@@ -22,33 +22,33 @@ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
2222import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js" ;
2323import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js' ;
2424import { Tool , CallToolRequest , CallToolRequestSchema , ListToolsRequestSchema , Resource , ListResourcesRequestSchema , ReadResourceRequest , ReadResourceRequestSchema , isInitializeRequest } from '@modelcontextprotocol/sdk/types.js' ;
25- import { ragEndpoint , DEFAULT_CONTEXTS } from './config.js' ;
25+ import { ragEndpoint , DEFAULT_CONTEXTS , SOURCE } from './config.js' ;
2626import axios from 'axios' ;
2727
2828// MCP Streamable HTTP compliance: Accept header validation
2929function validateAcceptHeader ( req : Request ) : boolean {
30- const acceptHeader = req . headers . accept ;
31- if ( ! acceptHeader ) return false ;
32-
33- const acceptedTypes = acceptHeader . split ( ',' ) . map ( type => type . trim ( ) . split ( ';' ) [ 0 ] ) ;
34- return acceptedTypes . includes ( 'application/json' ) && acceptedTypes . includes ( 'text/event-stream' ) ;
30+ const acceptHeader = req . headers . accept ;
31+ if ( ! acceptHeader ) return false ;
32+
33+ const acceptedTypes = acceptHeader . split ( ',' ) . map ( type => type . trim ( ) . split ( ';' ) [ 0 ] ) ;
34+ return acceptedTypes . includes ( 'application/json' ) && acceptedTypes . includes ( 'text/event-stream' ) ;
3535}
3636
3737// Feature 4: Origin header validation for DNS rebinding protection
3838function validateOriginHeader ( req : Request ) : boolean {
39- const origin = req . headers . origin ;
40-
41- // Allow requests without Origin header (server-to-server)
42- if ( ! origin ) return true ;
43-
44- // For development, allow localhost origins
45- if ( process . env . NODE_ENV !== 'production' ) {
46- return origin . startsWith ( 'http://localhost' ) || origin . startsWith ( 'https://localhost' ) ;
47- }
48-
49- // In production, validate against allowed origins
50- const allowedOrigins = process . env . ALLOWED_ORIGINS ?. split ( ',' ) || [ ] ;
51- return allowedOrigins . includes ( origin ) ;
39+ const origin = req . headers . origin ;
40+
41+ // Allow requests without Origin header (server-to-server)
42+ if ( ! origin ) return true ;
43+
44+ // For development, allow localhost origins
45+ if ( process . env . NODE_ENV !== 'production' ) {
46+ return origin . startsWith ( 'http://localhost' ) || origin . startsWith ( 'https://localhost' ) ;
47+ }
48+
49+ // In production, validate against allowed origins
50+ const allowedOrigins = process . env . ALLOWED_ORIGINS ?. split ( ',' ) || [ ] ;
51+ return allowedOrigins . includes ( origin ) ;
5252}
5353
5454const RetrieveGoogleMapsPlatformDocs : Tool = {
@@ -109,7 +109,11 @@ export async function getUsageInstructions(server: Server) {
109109 return usageInstructions ;
110110 }
111111 try {
112- const ragResponse = await axios . get ( ragEndpoint . concat ( "/instructions" ) ) ;
112+ const ragResponse = await axios . get ( ragEndpoint . concat ( "/instructions" ) , {
113+ params : {
114+ source : SOURCE
115+ }
116+ } ) ;
113117
114118 usageInstructions = [
115119 ragResponse . data . systemInstructions ,
@@ -223,7 +227,8 @@ export async function handleCallTool(request: CallToolRequest, server: Server) {
223227 // Call the RAG service:
224228 const ragResponse = await axios . post ( ragEndpoint . concat ( "/chat" ) , {
225229 message : prompt ,
226- contexts : contexts
230+ contexts : contexts ,
231+ source : SOURCE
227232 } ) ;
228233
229234 let mcpResponse = {
0 commit comments