UNPKG

@pluggedin/pluggedin-mcp-proxy

Version:

Unified MCP proxy that aggregates all your MCP servers (STDIO, SSE, Streamable HTTP) into one powerful interface. Access any tool through a single connection, search across unified documents with built-in RAG, and receive notifications from any model. Tes

github.com/VeriTeknik/pluggedin-mcp

VeriTeknik/pluggedin-mcp

178 lines (177 loc) 7.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
import { Client } from "@modelcontextprotocol/sdk/client/index.js"; import { StdioClientTransport, } from "@modelcontextprotocol/sdk/client/stdio.js"; import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"; import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"; import { createRequire } from 'module'; import { debugLog, debugError } from './debug-log.js'; const customRequire = createRequire(import.meta.url); const packageJson = customRequire('../package.json'); // Removed logger const sleep = (time) => new Promise((resolve) => setTimeout(() => resolve(), time)); // Validate command to prevent command injection function validateCommand(command) { // Only allow alphanumeric, hyphens, underscores, dots, and forward slashes // This should cover most legitimate executable paths return /^[a-zA-Z0-9\-_./]+$/.test(command); } // Validate arguments to prevent injection function validateArgs(args) { return args.map(arg => { // Remove any shell metacharacters that could be dangerous return String(arg).replace(/[;&|`$()<>\\]/g, ''); }); } // Validate environment variables function validateEnv(env) { const validated = {}; for (const [key, value] of Object.entries(env)) { // Only allow valid environment variable names if (/^[A-Z0-9_]+$/i.test(key)) { // Sanitize the value to prevent injection validated[key] = String(value).replace(/[\0\r\n]/g, ''); } } return validated; } export const createPluggedinMCPClient = (serverParams) => { let transport; // Create the appropriate transport based on server type // Default to "STDIO" if type is undefined if (!serverParams.type || serverParams.type === "STDIO") { // Validate command before use if (!serverParams.command || !validateCommand(serverParams.command)) { debugError(`Invalid command for server ${serverParams.name}: ${serverParams.command}`); return { client: undefined, transport: undefined }; } const stdioParams = { command: serverParams.command, args: serverParams.args ? validateArgs(serverParams.args) : undefined, env: serverParams.env ? validateEnv(serverParams.env) : undefined, // Use default values for other optional properties // stderr and cwd will use their default values }; transport = new StdioClientTransport(stdioParams); } else if (serverParams.type === "SSE" && serverParams.url) { // Validate URL before use try { const url = new URL(serverParams.url); // Only allow http and https protocols if (!['http:', 'https:'].includes(url.protocol)) { debugError(`Invalid protocol for SSE server ${serverParams.name}: ${url.protocol}`); return { client: undefined, transport: undefined }; } transport = new SSEClientTransport(url); } catch (error) { debugError(`Invalid URL for SSE server ${serverParams.name}: ${serverParams.url}`); return { client: undefined, transport: undefined }; } } else if (serverParams.type === "STREAMABLE_HTTP" && serverParams.url) { // Validate URL before use try { const url = new URL(serverParams.url); // Only allow http and https protocols if (!['http:', 'https:'].includes(url.protocol)) { debugError(`Invalid protocol for Streamable HTTP server ${serverParams.name}: ${url.protocol}`); return { client: undefined, transport: undefined }; } // Create transport options const transportOptions = { requestInit: {} }; // Add headers if provided if (serverParams.headers) { transportOptions.requestInit.headers = serverParams.headers; debugLog(`[MCP] StreamableHTTP transport: Adding ${Object.keys(serverParams.headers).length} custom headers for ${serverParams.name}`); } // Add session ID if provided if (serverParams.sessionId) { transportOptions.sessionId = serverParams.sessionId; debugLog(`[MCP] StreamableHTTP transport: Using session ID for ${serverParams.name}`); } // Add OAuth configuration if provided if (serverParams.oauthToken) { // Create a simple auth provider that returns the token transportOptions.authProvider = { tokens: async () => ({ access_token: serverParams.oauthToken }), authorize: async () => { throw new Error("Authorization not implemented"); }, refresh: async () => { throw new Error("Refresh not implemented"); } }; } else if (serverParams.oauth) { // Create a more comprehensive auth provider for OAuth flows transportOptions.authProvider = { tokens: async () => { // If we have a stored token, return it if (serverParams.oauthToken) { return { access_token: serverParams.oauthToken }; } // Otherwise, trigger authorization flow throw new Error("Authorization required"); }, authorize: async () => { // This would trigger the OAuth authorization flow // The actual implementation depends on the OAuth provider debugError(`OAuth authorization required for ${serverParams.name}`); throw new Error("OAuth authorization required - please authorize through the UI"); }, refresh: async (_refreshToken) => { // Implement token refresh if supported by the provider debugError(`OAuth token refresh not implemented for ${serverParams.name}`); throw new Error("Token refresh not implemented"); } }; } transport = new StreamableHTTPClientTransport(url, transportOptions); } catch (error) { debugError(`Invalid URL for Streamable HTTP server ${serverParams.name}: ${serverParams.url}`); return { client: undefined, transport: undefined }; } } else { // logger.error(`Unsupported server type: ${serverParams.type} for server ${serverParams.name} (${serverParams.uuid})`); // Removed logging return { client: undefined, transport: undefined }; } const client = new Client({ name: "PluggedinMCP", version: packageJson.version, // Use version from package.json }, { capabilities: { roots: { listChanged: true }, sampling: {}, }, }); return { client, transport }; }; export const connectPluggedinMCPClient = async (client, transport) => { const waitFor = 2500; const retries = 3; let count = 0; let retry = true; while (retry) { try { await client.connect(transport); return { client, cleanup: async () => { await transport.close(); await client.close(); }, }; } catch (error) { count++; retry = count < retries; if (retry) { try { await client.close(); } catch { } await sleep(waitFor); } } } };