@agent-native/core 0.21.0 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (134) hide show
  1. package/dist/cli/connect.d.ts +5 -3
  2. package/dist/cli/connect.d.ts.map +1 -1
  3. package/dist/cli/connect.js +127 -15
  4. package/dist/cli/connect.js.map +1 -1
  5. package/dist/client/AgentPanel.d.ts.map +1 -1
  6. package/dist/client/AgentPanel.js +6 -2
  7. package/dist/client/AgentPanel.js.map +1 -1
  8. package/dist/client/AssistantChat.d.ts.map +1 -1
  9. package/dist/client/AssistantChat.js +7 -1
  10. package/dist/client/AssistantChat.js.map +1 -1
  11. package/dist/client/NewWorkspaceAppFlow.js +1 -1
  12. package/dist/client/NewWorkspaceAppFlow.js.map +1 -1
  13. package/dist/client/agent-chat.d.ts.map +1 -1
  14. package/dist/client/agent-chat.js +13 -8
  15. package/dist/client/agent-chat.js.map +1 -1
  16. package/dist/client/agent-sidebar-state.d.ts +2 -0
  17. package/dist/client/agent-sidebar-state.d.ts.map +1 -1
  18. package/dist/client/agent-sidebar-state.js +40 -0
  19. package/dist/client/agent-sidebar-state.js.map +1 -1
  20. package/dist/client/mcp-apps/McpAppRenderer.d.ts.map +1 -1
  21. package/dist/client/mcp-apps/McpAppRenderer.js +9 -4
  22. package/dist/client/mcp-apps/McpAppRenderer.js.map +1 -1
  23. package/dist/client/use-db-sync.d.ts +5 -5
  24. package/dist/client/use-db-sync.d.ts.map +1 -1
  25. package/dist/client/use-db-sync.js +15 -5
  26. package/dist/client/use-db-sync.js.map +1 -1
  27. package/dist/client/use-db-sync.spec.d.ts +2 -0
  28. package/dist/client/use-db-sync.spec.d.ts.map +1 -0
  29. package/dist/client/use-db-sync.spec.js +80 -0
  30. package/dist/client/use-db-sync.spec.js.map +1 -0
  31. package/dist/db/client.d.ts.map +1 -1
  32. package/dist/db/client.js +14 -8
  33. package/dist/db/client.js.map +1 -1
  34. package/dist/extensions/actions.d.ts.map +1 -1
  35. package/dist/extensions/actions.js +62 -3
  36. package/dist/extensions/actions.js.map +1 -1
  37. package/dist/extensions/content-patch.d.ts +71 -0
  38. package/dist/extensions/content-patch.d.ts.map +1 -0
  39. package/dist/extensions/content-patch.js +251 -0
  40. package/dist/extensions/content-patch.js.map +1 -0
  41. package/dist/extensions/routes.js +6 -1
  42. package/dist/extensions/routes.js.map +1 -1
  43. package/dist/extensions/store.d.ts +4 -4
  44. package/dist/extensions/store.d.ts.map +1 -1
  45. package/dist/extensions/store.js +14 -18
  46. package/dist/extensions/store.js.map +1 -1
  47. package/dist/mcp/build-server.d.ts +3 -0
  48. package/dist/mcp/build-server.d.ts.map +1 -1
  49. package/dist/mcp/build-server.js +55 -6
  50. package/dist/mcp/build-server.js.map +1 -1
  51. package/dist/mcp/oauth-route.d.ts +22 -0
  52. package/dist/mcp/oauth-route.d.ts.map +1 -0
  53. package/dist/mcp/oauth-route.js +618 -0
  54. package/dist/mcp/oauth-route.js.map +1 -0
  55. package/dist/mcp/oauth-store.d.ts +89 -0
  56. package/dist/mcp/oauth-store.d.ts.map +1 -0
  57. package/dist/mcp/oauth-store.js +391 -0
  58. package/dist/mcp/oauth-store.js.map +1 -0
  59. package/dist/mcp/oauth-token.d.ts +28 -0
  60. package/dist/mcp/oauth-token.d.ts.map +1 -0
  61. package/dist/mcp/oauth-token.js +83 -0
  62. package/dist/mcp/oauth-token.js.map +1 -0
  63. package/dist/mcp/server.d.ts.map +1 -1
  64. package/dist/mcp/server.js +5 -2
  65. package/dist/mcp/server.js.map +1 -1
  66. package/dist/mcp-client/index.d.ts.map +1 -1
  67. package/dist/mcp-client/index.js +16 -2
  68. package/dist/mcp-client/index.js.map +1 -1
  69. package/dist/mcp-client/routes.js +18 -5
  70. package/dist/mcp-client/routes.js.map +1 -1
  71. package/dist/scripts/dev/shell.d.ts.map +1 -1
  72. package/dist/scripts/dev/shell.js +24 -1
  73. package/dist/scripts/dev/shell.js.map +1 -1
  74. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  75. package/dist/server/agent-chat-plugin.js +3 -2
  76. package/dist/server/agent-chat-plugin.js.map +1 -1
  77. package/dist/server/auth.d.ts.map +1 -1
  78. package/dist/server/auth.js +14 -8
  79. package/dist/server/auth.js.map +1 -1
  80. package/dist/server/builder-browser.d.ts +6 -0
  81. package/dist/server/builder-browser.d.ts.map +1 -1
  82. package/dist/server/builder-browser.js +15 -0
  83. package/dist/server/builder-browser.js.map +1 -1
  84. package/dist/server/core-routes-plugin.d.ts +5 -4
  85. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  86. package/dist/server/core-routes-plugin.js +17 -2
  87. package/dist/server/core-routes-plugin.js.map +1 -1
  88. package/dist/templates/default/.agents/skills/actions/SKILL.md +193 -72
  89. package/dist/templates/default/.agents/skills/real-time-sync/SKILL.md +88 -38
  90. package/dist/templates/default/AGENTS.md +3 -3
  91. package/dist/templates/default/actions/hello.ts +13 -20
  92. package/dist/templates/default/actions/navigate.ts +19 -51
  93. package/dist/templates/default/actions/view-screen.ts +16 -33
  94. package/dist/templates/default/app/hooks/use-navigation-state.ts +13 -3
  95. package/dist/templates/default/app/lib/tab-id.ts +1 -0
  96. package/dist/templates/default/app/root.tsx +2 -1
  97. package/dist/templates/default/app/routes/_index.tsx +11 -0
  98. package/dist/templates/default/package.json +2 -1
  99. package/dist/templates/workspace-core/.agents/skills/real-time-sync/SKILL.md +9 -1
  100. package/dist/templates/workspace-core/AGENTS.md +8 -0
  101. package/dist/templates/workspace-root/AGENTS.md +7 -0
  102. package/dist/vite/client.d.ts.map +1 -1
  103. package/dist/vite/client.js +2 -2
  104. package/dist/vite/client.js.map +1 -1
  105. package/docs/content/actions.md +1 -1
  106. package/docs/content/authentication.md +16 -1
  107. package/docs/content/client.md +11 -8
  108. package/docs/content/context-awareness.md +2 -3
  109. package/docs/content/creating-templates.md +2 -2
  110. package/docs/content/external-agents.md +47 -14
  111. package/docs/content/faq.md +2 -2
  112. package/docs/content/key-concepts.md +31 -23
  113. package/docs/content/mcp-protocol.md +50 -17
  114. package/docs/content/template-starter.md +3 -3
  115. package/docs/content/what-is-agent-native.md +4 -2
  116. package/package.json +2 -1
  117. package/src/templates/default/.agents/skills/actions/SKILL.md +193 -72
  118. package/src/templates/default/.agents/skills/real-time-sync/SKILL.md +88 -38
  119. package/src/templates/default/AGENTS.md +3 -3
  120. package/src/templates/default/actions/hello.ts +13 -20
  121. package/src/templates/default/actions/navigate.ts +19 -51
  122. package/src/templates/default/actions/view-screen.ts +16 -33
  123. package/src/templates/default/app/hooks/use-navigation-state.ts +13 -3
  124. package/src/templates/default/app/lib/tab-id.ts +1 -0
  125. package/src/templates/default/app/root.tsx +2 -1
  126. package/src/templates/default/app/routes/_index.tsx +11 -0
  127. package/src/templates/default/package.json +2 -1
  128. package/src/templates/workspace-core/.agents/skills/real-time-sync/SKILL.md +9 -1
  129. package/src/templates/workspace-core/AGENTS.md +8 -0
  130. package/src/templates/workspace-root/AGENTS.md +7 -0
  131. package/dist/templates/default/server/routes/api/hello.get.ts +0 -5
  132. package/dist/templates/default/shared/api.ts +0 -6
  133. package/src/templates/default/server/routes/api/hello.get.ts +0 -5
  134. package/src/templates/default/shared/api.ts +0 -6
package/dist/mcp/oauth-token.d.ts ADDED
@@ -0,0 +1,28 @@
1
+ export declare const MCP_OAUTH_SCOPES: readonly ["mcp:read", "mcp:write", "mcp:apps"];
2
+ export declare const MCP_OAUTH_DEFAULT_SCOPE: string;
3
+ export interface McpOAuthAccessTokenClaims {
4
+ sub: string;
5
+ org_domain?: string;
6
+ scope: string;
7
+ client_id: string;
8
+ resource: string;
9
+ typ: "agent-native-mcp-oauth";
10
+ }
11
+ export declare function normalizeOAuthScope(input: unknown): string | null;
12
+ export declare function scopeList(scope: string | undefined): string[];
13
+ export declare function hasMcpOAuthScope(scopes: string[] | undefined, scope: (typeof MCP_OAUTH_SCOPES)[number]): boolean;
14
+ export declare function signMcpOAuthAccessToken(params: {
15
+ ownerEmail: string;
16
+ orgDomain?: string | null;
17
+ clientId: string;
18
+ scope: string;
19
+ resource: string;
20
+ issuer: string;
21
+ }): Promise<string>;
22
+ export declare function verifyMcpOAuthAccessToken(token: string, resource: string | undefined): Promise<{
23
+ userEmail: string;
24
+ orgDomain?: string;
25
+ scopes: string[];
26
+ clientId: string;
27
+ } | null>;
28
+ //# sourceMappingURL=oauth-token.d.ts.map
package/dist/mcp/oauth-token.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-token.d.ts","sourceRoot":"","sources":["../../src/mcp/oauth-token.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,gBAAgB,gDAAiD,CAAC;AAE/E,eAAO,MAAM,uBAAuB,QAA6B,CAAC;AAElE,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,wBAAwB,CAAC;CAC/B;AAMD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAYjE;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,EAAE,CAK7D;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,EAC5B,KAAK,EAAE,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,GACvC,OAAO,CAGT;AAED,wBAAsB,uBAAuB,CAAC,MAAM,EAAE;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBlB;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAAC;IACT,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,IAAI,CAAC,CA2BR"}
package/dist/mcp/oauth-token.js ADDED
@@ -0,0 +1,83 @@
1
+ import * as jose from "jose";
2
+ import { randomUUID } from "node:crypto";
3
+ import { getAuthSecret } from "../server/better-auth-instance.js";
4
+ import { MCP_OAUTH_ACCESS_TOKEN_TTL } from "./oauth-store.js";
5
+ export const MCP_OAUTH_SCOPES = ["mcp:read", "mcp:write", "mcp:apps"];
6
+ export const MCP_OAUTH_DEFAULT_SCOPE = MCP_OAUTH_SCOPES.join(" ");
7
+ function signingSecret() {
8
+ return new TextEncoder().encode(process.env.A2A_SECRET || getAuthSecret());
9
+ }
10
+ export function normalizeOAuthScope(input) {
11
