Skip to main content
Glama

Carbon Voice

by PhononX
npmGitHub
TypeScript
27
2
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
http-transport.test.ts33.9 kB
import request from 'supertest'; import { LATEST_PROTOCOL_VERSION } from '@modelcontextprotocol/sdk/types.js'; // Mock external dependencies to isolate the HTTP transport const mockGetCarbonVoiceApiStatus = jest.fn(() => Promise.resolve({ isHealthy: true, apiUrl: 'https://api.test.carbonvoice.app', }), ); jest.mock('../../src/cv-api', () => ({ getCarbonVoiceApiStatus: mockGetCarbonVoiceApiStatus, })); const mockVerifyAccessToken = jest.fn(() => ({ extra: { user: { id: 'test-user-id' }, }, clientId: 'test-client-id', })); const mockCreateOAuthTokenVerifier = jest.fn(() => ({ verifyAccessToken: mockVerifyAccessToken, })); jest.mock('../../src/auth', () => ({ createOAuthTokenVerifier: mockCreateOAuthTokenVerifier, })); const mockServerConnect = jest.fn(); jest.mock('../../src/server', () => ({ __esModule: true, default: { connect: mockServerConnect, }, })); const mockLogger = { info: jest.fn(), error: jest.fn(), warn: jest.fn(), debug: jest.fn(), }; jest.mock('../../src/utils/logger', () => ({ logger: mockLogger, getProcessUptime: jest.fn(() => '1h 30m'), })); // Mock session service with more detailed control const mockSessionService = { getSession: jest.fn(), createSession: jest.fn(), destroySession: jest.fn(), isSessionExpired: jest.fn(() => false), recordInteraction: jest.fn(), recordToolCall: jest.fn(), recordError: jest.fn(), getSessionCount: jest.fn(() => 0), getAllSessionIds: jest.fn(() => []), clearAllSessions: jest.fn(), getSessionMetrics: jest.fn(() => ({ sessionId: 'test-session-id', userId: 'test-user-id', createdAt: new Date(), expiresAt: new Date(Date.now() + 3600000), totalInteractions: 1, totalToolCalls: 0, lastActivityAt: new Date(), errorCount: 0, averageResponseTime: 100, })), logSessionMetrics: jest.fn(), }; jest.mock('../../src/transports/http/session', () => ({ sessionService: mockSessionService, SessionConfig: { fromEnv: jest.fn(() => ({ ttlMs: 3600000, maxSessions: 100, cleanupIntervalMs: 300000, })), }, SessionLogger: jest.fn().mockImplementation(() => ({ logSessionCreated: jest.fn(), logSessionDestroyed: jest.fn(), logSessionTimeout: jest.fn(), logSessionReused: jest.fn(), logSessionError: jest.fn(), logSessionDebug: jest.fn(), logSessionMetrics: jest.fn(), logCleanupStarted: jest.fn(), logCleanupCompleted: jest.fn(), })), SessionCleanupService: jest.fn().mockImplementation(() => ({ start: jest.fn(), stop: jest.fn(), })), })); // Mock StreamableHTTPServerTransport const mockTransport = { handleRequest: jest.fn(), close: jest.fn(), sessionId: 'test-session-id', onclose: jest.fn(), onerror: jest.fn(), }; jest.mock('@modelcontextprotocol/sdk/server/streamableHttp.js', () => ({ StreamableHTTPServerTransport: jest .fn() .mockImplementation(() => mockTransport), })); // Mock utils const mockGetOrCreateSessionId = jest.fn(() => TEST_SESSION_ID); const mockGetSessionId = jest.fn(() => TEST_SESSION_ID); jest.mock('../../src/transports/http/utils', () => ({ getOrCreateSessionId: mockGetOrCreateSessionId, getSessionId: mockGetSessionId, })); // Import the actual app from streamable.ts - this is the real implementation! import app from '../../src/transports/http/streamable'; import { env } from '../../src/config'; import { REQUIRED_SCOPES } from '../../src/transports/http/constants'; // Test constants const VALID_BEARER_TOKEN = 'Bearer valid-token'; const TEST_SESSION_ID = 'test-session-id'; const VALID_INITIALIZE_REQUEST = { jsonrpc: '2.0', id: 1, method: 'initialize', params: { protocolVersion: LATEST_PROTOCOL_VERSION, capabilities: {}, clientInfo: { name: 'test-client', version: '1.0.0', }, }, }; const VALID_LIST_TOOLS_REQUEST = { jsonrpc: '2.0', id: 3, method: 'tools/list', }; describe('HTTP Transport E2E - Real Implementation', () => { beforeEach(() => { // Reset all mocks before each test jest.clearAllMocks(); mockSessionService.getSession.mockReturnValue(null); mockSessionService.isSessionExpired.mockReturnValue(false); mockVerifyAccessToken.mockReturnValue({ extra: { user: { id: 'test-user-id' } }, clientId: 'test-client-id', }); }); describe('Health Endpoint', () => { it('should return 200 for health check when API is healthy', async () => { const response = await request(app).get('/health').expect(200); expect(response.body).toMatchObject({ status: 'healthy', timestamp: expect.any(String), uptime: expect.any(String), dependencies: { carbonVoiceApi: { status: 'healthy', lastChecked: expect.any(String), }, }, }); }); it('should return health status based on Carbon Voice API', async () => { // Test with healthy