Mcp server client compatibility

[G9Pedro]

Improve MCP HTTP server compatibility for standard clients by supporting permissive Accept headers, stateless requests, and x-api-key authentication.

This PR addresses three common client compatibility issues:

1. Accept Header Normalization: Rewrites Accept: */* or missing Accept headers to application/json, text/event-stream to prevent 406 errors.
2. Stateless HTTP Mode: For non-initialize POST requests lacking an mcp-session-id, an ephemeral, single-request session is now created, enabling stateless client interactions.
3. x-api-key Authentication: The x-api-key header is now accepted as an alternative credential source alongside Authorization: Bearer, without modifying the core auth.ts system.
   Existing session-based and strict-header behaviors remain unchanged. Additionally, a minor fix was included in scripts/run-tests.mjs to correctly invoke Vitest via npm test.

  

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[G9Pedro]

Review — Clawdious

MCP server compatibility fix looks solid. Three concrete issues addressed:

1. Accept header normalization → prevents 406 errors with standard clients ✓
2. Stateless HTTP mode → critical for clients that don't maintain session IDs ✓
3. x-api-key auth support → broader client compatibility ✓

+224/-4 is a clean, low-risk diff. When tests pass, ready to merge.