Merge pull request #165 from QuantGeekDev/feat/health-endpoint

feat: add health endpoint for SSE and HTTP Stream transports

Author: QuantGeekDev

src/index.ts

@@ -27,7 +27,7 @@ export type {
   AppToolVisibility,
 } from './apps/types.js';
 
-export type { SSETransportConfig } from './transports/sse/types.js';
+export type { SSETransportConfig, HealthConfig } from './transports/sse/types.js';
 export type { HttpStreamTransportConfig } from './transports/http/types.js';
 export { HttpStreamTransport } from './transports/http/server.js';
 

src/transports/http/server.ts

@@ -22,6 +22,7 @@ export class HttpStreamTransport extends AbstractTransport {
   private _enableJsonResponse: boolean = false;
   private _config: HttpStreamTransportConfig;
   private _oauthMetadata?: ProtectedResourceMetadata;
+  private _healthPath: string | null;
 
   private _transports: { [sessionId: string]: StreamableHTTPServerTransport } = {};
 
@@ -33,6 +34,10 @@ export class HttpStreamTransport extends AbstractTransport {
     this._endpoint = config.endpoint || '/mcp';
     this._enableJsonResponse = config.responseMode === 'batch';
 
+    // Health endpoint: enabled by default at /health
+    const healthEnabled = config.health?.enabled !== false;
+    this._healthPath = healthEnabled ? (config.health?.path || '/health') : null;
+
     // Initialize OAuth metadata if OAuth provider is configured
     this._oauthMetadata = initializeOAuthMetadata(this._config.auth, 'HTTP Stream');
 
@@ -84,6 +89,12 @@ export class HttpStreamTransport extends AbstractTransport {
             return;
           }
 
+          if (req.method === 'GET' && this._healthPath && url.pathname === this._healthPath) {
+            const body = JSON.stringify(this._config.health?.response ?? { ok: true });
+            res.writeHead(200, { 'Content-Type': 'application/json' }).end(body);
+            return;
+          }
+
           if (url.pathname === this._endpoint) {
             await this.handleMcpRequest(req, res);
           } else {

src/transports/http/types.ts

@@ -5,7 +5,7 @@ import {
   RequestId,
 } from '@modelcontextprotocol/sdk/types.js';
 import { AuthConfig } from '../../auth/types.js';
-import { CORSConfig } from '../sse/types.js';
+import { CORSConfig, HealthConfig } from '../sse/types.js';
 
 export { JSONRPCRequest, JSONRPCResponse, JSONRPCMessage, RequestId };
 
@@ -100,6 +100,12 @@ export interface HttpStreamTransportConfig {
    * CORS configuration
    */
   cors?: CORSConfig;
+
+  /**
+   * Health endpoint configuration.
+   * Enabled by default at /health when using HTTP Stream transport.
+   */
+  health?: HealthConfig;
 }
 
 export const DEFAULT_SESSION_CONFIG: SessionConfig = {

src/transports/sse/server.ts

@@ -3,7 +3,7 @@ import { JSONRPCMessage } from "@modelcontextprotocol/sdk/types.js";
 import { SSEServerTransport as SDKSSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import { Server as SDKServer } from "@modelcontextprotocol/sdk/server/index.js";
 import { AbstractTransport } from "../base.js";
-import { DEFAULT_SSE_CONFIG, SSETransportConfig, SSETransportConfigInternal, DEFAULT_CORS_CONFIG, CORSConfig } from "./types.js";
+import { DEFAULT_SSE_CONFIG, SSETransportConfig, SSETransportConfigInternal, DEFAULT_CORS_CONFIG, CORSConfig, HealthConfig } from "./types.js";
 import { logger } from "../../core/Logger.js";
 import { setResponseHeaders } from "../../utils/headers.js";
 import { ProtectedResourceMetadata } from "../../auth/metadata/protected-resource.js";
@@ -34,6 +34,7 @@ export class SSEServerTransport extends AbstractTransport {
   private _corsHeaders: Record<string, string>
   private _corsHeadersWithMaxAge: Record<string, string>
   private _serverFactory?: SDKServerFactory
+  private _healthPath: string | null
 
   constructor(config: SSETransportConfig = {}) {
     super()
@@ -42,6 +43,10 @@ export class SSEServerTransport extends AbstractTransport {
       ...config
     }
 
+    // Health endpoint: enabled by default at /health
+    const healthEnabled = config.health?.enabled !== false;
+    this._healthPath = healthEnabled ? (config.health?.path || '/health') : null;
+
     // Initialize OAuth metadata if OAuth provider is configured
     this._oauthMetadata = initializeOAuthMetadata(this._config.auth, 'SSE');
 
@@ -149,6 +154,12 @@ export class SSEServerTransport extends AbstractTransport {
       return;
     }
 
+    if (req.method === "GET" && this._healthPath && url.pathname === this._healthPath) {
+      const body = JSON.stringify(this._config.health?.response ?? { ok: true });
+      res.writeHead(200, { "Content-Type": "application/json" }).end(body);
+      return;
+    }
+
     if (req.method === "GET" && url.pathname === this._config.endpoint) {
       if (this._config.auth?.endpoints?.sse) {
         const isAuthenticated = await handleAuthentication(req, res, this._config.auth, "SSE connection")

src/transports/sse/types.ts

@@ -1,5 +1,28 @@
 import { AuthConfig } from "../../auth/types.js";
 
