Skip to main content
Glama
DeanWard

HAL (HTTP API Layer)

by DeanWard
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Hybrid

http-delete

Send an HTTP DELETE request to a specific URL with custom headers. Supports secret substitution in URLs and headers using HAL environment variables for secure API interactions.

Instructions

Make an HTTP DELETE request to a specified URL with optional headers. Supports secret substitution using {secrets.key} syntax in URL and headers where 'key' corresponds to HAL_SECRET_KEY environment variables.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
headersNo
urlYes

Implementation Reference

  • src/index.ts:649-662 (registration)
    Registration of the 'http-delete' tool, including input schema validation and the handler function that invokes makeHttpRequest with method 'DELETE'.
    server.registerTool(
  "http-delete",
  {
    title: "HTTP DELETE Request",
    description: "Make an HTTP DELETE request to a specified URL with optional headers. Supports secret substitution using {secrets.key} syntax in URL and headers where 'key' corresponds to HAL_SECRET_KEY environment variables.",
    inputSchema: {
      url: z.string().url(),
      headers: z.record(z.string()).optional()
    }
  },
  async ({ url, headers = {} }: { url: string; headers?: Record<string, string> }) => {
    return makeHttpRequest('DELETE', url, { headers });
  }
);
  • src/index.ts:343-447 (handler)
    Shared handler function that executes all HTTP requests (including DELETE), handling secret substitution in URL/headers/body, URL allowlisting/blacklisting, fetch execution, response parsing, and redacting secrets from output.
    async function makeHttpRequest(
  method: string,
  url: string,
  options: {
    headers?: Record<string, string>;
    body?: string;
    queryParams?: Record<string, any>;
  } = {}
) {
  try {
    const { headers = {}, body, queryParams = {} } = options;
    
    // First, substitute secrets in URL to get the final URL for validation
    // We need to do this in two passes to handle URL restrictions properly
    const processedUrl = substituteSecrets(url, url);
    
    // Now substitute secrets in headers, body, and query parameters using the processed URL
    const processedHeaders = substituteSecretsInObject(headers, processedUrl);
    const processedBody = body ? substituteSecrets(body, processedUrl) : body;
    const processedQueryParams = substituteSecretsInObject(queryParams, processedUrl);
    
    // Build URL with query parameters
    const urlObj = new URL(processedUrl);
    Object.entries(processedQueryParams).forEach(([key, value]) => {
      if (value !== undefined && value !== null) {
        urlObj.searchParams.set(key, String(value));
      }
    });
    
    const finalUrl = urlObj.toString();
    
    // Check global URL whitelist/blacklist
    const urlCheck = isUrlAllowedGlobal(finalUrl);
    if (!urlCheck.allowed) {
      throw new Error(urlCheck.reason || 'URL is not allowed');
    }
    
    const defaultHeaders = {
      'User-Agent': 'HAL-MCP/1.0.0',
      ...processedHeaders
    };
    
         // Add Content-Type for methods that typically send data
     if (['POST', 'PUT', 'PATCH'].includes(method.toUpperCase()) && processedBody && !('Content-Type' in processedHeaders)) {
       (defaultHeaders as any)['Content-Type'] = 'application/json';
     }
    
    const response = await fetch(finalUrl, {
      method: method.toUpperCase(),
      headers: defaultHeaders,
      body: processedBody
    });

    const contentType = response.headers.get('content-type') || 'text/plain';
    let content: string;
    
    // HEAD requests don't have a body by design
    if (method.toUpperCase() === 'HEAD') {
      content = '(No body - HEAD request)';
    } else {
      try {
        if (contentType.includes('application/json')) {
          const text = await response.text();
          if (text.trim()) {
            content = JSON.stringify(JSON.parse(text), null, 2);
          } else {
            content = '(Empty response)';
          }
        } else {
          content = await response.text();
        }
      } catch (parseError) {
        // If JSON parsing fails, try to get text
        try {
          content = await response.text();
        } catch (textError) {
          content = '(Unable to parse response)';
        }
      }
    }

    // Redact secrets from response headers and content before returning
    const redactedHeaders = Array.from(response.headers.entries())
      .map(([key, value]) => `${key}: ${redactSecretsFromText(value)}`)
      .join('\n');
    const redactedContent = redactSecretsFromText(content);

         return {
       content: [{
         type: "text" as const,
         text: `Status: ${response.status} ${response.statusText}\n\nHeaders:\n${redactedHeaders}\n\nBody:\n${redactedContent}`
       }]
     };
  } catch (error) {
    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
    const redactedErrorMessage = redactSecretsFromText(errorMessage);
         return {
       content: [{
         type: "text" as const,
         text: `Error making ${method.toUpperCase()} request: ${redactedErrorMessage}`
       }],
       isError: true
     };
  }
}
  • src/index.ts:654-657 (schema)
    Zod input schema for the 'http-delete' tool: requires a valid URL, optional headers object.
    inputSchema: {
  url: z.string().url(),
  headers: z.record(z.string()).optional()
}
Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DeanWard/HAL'

If you have feedback or need assistance with the MCP directory API, please join our Discord server