feat(node): export toWebRequest(), the IncomingMessage→Request conversion inside toNodeHandler

[felixweinberger]

Routing on isLegacyRequest from a plain Node (req, res) handler currently means hand-building a
globalThis.Request out of req.headers:

const probe = new globalThis.Request(`http://localhost${req.url}`, {
    method: req.method,
    headers: req.headers as Record<string, string>
});
await ((await isLegacyRequest(probe, req.body)) ? legacy(req, res) : modern(req, res, req.body));

That's a smell. toNodeHandler already contains the correct conversion (header arrays, HTTP/2
pseudo-headers, the parsed-body re-serialization) as a private helper — users just can't reach it. It also
nudges people toward the two-argument isLegacyRequest(probe, body), which reads as if the second argument
were required. It isn't: the predicate clones internally, so isLegacyRequest(request) is the whole API.
Our own examples taught the same two-argument pattern, each behind ~16 lines of buffer-read + JSON.parse +
hand-built Request.

This exports the conversion as toWebRequest() and moves both examples onto it. The Express one
(legacy-routing) becomes:

import { toWebRequest } from '@modelcontextprotocol/node';

// Express — the body parser already consumed the stream, so pass it along.
const probe = await toWebRequest(req, req.body);
await ((await isLegacyRequest(probe)) ? handleLegacy(req, res) : modernNode(req, res, req.body));

and the plain node:http one (elicitation):

// toWebRequest reads the stream once, so the body now lives in `request`.
// The predicate runs first: it classifies an internal clone, leaving
// `request` readable for the .json() both arms need.
const request = await toWebRequest(req);
const legacy = await isLegacyRequest(request);
const body: unknown = req.method === 'POST' ? await request.json().catch(() => {}) : undefined;
await (legacy ? handleLegacy(req, res, body) : modern(req, res, body));

How:

• toWebRequest(req, parsedBody?, options?) is the existing private conversion, exported. The function body
  is unchanged, and toNodeHandler now calls it with the abort signal in the options bag instead of a
  positional argument, so the adapter's behavior is identical.
• It returns Promise<Request> (it reads the Node stream). Pass parsedBody when a body parser already
  consumed the stream — it's re-serialized as the Request body and the entity headers are rewritten. Pass
  options.signal to tie the constructed request to client disconnect, the way toNodeHandler does.
• isLegacyRequest's docs now lead with the single-argument form and present parsedBody as the perf
  escape hatch it is, not a required companion.

Motivation and Context

isLegacyRequest takes a web-standard Request, but the Node hosting path only has an IncomingMessage.
The conversion between the two already existed inside toNodeHandler; exporting it removes the last reason
to build a globalThis.Request by hand — including in our own examples, which are what people copy.

How Has This Been Tested?

New unit tests in packages/middleware/node/test/toWebRequest.test.ts cover the stream-read and
parsedBody body paths (the latter asserts the Node stream is never touched), the Host-derived URL, header
copying (multi-valued append, HTTP/2 pseudo-header skipping), the signal option, and the clone-readability
contract isLegacyRequest relies on. The existing toNodeHandler suite passes unchanged, which is the
no-behavior-change check for the adapter path. The full example e2e suite passes (both rewritten stories
across all their transport × era legs), along with typecheck:all, lint, and the docs build.

Breaking Changes

None. New export; toNodeHandler behavior is unchanged; the isLegacyRequest change is documentation only;
the examples route every input express.json() parses identically.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

One edge worth naming: for a POST express.json() doesn't parse (a non-JSON content type — not valid MCP),
body-parser 2.x leaves req.body undefined and the Node stream unread, so toWebRequest reads it and the
predicate classifies the real bytes (the old hand-built, header-only probe never saw that body at all). Not
meaningful for spec traffic, and the old code already routed it differently between Express 4 and 5 (an
unparsed body is {} on 4 but undefined on 5, and the two classify differently).

One deliberate nuance: the example's predicate now reads the body through the same TextDecoder path the
entry itself uses, where the old hand-rolled read used Buffer#toString('utf8'). The only observable
difference is a leading UTF-8 BOM, which the old read left in (so JSON.parse failed and the request fell
to the legacy arm) and is now stripped, so the body classifies on its content.

The only other Request construction in examples/ is authServer.ts's
new Request(new URL(req.originalUrl, issuer)), which is left alone on purpose: it synthesizes an OAuth
discovery URL from issuer, not a faithful conversion of the inbound request, so toWebRequest would
change it.

@modelcontextprotocol/node README and changeset included. isLegacyRequest's rewritten docs are precise
about the one case parsedBody is needed rather than just faster: a Request whose own body was already
read (the internal clone would throw). Behind a body parser the right fix is toWebRequest(req, req.body)
— the predicate still takes one argument.

