move back to hono/node-server for mapping incoming node request to web request

Author: KKonstantinov

.github/workflows/publish.yml

@@ -38,4 +38,6 @@ jobs:
               run: pnpm run build:all
 
             - name: Publish preview packages
-              run: pnpm dlx pkg-pr-new publish --packageManager=npm --pnpm './packages/server' './packages/client' './packages/server-express' './packages/server-hono'
+              run:
+                  pnpm dlx pkg-pr-new publish --packageManager=npm --pnpm './packages/server' './packages/client'
+                  './packages/server-express' './packages/server-hono'

README.md

@@ -1,7 +1,6 @@
 # MCP TypeScript SDK
 
-> [!IMPORTANT]
-> **This is the `main` branch which contains v2 of the SDK (currently in development, pre-alpha).**
+> [!IMPORTANT] **This is the `main` branch which contains v2 of the SDK (currently in development, pre-alpha).**
 >
 > We anticipate a stable v2 release in Q1 2026. Until then, **v1.x remains the recommended version** for production use. v1.x will continue to receive bug fixes and security updates for at least 6 months after v2 ships to give people time to upgrade.
 >

examples/server/src/simpleTaskInteractive.ts

@@ -40,9 +40,9 @@ import {
     InMemoryTaskStore,
     isTerminal,
     ListToolsRequestSchema,
+    NodeStreamableHTTPServerTransport,
     RELATED_TASK_META_KEY,
-    Server,
-    NodeStreamableHTTPServerTransport
+    Server
 } from '@modelcontextprotocol/server';
 import { createMcpExpressApp } from '@modelcontextprotocol/server-express';
 import type { Request, Response } from 'express';

examples/server/src/sseAndStreamableHttpCompatibleServer.ts

@@ -1,7 +1,7 @@
 import { randomUUID } from 'node:crypto';
 
 import type { CallToolResult } from '@modelcontextprotocol/server';
-import { isInitializeRequest, McpServer, SSEServerTransport, NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/server';
+import { isInitializeRequest, McpServer, NodeStreamableHTTPServerTransport, SSEServerTransport } from '@modelcontextprotocol/server';
 import { createMcpExpressApp } from '@modelcontextprotocol/server-express';
 import type { Request, Response } from 'express';
 import * as z from 'zod/v4';

packages/core/src/shared/protocol.ts

@@ -292,14 +292,14 @@ export type RequestHandlerExtra<SendRequestT extends Request, SendNotificationT
 
     /**
      * Closes the SSE stream for this request, triggering client reconnection.
-     * Only available when using NodeStreamableHTTPServerTransport with eventStore configured.
+     * Only available when using a StreamableHTTPServerTransport with eventStore configured.
      * Use this to implement polling behavior during long-running operations.
      */
     closeSSEStream?: () => void;
 
     /**
      * Closes the standalone GET SSE stream, triggering client reconnection.
-     * Only available when using NodeStreamableHTTPServerTransport with eventStore configured.
+     * Only available when using aStreamableHTTPServerTransport with eventStore configured.
      * Use this to implement polling behavior for server-initiated notifications.
      */
     closeStandaloneSSEStream?: () => void;

packages/server-express/package.json

@@ -45,7 +45,8 @@
     "dependencies": {
         "@modelcontextprotocol/server": "workspace:^",
         "express": "catalog:runtimeServerOnly",
-        "express-rate-limit": "catalog:runtimeServerOnly"
+        "express-rate-limit": "catalog:runtimeServerOnly",
+        "@remix-run/node-fetch-server": "catalog:runtimeServerOnly"
     },
     "devDependencies": {
         "@modelcontextprotocol/tsconfig": "workspace:^",

packages/server-express/src/auth/bearerAuth.ts

@@ -3,7 +3,8 @@ import { URL } from 'node:url';
 import type { AuthInfo } from '@modelcontextprotocol/core';
 import type { BearerAuthMiddlewareOptions } from '@modelcontextprotocol/server';
 import { requireBearerAuth as requireBearerAuthWeb } from '@modelcontextprotocol/server';
-import type { NextFunction, Request as ExpressRequest, RequestHandler, Response as ExpressResponse } from 'express';
+import { sendResponse } from '@remix-run/node-fetch-server';
+import type { NextFunction, Request as ExpressRequest, RequestHandler } from 'express';
 
 declare module 'express-serve-static-core' {
     interface Request {
@@ -21,15 +22,6 @@ function expressRequestUrl(req: ExpressRequest): URL {
     return new URL(path, `${protocol}://${host}`);
 }
 