+ const requested = typeof input === "string"
12
+ ? input
13
+ .split(/\s+/)
14
+ .map((s) => s.trim())
15
+ .filter(Boolean)
16
+ : [];
17
+ const allowed = new Set(MCP_OAUTH_SCOPES);
18
+ if (requested.length === 0)
19
+ return MCP_OAUTH_DEFAULT_SCOPE;
20
+ const selected = requested.filter((scope) => allowed.has(scope));
21
+ return selected.length ? [...new Set(selected)].join(" ") : null;
22
+ }
23
+ export function scopeList(scope) {
24
+ return (scope ?? "")
25
+ .split(/\s+/)
26
+ .map((s) => s.trim())
27
+ .filter(Boolean);
28
+ }
29
+ export function hasMcpOAuthScope(scopes, scope) {
30
+ if (!scopes)
31
+ return true;
32
+ return scopes.includes(scope);
33
+ }
34
+ export async function signMcpOAuthAccessToken(params) {
35
+ return new jose.SignJWT({
36
+ typ: "agent-native-mcp-oauth",
37
+ sub: params.ownerEmail,
38
+ ...(params.orgDomain ? { org_domain: params.orgDomain } : {}),
39
+ scope: params.scope,
40
+ client_id: params.clientId,
41
+ resource: params.resource,
42
+ })
43
+ .setProtectedHeader({ alg: "HS256" })
44
+ .setIssuer(params.issuer)
45
+ .setAudience(params.resource)
46
+ .setJti(randomUUID())
47
+ .setIssuedAt()
48
+ .setExpirationTime(MCP_OAUTH_ACCESS_TOKEN_TTL)
49
+ .sign(signingSecret());
50
+ }
51
+ export async function verifyMcpOAuthAccessToken(token, resource) {
52
+ if (!resource)
53
+ return null;
54
+ try {
55
+ const { payload } = await jose.jwtVerify(token, signingSecret(), {
56
+ audience: resource,
57
+ });
58
+ if (payload.typ !== "agent-native-mcp-oauth")
59
+ return null;
60
+ if (payload.resource !== resource)
61
+ return null;
62
+ if (typeof payload.sub !== "string" || !payload.sub)
63
+ return null;
64
+ if (typeof payload.client_id !== "string" || !payload.client_id) {
65
+ return null;
66
+ }
67
+ const scope = typeof payload.scope === "string" ? payload.scope : "";
68
+ const scopes = scopeList(scope);
69
+ if (!scopes.some((s) => MCP_OAUTH_SCOPES.includes(s))) {
70
+ return null;
71
+ }
72
+ return {
73
+ userEmail: payload.sub,
74
+ orgDomain: typeof payload.org_domain === "string" ? payload.org_domain : undefined,
75
+ scopes,
76
+ clientId: payload.client_id,
77
+ };
78
+ }
79
+ catch {
80
+ return null;
81
+ }
82
+ }
83
+ //# sourceMappingURL=oauth-token.js.map
package/dist/mcp/oauth-token.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-token.js","sourceRoot":"","sources":["../../src/mcp/oauth-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,UAAU,CAAU,CAAC;AAE/E,MAAM,CAAC,MAAM,uBAAuB,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAWlE,SAAS,aAAa;IACpB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,aAAa,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAChD,MAAM,SAAS,GACb,OAAO,KAAK,KAAK,QAAQ;QACvB,CAAC,CAAC,KAAK;aACF,KAAK,CAAC,KAAK,CAAC;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC;QACpB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,gBAAgB,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,uBAAuB,CAAC;IAC3D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAyB;IACjD,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;SACjB,KAAK,CAAC,KAAK,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,MAA4B,EAC5B,KAAwC;IAExC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,MAO7C;IACC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC;QACtB,GAAG,EAAE,wBAAwB;QAC7B,GAAG,EAAE,MAAM,CAAC,UAAU;QACtB,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC;SACxB,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;SAC5B,MAAM,CAAC,UAAU,EAAE,CAAC;SACpB,WAAW,EAAE;SACb,iBAAiB,CAAC,0BAA0B,CAAC;SAC7C,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAa,EACb,QAA4B;IAO5B,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,EAAE;YAC/D,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QACH,IAAI,OAAO,CAAC,GAAG,KAAK,wBAAwB;YAAE,OAAO,IAAI,CAAC;QAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACjE,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAQ,CAAC,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YACzE,MAAM;YACN,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import * as jose from \"jose\";\nimport { randomUUID } from \"node:crypto\";\nimport { getAuthSecret } from \"../server/better-auth-instance.js\";\nimport { MCP_OAUTH_ACCESS_TOKEN_TTL } from \"./oauth-store.js\";\n\nexport const MCP_OAUTH_SCOPES = [\"mcp:read\", \"mcp:write\", \"mcp:apps\"] as const;\n\nexport const MCP_OAUTH_DEFAULT_SCOPE = MCP_OAUTH_SCOPES.join(\" \");\n\nexport interface McpOAuthAccessTokenClaims {\n sub: string;\n org_domain?: string;\n scope: string;\n client_id: string;\n resource: string;\n typ: \"agent-native-mcp-oauth\";\n}\n\nfunction signingSecret(): Uint8Array {\n return new TextEncoder().encode(process.env.A2A_SECRET || getAuthSecret());\n}\n\nexport function normalizeOAuthScope(input: unknown): string | null {\n const requested =\n typeof input === \"string\"\n ? input\n .split(/\\s+/)\n .map((s) => s.trim())\n .filter(Boolean)\n : [];\n const allowed = new Set<string>(MCP_OAUTH_SCOPES);\n if (requested.length === 0) return MCP_OAUTH_DEFAULT_SCOPE;\n const selected = requested.filter((scope) => allowed.has(scope));\n return selected.length ? [...new Set(selected)].join(\" \") : null;\n}\n\nexport function scopeList(scope: string | undefined): string[] {\n return (scope ?? \"\")\n .split(/\\s+/)\n .map((s) => s.trim())\n .filter(Boolean);\n}\n\nexport function hasMcpOAuthScope(\n scopes: string[] | undefined,\n scope: (typeof MCP_OAUTH_SCOPES)[number],\n): boolean {\n if (!scopes) return true;\n return scopes.includes(scope);\n}\n\nexport async function signMcpOAuthAccessToken(params: {\n ownerEmail: string;\n orgDomain?: string | null;\n clientId: string;\n scope: string;\n resource: string;\n issuer: string;\n}): Promise<string> {\n return new jose.SignJWT({\n typ: \"agent-native-mcp-oauth\",\n sub: params.ownerEmail,\n ...(params.orgDomain ? { org_domain: params.orgDomain } : {}),\n scope: params.scope,\n client_id: params.clientId,\n resource: params.resource,\n })\n .setProtectedHeader({ alg: \"HS256\" })\n .setIssuer(params.issuer)\n .setAudience(params.resource)\n .setJti(randomUUID())\n .setIssuedAt()\n .setExpirationTime(MCP_OAUTH_ACCESS_TOKEN_TTL)\n .sign(signingSecret());\n}\n\nexport async function verifyMcpOAuthAccessToken(\n token: string,\n resource: string | undefined,\n): Promise<{\n userEmail: string;\n orgDomain?: string;\n scopes: string[];\n clientId: string;\n} | null> {\n if (!resource) return null;\n try {\n const { payload } = await jose.jwtVerify(token, signingSecret(), {\n audience: resource,\n });\n if (payload.typ !== \"agent-native-mcp-oauth\") return null;\n if (payload.resource !== resource) return null;\n if (typeof payload.sub !== \"string\" || !payload.sub) return null;\n if (typeof payload.client_id !== \"string\" || !payload.client_id) {\n return null;\n }\n const scope = typeof payload.scope === \"string\" ? payload.scope : \"\";\n const scopes = scopeList(scope);\n if (!scopes.some((s) => MCP_OAUTH_SCOPES.includes(s as any))) {\n return null;\n }\n return {\n userEmail: payload.sub,\n orgDomain:\n typeof payload.org_domain === \"string\" ? payload.org_domain : undefined,\n scopes,\n clientId: payload.client_id,\n };\n } catch {\n return null;\n }\n}\n"]}
package/dist/mcp/server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAUlC,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAK3B,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AACF,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,CAAC;AA2G7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CAyH5D;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAYN"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAWlC,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAM3B,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AACF,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,CAAC;AA2G7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2H5D;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAYN"}
package/dist/mcp/server.js CHANGED
@@ -1,8 +1,9 @@
1
1
  import { getH3App } from "../server/framework-request-handler.js";
2
- import { defineEventHandler, setResponseStatus, getMethod, getRequestHeader, } from "h3";
2
+ import { defineEventHandler, setResponseStatus, setResponseHeader, getMethod, getRequestHeader, } from "h3";
3
3
  import { readBody } from "../server/h3-helpers.js";
4
4
  import { isLoopbackRequest } from "../server/auth.js";
5
5
  import { createMCPServerForRequest, verifyAuth, getAccessTokens, resolveOrgIdFromDomain, buildLinkArtifacts, } from "./build-server.js";
6
+ import { buildMcpOAuthChallenge, getMcpOAuthResource } from "./oauth-route.js";
6
7
  // Re-export the shared MCP server builder + types so the stdio transport and
7
8
  // any (future) external importer of `@agent-native/core/mcp` keep resolving
8
9
  // against `./server.js` exactly as before this refactor.
@@ -146,11 +147,14 @@ export async function handleMcpRequest(event, config) {
146
147
  // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN
147
148
  // must fail closed rather than trust a spoofable owner-email header that
148
149
  // `fullSurface` would otherwise escalate to the full mutating surface.
150
+ const requestMeta = deriveRequestMeta(event);
149
151
  const authResult = await verifyAuth(authHeader, ownerEmailHeader, {
150
152
  allowDevOpen: isLoopbackRequest(event),
153
+ resourceUrl: getMcpOAuthResource(event),
151
154
  });
152
155
  if (!authResult.authed) {
153
156
  setResponseStatus(event, 401);
157
+ setResponseHeader(event, "WWW-Authenticate", buildMcpOAuthChallenge(event));
154
158
  return { error: "Unauthorized" };
155
159
  }
156
160
  // Stateless mode: only POST is meaningful
@@ -172,7 +176,6 @@ export async function handleMcpRequest(event, config) {
172
176
  // connected real caller (connect-minted token / `mcp install` /
173
177
  // ACCESS_TOKEN / production) gets the full action surface even in local
174
178
  // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.
