SSE MCP Server

by KelvinQiu802

SSE MCP

HTTP+SSE 将逐步被替换为 Streamable HTTP

Replace HTTP+SSE with new "Streamable HTTP" transport

现状

  • 本地通过stdio运行MCP不安全
    • 恶意MCP可以伪装成正常工具被LLM调用
    • 敏感数据泄漏
    • 安装不方便(npx/uvx/docker)
  • MCP服务器托管开始流行
    • 经过筛选
    • 身份认证
    • 阿里云百练/腾讯云/Zapier
    • HTTP+SSE / Streamable HTTP

目标

  • SSE是什么,原理 (Server Sent Event)
  • ChatGPT使用SSE的例子
  • 原生JS实现SSE的Server和Client
  • MCP的SSE实现
  • 实现一个SSE传输的MCP服务器
  • CheeryStudio 调用
  • MCP Inspector + Wireshark 抓包

Server Sent Events

ChatGPT/KIMI/DeepSeek的SSE

// ChatGPT SSE event: delta data: {"p": "/message/content/parts/0", "o": "append", "v": "\u597d\uff0c\u54b1\u63a5\u7740\u8bf4\uff0c\u8bf4\u5b8c"} event: delta data: {"v": "\u4e86\u5ba2\u6237\u7aef\u8fd9\u8fb9\uff0c\u63a5\u4e0b\u6765\u770b\u770b"} event: delta data: {"v": " **\u670d\u52a1\u7aef\u600e\u4e48\u5b9e\u73b0 SSE**\u3002\n\n"} event: delta data: {"v": "---\n\n### \ud83d\udd27 \u670d\u52a1\u7aef\u793a\u4f8b"} event: delta data: {"v": "\uff08\u4ee5 Node.js \u4e3a\u4f8b\uff09\n\n```"} event: delta data: {"v": "js\nconst http = require(\"http"}
// KIMI SSE data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"好","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"的","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":",","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"除","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"了","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"前","view":"cmpl"} data: {"event":"cmpl","idx_s":0,"idx_z":0,"text":"面","view":"cmpl"}
// DeepSeek SSE data: {"v": " **"} data: {"v": "1"} data: {"v": "."} data: {"v": " "} data: {"v": "高级"} data: {"v": "用法"} data: {"v": "与"} data: {"v": "功能"}
  • ChatGPT: 使用event来声明自定义事件
  • KIMI: 全部用默认message事件,在JSON里面的event字段声明自定义事件
  • 都没有定义ID
    • 无需短线重连
    • 有序发送数据,一次性消费

JS原生SSE实现

代码仓库

MCP SSE

Wireshark抓包

Connect

// 初次连接,SSE传输POST接口,用于后续请求 GET /sse HTTP/1.1 X-Powered-By: Express Content-Type: text/event-stream Cache-Control: no-cache, no-transform Connection: keep-alive Date: Tue, 15 Apr 2025 12:19:00 GMT Transfer-Encoding: chunked event: endpoint data: /messages?sessionId=8838e9b4-d065-4b8e-9fa9-b96f31ef835c --- // 客户端发送PSOT请求,初始化连接参数 POST /messages?sessionId=8838e9b4-d065-4b8e-9fa9-b96f31ef835c HTTP/1.1 host: localhost:3000 connection: keep-alive Accept: text/event-stream content-type: application/json accept-language: * sec-fetch-mode: cors user-agent: node accept-encoding: gzip, deflate content-length: 204 {"jsonrpc":"2.0","id":0,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{"sampling":{},"roots":{"listChanged":true}},"clientInfo":{"name":"mcp-inspector","version":"0.9.0"}}} --- // SSE返回数据 event: message data: {"result":{"protocolVersion":"2024-11-05","capabilities":{"tools":{}},"serverInfo":{"name":"hackernews-server","version":"1.0.0"}},"jsonrpc":"2.0","id":0} --- // 初始化完成通知 POST /messages?sessionId=8838e9b4-d065-4b8e-9fa9-b96f31ef835c HTTP/1.1 host: localhost:3000 connection: keep-alive Accept: text/event-stream content-type: application/json accept-language: * sec-fetch-mode: cors user-agent: node accept-encoding: gzip, deflate content-length: 54 {"jsonrpc":"2.0","method":"notifications/initialized"} --- Accepted ---

List Tools

POST /messages?sessionId=32468b11-6f98-454d-b176-ffcf985602d6 HTTP/1.1 host: localhost:3000 connection: keep-alive Accept: text/event-stream content-type: application/json accept-language: * sec-fetch-mode: cors user-agent: node accept-encoding: gzip, deflate content-length: 85 {"jsonrpc":"2.0","id":1,"method":"tools/list","params":{"_meta":{"progressToken":1}}} --- event: message data: {"result":{"tools":[{"name":"get-hackernews-top-stories","description":"Get the stories from Hacker News","inputSchema":{"type":"object","properties":{"type":{"type":"string","enum":["topstories","newstories","beststories"]},"amount":{"type":"number","minimum":1,"maximum":500,"default":10}},"required":["type"],"additionalProperties":false,"$schema":"http://json-schema.org/draft-07/schema#"}}]},"jsonrpc":"2.0","id":1}