API (default mock behavior) const response = await request(app).get('/health').expect(200); expect(response.body.status).toBe('healthy'); expect(response.body.dependencies.carbonVoiceApi.status).toBe('healthy'); }); }); describe('Info Endpoint', () => { it('should return server information', async () => { const response = await request(app).get('/info').expect(200); expect(response.text).toBe('OK'); }); }); describe('OAuth Endpoints', () => { it('should serve oauth-protected-resource', async () => { const response = await request(app) .get('/.well-known/oauth-protected-resource') .expect(200); // The actual endpoint should return OAuth metadata expect(response.body).toBeDefined(); expect(response.body).toEqual({ resource: expect.any(String), authorization_servers: [env.CARBON_VOICE_BASE_URL], scopes_supported: REQUIRED_SCOPES, bearer_methods_supported: ['header'], resource_name: 'Carbon Voice MCP Server', }); }); it('should serve oauth-authorization-server', async () => { const response = await request(app) .get('/.well-known/oauth-authorization-server') .expect(200); // The actual endpoint should return OAuth server metadata expect(response.body).toBeDefined(); const issuer = env.CARBON_VOICE_BASE_URL; const metadata = { issuer, authorization_endpoint: `${issuer}/oauth/authorize`, token_endpoint: `${issuer}/oauth/token`, registration_endpoint: `${issuer}/oauth/register`, userinfo_endpoint: `${issuer}/oauth/userinfo`, response_types_supported: ['code', 'token'], response_modes_supported: ['query'], grant_types_supported: ['authorization_code', 'refresh_token'], scopes_supported: REQUIRED_SCOPES, token_endpoint_auth_methods_supported: ['client_secret_basic', 'none'], code_challenge_methods_supported: ['S256'], // PKCE support }; expect(response.body).toEqual(metadata); }); }); describe('Request ID Middleware', () => { it('should generate request ID for each request', async () => { const response = await request(app).get('/info').expect(200); // The middleware generates a new trace ID for each request expect(response.headers['x-request-id']).toBeDefined(); expect(typeof response.headers['x-request-id']).toBe('string'); expect(response.headers['x-trace-id']).toBeDefined(); expect(response.headers['x-trace-id']).toBe( response.headers['x-request-id'], ); }); it('should generate unique request IDs for different requests', async () => { const response1 = await request(app).get('/info').expect(200); const response2 = await request(app).get('/health').expect(200); expect(response1.headers['x-request-id']).toBeDefined(); expect(response2.headers['x-request-id']).toBeDefined(); expect(response1.headers['x-request-id']).not.toBe( response2.headers['x-request-id'], ); }); }); describe('Error Handling', () => { it('should handle 404 for unknown routes', async () => { await request(app).get('/unknown-route').expect(404); }); it('should handle malformed JSON', async () => { await request(app) .post('/api/test') .set('Content-Type', 'application/json') .send('invalid json') .expect(400); }); }); describe('CORS Headers', () => { it('should include CORS headers for OAuth endpoints', async () => { const response = await request(app) .get('/.well-known/oauth-protected-resource') .expect(200); expect(response.headers['access-control-allow-origin']).toBe('*'); expect(response.headers['access-control-allow-headers']).toBe( 'Content-Type, Authorization', ); expect(response.headers['access-control-allow-methods']).toBe( 'GET, POST, PUT, DELETE, OPTIONS', ); expect(response.headers['access-control-allow-credentials']).toBe('true'); expect(response.headers['access-control-expose-headers']).toBe( 'WWW-Authenticate', ); expect(response.headers['content-type']).toContain('application/json'); }); it('should handle OPTIONS requests for CORS preflight', async () => { const response = await request(app) .options('/.well-known/oauth-protected-resource') .expect(204); // OPTIONS requests return 204 No Content expect(response.headers['access-control-allow-origin']).toBe('*'); }); }); describe('Middleware Integration', () => { it('should apply request ID middleware to all routes', async () => { const response = await request(app).get('/health'); expect(response.headers).toHaveProperty('x-request-id'); expect(response.headers['x-request-id']).toMatch(/^[a-f0-9-]+$/); }); it('should verify middleware chain for POST requests', async () => { // Test that the full middleware chain is applied correctly const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', 'test-middleware-session') .send(VALID_LIST_TOOLS_REQUEST); // Verify all middleware effects are present expect(response.headers).toHaveProperty('x-request-id'); // Request ID