175
- const requestMeta = deriveRequestMeta(event);
176
179
  const server = await createMCPServerForRequest(config, authResult.identity, {
177
180
  ...requestMeta,
178
181
  fullSurface: authResult.fullSurface === true,
package/dist/mcp/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAE3B,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,KAAc;IAInC,MAAM,CAAC,GAAG,KAAY,CAAC;IACvB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;IACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;QAC1B,YAAY,KAAK,UAAU;QAC3B,YAAY,KAAK,SAAS;QACxB,CAAC,CAAE,YAAyC;QAC5C,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,eAAe,CAAC,KAAc,EAAE,MAAc;IACrD,MAAM,GAAG,GAAI,KAAa,CAAC,GAA0B,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAG,EAAE,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAEhC,CAAC;QACd,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,IAAI,IAAI;oBAAE,SAAS;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IAEjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACxD,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACnE,IAAI,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,oBAAoB,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,GAAG;YAAE,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,oDAAoD;IACpD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAc,EACd,MAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,OAAO,EAAE,CAAC;QACZ,yEAAyE;QACzE,uEAAuE;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,2EAA2E;IAC3E,uDAAuD;IACvD,+DAA+D;IAC/D,4EAA4E;IAC5E,iDAAiD;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;IACF,oEAAoE;IACpE,4DAA4D;IAC5D,uEAAuE;IACvE,yEAAyE;IACzE,uEAAuE;IACvE,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,EAAE;QAChE,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,yEAAyE;IACzE,qEAAqE;IACrE,qEAAqE;IACrE,gEAAgE;IAChE,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE;QAC1E,GAAG,WAAW;QACd,WAAW,EAAE,UAAU,CAAC,WAAW,KAAK,IAAI;KAC7C,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,4EAA4E;QAC5E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,uEAAuE;YACvE,iEAAiE;YACjE,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,uEAAuE;YACvE,qEAAqE;YACrE,6DAA6D;YAC7D,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QACD,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,uEAAuE;IACvE,6EAA6E;IAC7E,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,4EAA4E;IAC5E,qEAAqE;IACrE,uEAAuE;IACvE,qBAAqB;IACrB,MAAM,EAAE,wCAAwC,EAAE,GAChD,MAAM,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS,EAAE,oCAAoC;KACpE,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,2EAA2E;IAC3E,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAC5C,UAAU,EACV,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,OAAO,gBAAgB,CAAC,KAAgB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n getMethod,\n getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isLoopbackRequest } from \"../server/auth.js\";\nimport {\n createMCPServerForRequest,\n verifyAuth,\n getAccessTokens,\n resolveOrgIdFromDomain,\n buildLinkArtifacts,\n type MCPConfig,\n type MCPCallerIdentity,\n type MCPRequestMeta,\n} from \"./build-server.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n createMCPServerForRequest,\n verifyAuth,\n getAccessTokens,\n resolveOrgIdFromDomain,\n buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// Runtime detection — Node fast-path vs. web-standard fallback\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve the underlying Node `http` req/res pair if (and only if) we're\n * running on a real Node HTTP server (local dev, `node` Nitro preset). On the\n * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)\n * BOTH of these are undefined — that's the signal to take the web fallback\n * instead of returning 501.\n */\nfunction getNodeReqRes(event: H3Event): {\n nodeReq: any | undefined;\n nodeRes: any | undefined;\n} {\n const e = event as any;\n const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;\n const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;\n return { nodeReq, nodeRes };\n}\n\n/**\n * Derive the request origin + the markdown deep-link target from the inbound\n * headers. Identical logic for both the Node and web paths so the absolute\n * deep-link URLs in tool results are computed the same way regardless of\n * runtime.\n */\nfunction deriveRequestMeta(event: H3Event): MCPRequestMeta {\n const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n const host = getRequestHeader(event, \"host\");\n const proto =\n forwardedProto?.split(\",\")[0]?.trim() ||\n (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n const origin = host ? `${proto}://${host}` : undefined;\n const targetHeader = getRequestHeader(\n event,\n \"x-agent-native-open-target\",\n )?.toLowerCase();\n const target =\n targetHeader === \"desktop\" ||\n targetHeader === \"terminal\" ||\n targetHeader === \"browser\"\n ? (targetHeader as MCPRequestMeta[\"target\"])\n : undefined;\n return { origin, target };\n}\n\n/**\n * Reconstruct a Web Standard `Request` for the web-standard MCP transport.\n *\n * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we\n * prefer it (its `method` / `headers` are exactly what the client sent). But\n * the framework middleware rewrites `event.req.url` when it strips a mount\n * prefix, and the transport reads `req.method` + `req.headers` (never the\n * body — we pass that via `parsedBody`), so we always synthesize a clean\n * `Request` with the verified method + a fresh `Headers` copy. The URL is\n * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),\n * so a best-effort absolute URL derived from the inbound host is sufficient\n * and never throws.\n */\nfunction buildWebRequest(event: H3Event, method: string): Request {\n const src = (event as any).req as Request | undefined;\n\n const headers = new Headers();\n if (src?.headers && typeof src.headers.forEach === \"function\") {\n src.headers.forEach((value, key) => headers.set(key, value));\n } else {\n const rawHeaders = (event as any).node?.req?.headers as\n | Record<string, string | string[] | undefined>\n | undefined;\n if (rawHeaders) {\n for (const [key, value] of Object.entries(rawHeaders)) {\n if (value == null) continue;\n headers.set(key, Array.isArray(value) ? value.join(\", \") : value);\n }\n }\n }\n\n // The SDK requires Accept + Content-Type to advertise both JSON and SSE on\n // a POST. Real MCP clients (Claude Code, `agent-native connect`) always\n // send these; we never inject/alter them — if they're absent the SDK\n // returns its spec-mandated 406/415, identical to the Node path.\n\n const host = headers.get(\"host\") || \"localhost\";\n const forwardedProto = headers.get(\"x-forwarded-proto\");\n const proto =\n forwardedProto?.split(\",\")[0]?.trim() ||\n (/^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n let url = `${proto}://${host}/_agent-native/mcp`;\n try {\n if (src?.url) url = new URL(src.url).href;\n } catch {\n // keep the synthesized URL\n }\n\n // No body here on purpose: the JSON-RPC payload is forwarded via the\n // transport's `parsedBody` option (the same mechanism the Node transport\n // uses), so the request stream is never read twice.\n return new Request(url, { method, headers });\n}\n\n// ---------------------------------------------------------------------------\n// handleMcpRequest — runtime-agnostic MCP request handler\n// ---------------------------------------------------------------------------\n\n/**\n * Handle a single `{routePrefix}/mcp` request on either runtime.\n *\n * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the\n * SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,\n * body)`, which writes directly to the Node response (full protocol incl.\n * SSE).\n * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,\n * Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`\n * from the SAME config + identity, drive it through the SDK's\n * `WebStandardStreamableHTTPServerTransport` (which the Node transport is\n * itself just a thin wrapper around), and return the resulting Web\n * `Response` as a normal h3 return value.\n *\n * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /\n * markdown append, `requestMeta` origin/target derivation and the stateless\n * semantics are IDENTICAL on both paths because both build the same server\n * via `createMCPServerForRequest` and both transports funnel into the same\n * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n * parsedBody })` with the same options.\n *\n * Returns:\n * - `undefined` when the request targets a sub-route (so management/status\n * routes mounted under `/_agent-native/mcp/*` handle it themselves) — the\n * h3 mount falls through to the next handler.\n * - a Web `Response` (web fallback) or a string/object (Node path /\n * auth-error path) otherwise. The Node path also sets `_handled` so h3\n * doesn't double-write.\n */\nexport async function handleMcpRequest(\n event: H3Event,\n config: MCPConfig,\n): Promise<Response | string | { error: string } | undefined> {\n const pathname = event.url?.pathname || \"/\";\n const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n if (subpath) {\n // Let management/status routes mounted under /_agent-native/mcp/* handle\n // their own requests instead of treating them as MCP protocol traffic.\n return undefined;\n }\n\n const method = getMethod(event);\n\n // Auth check — extracts the caller's identity from the JWT (`sub`), or, on\n // the static-token / dev-open path, from the forwarded\n // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n // `agent-native mcp install` flow). Without this the install flow would run\n // every tool unscoped (userEmail === undefined).\n const authHeader = getRequestHeader(event, \"authorization\");\n const ownerEmailHeader = getRequestHeader(\n event,\n \"x-agent-native-owner-email\",\n );\n // Gate header-only dev-open on the REAL socket peer, never a parsed\n // `Host` header (client-controlled — an attacker could send\n // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN\n // must fail closed rather than trust a spoofable owner-email header that\n // `fullSurface` would otherwise escalate to the full mutating surface.\n const authResult = await verifyAuth(authHeader, ownerEmailHeader, {\n allowDevOpen: isLoopbackRequest(event),\n });\n if (!authResult.authed) {\n setResponseStatus(event, 401);\n return { error: \"Unauthorized\" };\n }\n\n // Stateless mode: only POST is meaningful\n if (method === \"DELETE\") {\n setResponseStatus(event, 204);\n return \"\";\n }\n\n if (method !== \"POST\" && method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n // Read body for POST (GET has no body). Read it via the h3 helper exactly\n // once; both transports accept it as a pre-parsed body so the request\n // stream is never consumed twice.\n const body = method === \"POST\" ? await readBody(event) : undefined;\n\n // Per-request stateless transport + server. Both runtimes build the SAME\n // server from the SAME config + verified identity + request meta, so\n // tools/list, tools/call, and the deep-link `_meta` are identical. A\n // connected real caller (connect-minted token / `mcp install` /\n // ACCESS_TOKEN / production) gets the full action surface even in local\n // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.\n const requestMeta = deriveRequestMeta(event);\n const server = await createMCPServerForRequest(config, authResult.identity, {\n ...requestMeta,\n fullSurface: authResult.fullSurface === true,\n });\n\n const { nodeReq, nodeRes } = getNodeReqRes(event);\n\n if (nodeReq && nodeRes) {\n // ---- Node fast-path (UNCHANGED behavior) --------------------------------\n const { StreamableHTTPServerTransport } =\n await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n const transport = new StreamableHTTPServerTransport({\n sessionIdGenerator: undefined, // stateless\n });\n await server.connect(transport);\n try {\n // The SDK transport writes directly to the Node response. Node-only by\n // construction; we only reach here when real Node req/res exist.\n await transport.handleRequest(nodeReq, nodeRes, body);\n } catch (err: any) {\n // The SDK transport writes directly to the Node response. If the socket\n // is already closed/ended (client disconnected, or the host stream\n // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*\n // the MCP payload was already delivered correctly. Swallow that benign\n // post-flush write so an external agent disconnecting mid-stream can\n // never take down the server process; rethrow anything else.\n if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n if (process.env.DEBUG)\n console.log(\n \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n );\n }\n // Prevent H3 from double-writing the response\n (event as any)._handled = true;\n return undefined;\n }\n\n // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,\n // Bun) ---------------------------------------------------------------------\n //\n // `StreamableHTTPServerTransport` is itself just a thin wrapper that\n // converts the Node req/res to a web Request/Response and delegates to\n // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n // parsedBody })`. Using the web transport directly with the SAME options +\n // the same pre-read `parsedBody` produces byte-identical protocol output\n // (including the deep-link `_meta` built inside createMCPServerForRequest),\n // and works on every web runtime because it returns a Web `Response`\n // (JSON for request/response, or an SSE `ReadableStream` body which h3\n // streams natively).\n const { WebStandardStreamableHTTPServerTransport } =\n await import(\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\");\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: undefined, // stateless — same as the Node path\n });\n await server.connect(transport);\n const webRequest = buildWebRequest(event, method);\n // `parsedBody: undefined` would make the SDK try to read `req.json()`; our\n // synthesized request has no body, so only pass the option for POST (where\n // we actually have a parsed body). For GET the transport reads no body.\n const response = await transport.handleRequest(\n webRequest,\n method === \"POST\" ? { parsedBody: body } : undefined,\n );\n return response;\n}\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments. Runtime-agnostic: a real Node\n * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /\n * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard\n * transport. Both build the same server and produce identical JSON-RPC\n * output.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n nitroApp: any,\n config: MCPConfig,\n routePrefix = \"/_agent-native\",\n): void {\n getH3App(nitroApp).use(\n `${routePrefix}/mcp`,\n defineEventHandler(async (event) => {\n return handleMcpRequest(event as H3Event, config);\n }),\n );\n\n if (process.env.DEBUG)\n console.log(\n `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n );\n}\n"]}
1
