fix(rpc): send x-account-id as HTTP header in RPC requests

The RPC client was sending x-account-id only in the request body's
headers field, but the StackOne API expects it as an actual HTTP header.
This caused 400 "Missing x-account-id header" errors when executing
tools via the RPC endpoint.

The fix extracts x-account-id from the request headers and includes it
as an HTTP header on the fetch request while preserving it in the body
for backwards compatibility.

Uses type narrowing (typeof === 'string') to satisfy TypeScript since
the headers schema uses Record<string, unknown>.

Author: ryoppippi

mocks/handlers.ts

@@ -233,6 +233,7 @@ export const handlers = [
 	// ============================================================
 	http.post('https://api.stackone.com/actions/rpc', async ({ request }) => {
 		const authHeader = request.headers.get('Authorization');
+		const accountIdHeader = request.headers.get('x-account-id');
 
 		// Check for authentication
 		if (!authHeader || !authHeader.startsWith('Basic ')) {
@@ -258,6 +259,16 @@ export const handlers = [
 			);
 		}
 
+		// Test action to verify x-account-id is sent as HTTP header
+		if (body.action === 'test_account_id_header') {
+			return HttpResponse.json({
+				data: {
+					httpHeader: accountIdHeader,
+					bodyHeader: body.headers?.['x-account-id'],
+				},
+			});
+		}
+
 		// Return mock response based on action
 		if (body.action === 'hris_get_employee') {
 			return HttpResponse.json({

src/rpc-client.test.ts

@@ -102,3 +102,20 @@ test('should work with only action parameter', async () => {
 	// Response has data field (server returns { data: { action, received } })
 	expect(response).toHaveProperty('data');
 });
+
+test('should send x-account-id as HTTP header', async () => {
+	const client = new RpcClient({
+		security: { username: 'test-api-key' },
+	});
+
+	const response = await client.actions.rpcAction({
+		action: 'test_account_id_header',
+		headers: { 'x-account-id': 'test-account-123' },
+	});
+
+	// Verify x-account-id is sent both as HTTP header and in request body
+	expect(response.data).toMatchObject({
+		httpHeader: 'test-account-123',
+		bodyHeader: 'test-account-123',
+	});
+});

src/rpc-client.ts

@@ -53,13 +53,18 @@ export class RpcClient {
 				query: validatedRequest.query,
 			} as const satisfies RpcActionRequest;
 
+			// Extract x-account-id from request headers to send as HTTP header
+			const accountId = validatedRequest.headers?.['x-account-id'];
+			const httpHeaders = {
+				'Content-Type': 'application/json',
+				Authorization: this.authHeader,
+				'User-Agent': 'stackone-ai-node',
+				...(typeof accountId === 'string' ? { 'x-account-id': accountId } : {}),
+			} satisfies Record<string, string>;
+
 			const response = await fetch(url, {
 				method: 'POST',
-				headers: {
-					'Content-Type': 'application/json',
-					Authorization: this.authHeader,
-					'User-Agent': 'stackone-ai-node',
-				},
+				headers: httpHeaders,
 				body: JSON.stringify(requestBody),
 			});