+/**
+ * Health endpoint configuration
+ */
+export interface HealthConfig {
+  /**
+   * Whether the health endpoint is enabled
+   * @default true
+   */
+  enabled?: boolean;
+
+  /**
+   * Path for the health endpoint
+   * @default "/health"
+   */
+  path?: string;
+
+  /**
+   * Custom response body. When set, this object is returned as JSON.
+   * @default { ok: true }
+   */
+  response?: Record<string, unknown>;
+}
+
 /**
  * CORS configuration options for SSE transport
  */
@@ -91,6 +114,12 @@ export interface SSETransportConfig {
    */
   auth?: AuthConfig;
 
+  /**
+   * Health endpoint configuration.
+   * Enabled by default at /health when using SSE transport.
+   */
+  health?: HealthConfig;
+
   /**
    * OAuth configuration for authorization callbacks
    * This enables OAuth endpoints like /.well-known/oauth-protected-resource
@@ -119,12 +148,13 @@ export interface SSETransportConfig {
 /**
  * Internal configuration type with required fields except headers
  */
-export type SSETransportConfigInternal = Required<Omit<SSETransportConfig, 'headers' | 'auth' | 'cors' | 'oauth' | 'host'>> & {
+export type SSETransportConfigInternal = Required<Omit<SSETransportConfig, 'headers' | 'auth' | 'cors' | 'oauth' | 'host' | 'health'>> & {
   headers?: Record<string, string>;
   auth?: AuthConfig;
   cors?: CORSConfig;
   oauth?: SSETransportConfig['oauth'];
   host?: string;
+  health?: HealthConfig;
 };
 
 /**

tests/transports/health-endpoint.test.ts

@@ -0,0 +1,161 @@
+import { describe, it, expect, afterEach } from '@jest/globals';
+import http from 'node:http';
+import { HttpStreamTransport } from '../../src/transports/http/server.js';
+import { SSEServerTransport } from '../../src/transports/sse/server.js';
+
+function getPort(): number {
+  return 10000 + Math.floor(Math.random() * 50000);
+}
+
+function httpGet(port: number, path: string): Promise<{ status: number; body: string }> {
+  return new Promise((resolve, reject) => {
+    const req = http.get(`http://127.0.0.1:${port}${path}`, (res) => {
+      let body = '';
+      res.on('data', (chunk) => (body += chunk));
+      res.on('end', () => resolve({ status: res.statusCode!, body }));
+    });
+    req.on('error', reject);
+    req.setTimeout(2000, () => {
+      req.destroy(new Error('timeout'));
+    });
+  });
+}
+
+describe('Health endpoint – HttpStreamTransport', () => {
+  let transport: HttpStreamTransport;
+
+  afterEach(async () => {
+    if (transport?.isRunning()) await transport.close();
+  });
+
+  it('serves /health by default with { ok: true }', async () => {
+    const port = getPort();
+    transport = new HttpStreamTransport({ port });
+    await transport.start();
+
+    const res = await httpGet(port, '/health');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ ok: true });
+  });
+
+  it('serves a custom path when configured', async () => {
+    const port = getPort();
+    transport = new HttpStreamTransport({
+      port,
+      health: { path: '/healthz' },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/healthz');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ ok: true });
+
+    // Default /health should 404
+    const notFound = await httpGet(port, '/health');
+    expect(notFound.status).toBe(404);
+  });
+
+  it('serves a custom response body when configured', async () => {
+    const port = getPort();
+    const customResponse = { success: true, data: 'ok' };
+    transport = new HttpStreamTransport({
+      port,
+      health: { path: '/healthz', response: customResponse },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/healthz');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual(customResponse);
+  });
+
+  it('disables health endpoint when enabled is false', async () => {
+    const port = getPort();
+    transport = new HttpStreamTransport({
+      port,
+      health: { enabled: false },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/health');
+    expect(res.status).toBe(404);
+  });
+
+  it('does not respond to POST on health path', async () => {
+    const port = getPort();
+    transport = new HttpStreamTransport({ port });
+    await transport.start();
+
+    const res = await new Promise<{ status: number }>((resolve, reject) => {
+      const req = http.request(
+        { hostname: '127.0.0.1', port, path: '/health', method: 'POST' },
+        (res) => resolve({ status: res.statusCode! }),
+      );
+      req.on('error', reject);
+      req.end();
+    });
+
+    // POST to /health should not match the health route
+    expect(res.status).not.toBe(200);
+  });
+});
+
+describe('Health endpoint – SSEServerTransport', () => {
+  let transport: SSEServerTransport;
+
+  afterEach(async () => {
+    if (transport?.isRunning()) await transport.close();
+  });
+
+  it('serves /health by default with { ok: true }', async () => {
+    const port = getPort();
+    transport = new SSEServerTransport({ port });
+    await transport.start();
+
+    const res = await httpGet(port, '/health');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ ok: true });
+  });
+
+  it('serves a custom path when configured', async () => {
+    const port = getPort();
+    transport = new SSEServerTransport({
+      port,
+      health: { path: '/healthz' },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/healthz');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual({ ok: true });
+
+    const notFound = await httpGet(port, '/health');
+    expect(notFound.status).toBe(404);
+  });
+
+  it('serves a custom response body when configured', async () => {
+    const port = getPort();
+    const customResponse = { success: true, data: 'ok' };
+    transport = new SSEServerTransport({
+      port,
+      health: { path: '/healthz', response: customResponse },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/healthz');
+    expect(res.status).toBe(200);
+    expect(JSON.parse(res.body)).toEqual(customResponse);
+  });
+
+  it('disables health endpoint when enabled is false', async () => {
+    const port = getPort();
+    transport = new SSEServerTransport({
+      port,
+      health: { enabled: false },
+    });
+    await transport.start();
+
+    const res = await httpGet(port, '/health');
+    expect(res.status).toBe(404);
+  });
+});