diff --git a/src/agents/mcp-sse.ts b/src/agents/mcp-sse.ts index 30fd4a73a91..fa903fcf909 100644 --- a/src/agents/mcp-sse.ts +++ b/src/agents/mcp-sse.ts @@ -51,7 +51,9 @@ export function resolveSseMcpServerLaunchConfig( try { parsed = new URL(url); } catch { - return { ok: false, reason: `its url is not a valid URL: ${url}` }; + // Redact potential credentials from the invalid URL before including in reason. + const redactedUrl = url.replace(/\/\/([^@]+)@/, "//***:***@"); + return { ok: false, reason: `its url is not a valid URL: ${redactedUrl}` }; } if (parsed.protocol !== "http:" && parsed.protocol !== "https:") { return { diff --git a/src/agents/pi-bundle-mcp-tools.ts b/src/agents/pi-bundle-mcp-tools.ts index ef164da49bd..ef46d002fd2 100644 --- a/src/agents/pi-bundle-mcp-tools.ts +++ b/src/agents/pi-bundle-mcp-tools.ts @@ -170,13 +170,27 @@ function resolveTransport( // Apply headers to POST requests (tool calls, listTools, etc.). requestInit: hasHeaders ? { headers } : undefined, // Apply headers to the initial SSE GET handshake (required for auth). + // Apply headers to the initial SSE GET handshake (required for auth). + // Note: init?.headers may be a Headers instance; convert to plain object + // so SDK defaults are preserved and user-configured headers take precedence. eventSourceInit: hasHeaders ? { - fetch: (url, init) => - fetch(url, { + fetch: (url, init) => { + const sdkHeaders: Record = {}; + if (init?.headers) { + if (init.headers instanceof Headers) { + init.headers.forEach((v, k) => { + sdkHeaders[k] = v; + }); + } else { + Object.assign(sdkHeaders, init.headers); + } + } + return fetch(url, { ...init, - headers: { ...(init?.headers as Record), ...headers }, - }), + headers: { ...sdkHeaders, ...headers }, + }); + }, } : undefined, });