fix(cli): add SSL verification option for client transports

extensions/cli/src/services/MCPService.test.ts

@@ -29,6 +29,12 @@ vi.mock("@modelcontextprotocol/sdk/client/streamableHttp.js", () => ({
   StreamableHTTPClientTransport: vi.fn(),
 }));
 
+vi.mock("https", () => ({
+  Agent: vi.fn().mockImplementation(() => ({
+    rejectUnauthorized: false,
+  })),
+}));
+
 describe("MCPService", () => {
   let mcpService: MCPService;
   let mockAssistant: AssistantConfig;
@@ -211,5 +217,206 @@ describe("MCPService", () => {
         mcpService.initialize(defaultAssistant),
       ).resolves.not.toThrow();
     });
+
+    it("should create HttpsAgent when verifySsl is false for SSE transport", async () => {
+      const { SSEClientTransport } = await import(
+        "@modelcontextprotocol/sdk/client/sse.js"
+      );
+      const { Agent: HttpsAgent } = await import("https");
+
+      const sseAssistant: AssistantConfig = {
+        name: "sse-assistant",
+        version: "1.0.0",
+        mcpServers: [
+          {
+            name: "sse-server",
+            type: "sse",
+            url: "https://example.com/sse",
+            requestOptions: {
+              verifySsl: false,
+            },
+          },
+        ],
+      } as AssistantConfig;
+
+      await mcpService.initialize(sseAssistant);
+
+      expect(SSEClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.objectContaining({
+          eventSourceInit: expect.objectContaining({
+            fetch: expect.any(Function),
+          }),
+          requestInit: expect.objectContaining({
+            agent: expect.any(Object),
+          }),
+        }),
+      );
+      expect(HttpsAgent).toHaveBeenCalledWith({
+        rejectUnauthorized: false,
+      });
+    });
+
+    it("should not create HttpsAgent when verifySsl is true for SSE transport", async () => {
+      const { SSEClientTransport } = await import(
+        "@modelcontextprotocol/sdk/client/sse.js"
+      );
+      const { Agent: HttpsAgent } = await import("https");
+
+      const sseAssistant: AssistantConfig = {
+        name: "sse-assistant",
+        version: "1.0.0",
+        mcpServers: [
+          {
+            name: "sse-server",
+            type: "sse",
+            url: "https://example.com/sse",
+            requestOptions: {
+              verifySsl: true,
+            },
+          },
+        ],
+      } as AssistantConfig;
+
+      await mcpService.initialize(sseAssistant);
+
+      expect(SSEClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.objectContaining({
+          eventSourceInit: expect.objectContaining({
+            fetch: expect.any(Function),
+          }),
+          requestInit: expect.objectContaining({
+            headers: {},
+          }),
+        }),
+      );
+      expect(SSEClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.not.objectContaining({
+          requestInit: expect.objectContaining({
+            agent: expect.anything(),
+          }),
+        }),
+      );
+      expect(HttpsAgent).not.toHaveBeenCalled();
+    });
+
+    it("should create HttpsAgent when verifySsl is false for streamable-http transport", async () => {
+      const { StreamableHTTPClientTransport } = await import(
+        "@modelcontextprotocol/sdk/client/streamableHttp.js"
+      );
+      const { Agent: HttpsAgent } = await import("https");
+
+      const httpAssistant: AssistantConfig = {
+        name: "http-assistant",
+        version: "1.0.0",
+        mcpServers: [
+          {
+            name: "http-server",
+            type: "streamable-http",
+            url: "https://example.com/http",
+            requestOptions: {
+              verifySsl: false,
+            },
+          },
+        ],
+      } as AssistantConfig;
+
+      await mcpService.initialize(httpAssistant);
+
+      expect(StreamableHTTPClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.objectContaining({
+          requestInit: expect.objectContaining({
+            agent: expect.any(Object),
+          }),
+        }),
+      );
+      expect(HttpsAgent).toHaveBeenCalledWith({
+        rejectUnauthorized: false,
+      });
+    });
+
+    it("should not create HttpsAgent when verifySsl is true for streamable-http transport", async () => {
+      const { StreamableHTTPClientTransport } = await import(
+        "@modelcontextprotocol/sdk/client/streamableHttp.js"
+      );
+      const { Agent: HttpsAgent } = await import("https");
+
+      const httpAssistant: AssistantConfig = {
+        name: "http-assistant",
+        version: "1.0.0",
+        mcpServers: [
+          {
+            name: "http-server",
+            type: "streamable-http",
+            url: "https://example.com/http",
+            requestOptions: {
+              verifySsl: true,
+            },
+          },
+        ],
+      } as AssistantConfig;
+
+      await mcpService.initialize(httpAssistant);
+
+      expect(StreamableHTTPClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.objectContaining({
+          requestInit: expect.objectContaining({
+            headers: {},
+          }),
+        }),
+      );
+      expect(StreamableHTTPClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.not.objectContaining({
+          requestInit: expect.objectContaining({
+            agent: expect.anything(),
+          }),
+        }),
+      );
+      expect(HttpsAgent).not.toHaveBeenCalled();
+    });
+
+    it("should not create HttpsAgent when verifySsl is not specified", async () => {
+      const { StreamableHTTPClientTransport } = await import(
+        "@modelcontextprotocol/sdk/client/streamableHttp.js"
+      );
+      const { Agent: HttpsAgent } = await import("https");
+
+      const httpAssistant: AssistantConfig = {
+        name: "http-assistant",
+        version: "1.0.0",
+        mcpServers: [
+          {
+            name: "http-server",
+            type: "streamable-http",
+            url: "https://example.com/http",
+          },
+        ],
+      } as AssistantConfig;
+
+      await mcpService.initialize(httpAssistant);
+
+      expect(StreamableHTTPClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.objectContaining({
+          requestInit: expect.objectContaining({
+            headers: {},
+          }),
+        }),
+      );
+      expect(StreamableHTTPClientTransport).toHaveBeenCalledWith(
+        expect.any(URL),
+        expect.not.objectContaining({
+          requestInit: expect.objectContaining({
+            agent: expect.anything(),
+          }),
+        }),
+      );
+      expect(HttpsAgent).not.toHaveBeenCalled();
+    });
   });
 });