Call Tool

POST /messages?sessionId=a03d6f2f-483a-4432-a685-f900aae6a15c HTTP/1.1 host: localhost:3000 connection: keep-alive Accept: text/event-stream content-type: application/json accept-language: * sec-fetch-mode: cors user-agent: node accept-encoding: gzip, deflate content-length: 166 {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"_meta":{"progressToken":2},"name":"get-hackernews-top-stories","arguments":{"type":"topstories","amount":5}}} --- event: message data: {"result":{"content":[{"type":"text","text":"{\"by\":\"doener\",\"descendants\":26,\"id\":43690955,\"kids\":[43691597,43691629,43691555,43691554,43691616,43691669,43691546,43691621],\"score\":58,\"time\":1744712237,\"title\":\"Teuken-7B-Base and Teuken-7B-Instruct: Towards European LLMs\",\"type\":\"story\",\"url\":\"https://arxiv.org/abs/2410.03730\"}"},{"type":"text","text":"{\"by\":\"rbanffy\",\"descendants\":75,\"id\":43661954,\"kids\":[43690672,43691740,43690999,43690833,43691234,43690870,43691618,43691314,43690559,43691552,43662023,43690935,43690670,43690778,43691387,43690568],\"score\":154,\"time\":1744440499,\"title\":\"Wait. HOW MANY supernova explode every year?\",\"type\":\"story\",\"url\":\"https://badastronomy.beehiiv.com/p/ban-447-wait-how-many-supernova-explode\"}"},{"type":"text","text":"{\"by\":\"LookAtThatBacon\",\"descendants\":92,\"id\":43691334,\"kids\":[43691534,43691870,43691925,43691637,43691663,43691580,43691851,43691654,43691801,43691922,43691927,43691673,43691694,43691744,43691635,43691652,43691763,43691733,43691557],\"score\":135,\"time\":1744716656,\"title\":\"4chan hacked. Hacker reopens /QA/ and leaks all admins emails\",\"type\":\"story\",\"url\":\"https://old.reddit.com/r/4chan/comments/1jzkjlg/4chan_hacked_hacker_reopens_qa_and_leaks_all/\"}"},{"type":"text","text":"{\"by\":\"walterbell\",\"descendants\":46,\"id\":43688658,\"kids\":[43691249,43689886,43689209,43691657,43690253,43689327,43691628,43691289,43690261,43689700,43689175,43689172,43689747,43690464,43689992,43690388,43689144,43689473,43689002],\"score\":236,\"time\":1744686775,\"title\":\"Hacking a Smart Home Device (2024)\",\"type\":\"story\",\"url\":\"https://jmswrnr.com/blog/hacking-a-smart-home-device\"}"},{"type":"text","text":"{\"by\":\"TechTechTech\",\"descendants\":75,\"id\":43678590,\"kids\":[43689599,43689147,43691529,43690367,43689187,43690040,43689517,43690321,43689995,43680524,43689481,43690012,43691232,43689773,43690682,43691317,43684752,43689254,43689452,43689731],\"score\":229,\"time\":1744612068,\"title\":\"JSLinux\",\"type\":\"story\",\"url\":\"https://www.bellard.org/jslinux/\"}"}]},"jsonrpc":"2.0","id":2}
-
security - not tested
F
license - not found
-
quality - not tested

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

A server for Model Context Protocol (MCP) that uses Server-Sent Events (SSE) for streaming communication, enabling tools like the HackerNews API to be accessed through a secure HTTP+SSE transport.

  1. 现状
    1. 目标
      1. Server Sent Events
        1. ChatGPT/KIMI/DeepSeek的SSE
          1. JS原生SSE实现
            1. MCP SSE
              1. Wireshark抓包
                1. Connect
              2. List Tools
                1. Call Tool

                  Related MCP Servers

                  • A
                    security
                    A
                    license
                    A
                    quality
                    A beginner-friendly Model Context Protocol (MCP) server that helps users understand MCP concepts, provides interactive examples, and lists available MCP servers. This server is designed to be a helpful companion for developers working with MCP. Also comes with a huge list of servers you can install.
                    Last updated -
                    3
                    9
                    36
                    JavaScript
                    Apache 2.0
                  • A
                    security
                    A
                    license
                    A
                    quality
                    A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
                    Last updated -
                    4
                    6
                    Python
                    MIT License
                    • Apple
                  • -
                    security
                    -
                    license
                    -
                    quality
                    A specialized server that helps users create new Model Context Protocol (MCP) servers by providing tools and templates for scaffolding projects with various capabilities.
                    Last updated -
                    1
                    TypeScript
                  • -
                    security
                    -
                    license
                    -
                    quality
                    A Model Context Protocol (MCP) server that interacts with system APIs, allowing users to check connections, search employees, register breakfast, and update chemical information by shifts.
                    Last updated -
                    2

                  View all related MCP servers

                  ID: qahy4rr10l