+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE/E,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,KAAc;IAInC,MAAM,CAAC,GAAG,KAAY,CAAC;IACvB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;IACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;QAC1B,YAAY,KAAK,UAAU;QAC3B,YAAY,KAAK,SAAS;QACxB,CAAC,CAAE,YAAyC;QAC5C,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,eAAe,CAAC,KAAc,EAAE,MAAc;IACrD,MAAM,GAAG,GAAI,KAAa,CAAC,GAA0B,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAG,EAAE,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAEhC,CAAC;QACd,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,IAAI,IAAI;oBAAE,SAAS;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IAEjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACxD,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACnE,IAAI,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,oBAAoB,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,GAAG;YAAE,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,oDAAoD;IACpD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAc,EACd,MAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,OAAO,EAAE,CAAC;QACZ,yEAAyE;QACzE,uEAAuE;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,2EAA2E;IAC3E,uDAAuD;IACvD,+DAA+D;IAC/D,4EAA4E;IAC5E,iDAAiD;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;IACF,oEAAoE;IACpE,4DAA4D;IAC5D,uEAAuE;IACvE,yEAAyE;IACzE,uEAAuE;IACvE,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,EAAE;QAChE,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC;QACtC,WAAW,EAAE,mBAAmB,CAAC,KAAK,CAAC;KACxC,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,iBAAiB,CAAC,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,yEAAyE;IACzE,qEAAqE;IACrE,qEAAqE;IACrE,gEAAgE;IAChE,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE;QAC1E,GAAG,WAAW;QACd,WAAW,EAAE,UAAU,CAAC,WAAW,KAAK,IAAI;KAC7C,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,4EAA4E;QAC5E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,uEAAuE;YACvE,iEAAiE;YACjE,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,uEAAuE;YACvE,qEAAqE;YACrE,6DAA6D;YAC7D,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QACD,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,uEAAuE;IACvE,6EAA6E;IAC7E,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,4EAA4E;IAC5E,qEAAqE;IACrE,uEAAuE;IACvE,qBAAqB;IACrB,MAAM,EAAE,wCAAwC,EAAE,GAChD,MAAM,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS,EAAE,oCAAoC;KACpE,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,2EAA2E;IAC3E,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAC5C,UAAU,EACV,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,OAAO,gBAAgB,CAAC,KAAgB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n setResponseHeader,\n getMethod,\n getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isLoopbackRequest } from \"../server/auth.js\";\nimport {\n createMCPServerForRequest,\n verifyAuth,\n getAccessTokens,\n resolveOrgIdFromDomain,\n buildLinkArtifacts,\n type MCPConfig,\n type MCPCallerIdentity,\n type MCPRequestMeta,\n} from \"./build-server.js\";\nimport { buildMcpOAuthChallenge, getMcpOAuthResource } from \"./oauth-route.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n createMCPServerForRequest,\n verifyAuth,\n getAccessTokens,\n resolveOrgIdFromDomain,\n buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// Runtime detection — Node fast-path vs. web-standard fallback\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve the underlying Node `http` req/res pair if (and only if) we're\n * running on a real Node HTTP server (local dev, `node` Nitro preset). On the\n * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)\n * BOTH of these are undefined — that's the signal to take the web fallback\n * instead of returning 501.\n */\nfunction getNodeReqRes(event: H3Event): {\n nodeReq: any | undefined;\n nodeRes: any | undefined;\n} {\n const e = event as any;\n const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;\n const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;\n return { nodeReq, nodeRes };\n}\n\n/**\n * Derive the request origin + the markdown deep-link target from the inbound\n * headers. Identical logic for both the Node and web paths so the absolute\n * deep-link URLs in tool results are computed the same way regardless of\n * runtime.\n */\nfunction deriveRequestMeta(event: H3Event): MCPRequestMeta {\n const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n const host = getRequestHeader(event, \"host\");\n const proto =\n forwardedProto?.split(\",\")[0]?.trim() ||\n (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n const origin = host ? `${proto}://${host}` : undefined;\n const targetHeader = getRequestHeader(\n event,\n \"x-agent-native-open-target\",\n )?.toLowerCase();\n const target =\n targetHeader === \"desktop\" ||\n targetHeader === \"terminal\" ||\n targetHeader === \"browser\"\n ? (targetHeader as MCPRequestMeta[\"target\"])\n : undefined;\n return { origin, target };\n}\n\n/**\n * Reconstruct a Web Standard `Request` for the web-standard MCP transport.\n *\n * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we\n * prefer it (its `method` / `headers` are exactly what the client sent). But\n * the framework middleware rewrites `event.req.url` when it strips a mount\n * prefix, and the transport reads `req.method` + `req.headers` (never the\n * body — we pass that via `parsedBody`), so we always synthesize a clean\n * `Request` with the verified method + a fresh `Headers` copy. The URL is\n * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),\n * so a best-effort absolute URL derived from the inbound host is sufficient\n * and never throws.\n */\nfunction buildWebRequest(event: H3Event, method: string): Request {\n const src = (event as any).req as Request | undefined;\n\n const headers = new Headers();\n if (src?.headers && typeof src.headers.forEach === \"function\") {\n src.headers.forEach((value, key) => headers.set(key, value));\n } else {\n const rawHeaders = (event as any).node?.req?.headers as\n | Record<string, string | string[] | undefined>\n | undefined;\n if (rawHeaders) {\n for (const [key, value] of Object.entries(rawHeaders)) {\n if (value == null) continue;\n headers.set(key, Array.isArray(value) ? value.join(\", \") : value);\n }\n }\n }\n\n // The SDK requires Accept + Content-Type to advertise both JSON and SSE on\n // a POST. Real MCP clients (Claude Code, `agent-native connect`) always\n // send these; we never inject/alter them — if they're absent the SDK\n // returns its spec-mandated 406/415, identical to the Node path.\n\n const host = headers.get(\"host\") || \"localhost\";\n const forwardedProto = headers.get(\"x-forwarded-proto\");\n const proto =\n forwardedProto?.split(\",\")[0]?.trim() ||\n (/^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n let url = `${proto}://${host}/_agent-native/mcp`;\n try {\n if (src?.url) url = new URL(src.url).href;\n } catch {\n // keep the synthesized URL\n }\n\n // No body here on purpose: the JSON-RPC payload is forwarded via the\n // transport's `parsedBody` option (the same mechanism the Node transport\n // uses), so the request stream is never read twice.\n return new Request(url, { method, headers });\n}\n\n// ---------------------------------------------------------------------------\n// handleMcpRequest — runtime-agnostic MCP request handler\n// ---------------------------------------------------------------------------\n\n/**\n * Handle a single `{routePrefix}/mcp` request on either runtime.\n *\n * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the\n * SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,\n * body)`, which writes directly to the Node response (full protocol incl.\n * SSE).\n * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,\n * Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`\n * from the SAME config + identity, drive it through the SDK's\n * `WebStandardStreamableHTTPServerTransport` (which the Node transport is\n * itself just a thin wrapper around), and return the resulting Web\n * `Response` as a normal h3 return value.\n *\n * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /\n * markdown append, `requestMeta` origin/target derivation and the stateless\n * semantics are IDENTICAL on both paths because both build the same server\n * via `createMCPServerForRequest` and both transports funnel into the same\n * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n * parsedBody })` with the same options.\n *\n * Returns:\n * - `undefined` when the request targets a sub-route (so management/status\n * routes mounted under `/_agent-native/mcp/*` handle it themselves) — the\n * h3 mount falls through to the next handler.\n * - a Web `Response` (web fallback) or a string/object (Node path /\n * auth-error path) otherwise. The Node path also sets `_handled` so h3\n * doesn't double-write.\n */\nexport async function handleMcpRequest(\n event: H3Event,\n config: MCPConfig,\n): Promise<Response | string | { error: string } | undefined> {\n const pathname = event.url?.pathname || \"/\";\n const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n if (subpath) {\n // Let management/status routes mounted under /_agent-native/mcp/* handle\n // their own requests instead of treating them as MCP protocol traffic.\n return undefined;\n }\n\n const method = getMethod(event);\n\n // Auth check — extracts the caller's identity from the JWT (`sub`), or, on\n // the static-token / dev-open path, from the forwarded\n // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n // `agent-native mcp install` flow). Without this the install flow would run\n // every tool unscoped (userEmail === undefined).\n const authHeader = getRequestHeader(event, \"authorization\");\n const ownerEmailHeader = getRequestHeader(\n event,\n \"x-agent-native-owner-email\",\n );\n // Gate header-only dev-open on the REAL socket peer, never a parsed\n // `Host` header (client-controlled — an attacker could send\n // `Host: localhost`). A deployed app missing A2A_SECRET / ACCESS_TOKEN\n // must fail closed rather than trust a spoofable owner-email header that\n // `fullSurface` would otherwise escalate to the full mutating surface.\n const requestMeta = deriveRequestMeta(event);\n const authResult = await verifyAuth(authHeader, ownerEmailHeader, {\n allowDevOpen: isLoopbackRequest(event),\n resourceUrl: getMcpOAuthResource(event),\n });\n if (!authResult.authed) {\n setResponseStatus(event, 401);\n setResponseHeader(event, \"WWW-Authenticate\", buildMcpOAuthChallenge(event));\n return { error: \"Unauthorized\" };\n }\n\n // Stateless mode: only POST is meaningful\n if (method === \"DELETE\") {\n setResponseStatus(event, 204);\n return \"\";\n }\n\n if (method !== \"POST\" && method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n // Read body for POST (GET has no body). Read it via the h3 helper exactly\n // once; both transports accept it as a pre-parsed body so the request\n // stream is never consumed twice.\n const body = method === \"POST\" ? await readBody(event) : undefined;\n\n // Per-request stateless transport + server. Both runtimes build the SAME\n // server from the SAME config + verified identity + request meta, so\n // tools/list, tools/call, and the deep-link `_meta` are identical. A\n // connected real caller (connect-minted token / `mcp install` /\n // ACCESS_TOKEN / production) gets the full action surface even in local\n // dev; unauthenticated dev probes stay sparse. See `external-agents` skill.\n const server = await createMCPServerForRequest(config, authResult.identity, {\n ...requestMeta,\n fullSurface: authResult.fullSurface === true,\n });\n\n const { nodeReq, nodeRes } = getNodeReqRes(event);\n\n if (nodeReq && nodeRes) {\n // ---- Node fast-path (UNCHANGED behavior) --------------------------------\n const { StreamableHTTPServerTransport } =\n await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n const transport = new StreamableHTTPServerTransport({\n sessionIdGenerator: undefined, // stateless\n });\n await server.connect(transport);\n try {\n // The SDK transport writes directly to the Node response. Node-only by\n // construction; we only reach here when real Node req/res exist.\n await transport.handleRequest(nodeReq, nodeRes, body);\n } catch (err: any) {\n // The SDK transport writes directly to the Node response. If the socket\n // is already closed/ended (client disconnected, or the host stream\n // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*\n // the MCP payload was already delivered correctly. Swallow that benign\n // post-flush write so an external agent disconnecting mid-stream can\n // never take down the server process; rethrow anything else.\n if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n if (process.env.DEBUG)\n console.log(\n \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n );\n }\n // Prevent H3 from double-writing the response\n (event as any)._handled = true;\n return undefined;\n }\n\n // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,\n // Bun) ---------------------------------------------------------------------\n //\n // `StreamableHTTPServerTransport` is itself just a thin wrapper that\n // converts the Node req/res to a web Request/Response and delegates to\n // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n // parsedBody })`. Using the web transport directly with the SAME options +\n // the same pre-read `parsedBody` produces byte-identical protocol output\n // (including the deep-link `_meta` built inside createMCPServerForRequest),\n // and works on every web runtime because it returns a Web `Response`\n // (JSON for request/response, or an SSE `ReadableStream` body which h3\n // streams natively).\n const { WebStandardStreamableHTTPServerTransport } =\n await import(\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\");\n const transport = new WebStandardStreamableHTTPServerTransport({\n sessionIdGenerator: undefined, // stateless — same as the Node path\n });\n await server.connect(transport);\n const webRequest = buildWebRequest(event, method);\n // `parsedBody: undefined` would make the SDK try to read `req.json()`; our\n // synthesized request has no body, so only pass the option for POST (where\n // we actually have a parsed body). For GET the transport reads no body.\n const response = await transport.handleRequest(\n webRequest,\n method === \"POST\" ? { parsedBody: body } : undefined,\n );\n return response;\n}\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments. Runtime-agnostic: a real Node\n * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /\n * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard\n * transport. Both build the same server and produce identical JSON-RPC\n * output.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n nitroApp: any,\n config: MCPConfig,\n routePrefix = \"/_agent-native\",\n): void {\n getH3App(nitroApp).use(\n `${routePrefix}/mcp`,\n defineEventHandler(async (event) => {\n return handleMcpRequest(event as H3Event, config);\n }),\n );\n\n if (process.env.DEBUG)\n console.log(\n `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n );\n}\n"]}
package/dist/mcp-client/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,KAAK,OAAO,EACZ,KAAK,uBAAuB,GAC7B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,EAC9B,KAAK,4BAA4B,GAClC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,eAAe,GACrB,MAAM,iBAAiB,CAAC;AAezB;;;;GAIG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAE9D,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,gBAAgB,GACxB,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAM7B;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAClC,IAAI,CAaN;AAqCD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAMxD;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAiB5D"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,KAAK,OAAO,EACZ,KAAK,uBAAuB,GAC7B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,EAC9B,KAAK,4BAA4B,GAClC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAE7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,eAAe,GACrB,MAAM,iBAAiB,CAAC;AAezB;;;;GAIG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAE9D,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,gBAAgB,GACxB,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAM7B;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAClC,IAAI,CAaN;AA6CD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAMxD;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAiB5D"}
package/dist/mcp-client/index.js CHANGED
@@ -60,14 +60,14 @@ function mcpToolToActionEntry(manager, tool) {
60
60
  // into the LLM's visible tool list, reject invocation here so we never
61
61
  // execute a user's credentials on behalf of another user.
