release: 12.4.0 (#600)

* chore(internal): remove redundant imports config

* fix(mcp): fix tool description of jq_filter

* fix(mcp): reverse validJson capability option and limit scope

* fix(mcp): avoid sending `jq_filter` to base API

* feat(mcp): add logging when environment variable is set

* codegen metadata

* codegen metadata

* feat(mcp): remote server with passthru auth

* codegen metadata

* feat(api): expose authorizationToken as valid auth mechanism

* chore: update error message on instantiation

* release: 12.4.0

* update changelog

---------

Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com>
Co-authored-by: Justin Sanford <[email protected]>

Author: stainless-app[bot]

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "12.3.0"
+  ".": "12.4.0"
 }

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 107
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/mux%2Fmux-323c1dc63b7a75cbabd3a79dcf80ca0afc9c0ae234f4323a39240a4a841583b9.yml
-openapi_spec_hash: e8fda4e033c6d0e7bc9ee4c629c232fa
-config_hash: 16b19b97f99dd7265b4619c5a999c751
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/mux%2Fmux-ba7ebfd893a1c5d082d55cddaec2ff9219072c9abd96442357aad1748e421483.yml
+openapi_spec_hash: 94fd98fcb8414d6c70a6ad7593ffcfa4
+config_hash: 06e26125693367671f74a6d70d1f3333

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## 12.4.0 (2025-08-05)
+
+Full Changelog: [v12.3.0...v12.4.0](https://github.com/muxinc/mux-node-sdk/compare/v12.3.0...v12.4.0)
+
+### Features
+
+* **api:** expose authorizationToken as valid auth mechanism for remote MCP server ([cbd38d5](https://github.com/muxinc/mux-node-sdk/commit/cbd38d5cf18966172b9f0aeb947253c67c47be0b))
+* **mcp:** add logging when environment variable is set ([4b25b46](https://github.com/muxinc/mux-node-sdk/commit/4b25b46de16bb2a9f381306d05c2c83141a475d1))
+* **mcp:** remote server with passthru auth ([a535888](https://github.com/muxinc/mux-node-sdk/commit/a535888596ae66eeb8a5a0a678c51461407716ef))
+
+
+### Bug Fixes
+
+* **mcp:** avoid sending `jq_filter` to base API ([8d9d790](https://github.com/muxinc/mux-node-sdk/commit/8d9d7904342ad6fc03e49ec916bb29246f0d6637))
+* **mcp:** fix tool description of jq_filter ([56ce5dd](https://github.com/muxinc/mux-node-sdk/commit/56ce5dded1744997275b58d570fb868b51411c79))
+* **mcp:** reverse validJson capability option and limit scope ([8fecaf7](https://github.com/muxinc/mux-node-sdk/commit/8fecaf79e42e3b119e56593107c6dd9d94e94cdc))
+
+
+### Chores
+
+* **internal:** remove redundant imports config ([6f1bd7b](https://github.com/muxinc/mux-node-sdk/commit/6f1bd7b3af54a78cb3685dfdf97e95098e4d208b))
+* update error message on instantiation ([ef387e2](https://github.com/muxinc/mux-node-sdk/commit/ef387e271e3fa57772f0762a232f317bcec8a896))
+
 ## 12.3.0 (2025-07-24)
 
 Full Changelog: [v12.2.0...v12.3.0](https://github.com/muxinc/mux-node-sdk/compare/v12.2.0...v12.3.0)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mux/mux-node",
-  "version": "12.3.0",
+  "version": "12.4.0",
   "description": "The official TypeScript library for the Mux API",
   "author": "Mux <[email protected]>",
   "types": "dist/index.d.ts",
@@ -59,10 +59,6 @@
     "./shims/web.js",
     "./shims/web.mjs"
   ],
-  "imports": {
-    "@mux/mux-node": ".",
-    "@mux/mux-node/*": "./src/*"
-  },
   "exports": {
     "./_shims/auto/*": {
       "deno": {

packages/mcp-server/README.md

@@ -2,6 +2,7 @@
 
 ## Installation
 
+
 ### Via MCP Client
 
 There is a partial list of existing clients at [modelcontextprotocol.io](https://modelcontextprotocol.io/clients). If you already
@@ -20,7 +21,8 @@ For clients with a configuration JSON, it might look something like this:
         "MUX_TOKEN_SECRET": "my secret",
         "MUX_WEBHOOK_SECRET": "My Webhook Secret",
         "MUX_SIGNING_KEY": "My Jwt Signing Key",
-        "MUX_PRIVATE_KEY": "My Jwt Private Key"
+        "MUX_PRIVATE_KEY": "My Jwt Private Key",
+        "MUX_AUTHORIZATION_TOKEN": "my authorization token"
       }
     }
   }

packages/mcp-server/cloudflare-worker/src/index.ts

@@ -20,17 +20,17 @@ const serverConfig: ServerConfig = {
       key: 'tokenId',
       label: 'Token ID',
       description: '',
-      required: true,
-      default: undefined,
+      required: false,
+      default: null,
       placeholder: 'my token id',
       type: 'password',
     },
     {
       key: 'tokenSecret',
       label: 'Token Secret',
       description: '',
-      required: true,
-      default: undefined,
+      required: false,
+      default: null,
       placeholder: 'my secret',
       type: 'password',
     },
@@ -61,6 +61,15 @@ const serverConfig: ServerConfig = {
       placeholder: 'My Jwt Private Key',
       type: 'string',
     },
+    {
+      key: 'authorizationToken',
+      label: 'Authorization Token',
+      description: '',
+      required: false,
+      default: null,
+      placeholder: 'my authorization token',
+      type: 'password',
+    },
   ],
 };
 

