Add CORS support, stateless HTTP mode, and CLI flags to MCP server

[danstarns]

Adds CORS middleware to HTTP/SSE transports, stateless HTTP mode for browser-based MCP clients, and new CLI flags for easier configuration.

Changes

• CORS middleware: Both --transport http and --transport sse now include configurable CORS via --allow-origin (repeatable, defaults to *). Exposes Mcp-Session-Id header for HTTP transport compatibility.
• --stateless CLI flag: Disables session ID tracking for HTTP transport. Required for browser-based MCP clients that don't forward the Mcp-Session-Id header — without this, tools/list and other requests after initialize fail with 400 Bad Request: Missing session ID.
• run_http() method: Added to Neo4jMemoryMCPServer for programmatic HTTP transport usage with CORS and stateless_http support
• run_sse() updated: Now accepts allow_origins parameter for CORS configuration
• --allow-origin CLI flag: Repeatable flag to restrict CORS origins
• --openai-api-key CLI flag: Sets OPENAI_API_KEY env var for embeddings/extraction
• run_server() updated: Passes allow_origins and stateless_http through to transport middleware
• QUICKSTART.md updated: Reflects new flags, browser client usage, and updated troubleshooting

Usage

# HTTP with CORS (all origins)
neo4j-memory mcp serve --transport http --port 8080

# Browser-based clients (e.g., introspecting tools)
neo4j-memory mcp serve --transport http --port 8080 --stateless

# Restricted CORS origins
neo4j-memory mcp serve --transport http --port 8080 \
  --allow-origin https://app.example.com \
  --allow-origin https://admin.example.com

# With OpenAI key
neo4j-memory mcp serve --transport http --port 8080 --openai-api-key sk-...

[vercel]

@danstarns is attempting to deploy a commit to the lyonwj's projects Team on Vercel.

A member of the Team first needs to authorize it.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agent-memory	Ready	Preview, Comment	Mar 16, 2026 8:48pm

[Copilot]

Pull request overview

Adds browser-friendly MCP HTTP serving options and improves SSE compatibility, plus updates docs to help users get started quickly.

Changes:

• Added Streamable HTTP transport (--transport streamable-http) with CORS support.
• Improved SSE transport compatibility (no-op response + /messages mounted as ASGI app) and added CORS middleware.
• Added --allow-origin and --openai-api-key CLI flags; added new MCP Server Quick Start doc and linked it from README.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
src/neo4j_agent_memory/mcp/server.py	Adds Streamable HTTP transport, CORS configuration, SSE routing/response fixes, and new CLI flags integration.
README.md	Links to the new MCP server quick start.
QUICKSTART.md	New quick start guide documenting transports, CORS, and flags.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[johnymontana]

Thanks @danstarns! Do you think you could fix the linting failure? I tried to get copilot to do it but no luck

[danstarns]

@johnymontana

I think most of the changes in this PR: #67 covered what I was after, none the less here are some docs and a few more flags to make connecting from browser tools easier. I think the runners need another spin manually.