62
62
  if (!isMcpToolAllowedForRequest(tool.name)) {
63
- return `Error: MCP tool ${tool.name} is not available in the current request scope.`;
63
+ return buildMcpErrorActionResult(tool, args, `Error: MCP tool ${tool.name} is not available in the current request scope.`);
64
64
  }
65
65
  try {
66
66
  const result = await manager.callTool(tool.name, args);
67
67
  return await buildMcpActionResult(manager, tool, args, result);
68
68
  }
69
69
  catch (err) {
70
- return `Error calling MCP tool ${tool.name}: ${err?.message ?? err}`;
70
+ return buildMcpErrorActionResult(tool, args, `Error calling MCP tool ${tool.name}: ${err?.message ?? err}`);
71
71
  }
72
72
  },
73
73
  };
@@ -141,6 +141,20 @@ async function buildMcpActionResult(manager, tool, input, raw) {
141
141
  ...(mcpApp ? { mcpApp } : {}),
142
142
  };
143
143
  }
144
+ function buildMcpErrorActionResult(tool, input, text) {
145
+ return {
146
+ [MCP_ACTION_RESULT_MARKER]: true,
147
+ text,
148
+ raw: {
149
+ isError: true,
150
+ content: [{ type: "text", text }],
151
+ },
152
+ serverId: tool.source,
153
+ toolName: tool.name,
154
+ originalToolName: tool.originalName,
155
+ input,
156
+ };
157
+ }
144
158
  async function extractMcpAppPayload(manager, tool, input, raw) {
145
159
  const inlineResource = findInlineMcpAppResource(raw);
146
160
  const resourceUri = inlineResource?.uri ??
package/dist/mcp-client/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,GAGpB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,GAGhB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,GAGnB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,GAGzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,GAE/B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,GAEvB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,GAGpB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,GAIlB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,wBAAwB,EACxB,oBAAoB,GAIrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAUjD,MAAM,UAAU,uBAAuB,CACrC,OAAyB;IAEzB,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAyB,EACzB,MAAmC;IAEnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,OAAyB,EACzB,IAAa;IAEb,OAAO;QACL,IAAI,EAAE;YACJ,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,UAAU,EAAE,IAAI,CAAC,WAAkB;SACpC;QACD,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,KAAK,EAAE,IAA4B,EAAE,EAAE;YAC1C,oEAAoE;YACpE,uEAAuE;YACvE,0DAA0D;YAC1D,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,OAAO,mBAAmB,IAAI,CAAC,IAAI,iDAAiD,CAAC;YACvF,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACvD,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YACjE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,0BAA0B,IAAI,CAAC,IAAI,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC;YACvE,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAa;IACrC,IAAI,CAAC;QACH,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC;QACH,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,IACE,MAAM;QACN,OAAO,MAAM,KAAK,QAAQ;QAC1B,KAAK,CAAC,OAAO,CAAE,MAAc,CAAC,OAAO,CAAC,EACtC,CAAC;QACD,MAAM,KAAK,GAAI,MAAc,CAAC,OAAqC,CAAC;QACpE,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,QAAQ,GACZ,IAAI;YACJ,CAAC,oBAAoB,CAAC,MAAM,CAAC;gBAC3B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAE,MAAc,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,CAAC,CAAC,aAAa,CAAC,CAAC;QACrB,IAAK,MAAc,CAAC,OAAO;YAAE,OAAO,UAAU,QAAQ,EAAE,CAAC;QACzD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAyB;IACrD,IAAI,IAAI,EAAE,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,WAAW,IAAI,EAAE,QAAQ,IAAI,SAAS,GAAG,CAAC;IACnD,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,cAAc,QAAQ,CAAC,QAAQ,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC;IAC/D,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,OAAO,cAAc,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAe;IAC3C,OAAO,CACL,CAAC,CAAC,MAAM;QACR,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAClE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAyB,EACzB,IAAa,EACb,KAA8B,EAC9B,GAAY;IAEZ,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACrE,OAAO;QACL,CAAC,wBAAwB,CAAC,EAAE,IAAI;QAChC,IAAI;QACJ,GAAG;QACH,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,gBAAgB,EAAE,IAAI,CAAC,YAAY;QACnC,KAAK;QACL,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAyB,EACzB,IAAa,EACb,KAA8B,EAC9B,GAAY;IAEZ,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,WAAW,GACf,cAAc,EAAE,GAAG;QACnB,mBAAmB,CAAC,IAAI,CAAC;QACzB,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,QAAQ,GACZ,cAAc,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAE3E,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,gBAAgB,EAAE,IAAI,CAAC,YAAY;QACnC,WAAW;QACX,SAAS,EAAE,KAAK;QAChB,UAAU,EACR,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAC5B,CAAC,CAAE,EAAE,GAAI,GAA+B,EAA8B;YACtE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE;QAC9D,IAAI,EAAE,oBAAoB,CAAC,IAAI,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,CAAC;QACH,OAAO,oBAAoB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAY;IACzC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,IAAI,GAAI,GAAW,CAAC,KAAK,CAAC;IAChC,MAAM,MAAM,GAAG,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;IACrC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5E,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,IAAI,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAClE,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACtE,OAAO,wBAAwB,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;AAC5C,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAY;IAEZ,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAE,GAAW,CAAC,OAAO,CAAC;QACjD,CAAC,CAAG,GAAW,CAAC,OAAqB;QACrC,CAAC,CAAC,EAAE,CAAC;IACP,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;QACtD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,8BAA8B,CACrC,IAAa;IAEb,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACxD,MAAM,SAAS,GACZ,IAAY,CAAC,IAAI,KAAK,UAAU;QAC/B,CAAC,CAAE,IAAY,CAAC,QAAQ;QACxB,CAAC,CAAC,CAAE,IAAY,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAClE,MAAM,GAAG,GAAI,SAAiB,CAAC,GAAG,CAAC;IACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1E,MAAM,QAAQ,GACZ,OAAQ,SAAiB,CAAC,QAAQ,KAAK,QAAQ;QAC7C,CAAC,CAAE,SAAiB,CAAC,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,MAAM,IAAI,GACR,OAAQ,SAAiB,CAAC,IAAI,KAAK,QAAQ;QACzC,CAAC,CAAE,SAAiB,CAAC,IAAI;QACzB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACR,OAAQ,SAAiB,CAAC,IAAI,KAAK,QAAQ;QACzC,CAAC,CAAE,SAAiB,CAAC,IAAI;QACzB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACP,SAAiB,CAAC,KAAK,IAAI,OAAQ,SAAiB,CAAC,KAAK,KAAK,QAAQ;QACtE,CAAC,CAAG,SAAiB,CAAC,KAAiC;QACvD,CAAC,CAAE,IAAY,CAAC,KAAK,IAAI,OAAQ,IAAY,CAAC,KAAK,KAAK,QAAQ;YAC9D,CAAC,CAAG,IAAY,CAAC,KAAiC;YAClD,CAAC,CAAC,SAAS,CAAC;IAClB,OAAO;QACL,GAAG;QACH,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,OAAyB,EACzB,IAAa,EACb,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAE,MAAc,EAAE,QAAQ,CAAC;YACvD,CAAC,CAAG,MAAc,CAAC,QAAsB;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;YACzD,IACE,QAAQ,EAAE,GAAG,KAAK,WAAW;gBAC7B,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EACnC,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CACV,gDAAgD,WAAW,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CACtF,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC","sourcesContent":["/**\n * MCP client module — symmetric counterpart to `@agent-native/core/mcp`\n * (the MCP server). Connects to local MCP servers configured in\n * `mcp.config.json` or the `MCP_SERVERS` env var and exposes their tools\n * to the agent-chat tool-use loop.\n */\n\nexport {\n loadMcpConfig,\n autoDetectMcpConfig,\n type McpConfig,\n type McpServerConfig,\n} from \"./config.js\";\n\nexport {\n McpClientManager,\n buildMcpToolName,\n parseMcpToolName,\n MCP_TOOL_PREFIX,\n type McpTool,\n type McpClientManagerOptions,\n} from \"./manager.js\";\n\nexport {\n listRemoteServers,\n addRemoteServer,\n removeRemoteServer,\n validateRemoteUrl,\n normalizeServerName,\n mergedConfigKey,\n parseMergedKey,\n hashEmail,\n toHttpServerConfig,\n toHttpServerConfigAsync,\n materializeHeaders,\n type RemoteMcpScope,\n type StoredRemoteMcpServer,\n} from \"./remote-store.js\";\n\nexport {\n BUILTIN_MCP_CAPABILITIES,\n getBuiltinMcpCapability,\n isBuiltinMcpCapabilityAvailable,\n normalizeBuiltinMcpCapabilityIds,\n toBuiltinMcpServerConfig,\n type BuiltinMcpCapability,\n type BuiltinMcpCapabilityId,\n} from \"./builtin-capabilities.js\";\n\nexport {\n builtinMcpCapabilitiesSettingsKey,\n listEnabledBuiltinMcpCapabilities,\n setEnabledBuiltinMcpCapabilities,\n setBuiltinMcpCapabilityEnabled,\n type StoredBuiltinMcpCapabilities,\n} from \"./builtin-store.js\";\n\nexport {\n mountMcpServersRoutes,\n buildMergedConfig,\n builtinMergedConfigKey,\n type ClientBuiltinCapability,\n} from \"./routes.js\";\n\nexport {\n mountMcpHubRoutes,\n listHubServers,\n getHubStatus,\n isHubServeEnabled,\n isHubConsumeEnabled,\n type HubServerRecord,\n type HubServersResponse,\n} from \"./hub-routes.js\";\n\nexport { fetchHubServers } from \"./hub-client.js\";\n\nexport { isMcpToolAllowedForRequest } from \"./visibility.js\";\nimport { isMcpToolAllowedForRequest } from \"./visibility.js\";\nexport {\n MCP_ACTION_RESULT_MARKER,\n isMcpActionResult,\n type AgentMcpAppPayload,\n type AgentMcpAppResourceContent,\n type McpActionResult,\n} from \"./app-result.js\";\nimport {\n MCP_ACTION_RESULT_MARKER,\n toolForMcpAppPayload,\n type AgentMcpAppPayload,\n type AgentMcpAppResourceContent,\n type McpActionResult,\n} from \"./app-result.js\";\nimport {\n getToolUiResourceUri,\n isToolVisibilityAppOnly,\n isToolVisibilityModelOnly,\n} from \"@modelcontextprotocol/ext-apps/app-bridge\";\nimport { MCP_APP_MIME_TYPE } from \"../action.js\";\n\n/**\n * Convert MCP tools into `ActionEntry` values suitable for registration in\n * the agent's action registry. Each tool is marked `http: false` so it's\n * never auto-mounted as an HTTP endpoint — MCP tools are agent-only.