packages/mcp-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mux/mcp",
-  "version": "12.3.0",
+  "version": "12.4.0",
   "description": "The official MCP Server for the Mux API",
   "author": "Mux <[email protected]>",
   "types": "dist/index.d.ts",
@@ -29,6 +29,7 @@
   "dependencies": {
     "@mux/mux-node": "file:../../dist/",
     "@modelcontextprotocol/sdk": "^1.11.5",
+    "express": "^5.1.0",
     "jq-web": "https://github.com/stainless-api/jq-web/releases/download/v0.8.2/jq-web.tar.gz",
     "yargs": "^17.7.2",
     "@cloudflare/cabidela": "^0.2.4",
@@ -41,6 +42,7 @@
   "devDependencies": {
     "@anthropic-ai/dxt": "^0.2.0",
     "@types/jest": "^29.4.0",
+    "@types/express": "^5.0.3",
     "@typescript-eslint/eslint-plugin": "8.31.1",
     "@typescript-eslint/parser": "8.31.1",
     "eslint": "^8.49.0",

packages/mcp-server/src/compat.ts

@@ -70,8 +70,11 @@ export function parseEmbeddedJSON(args: Record<string, unknown>, schema: Record<
     if (typeof value === 'string') {
       try {
         const parsed = JSON.parse(value);
-        newArgs[key] = parsed;
-        updated = true;
+        // Only parse if result is a plain object (not array, null, or primitive)
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+          newArgs[key] = parsed;
+          updated = true;
+        }
       } catch (e) {
         // Not valid JSON, leave as is
       }

packages/mcp-server/src/headers.ts

@@ -0,0 +1,38 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { type ClientOptions } from '@mux/mux-node/index';
+
+import { IncomingMessage } from 'node:http';
+
+export const parseAuthHeaders = (req: IncomingMessage): Partial<ClientOptions> => {
+  if (req.headers.authorization) {
+    const scheme = req.headers.authorization.slice(req.headers.authorization.search(' '));
+    const value = req.headers.authorization.slice(scheme.length + 1);
+    switch (scheme) {
+      case 'Basic':
+        const rawValue = Buffer.from(value).toString('base64');
+        return {
+          tokenId: rawValue.slice(0, rawValue.search(':')),
+          tokenSecret: rawValue.slice(rawValue.search(':') + 1),
+        };
+      case 'Bearer':
+        return { authorizationToken: req.headers.authorization.slice('Bearer '.length) };
+      default:
+        throw new Error(`Unsupported authorization scheme`);
+    }
+  }
+
+  const tokenId =
+    req.headers['x-mux-token-id'] instanceof Array ?
+      req.headers['x-mux-token-id'][0]
+    : req.headers['x-mux-token-id'];
+  const tokenSecret =
+    req.headers['x-mux-token-secret'] instanceof Array ?
+      req.headers['x-mux-token-secret'][0]
+    : req.headers['x-mux-token-secret'];
+  const authorizationToken =
+    req.headers['x-mux-authorization-token'] instanceof Array ?
+      req.headers['x-mux-authorization-token'][0]
+    : req.headers['x-mux-authorization-token'];
+  return { tokenId, tokenSecret, authorizationToken };
+};

packages/mcp-server/src/http.ts

@@ -0,0 +1,85 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+
+import express from 'express';
+import { McpOptions } from './options';
+import { initMcpServer, newMcpServer } from './server';
+import { parseAuthHeaders } from './headers';
+import { Endpoint } from './tools';
+
+const newServer = (mcpOptions: McpOptions, req: express.Request, res: express.Response): McpServer | null => {
+  const server = newMcpServer();
+  try {
+    const authOptions = parseAuthHeaders(req);
+    initMcpServer({
+      server: server,
+      clientOptions: {
+        ...authOptions,
+        defaultHeaders: {
+          'X-Stainless-MCP': 'true',
+        },
+      },
+      mcpOptions,
+    });
+  } catch {
+    res.status(401).json({
+      jsonrpc: '2.0',
+      error: {
+        code: -32000,
+        message: 'Unauthorized',
+      },
+    });
+    return null;
+  }
+
+  return server;
+};
+
+const post = (defaultOptions: McpOptions) => async (req: express.Request, res: express.Response) => {
+  const server = newServer(defaultOptions, req, res);
+  // If we return null, we already set the authorization error.
+  if (server === null) return;
+  const transport = new StreamableHTTPServerTransport({
+    // Stateless server
+    sessionIdGenerator: undefined,
+  });
+  await server.connect(transport);
+  await transport.handleRequest(req, res, req.body);
+};
+
+const get = async (req: express.Request, res: express.Response) => {
+  res.status(405).json({
+    jsonrpc: '2.0',
+    error: {
+      code: -32000,
+      message: 'Method not supported',
+    },
+  });
+};
+
+const del = async (req: express.Request, res: express.Response) => {
+  res.status(405).json({
+    jsonrpc: '2.0',
+    error: {
+      code: -32000,
+      message: 'Method not supported',
+    },
+  });
+};
+
+export const launchStreamableHTTPServer = async (
+  options: McpOptions,
+  endpoints: Endpoint[],
+  port: number | undefined,
+) => {
+  const app = express();
+  app.use(express.json());
+
+  app.get('/', get);
+  app.post('/', post(options));
+  app.delete('/', del);
+
+  console.error(`MCP Server running on streamable HTTP on port ${port}`);
+
+  app.listen(port);
+};