-async function writeWebResponse(res: ExpressResponse, webResponse: Response): Promise<void> {
-    res.status(webResponse.status);
-    for (const [k, v] of webResponse.headers.entries()) {
-        res.setHeader(k, v);
-    }
-    const bodyText = await webResponse.text();
-    res.send(bodyText);
-}
-
 /**
  * Express middleware wrapper for the Web-standard `requireBearerAuth` helper.
  *
@@ -54,7 +46,7 @@ export function requireBearerAuth(options: BearerAuthMiddlewareOptions): Request
                 return;
             }
 
-            await writeWebResponse(res, result.response);
+            await sendResponse(res, result.response);
         } catch (err) {
             next(err);
         }

packages/server-express/src/auth/router.ts

@@ -1,126 +1,15 @@
-import type { IncomingMessage } from 'node:http';
-import { Readable } from 'node:stream';
-import { URL } from 'node:url';
-
-import type { AuthMetadataOptions, AuthRouterOptions, WebHandlerContext } from '@modelcontextprotocol/server';
+import type { AuthMetadataOptions, AuthRouterOptions } from '@modelcontextprotocol/server';
 import {
+    getParsedBody,
     mcpAuthMetadataRouter as createWebAuthMetadataRouter,
     mcpAuthRouter as createWebAuthRouter,
     TooManyRequestsError
 } from '@modelcontextprotocol/server';
-import type { RequestHandler, Response as ExpressResponse } from 'express';
+import { createRequest, sendResponse } from '@remix-run/node-fetch-server';
+import type { RequestHandler } from 'express';
 import express from 'express';
 import { rateLimit } from 'express-rate-limit';
 