\n */\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport type { McpClientManager, McpTool } from \"./manager.js\";\n\nexport function mcpToolsToActionEntries(\n manager: McpClientManager,\n): Record<string, ActionEntry> {\n const entries: Record<string, ActionEntry> = {};\n for (const tool of manager.getTools().filter(isVisibleToModel)) {\n entries[tool.name] = mcpToolToActionEntry(manager, tool);\n }\n return entries;\n}\n\n/**\n * Mutate a target action dict in place so it matches the current MCP tool set:\n * - adds new `mcp__*` keys that aren't in target,\n * - removes `mcp__*` keys that no longer exist in the manager,\n * - leaves non-MCP keys untouched.\n *\n * Used by the agent-chat plugin to keep its `prodActions` / `devActions`\n * registries in sync after `McpClientManager.reconfigure()` runs.\n */\nexport function syncMcpActionEntries(\n manager: McpClientManager,\n target: Record<string, ActionEntry>,\n): void {\n const current = new Set<string>();\n for (const tool of manager.getTools().filter(isVisibleToModel)) {\n current.add(tool.name);\n if (!target[tool.name]) {\n target[tool.name] = mcpToolToActionEntry(manager, tool);\n }\n }\n for (const key of Object.keys(target)) {\n if (key.startsWith(\"mcp__\") && !current.has(key)) {\n delete target[key];\n }\n }\n}\n\nfunction mcpToolToActionEntry(\n manager: McpClientManager,\n tool: McpTool,\n): ActionEntry {\n return {\n tool: {\n description: tool.description,\n parameters: tool.inputSchema as any,\n },\n http: false,\n run: async (args: Record<string, string>) => {\n // Defense-in-depth: even if a cross-scope MCP tool somehow makes it\n // into the LLM's visible tool list, reject invocation here so we never\n // execute a user's credentials on behalf of another user.\n if (!isMcpToolAllowedForRequest(tool.name)) {\n return `Error: MCP tool ${tool.name} is not available in the current request scope.`;\n }\n try {\n const result = await manager.callTool(tool.name, args);\n return await buildMcpActionResult(manager, tool, args, result);\n } catch (err: any) {\n return `Error calling MCP tool ${tool.name}: ${err?.message ?? err}`;\n }\n },\n };\n}\n\nfunction isVisibleToModel(tool: McpTool): boolean {\n try {\n return !isToolVisibilityAppOnly(tool.raw as any);\n } catch {\n return true;\n }\n}\n\nexport function isVisibleToMcpApp(tool: McpTool): boolean {\n try {\n return !isToolVisibilityModelOnly(tool.raw as any);\n } catch {\n return true;\n }\n}\n\nexport function flattenMcpToolResult(result: unknown): string {\n if (\n result &&\n typeof result === \"object\" &&\n Array.isArray((result as any).content)\n ) {\n const parts = (result as any).content as Array<Record<string, any>>;\n const text = parts.map(formatMcpContentPart).join(\"\\n\");\n const fallback =\n text ||\n (hasStructuredContent(result)\n ? JSON.stringify((result as any).structuredContent, null, 2)\n : \"(no output)\");\n if ((result as any).isError) return `Error: ${fallback}`;\n return fallback;\n }\n return typeof result === \"string\" ? result : JSON.stringify(result);\n}\n\nfunction formatMcpContentPart(part: Record<string, any>): string {\n if (part?.type === \"text\" && typeof part.text === \"string\") {\n return part.text;\n }\n if (part?.type === \"image\") {\n return `[image: ${part?.mimeType ?? \"unknown\"}]`;\n }\n if (part?.type === \"resource\") {\n const resource = part.resource ?? {};\n const uri = typeof resource.uri === \"string\" ? ` ${resource.uri}` : \"\";\n return `[resource: ${resource.mimeType ?? \"unknown\"}${uri}]`;\n }\n if (part?.type === \"resource_link\") {\n const uri = typeof part.uri === \"string\" ? ` ${part.uri}` : \"\";\n return `[resource: ${part.mimeType ?? \"unknown\"}${uri}]`;\n }\n return JSON.stringify(part);\n}\n\nfunction hasStructuredContent(result: unknown): boolean {\n return (\n !!result &&\n typeof result === \"object\" &&\n Object.prototype.hasOwnProperty.call(result, \"structuredContent\")\n );\n}\n\nasync function buildMcpActionResult(\n manager: McpClientManager,\n tool: McpTool,\n input: Record<string, unknown>,\n raw: unknown,\n): Promise<McpActionResult> {\n const text = flattenMcpToolResult(raw);\n const mcpApp = await extractMcpAppPayload(manager, tool, input, raw);\n return {\n [MCP_ACTION_RESULT_MARKER]: true,\n text,\n raw,\n serverId: tool.source,\n toolName: tool.name,\n originalToolName: tool.originalName,\n input,\n ...(mcpApp ? { mcpApp } : {}),\n };\n}\n\nasync function extractMcpAppPayload(\n manager: McpClientManager,\n tool: McpTool,\n input: Record<string, unknown>,\n raw: unknown,\n): Promise<AgentMcpAppPayload | undefined> {\n const inlineResource = findInlineMcpAppResource(raw);\n const resourceUri =\n inlineResource?.uri ??\n resourceUriFromTool(tool) ??\n resourceUriFromResult(raw);\n if (!resourceUri) return undefined;\n\n const resource =\n inlineResource ?? (await readMcpAppResource(manager, tool, resourceUri));\n\n return {\n serverId: tool.source,\n toolName: tool.name,\n originalToolName: tool.originalName,\n resourceUri,\n toolInput: input,\n toolResult:\n raw && typeof raw === \"object\"\n ? ({ ...(raw as Record<string, unknown>) } as Record<string, unknown>)\n : { content: [{ type: \"text\", text: String(raw ?? \"\") }] },\n tool: toolForMcpAppPayload(tool),\n ...(resource ? { resource } : {}),\n };\n}\n\nfunction resourceUriFromTool(tool: McpTool): string | undefined {\n try {\n return getToolUiResourceUri(tool.raw as any);\n } catch {\n return undefined;\n }\n}\n\nfunction resourceUriFromResult(raw: unknown): string | undefined {\n if (!raw || typeof raw !== \"object\") return undefined;\n const meta = (raw as any)._meta;\n const nested = meta?.ui?.resourceUri;\n if (typeof nested === \"string\" && nested.startsWith(\"ui://\")) return nested;\n const flat = meta?.[\"ui/resourceUri\"] ?? meta?.[\"ui.resourceUri\"];\n if (typeof flat === \"string\" && flat.startsWith(\"ui://\")) return flat;\n return findInlineMcpAppResource(raw)?.uri;\n}\n\nfunction findInlineMcpAppResource(\n raw: unknown,\n): AgentMcpAppResourceContent | undefined {\n if (!raw || typeof raw !== \"object\") return undefined;\n const content = Array.isArray((raw as any).content)\n ? ((raw as any).content as unknown[])\n : [];\n for (const part of content) {\n const resource = normalizeMcpAppResourceContent(part);\n if (resource) return resource;\n }\n return undefined;\n}\n\nfunction normalizeMcpAppResourceContent(\n part: unknown,\n): AgentMcpAppResourceContent | undefined {\n if (!part || typeof part !== \"object\") return undefined;\n const candidate =\n (part as any).type === \"resource\"\n ? (part as any).resource\n : ((part as any).resource ?? part);\n if (!candidate || typeof candidate !== \"object\") return undefined;\n const uri = (candidate as any).uri;\n if (typeof uri !== \"string\" || !uri.startsWith(\"ui://\")) return undefined;\n const mimeType =\n typeof (candidate as any).mimeType === \"string\"\n ? (candidate as any).mimeType\n : undefined;\n if (mimeType && !mimeType.includes(MCP_APP_MIME_TYPE)) return undefined;\n const text =\n typeof (candidate as any).text === \"string\"\n ? (candidate as any).text\n : undefined;\n const blob =\n typeof (candidate as any).blob === \"string\"\n ? (candidate as any).blob\n : undefined;\n const meta =\n (candidate as any)._meta && typeof (candidate as any)._meta === \"object\"\n ? ((candidate as any)._meta as Record<string, unknown>)\n : (part as any)._meta && typeof (part as any)._meta === \"object\"\n ? ((part as any)._meta as Record<string, unknown>)\n : undefined;\n return {\n uri,\n ...(mimeType ? { mimeType } : {}),\n ...(text ? { text } : {}),\n ...(blob ? { blob } : {}),\n ...(meta ? { _meta: meta } : {}),\n };\n}\n\nasync function readMcpAppResource(\n manager: McpClientManager,\n tool: McpTool,\n resourceUri: string,\n): Promise<AgentMcpAppResourceContent | undefined> {\n try {\n const result = await manager.readResourceForTool(tool.name, resourceUri);\n const contents = Array.isArray((result as any)?.contents)\n ? ((result as any).contents as unknown[])\n : [];\n for (const content of contents) {\n const resource = normalizeMcpAppResourceContent(content);\n if (\n resource?.uri === resourceUri ||\n (resource && contents.length === 1)\n ) {\n return resource;\n }\n }\n } catch (err: any) {\n console.warn(\n `[mcp-client] Failed to read MCP App resource ${resourceUri}: ${err?.message ?? err}`,\n );\n }\n return