original case and lower-case headers for compatibility - // (HTTP headers are case-insensitive, but Node.js lowercases them) - const value = - req.headers[headerName] || req.headers[headerName.toLowerCase()]; - if (typeof value === "string") { - return value; - } - return null; - }); + const configuredCount = await clientRegistry.configure( + server, + (client, key) => { + const headerName = getHeaderName(client, key); + // Check both original case and lower-case headers for compatibility + // (HTTP headers are case-insensitive, but Node.js lowercases them) + const value = + req.headers[headerName] || req.headers[headerName.toLowerCase()]; + if (typeof value === "string") { + return value; + } + + // For BugSnag client, allow reading endpoint from environment variable + // This is useful for On-Premise installations where the endpoint is fixed + if (client.name === "BugSnag" && key === "endpoint") { + const envEndpoint = + process.env.BUGSNAG_API_URL || process.env.BUGSNAG_ENDPOINT; + if (envEndpoint) { + return envEndpoint; + } + } + + // Check standard Authorization header as fallback + // This supports the MCP Inspector which sends the obtained OAuth token in the Authorization header + // We map this token to the primary authentication config key of the client + const isAuthKey = [ + "auth_token", + "api_token", + "api_key", + "token", + "login_ticket", + ].includes(key); + + if (isAuthKey && req.headers.authorization) { + const authHeader = req.headers.authorization; + if (authHeader.startsWith("Bearer ")) { + return authHeader.substring(7); + } + return authHeader; + } + + return null; + }, + ); + + console.log( + `Configured ${configuredCount} clients for new server instance`, + ); + + if (configuredCount === 0) { + throw new Error( + "No clients successfully configured. Missing authentication headers.", + ); + } } catch (error: any) { // Configuration failed - provide helpful error message const headerHelp = getHttpHeadersHelp(); @@ -469,7 +652,18 @@ async function newServer( ? `Configuration error: ${error instanceof Error ? error.message : String(error)}. Please provide valid headers:\n${headerHelp.join("\n")}` : "No clients support HTTP header configuration."; - res.writeHead(401, { "Content-Type": "text/plain" }); + const headers: Record = { + "Content-Type": "text/plain", + }; + + // Add WWW-Authenticate header to support OAuth discovery flow + // This points the client to the Protected Resource Metadata endpoint + if (req.headers.host) { + headers["WWW-Authenticate"] = + `OAuth resource_metadata="http://${req.headers.host}/.well-known/oauth-protected-resource"`; + } + + res.writeHead(401, headers); res.end(errorMessage); return null; } diff --git a/src/tests/unit/bugsnag/client.test.ts b/src/tests/unit/bugsnag/client.test.ts index 4d693b03..811a7e63 100644 --- a/src/tests/unit/bugsnag/client.test.ts +++ b/src/tests/unit/bugsnag/client.test.ts @@ -545,7 +545,9 @@ describe("BugsnagClient", () => { getCache: vi.fn().mockReturnValue(mockCache), } as any; - await client.configure(mockServer, { auth_token: "test-token" }); + await client.configure(mockServer, { + auth_token: "test-token", + }); // Cache should be used in getProjects mockCache.get.mockReturnValueOnce(null); // No cached org diff --git a/src/zephyr/client.ts b/src/zephyr/client.ts index d4be823b..e3a0608e 100644 --- a/src/zephyr/client.ts +++ b/src/zephyr/client.ts @@ -30,7 +30,7 @@ import { GetTestExecution } from "./tool/test-execution/get-test-execution"; import { GetTestExecutions } from "./tool/test-execution/get-test-executions"; import { UpdateTestExecution } from "./tool/test-execution/update-test-execution"; -const BASE_URL_DEFAULT = "https://api.zephyrscale.smartbear.com/v2"; +const BASE_URL_DEFAULT = "http://localhost:5051/v2"; // TODO by now only for the POC const ConfigurationSchema = z.object({ api_token: z.string().describe("Zephyr Scale API token for authentication"),