-type ExpressRequestLike = IncomingMessage & {
-    method: string;
-    headers: Record<string, string | string[] | undefined>;
-    originalUrl?: string;
-    url?: string;
-    protocol?: string;
-    // express adds this when trust proxy is enabled
-    ip?: string;
-    body?: unknown;
-    get?: (name: string) => string | undefined;
-};
-
-function expressRequestUrl(req: ExpressRequestLike): URL {
-    const host = req.get?.('host') ?? req.headers.host ?? 'localhost';
-    const proto = req.protocol ?? 'http';
-    const path = req.originalUrl ?? req.url ?? '/';
-    return new URL(path, `${proto}://${host}`);
-}
-
-function toHeaders(req: ExpressRequestLike): Headers {
-    const headers = new Headers();
-    for (const [key, value] of Object.entries(req.headers)) {
-        if (value === undefined) continue;
-        if (Array.isArray(value)) {
-            headers.set(key, value.join(', '));
-        } else {
-            headers.set(key, value);
-        }
-    }
-    return headers;
-}
-
-async function readBody(req: IncomingMessage): Promise<Uint8Array> {
-    const chunks: Buffer[] = [];
-    for await (const chunk of req) {
-        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
-    }
-    return Buffer.concat(chunks);
-}
-
-async function expressToWebRequest(req: ExpressRequestLike, parsedBodyProvided: boolean): Promise<Request> {
-    const url = expressRequestUrl(req);
-    const headers = toHeaders(req);
-
-    // If upstream body parsing ran, the Node stream is likely consumed.
-    if (parsedBodyProvided) {
-        return new Request(url, { method: req.method, headers });
-    }
-
-    if (req.method === 'GET' || req.method === 'HEAD') {
-        return new Request(url, { method: req.method, headers });
-    }
-
-    const body = await readBody(req);
-    return new Request(url, { method: req.method, headers, body });
-}
-
-async function writeWebResponse(res: ExpressResponse, webResponse: Response): Promise<void> {
-    res.status(webResponse.status);
-
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const getSetCookie = (webResponse.headers as any).getSetCookie as (() => string[]) | undefined;
-    const setCookies = typeof getSetCookie === 'function' ? getSetCookie.call(webResponse.headers) : undefined;
-
-    for (const [key, value] of webResponse.headers.entries()) {
-        if (key.toLowerCase() === 'set-cookie' && setCookies?.length) continue;
-        res.setHeader(key, value);
-    }
-
-    if (setCookies?.length) {
-        res.setHeader('set-cookie', setCookies);
-    }
-
-    res.flushHeaders?.();
-
-    if (!webResponse.body) {
-        res.end();
-        return;
-    }
-
-    await new Promise<void>((resolve, reject) => {
-        const readable = Readable.fromWeb(webResponse.body as unknown as ReadableStream);
-        readable.on('error', err => {
-            try {
-                res.destroy(err as Error);
-            } catch {
-                // ignore
-            }
-            reject(err);
-        });
-        res.on('error', reject);
-        res.on('close', () => {
-            try {
-                readable.destroy();
-            } catch {
-                // ignore
-            }
-        });
-        readable.pipe(res);
-        res.on('finish', () => resolve());
-    });
-}
-
-function toHandlerContext(req: ExpressRequestLike): WebHandlerContext {
-    return {
-        parsedBody: req.body
-    };
-}
-
 export type ExpressAuthRateLimitOptions =
     | false
     | {
@@ -172,10 +61,10 @@ export function mcpAuthRouter(options: AuthRouterOptions & { rateLimit?: Express
         }
         handlers.push(async (req, res, next) => {
             try {
-                const parsedBodyProvided = (req as ExpressRequestLike).body !== undefined;
-                const webReq = await expressToWebRequest(req as ExpressRequestLike, parsedBodyProvided);
-                const webRes = await route.handler(webReq, toHandlerContext(req as ExpressRequestLike));
-                await writeWebResponse(res, webRes);
+                const webReq = createRequest(req, res);
+                const parsedBody = req.body !== undefined ? req.body : await getParsedBody(webReq);
+                const webRes = await route.handler(webReq, { parsedBody });
+                await sendResponse(res, webRes);
             } catch (err) {
                 next(err);
             }
@@ -198,10 +87,10 @@ export function mcpAuthMetadataRouter(options: AuthMetadataOptions): RequestHand
     for (const route of web.routes) {
         router.all(route.path, async (req, res, next) => {
             try {
-                const parsedBodyProvided = (req as ExpressRequestLike).body !== undefined;
-                const webReq = await expressToWebRequest(req as ExpressRequestLike, parsedBodyProvided);
-                const webRes = await route.handler(webReq, toHandlerContext(req as ExpressRequestLike));
-                await writeWebResponse(res, webRes);
+                const webReq = createRequest(req, res);
+                const parsedBody = req.body !== undefined ? req.body : await getParsedBody(webReq);
+                const webRes = await route.handler(webReq, { parsedBody });
+                await sendResponse(res, webRes);
             } catch (err) {
                 next(err);
             }

packages/server/package.json

@@ -44,9 +44,10 @@
         "client": "tsx scripts/cli.ts client"
     },
     "dependencies": {
+        "@hono/node-server": "catalog:runtimeServerOnly",
         "content-type": "catalog:runtimeServerOnly",
-        "raw-body": "catalog:runtimeServerOnly",
         "pkce-challenge": "catalog:runtimeShared",
+        "raw-body": "catalog:runtimeServerOnly",
         "zod": "catalog:runtimeShared",
         "zod-to-json-schema": "catalog:runtimeShared"
     },
@@ -63,13 +64,13 @@
         }
     },
     "devDependencies": {
+        "@cfworker/json-schema": "catalog:runtimeShared",
+        "@eslint/js": "catalog:devTools",
         "@modelcontextprotocol/core": "workspace:^",
-        "@modelcontextprotocol/tsconfig": "workspace:^",
-        "@modelcontextprotocol/vitest-config": "workspace:^",
         "@modelcontextprotocol/eslint-config": "workspace:^",
         "@modelcontextprotocol/test-helpers": "workspace:^",
-        "@cfworker/json-schema": "catalog:runtimeShared",
-        "@eslint/js": "catalog:devTools",
+        "@modelcontextprotocol/tsconfig": "workspace:^",
+        "@modelcontextprotocol/vitest-config": "workspace:^",
         "@types/content-type": "catalog:devTools",
         "@types/cors": "catalog:devTools",
         "@types/cross-spawn": "catalog:devTools",