middleware expect(response.status).not.toBe(401); // Auth middleware passed // Session ID middleware should have processed the mcp-session-id header // (This is tested indirectly through successful request processing) }); it('should handle middleware chain without session ID header', async () => { // Test middleware chain when no session ID is provided const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST); // Verify middleware chain works even without explicit session ID expect(response.headers).toHaveProperty('x-request-id'); // Request ID middleware // expect(response.headers).toHaveProperty('mcp-session-id'); // Session ID middleware expect(response.status).not.toBe(401); // Auth middleware passed // Session ID should be generated internally by getOrCreateSessionId }); it('should verify middleware execution order and consistency', async () => { // Test that middleware chain executes consistently const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST); // Verify consistent middleware behavior expect(response.headers).toHaveProperty('x-request-id'); // Request ID middleware expect(response.headers).toHaveProperty('x-trace-id'); // Trace ID from request context expect(response.status).not.toBe(401); // Auth middleware passed // The middleware chain should execute consistently expect(response.headers['x-request-id']).toMatch(/^[a-f0-9-]+$/); expect(response.headers['x-trace-id']).toMatch(/^[a-f0-9-]+$/); }); it('should handle session ID processing in middleware chain', async () => { // Test that session ID is processed through the middleware chain const customSessionId = 'test-session-456'; const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', customSessionId) .send(VALID_LIST_TOOLS_REQUEST); // Verify middleware chain processes the request expect(response.headers).toHaveProperty('x-request-id'); expect(response.headers).toHaveProperty('x-trace-id'); expect(response.status).not.toBe(401); // Auth should pass // Session ID should be processed (even if not returned in headers due to mocking) // The fact that we get a valid response means the middleware chain worked }); }); describe('LogRequest Middleware', () => { beforeEach(() => { jest.clearAllMocks(); }); it('should log requests for HEAD / endpoint', async () => { // HEAD / endpoint should use logRequest middleware const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .expect(200); // Verify the request was logged expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP HEAD \/ 200/), expect.objectContaining({ method: 'HEAD', url: '/', statusCode: 200, duration: expect.any(Number), clientInfo: expect.any(Object), }), ); }); it('should log requests for POST / endpoint', async () => { // POST / endpoint should also use logRequest middleware const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST) .expect(500); // Getting 500 instead of 401, but middleware should still log // Verify the request was logged expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP POST \/ 500/), expect.objectContaining({ method: 'POST', url: '/', statusCode: 500, duration: expect.any(Number), clientInfo: expect.any(Object), }), ); }); it('should log requests for GET /info endpoint', async () => { // GET /info endpoint should use logRequest middleware const response = await request(app).get('/info').expect(200); // Verify the request was logged expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP GET \/info 200/), expect.objectContaining({ method: 'GET', url: '/info', statusCode: 200, duration: expect.any(Number), clientInfo: expect.any(Object), }), ); }); it('should NOT log requests for /health endpoint (ignored path)', async () => { // /health endpoint should NOT be logged (it's in ignorePaths) const response = await request(app).get('/health').expect(200); // Verify the request was NOT logged by logRequest middleware expect(mockLogger.info).not.toHaveBeenCalledWith( expect.stringMatching(/^HTTP GET \/health/), expect.objectContaining({ method: 'GET', url: '/health', }), ); }); it('should include request body in log for POST requests with logRequest', async () => { // Test that logRequest middleware logs request body when used const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST) .expect(500); expect(mockLogger.info).toHaveBeenCalledWith( expect.any(String), expect.objectContaining({ body: expect.objectContaining({ jsonrpc: '2.0', id: 1, method: 'initialize', }), }), ); }); it('should log client information in logRequest middleware', async () => { const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .set('User-Agent', 'TestClient/1.0') .set('X-Forwarded-For', '192.168.1.1') .expect(200); expect(mockLogger.info).toHaveBeenCalledWith( expect.any(String), expect.objectContaining({ clientInfo: expect.objectContaining({ userAgent: 'TestClient/1.0', ip: expect.any(String), }), }), ); }); it('should log session metrics for tool calls when logRequest is used', async () => { // Mock session metrics to be logged mockSessionService.getSessionMetrics.mockReturnValue({ sessionId: TEST_SESSION_ID, userId: 'test-user-id', createdAt: new Date(), expiresAt: new Date(Date.now() + 3600000), totalInteractions: 10, // Multiple of 10 to trigger logging totalToolCalls: 5, lastActivityAt: new Date(), errorCount: 0, averageResponseTime: 100, }); const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID) .expect(200); // Verify session metrics logging was called expect(mockSessionService.logSessionMetrics).toHaveBeenCalledWith( TEST_SESSION_ID, ); }); it('should not log session metrics for non-tool-call requests when interactions are not multiple of 10', async () => { // Mock session metrics with interactions not multiple of 10 mockSessionService.getSessionMetrics.mockReturnValue({ sessionId: TEST_SESSION_ID, userId: 'test-user-id', createdAt: new Date(), expiresAt: new Date(Date.now() + 3600000), totalInteractions: 7, // Not multiple of 10 totalToolCalls: 3, lastActivityAt: new Date(), errorCount: 0, averageResponseTime: 100, }); const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID) .expect(200); // Verify session metrics logging was NOT called expect(mockSessionService.logSessionMetrics).not.toHaveBeenCalled(); }); it('should log session metrics for tool calls regardless of interaction count', async () => { // Mock session metrics with low interaction count mockSessionService.getSessionMetrics.mockReturnValue({ sessionId: TEST_SESSION_ID, userId: 'test-user-id', createdAt: new Date(), expiresAt: new Date(Date.now() + 3600000), totalInteractions: 3, // Low count totalToolCalls: 1, lastActivityAt: new Date(), errorCount: 0, averageResponseTime: 100, }); // Create a request that would trigger tool call logging // Since HEAD / doesn't have body.method, we need to test this differently // The middleware should still process the request and potentially log metrics const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID) .expect(200); // The middleware should still process the request expect(mockLogger.info).toHaveBeenCalled(); }); it('should handle requests without session ID gracefully in logRequest', async () => { const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) // No mcp-session-id header .expect(200); // Should still log the request even without session ID expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP HEAD \/ 200/), expect.objectContaining({ method: 'HEAD', url: '/', statusCode: 200, }), ); // Should not try to log session metrics expect(mockSessionService.logSessionMetrics).not.toHaveBeenCalled(); }); it('should log request duration in human-readable format', async () => { const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .expect(200); expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP HEAD \/ 200 /), // May or may not include duration expect.objectContaining({ duration: expect.any(Number), }), ); }); it('should handle different HTTP methods in logRequest middleware', async () => { // Test that logRequest middleware handles different methods const response = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .expect(200); expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP HEAD \/ 200/), expect.objectContaining({ method: 'HEAD', }), ); }); it('should verify logRequest middleware is applied globally', async () => { // This test specifically verifies that logRequest middleware is being used // globally across multiple endpoints const response1 = await request(app) .head('/') .set('Authorization', VALID_BEARER_TOKEN) .expect(200); const response2 = await request(app).get('/info').expect(200); // Verify both requests were logged by the global middleware expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP HEAD \/ 200 /), expect.objectContaining({ method: 'HEAD', url: '/', statusCode: 200, duration: expect.any(Number), clientInfo: expect.any(Object), body: undefined, }), ); expect(mockLogger.info).toHaveBeenCalledWith( expect.stringMatching(/^HTTP GET \/info 200/), expect.objectContaining({ method: 'GET', url: '/info', statusCode: 200, duration: expect.any(Number), clientInfo: expect.any(Object), }), ); }); }); describe('Content Type Handling', () => { it('should handle JSON requests properly', async () => { // Test with a POST request to an endpoint that accepts JSON await request(app) .post('/api/test') .set('Content-Type', 'application/json') .send({ test: 