[changeset-bot]

🦋 Changeset detected

Latest commit: 48b9c90

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@modelcontextprotocol/server	Patch
@modelcontextprotocol/node	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/@modelcontextprotocol/client@2390

@modelcontextprotocol/codemod

npm i https://pkg.pr.new/@modelcontextprotocol/codemod@2390

@modelcontextprotocol/core

npm i https://pkg.pr.new/@modelcontextprotocol/core@2390

@modelcontextprotocol/server

npm i https://pkg.pr.new/@modelcontextprotocol/server@2390

@modelcontextprotocol/server-legacy

npm i https://pkg.pr.new/@modelcontextprotocol/server-legacy@2390

@modelcontextprotocol/express

npm i https://pkg.pr.new/@modelcontextprotocol/express@2390

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/@modelcontextprotocol/fastify@2390

@modelcontextprotocol/hono

npm i https://pkg.pr.new/@modelcontextprotocol/hono@2390

@modelcontextprotocol/node

npm i https://pkg.pr.new/@modelcontextprotocol/node@2390

commit: 48b9c90

[claude]

🟡 toWebRequest derives the constructed URL's host only from req.headers['host'] (falling back to 'localhost') and the header loop below skips ':'-prefixed pseudo-headers, so a Node http2-compat request — which carries its authority only as ':authority', with no 'host' entry — converts to 'http://localhost/' with no Host header. Since this PR promotes the conversion to a documented public API (and the new 'skips HTTP/2 pseudo-headers' test only passes because it supplies a synthetic 'host' alongside ':authority', a combination real HTTP/2 clients don't send), consider adding a one-line fallback to ':authority' — ?? singleHeaderValue(req.headers[':authority']) — mirroring Node's own request.authority. (Behavior is pre-existing in the private helper; not blocking.)

Extended reasoning...

What the bug is. toWebRequest builds the URL of the constructed Request from singleHeaderValue(req.headers['host']) ?? 'localhost' and then copies headers in a loop that explicitly skips any ':'-prefixed name (the HTTP/2 pseudo-headers :authority, :path, :method, :scheme). That skip — and the new test 'skips HTTP/2 pseudo-headers' — show that Node http2-compat requests are an intended input (an Http2ServerRequest satisfies the duck-typed NodeIncomingMessageLike). But over HTTP/2 the request authority normally arrives only as :authority: RFC 9113 §8.3.1 directs clients converting HTTP/1.1 requests to use :authority and omit Host, and Node's http2 compat layer does not synthesize a host entry in request.headers — only the separate request.authority getter falls back across the two. One verifier confirmed this empirically against a local node:http2 server: req.headers contains {':method', ':path', ':authority', ':scheme', ...} and no host.\n\nConcrete walk-through. A client opens an HTTP/2 connection to api.example.test and sends POST /mcp. Node's compat layer hands the handler a request whose headers are {':method': 'POST', ':path': '/mcp', ':authority': 'api.example.test', ':scheme': 'https', 'content-type': 'application/json'}. toWebRequest(req) then: (1) reads req.headers['host'] → undefined → falls back to 'localhost', so url = 'http://localhost/mcp'; (2) the header-copy loop skips every ':'-prefixed entry, so :authority is dropped and the resulting Request has no Host header at all (the fetch Request constructor does not synthesize one from the URL); (3) the real authority api.example.test is gone from the converted request entirely.\n\nWhy nothing else catches it. The pseudo-header skip is correct on its own (Headers rejects ':'-prefixed names), but nothing re-injects the authority before the URL is built. The new unit test for this exact scenario supplies both host: 'h2.example.test' and ':authority': 'h2.example.test', so it asserts the URL host is right while exercising a header combination genuine HTTP/2 clients do not send — it documents the pseudo-header skip but masks the missing-host case.\n\nImpact. Anything downstream that reads the converted request's URL or Host sees the wrong authority: ctx.requestInfo handed to the consumer's factory, logging, absolute-URL construction, and any user-side origin/host logic run against the converted Request. One impact claim from the original finding should be tempered rather than amplified: the SDK's own hostHeaderValidationResponse reads request.headers.get('host'), which is null here, so it fails closed with a 403 'missing Host header' — i.e. host validation is not bypassed, but HTTP/2 requests converted this way also cannot pass it. So the practical effect is wrong URL/host fidelity plus web-standard host validation becoming impossible for direct node:http2 serving, not a security bypass.\n\nWhy this belongs on this PR even though the conversion body is unchanged. The same behavior existed in the private nodeRequestToFetchRequest, so toNodeHandler users were already exposed; what this PR changes is the audience. It exports the function as toWebRequest, documents it in the README/JSDoc/changeset as the way to feed isLegacyRequest() and handler.fetch() from hand-wired handlers ('an Express req works'), and adds the HTTP/2-specific test. Fixing it now — while the API is being published — is much cheaper than after users start relying on it.\n\nFix. A one-liner that mirrors Node's own request.authority getter:\n\nts\nconst host = singleHeaderValue(req.headers['host']) ?? singleHeaderValue(req.headers[':authority']) ?? 'localhost';\n\n\nOptionally also headers.set('host', host) when it came from :authority, so the converted request carries a Host header like an HTTP/1.1 request would. And the 'skips HTTP/2 pseudo-headers' test would be more honest split in two: one case with only pseudo-headers (asserting the URL host comes from :authority), one asserting the pseudo-header names never reach the Headers object.