extensions/cli/src/services/MCPService.ts

@@ -1,3 +1,5 @@
+import { Agent as HttpsAgent } from "https";
+
 import { decodeFQSN, getTemplateVariables } from "@continuedev/config-yaml";
 import { type AssistantConfig } from "@continuedev/sdk";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
@@ -547,7 +549,11 @@
     serverConfig: SseMcpServer,
   ): SSEClientTransport {
     const apiKey = this.apiKeyCache.get(serverConfig.name);
-    // Merge apiKey into headers if provided
+    const sseAgent =
+      serverConfig.requestOptions?.verifySsl === false
+        ? new HttpsAgent({ rejectUnauthorized: false })
+        : undefined;
+
     const headers = {
       ...serverConfig.requestOptions?.headers,
       ...(apiKey && {
@@ -564,16 +570,23 @@
               ...init?.headers,
               ...headers,
             },
+            ...(sseAgent && { agent: sseAgent }),
           }),
       },
-      requestInit: { headers },
+      requestInit: {
+        headers,
+        ...(sseAgent && { agent: sseAgent }),
+      },
     });
   }
   private constructHttpTransport(
     serverConfig: HttpMcpServer,
   ): StreamableHTTPClientTransport {
-    // Merge apiKey into headers if provided
     const apiKey = this.apiKeyCache.get(serverConfig.name);
+    const streamableAgent =
+      serverConfig.requestOptions?.verifySsl === false
+        ? new HttpsAgent({ rejectUnauthorized: false })
+        : undefined;
 
     const headers = {
       ...serverConfig.requestOptions?.headers,
@@ -583,7 +596,10 @@
     };
 
     return new StreamableHTTPClientTransport(new URL(serverConfig.url), {
-      requestInit: { headers },
+      requestInit: {
+        headers,
+        ...(streamableAgent && { agent: streamableAgent }),
+      },
     });
   }
   private constructStdioTransport(
@@ -603,7 +619,7 @@
       command: serverConfig.command,
       args: serverConfig.args || [],
       env,
       cwd: serverConfig.cwd,
       stderr: "pipe",
     });