undefined;\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mcp-client/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,aAAa,EACb,mBAAmB,GAGpB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,GAGhB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,GAGnB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,GAGzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iCAAiC,EACjC,iCAAiC,EACjC,gCAAgC,EAChC,8BAA8B,GAE/B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,GAEvB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,GAGpB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,GAIlB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,wBAAwB,EACxB,oBAAoB,GAIrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAUjD,MAAM,UAAU,uBAAuB,CACrC,OAAyB;IAEzB,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAyB,EACzB,MAAmC;IAEnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,OAAyB,EACzB,IAAa;IAEb,OAAO;QACL,IAAI,EAAE;YACJ,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,UAAU,EAAE,IAAI,CAAC,WAAkB;SACpC;QACD,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,KAAK,EAAE,IAA4B,EAAE,EAAE;YAC1C,oEAAoE;YACpE,uEAAuE;YACvE,0DAA0D;YAC1D,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,OAAO,yBAAyB,CAC9B,IAAI,EACJ,IAAI,EACJ,mBAAmB,IAAI,CAAC,IAAI,iDAAiD,CAC9E,CAAC;YACJ,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACvD,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YACjE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,yBAAyB,CAC9B,IAAI,EACJ,IAAI,EACJ,0BAA0B,IAAI,CAAC,IAAI,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAC9D,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAa;IACrC,IAAI,CAAC;QACH,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC;QACH,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,IACE,MAAM;QACN,OAAO,MAAM,KAAK,QAAQ;QAC1B,KAAK,CAAC,OAAO,CAAE,MAAc,CAAC,OAAO,CAAC,EACtC,CAAC;QACD,MAAM,KAAK,GAAI,MAAc,CAAC,OAAqC,CAAC;QACpE,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,QAAQ,GACZ,IAAI;YACJ,CAAC,oBAAoB,CAAC,MAAM,CAAC;gBAC3B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAE,MAAc,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,CAAC,CAAC,aAAa,CAAC,CAAC;QACrB,IAAK,MAAc,CAAC,OAAO;YAAE,OAAO,UAAU,QAAQ,EAAE,CAAC;QACzD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAyB;IACrD,IAAI,IAAI,EAAE,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,WAAW,IAAI,EAAE,QAAQ,IAAI,SAAS,GAAG,CAAC;IACnD,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,cAAc,QAAQ,CAAC,QAAQ,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC;IAC/D,CAAC;IACD,IAAI,IAAI,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,OAAO,cAAc,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,GAAG,GAAG,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAe;IAC3C,OAAO,CACL,CAAC,CAAC,MAAM;QACR,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAClE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAyB,EACzB,IAAa,EACb,KAA8B,EAC9B,GAAY;IAEZ,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACrE,OAAO;QACL,CAAC,wBAAwB,CAAC,EAAE,IAAI;QAChC,IAAI;QACJ,GAAG;QACH,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,gBAAgB,EAAE,IAAI,CAAC,YAAY;QACnC,KAAK;QACL,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,IAAa,EACb,KAA8B,EAC9B,IAAY;IAEZ,OAAO;QACL,CAAC,wBAAwB,CAAC,EAAE,IAAI;QAChC,IAAI;QACJ,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;SAClC;QACD,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,gBAAgB,EAAE,IAAI,CAAC,YAAY;QACnC,KAAK;KACN,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAyB,EACzB,IAAa,EACb,KAA8B,EAC9B,GAAY;IAEZ,MAAM,cAAc,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,WAAW,GACf,cAAc,EAAE,GAAG;QACnB,mBAAmB,CAAC,IAAI,CAAC;QACzB,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,QAAQ,GACZ,cAAc,IAAI,CAAC,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAE3E,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,gBAAgB,EAAE,IAAI,CAAC,YAAY;QACnC,WAAW;QACX,SAAS,EAAE,KAAK;QAChB,UAAU,EACR,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAC5B,CAAC,CAAE,EAAE,GAAI,GAA+B,EAA8B;YACtE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE;QAC9D,IAAI,EAAE,oBAAoB,CAAC,IAAI,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,CAAC;QACH,OAAO,oBAAoB,CAAC,IAAI,CAAC,GAAU,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAY;IACzC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,IAAI,GAAI,GAAW,CAAC,KAAK,CAAC;IAChC,MAAM,MAAM,GAAG,IAAI,EAAE,EAAE,EAAE,WAAW,CAAC;IACrC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5E,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,IAAI,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAClE,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACtE,OAAO,wBAAwB,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;AAC5C,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAY;IAEZ,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAE,GAAW,CAAC,OAAO,CAAC;QACjD,CAAC,CAAG,GAAW,CAAC,OAAqB;QACrC,CAAC,CAAC,EAAE,CAAC;IACP,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;QACtD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,8BAA8B,CACrC,IAAa;IAEb,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACxD,MAAM,SAAS,GACZ,IAAY,CAAC,IAAI,KAAK,UAAU;QAC/B,CAAC,CAAE,IAAY,CAAC,QAAQ;QACxB,CAAC,CAAC,CAAE,IAAY,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAClE,MAAM,GAAG,GAAI,SAAiB,CAAC,GAAG,CAAC;IACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1E,MAAM,QAAQ,GACZ,OAAQ,SAAiB,CAAC,QAAQ,KAAK,QAAQ;QAC7C,CAAC,CAAE,SAAiB,CAAC,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,MAAM,IAAI,GACR,OAAQ,SAAiB,CAAC,IAAI,KAAK,QAAQ;QACzC,CAAC,CAAE,SAAiB,CAAC,IAAI;QACzB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACR,OAAQ,SAAiB,CAAC,IAAI,KAAK,QAAQ;QACzC,CAAC,CAAE,SAAiB,CAAC,IAAI;QACzB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACP,SAAiB,CAAC,KAAK,IAAI,OAAQ,SAAiB,CAAC,KAAK,KAAK,QAAQ;QACtE,CAAC,CAAG,SAAiB,CAAC,KAAiC;QACvD,CAAC,CAAE,IAAY,CAAC,KAAK,IAAI,OAAQ,IAAY,CAAC,KAAK,KAAK,QAAQ;YAC9D,CAAC,CAAG,IAAY,CAAC,KAAiC;YAClD,CAAC,CAAC,SAAS,CAAC;IAClB,OAAO;QACL,GAAG;QACH,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,OAAyB,EACzB,IAAa,EACb,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAE,MAAc,EAAE,QAAQ,CAAC;YACvD,CAAC,CAAG,MAAc,CAAC,QAAsB;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;YACzD,IACE,QAAQ,EAAE,GAAG,KAAK,WAAW;gBAC7B,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EACnC,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CACV,gDAAgD,WAAW,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CACtF,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC","sourcesContent":["/**\n * MCP client module — symmetric counterpart to `@agent-native/core/mcp`\n * (the MCP server). Connects to local MCP servers configured in\n * `mcp.config.json` or the `MCP_SERVERS` env var and exposes their tools\n * to the agent-chat tool-use loop.\n */\n\nexport {\n loadMcpConfig,\n autoDetectMcpConfig,\n type McpConfig,\n type McpServerConfig,\n} from \"./config.js\";\n\nexport {\n McpClientManager,\n buildMcpToolName,\n parseMcpToolName,\n MCP_TOOL_PREFIX,\n type McpTool,\n type McpClientManagerOptions,\n} from \"./manager.js\";\n\nexport {\n listRemoteServers,\n addRemoteServer,\n removeRemoteServer,\n validateRemoteUrl,\n normalizeServerName,\n mergedConfigKey,\n parseMergedKey,\n hashEmail,\n toHttpServerConfig,\n toHttpServerConfigAsync,\n materializeHeaders,\n type RemoteMcpScope,\n type StoredRemoteMcpServer,\n} from \"./remote-store.js\";\n\nexport {\n BUILTIN_MCP_CAPABILITIES,\n getBuiltinMcpCapability,\n isBuiltinMcpCapabilityAvailable,\n normalizeBuiltinMcpCapabilityIds,\n toBuiltinMcpServerConfig,\n type BuiltinMcpCapability,\n type BuiltinMcpCapabilityId,\n} from \"./builtin-capabilities.js\";\n\nexport {\n builtinMcpCapabilitiesSettingsKey,\n listEnabledBuiltinMcpCapabilities,\n setEnabledBuiltinMcpCapabilities,\n setBuiltinMcpCapabilityEnabled,\n type StoredBuiltinMcpCapabilities,\n} from \"./builtin-store.js\";\n\nexport {\n mountMcpServersRoutes,\n buildMergedConfig,\n builtinMergedConfigKey,\n type ClientBuiltinCapability,\n} from \"./routes.js\";\n\nexport {\n mountMcpHubRoutes,\n listHubServers,\n getHubStatus,\n isHubServeEnabled,\n isHubConsumeEnabled,\n type HubServerRecord,\n type HubServersResponse,\n} from \"./hub-routes.js\";\n\nexport { fetchHubServers } from \"./hub-client.js\";\n\nexport { isMcpToolAllowedForRequest } from \"./visibility.js\";\nimport { isMcpToolAllowedForRequest } from \"./visibility.js\";\nexport {\n MCP_ACTION_RESULT_MARKER,\n isMcpActionResult,\n type AgentMcpAppPayload,\n type AgentMcpAppResourceContent,\n type McpActionResult,\n} from \"./app-result.js\";\nimport {\n MCP_ACTION_RESULT_MARKER,\n toolForMcpAppPayload,\n type AgentMcpAppPayload,\n type AgentMcpAppResourceContent,\n type McpActionResult,\n} from \"./app-result.js\";\nimport {\n getToolUiResourceUri,\n isToolVisibilityAppOnly,\n isToolVisibilityModelOnly,\n} from \"@modelcontextprotocol/ext-apps/app-bridge\";\nimport { MCP_APP_MIME_TYPE } from \"../action.js\";\n\n/**\n * Convert MCP tools into `ActionEntry` values suitable for registration in\n * the agent's action registry. Each tool is marked `http: false` so it's\n * never auto-mounted as an HTTP endpoint — MCP tools are agent-only.\n */\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport type { McpClientManager, McpTool } from \"./manager.js\";\n\nexport function mcpToolsToActionEntries(\n manager: McpClientManager,\n): Record<string, ActionEntry> {\n const entries: Record<string, ActionEntry> = {};\n for (const tool of manager.getTools().filter(isVisibleToModel)) {\n entries[tool.name] = mcpToolToActionEntry(manager, tool);\n }\n return entries;\n}\n\n/**\n * Mutate a target action dict in place so it matches the current MCP tool set:\n * - adds new `mcp__*` keys that aren't in target,\n * - removes `mcp__*` keys that no longer exist in the manager,\n * - leaves non-MCP keys untouched.\n *\n * Used by the agent-chat plugin to keep its `prodActions` / `devActions`\n * registries in sync after `McpClientManager.reconfigure()` runs.\n */\nexport function syncMcpActionEntries(\n manager: McpClientManager,\n target: Record<string, ActionEntry>,\n): void {\n const current = new Set<string>();\n for (const tool of manager.getTools().filter(isVisibleToModel)) {\n current.add(tool.name);\n if (!target[tool.name]) {\n target[tool.name] = mcpToolToActionEntry(manager, tool);\n }\n }\n for (const key of Object.keys(target)) {\n if (key.startsWith(\"mcp__\") && !current.has(key)) {\n delete target[key];\n }\n }\n}\n\nfunction mcpToolToActionEntry(\n manager: McpClientManager,\n tool: McpTool,\n): ActionEntry {\n return {\n tool: {\n description: tool.description,\n parameters: tool.inputSchema as any,\n },\n http: false,\n run: async (args: Record<string, string>) => {\n // Defense-in-depth: even if a cross-scope MCP tool somehow makes it\n // into the LLM's visible tool list, reject invocation here so we never\n // execute a user's credentials on behalf of another user.