'data' }) .expect(404); // This endpoint doesn't exist, but it should handle JSON parsing }); it('should reject oversized JSON payloads', async () => { const largePayload = { data: 'x'.repeat(2 * 1024 * 1024) }; // 2MB await request(app) .post('/api/test') .set('Content-Type', 'application/json') .send(largePayload) .expect(413); // Payload Too Large }); }); describe('Security Headers', () => { it('should include security headers from helmet', async () => { const response = await request(app).get('/health').expect(200); // Check for common security headers that helmet adds expect(response.headers['x-content-type-options']).toBe('nosniff'); expect(response.headers['x-frame-options']).toBe('SAMEORIGIN'); expect(response.headers['x-xss-protection']).toBe('0'); }); }); describe('Rate Limiting', () => { it('should apply rate limit middleware globally)', async () => { // Test that rate limiting is applied to different endpoints // Only test endpoints that don't require authentication const endpoints = ['/health', '/info']; for (const endpoint of endpoints) { const response = await request(app).get(endpoint).expect(200); // With standardHeaders: false, headers should NOT be present expect(response.headers['x-ratelimit-limit']).toBeDefined(); expect(response.headers['x-ratelimit-remaining']).toBeDefined(); expect(response.headers['x-ratelimit-reset']).toBeDefined(); } }); it('should demonstrate rate limiting is active', async () => { // Make a reasonable number of requests to demonstrate rate limiting const requests = Array.from({ length: 10 }, () => request(app).get('/health'), ); const responses = await Promise.all(requests); // All requests should succeed (we're not hitting the limit) const successfulResponses = responses.filter((r) => r.status === 200); expect(successfulResponses.length).toBe(10); // Verify no rate limit headers are present for (const response of successfulResponses) { expect(response.headers['x-ratelimit-limit']).toBeDefined(); expect(response.headers['x-ratelimit-remaining']).toBeDefined(); expect(response.headers['x-ratelimit-reset']).toBeDefined(); } }); }); describe('HEAD Requests', () => { it('should handle HEAD requests to root without auth', async () => { const response = await request(app).head('/').expect(200); expect(response.headers['content-type']).toBe( 'application/json; charset=utf-8', ); expect(response.headers['mcp-protocol-version']).toBe( LATEST_PROTOCOL_VERSION, ); expect(response.body).toEqual({}); }); it('should handle HEAD requests with custom MCP protocol version', async () => { const customVersion = '2024-11-05'; const response = await request(app) .head('/') .set('MCP-Protocol-Version', customVersion) .expect(200); expect(response.headers['mcp-protocol-version']).toBe(customVersion); }); }); describe('Authentication & Authorization', () => { describe('Missing Authentication', () => { it('should return 401 for POST / without bearer token', async () => { await request(app).post('/').send(VALID_INITIALIZE_REQUEST).expect(401); }); it('should return 401 for GET / without bearer token', async () => { await request(app).get('/').expect(401); }); it('should return 401 for DELETE / without bearer token', async () => { await request(app).delete('/').expect(401); }); }); describe('Valid Authentication', () => { it('should accept valid bearer token for initialize request', async () => { mockTransport.handleRequest.mockResolvedValueOnce(undefined); const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST); // Should not be 401 (auth passed) expect(response.status).not.toBe(401); expect(mockVerifyAccessToken).toHaveBeenCalledWith( VALID_BEARER_TOKEN.replace('Bearer ', ''), ); }); }); }); describe('Session Management', () => { it('should handle POST requests with session headers', async () => { // Test that requests with session headers are processed const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID) .send(VALID_LIST_TOOLS_REQUEST); // Should process the request (success or appropriate error) expect(response.status).not.toBe(401); // Auth should pass expect(response.headers).toHaveProperty('x-request-id'); }); it('should handle session ID extraction from headers', async () => { // Test that the session ID is properly extracted from mcp-session-id header const customSessionId = 'custom-session-123'; const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', customSessionId) .send(VALID_LIST_TOOLS_REQUEST); // Should process the request with the custom session ID expect(response.status).not.toBe(401); // Auth should pass expect(response.headers).toHaveProperty('x-request-id'); // The session ID should be used in the request processing // (This tests the