\n if (!isMcpToolAllowedForRequest(tool.name)) {\n return buildMcpErrorActionResult(\n tool,\n args,\n `Error: MCP tool ${tool.name} is not available in the current request scope.`,\n );\n }\n try {\n const result = await manager.callTool(tool.name, args);\n return await buildMcpActionResult(manager, tool, args, result);\n } catch (err: any) {\n return buildMcpErrorActionResult(\n tool,\n args,\n `Error calling MCP tool ${tool.name}: ${err?.message ?? err}`,\n );\n }\n },\n };\n}\n\nfunction isVisibleToModel(tool: McpTool): boolean {\n try {\n return !isToolVisibilityAppOnly(tool.raw as any);\n } catch {\n return true;\n }\n}\n\nexport function isVisibleToMcpApp(tool: McpTool): boolean {\n try {\n return !isToolVisibilityModelOnly(tool.raw as any);\n } catch {\n return true;\n }\n}\n\nexport function flattenMcpToolResult(result: unknown): string {\n if (\n result &&\n typeof result === \"object\" &&\n Array.isArray((result as any).content)\n ) {\n const parts = (result as any).content as Array<Record<string, any>>;\n const text = parts.map(formatMcpContentPart).join(\"\\n\");\n const fallback =\n text ||\n (hasStructuredContent(result)\n ? JSON.stringify((result as any).structuredContent, null, 2)\n : \"(no output)\");\n if ((result as any).isError) return `Error: ${fallback}`;\n return fallback;\n }\n return typeof result === \"string\" ? result : JSON.stringify(result);\n}\n\nfunction formatMcpContentPart(part: Record<string, any>): string {\n if (part?.type === \"text\" && typeof part.text === \"string\") {\n return part.text;\n }\n if (part?.type === \"image\") {\n return `[image: ${part?.mimeType ?? \"unknown\"}]`;\n }\n if (part?.type === \"resource\") {\n const resource = part.resource ?? {};\n const uri = typeof resource.uri === \"string\" ? ` ${resource.uri}` : \"\";\n return `[resource: ${resource.mimeType ?? \"unknown\"}${uri}]`;\n }\n if (part?.type === \"resource_link\") {\n const uri = typeof part.uri === \"string\" ? ` ${part.uri}` : \"\";\n return `[resource: ${part.mimeType ?? \"unknown\"}${uri}]`;\n }\n return JSON.stringify(part);\n}\n\nfunction hasStructuredContent(result: unknown): boolean {\n return (\n !!result &&\n typeof result === \"object\" &&\n Object.prototype.hasOwnProperty.call(result, \"structuredContent\")\n );\n}\n\nasync function buildMcpActionResult(\n manager: McpClientManager,\n tool: McpTool,\n input: Record<string, unknown>,\n raw: unknown,\n): Promise<McpActionResult> {\n const text = flattenMcpToolResult(raw);\n const mcpApp = await extractMcpAppPayload(manager, tool, input, raw);\n return {\n [MCP_ACTION_RESULT_MARKER]: true,\n text,\n raw,\n serverId: tool.source,\n toolName: tool.name,\n originalToolName: tool.originalName,\n input,\n ...(mcpApp ? { mcpApp } : {}),\n };\n}\n\nfunction buildMcpErrorActionResult(\n tool: McpTool,\n input: Record<string, unknown>,\n text: string,\n): McpActionResult {\n return {\n [MCP_ACTION_RESULT_MARKER]: true,\n text,\n raw: {\n isError: true,\n content: [{ type: \"text\", text }],\n },\n serverId: tool.source,\n toolName: tool.name,\n originalToolName: tool.originalName,\n input,\n };\n}\n\nasync function extractMcpAppPayload(\n manager: McpClientManager,\n tool: McpTool,\n input: Record<string, unknown>,\n raw: unknown,\n): Promise<AgentMcpAppPayload | undefined> {\n const inlineResource = findInlineMcpAppResource(raw);\n const resourceUri =\n inlineResource?.uri ??\n resourceUriFromTool(tool) ??\n resourceUriFromResult(raw);\n if (!resourceUri) return undefined;\n\n const resource =\n inlineResource ?? (await readMcpAppResource(manager, tool, resourceUri));\n\n return {\n serverId: tool.source,\n toolName: tool.name,\n originalToolName: tool.originalName,\n resourceUri,\n toolInput: input,\n toolResult:\n raw && typeof raw === \"object\"\n ? ({ ...(raw as Record<string, unknown>) } as Record<string, unknown>)\n : { content: [{ type: \"text\", text: String(raw ?? \"\") }] },\n tool: toolForMcpAppPayload(tool),\n ...(resource ? { resource } : {}),\n };\n}\n\nfunction resourceUriFromTool(tool: McpTool): string | undefined {\n try {\n return getToolUiResourceUri(tool.raw as any);\n } catch {\n return undefined;\n }\n}\n\nfunction resourceUriFromResult(raw: unknown): string | undefined {\n if (!raw || typeof raw !== \"object\") return undefined;\n const meta = (raw as any)._meta;\n const nested = meta?.ui?.resourceUri;\n if (typeof nested === \"string\" && nested.startsWith(\"ui://\")) return nested;\n const flat = meta?.[\"ui/resourceUri\"] ?? meta?.[\"ui.resourceUri\"];\n if (typeof flat === \"string\" && flat.startsWith(\"ui://\")) return flat;\n return findInlineMcpAppResource(raw)?.uri;\n}\n\nfunction findInlineMcpAppResource(\n raw: unknown,\n): AgentMcpAppResourceContent | undefined {\n if (!raw || typeof raw !== \"object\") return undefined;\n const content = Array.isArray((raw as any).content)\n ? ((raw as any).content as unknown[])\n : [];\n for (const part of content) {\n const resource = normalizeMcpAppResourceContent(part);\n if (resource) return resource;\n }\n return undefined;\n}\n\nfunction normalizeMcpAppResourceContent(\n part: unknown,\n): AgentMcpAppResourceContent | undefined {\n if (!part || typeof part !== \"object\") return undefined;\n const candidate =\n (part as any).type === \"resource\"\n ? (part as any).resource\n : ((part as any).resource ?? part);\n if (!candidate || typeof candidate !== \"object\") return undefined;\n const uri = (candidate as any).uri;\n if (typeof uri !== \"string\" || !uri.startsWith(\"ui://\")) return undefined;\n const mimeType =\n typeof (candidate as any).mimeType === \"string\"\n ? (candidate as any).mimeType\n : undefined;\n if (mimeType && !mimeType.includes(MCP_APP_MIME_TYPE)) return undefined;\n const text =\n typeof (candidate as any).text === \"string\"\n ? (candidate as any).text\n : undefined;\n const blob =\n typeof (candidate as any).blob === \"string\"\n ? (candidate as any).blob\n : undefined;\n const meta =\n (candidate as any)._meta && typeof (candidate as any)._meta === \"object\"\n ? ((candidate as any)._meta as Record<string, unknown>)\n : (part as any)._meta && typeof (part as any)._meta === \"object\"\n ? ((part as any)._meta as Record<string, unknown>)\n : undefined;\n return {\n uri,\n ...(mimeType ? { mimeType } : {}),\n ...(text ? { text } : {}),\n ...(blob ? { blob } : {}),\n ...(meta ? { _meta: meta } : {}),\n };\n}\n\nasync function readMcpAppResource(\n manager: McpClientManager,\n tool: McpTool,\n resourceUri: string,\n): Promise<AgentMcpAppResourceContent | undefined> {\n try {\n const result = await manager.readResourceForTool(tool.name, resourceUri);\n const contents = Array.isArray((result as any)?.contents)\n ? ((result as any).contents as unknown[])\n : [];\n for (const content of contents) {\n const resource = normalizeMcpAppResourceContent(content);\n if (\n resource?.uri === resourceUri ||\n (resource && contents.length === 1)\n ) {\n return resource;\n }\n }\n } catch (err: any) {\n console.warn(\n `[mcp-client] Failed to read MCP App resource ${resourceUri}: ${err?.message ?? err}`,\n );\n }\n return undefined;\n}\n"]}
package/dist/mcp-client/routes.js CHANGED
@@ -287,7 +287,7 @@ export function mountMcpServersRoutes(nitroApp, manager) {
287
287
  }
288
288
  async function withMcpAppRequestContext(event, fn) {
289
289
  const { email, orgId } = await resolveContextForRequest(event);
290
- if (!email && process.env.NODE_ENV === "production") {
290
+ if (!email) {
291
291
  setResponseStatus(event, 401);
292
292
  return { error: "Authentication required" };
293
293
  }
@@ -299,7 +299,7 @@ async function withMcpAppRequestContext(event, fn) {
299
299
  function serverHasVisibleTools(manager, serverId) {
300
300
  return manager
301
301
  .getToolsForServer(serverId)
302
- .some((tool) => isMcpToolAllowedForRequest(tool.name));
302
+ .some((tool) => isMcpToolAllowedForRequest(tool.name) && isVisibleToMcpApp(tool));
303
303
  }
304
304
  function normalizeSameServerToolName(serverId, rawName) {
305
305
  if (typeof rawName !== "string" || !rawName.trim())
@@ -331,6 +331,19 @@ function mcpToolForClient(tool) {
331
331
  ...(tool._meta ? { _meta: tool._meta } : {}),
332
332
  };
333
333
  }
334
+ function mcpAppCallableTool(manager, serverId, originalToolName) {
335
+ const prefixedName = buildMcpToolName(serverId, originalToolName);
336
+ const tool = manager
337
+ .getToolsForServer(serverId)
338
+ .find((candidate) => candidate.name === prefixedName ||
339
+ candidate.originalName === originalToolName) ?? null;
340
+ if (!tool)
341
+ return null;
342
+ if (!isMcpToolAllowedForRequest(tool.name) || !isVisibleToMcpApp(tool)) {
343
+ return null;
344
+ }
345
+ return tool;
346
+ }
334
347
  async function handleMcpAppCallTool(event, manager) {
335
348
  const body = (await readBody(event).catch(() => ({})));
336
349
  const serverId = typeof body.serverId === "string" ? body.serverId : "";
@@ -339,14 +352,14 @@ async function handleMcpAppCallTool(event, manager) {
339
352
  setResponseStatus(event, 400);
340
353
  return { error: "serverId and same-server toolName are required" };
341
354
  }
342
- const prefixedName = buildMcpToolName(serverId, originalToolName);
343
355
  return withMcpAppRequestContext(event, async () => {
344
- if (!isMcpToolAllowedForRequest(prefixedName)) {
356
+ const tool = mcpAppCallableTool(manager, serverId, originalToolName);
357
+ if (!tool) {
345
358
  setResponseStatus(event, 403);
346
359
  return { error: "MCP tool is not available in this request scope" };
347
360
  }
348
361
  try {
349
- return await manager.callTool(prefixedName, body.arguments && typeof body.arguments === "object"
362
+ return await manager.callTool(tool.name, body.arguments && typeof body.arguments === "object"
350
363
  ? body.arguments
351
364
  : {});
352
365
  }