getOrCreateSessionId utility function) }); it('should generate session ID when none provided', async () => { // Test that a session ID is generated when none is provided in headers const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_INITIALIZE_REQUEST); // Initialize request should work without session ID // Should process the request and generate a session ID internally expect(response.status).not.toBe(401); // Auth should pass expect(response.headers).toHaveProperty('x-request-id'); // A new session ID should be generated internally by getOrCreateSessionId }); it('should handle POST requests without session headers', async () => { // Test that requests without session headers are handled const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(VALID_LIST_TOOLS_REQUEST); // Should process the request (success or appropriate error) expect(response.status).not.toBe(401); // Auth should pass expect(response.headers).toHaveProperty('x-request-id'); }); it('should verify session service methods are available', async () => { // Test that our mocked session service has all required methods expect(mockSessionService.getSession).toBeDefined(); expect(mockSessionService.createSession).toBeDefined(); expect(mockSessionService.destroySession).toBeDefined(); expect(mockSessionService.isSessionExpired).toBeDefined(); expect(mockSessionService.recordInteraction).toBeDefined(); expect(mockSessionService.recordToolCall).toBeDefined(); expect(mockSessionService.recordError).toBeDefined(); }); }); describe('Error Handling', () => { it('should handle malformed JSON-RPC requests', async () => { // Test with invalid JSON-RPC structure const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send({ invalid: 'request' }); // Should handle invalid requests appropriately expect(response.status).toBeGreaterThanOrEqual(400); expect(response.headers).toHaveProperty('x-request-id'); }); it('should handle requests with missing method', async () => { // Test with JSON-RPC structure but missing method const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send({ jsonrpc: '2.0', id: 1, // missing method }); // Should handle incomplete requests appropriately expect(response.status).toBeGreaterThanOrEqual(400); expect(response.headers).toHaveProperty('x-request-id'); }); }); describe('Request Processing', () => { it('should handle DELETE requests', async () => { const response = await request(app) .delete('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID); // DELETE requests should be processed (auth should pass) expect(response.status).not.toBe(401); expect(response.headers).toHaveProperty('x-request-id'); }); it('should handle GET requests for SSE', async () => { const response = await request(app) .get('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID); // GET requests should be processed (auth should pass) expect(response.status).not.toBe(401); expect(response.headers).toHaveProperty('x-request-id'); }); it('should handle different HTTP methods consistently', async () => { // Test that all methods apply consistent middleware const methods = ['post', 'get', 'delete'] as const; for (const method of methods) { const response = await request(app) [method]('/') .set('Authorization', VALID_BEARER_TOKEN) .set('mcp-session-id', TEST_SESSION_ID) .send(method === 'post' ? VALID_LIST_TOOLS_REQUEST : undefined); // All methods should have consistent middleware applied // Note: Rate-limited responses (429) may not have x-request-id header if (response.status !== 429) { expect(response.headers).toHaveProperty('x-request-id'); } expect(response.status).not.toBe(401); // Auth should pass for all } }); }); describe('Protocol Validation', () => { it('should validate JSON-RPC structure', async () => { // Test with a request that has proper JSON-RPC structure const validJsonRpcRequest = { jsonrpc: '2.0', id: 1, method: 'tools/list', }; const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(validJsonRpcRequest); // Should handle JSON-RPC requests (either success or proper error) expect(response.status).not.toBe(401); // Auth should pass }); it('should handle method validation', async () => { // Test that different methods are processed appropriately const toolCallRequest = { jsonrpc: '2.0', id: 2, method: 'tools/call', params: { name: 'test-tool', arguments: {}, }, }; const response = await request(app) .post('/') .set('Authorization', VALID_BEARER_TOKEN) .send(toolCallRequest); // Should handle different method types expect(response.status).not.toBe(401); // Auth should pass }); }); });

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/PhononX/cv-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server