@agent-native/core 0.26.3 → 0.26.5

package/dist/mcp/build-server.js

@@ -20,7 +20,7 @@
 import { isMcpActionResult } from "../mcp-client/app-result.js";
 import { MCP_APP_EXTENSION_ID, MCP_APP_MIME_TYPE, MCP_APP_RESOURCE_URI_META_KEY, } from "../action.js";
 import { MCP_APP_REQUEST_ORIGIN_CSP_SOURCE } from "./embed-app.js";
-import { runWithRequestContext } from "../server/request-context.js";
+import { getRequestContext, runWithRequestContext, } from "../server/request-context.js";
 import { buildDeepLink, toAbsoluteOpenUrl, toDesktopOpenUrl, } from "../server/deep-link.js";
 import { isAgentNativeOpenDeepLink, withCollapsedAgentSidebarParam, } from "../shared/agent-sidebar-url.js";
 import { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from "../shared/embed-auth.js";
@@ -329,6 +329,57 @@ function mcpAppEmbedOpenLinkMeta(result, resource, meta) {
             : {}),
     };
 }
+async function withServerMintedMcpAppEmbedStart(result, meta) {
+    if (!result || typeof result !== "object" || Array.isArray(result)) {
+        return result;
+    }
+    const out = result;
+    if (out.embed !== true)
+        return result;
+    if (typeof out.embedStartUrl === "string" && out.embedStartUrl.trim()) {
+        return result;
+    }
+    if (typeof out.url === "string" &&
+        out.url.trim() &&
+        isEmbedStartUrl(out.url)) {
+        return result;
+    }
+    const candidate = [out.url, out.path, out.deepLinkUrl].find((value) => typeof value === "string" && value.trim().length > 0);
+    if (!candidate)
+        return result;
+    const trimmed = candidate.trim();
+    const isPath = trimmed.startsWith("/") && !trimmed.startsWith("//");
+    const isAbsoluteHttp = /^https?:\/\//i.test(trimmed);
+    if (!isPath && !isAbsoluteHttp)
+        return result;
+    if (isAbsoluteHttp && !meta?.origin)
+        return result;
+    const ctx = getRequestContext();
+    const ownerEmail = ctx?.userEmail?.trim();
+    if (!ownerEmail)
+        return result;
+    const { normalizeEmbedTargetPath, createEmbedSessionTicket } = await import("../server/embed-session.js");
+    const { buildEmbedStartPath } = await import("../server/embed-route.js");
+    const targetPath = normalizeEmbedTargetPath(withMcpChatBridgeParam(trimmed), meta?.origin);
+    if (!targetPath)
+        return result;
+    const ticket = await createEmbedSessionTicket({
+        ownerEmail,
+        orgId: ctx?.orgId,
+        targetPath,
+        scope: typeof out.chrome === "string" ? out.chrome : null,
+    });
+    const startPath = buildEmbedStartPath(ticket.ticket);
+    const embedStartUrl = meta?.origin
+        ? new URL(startPath, meta.origin).toString()
+        : startPath;
+    return {
+        ...out,
+        embedStartUrl,
+        embedTargetPath: targetPath,
+        embedExpiresAt: ticket.expiresAt,
+    };
+}
 /**
  * Build the deep-link content block + structured `_meta` for a tool result.
  * Best-effort: any throw / nullish link is swallowed so a bad `link` builder
@@ -439,7 +490,7 @@ function safeUiSegment(value, fallback) {
 }
 // ChatGPT and Claude cache MCP App resource HTML by `ui://` URI. Bump this
 // when the shared shell changes in a way that must invalidate host caches.
-const MCP_APP_RESOURCE_SHELL_VERSION = "shell-v26";
+const MCP_APP_RESOURCE_SHELL_VERSION = "shell-v30";
 function legacyDefaultMcpAppUri(config, actionName) {
     const app = safeUiSegment(config.appId ?? config.name, "agent-native");
     const action = safeUiSegment(actionName, "tool");
@@ -467,6 +518,41 @@ function versionMcpAppResourceUri(rawUri) {
         ...(versionedUri !== uri ? { legacyUris: [uri] } : {}),
     };
 }
+function unversionMcpAppResourceUri(uri) {
+    if (!uri.startsWith("ui://"))
+        return null;
+    try {
+        const parsed = new URL(uri);
+        parsed.pathname = parsed.pathname
+            .replace(/\/+$/g, "")
+            .replace(/\/shell-v\d+$/g, "");
+        return parsed.toString();
+    }
+    catch {
+        return null;
+    }
+}
+function normalizeMcpAppResourceUriForMatch(uri) {
+    if (typeof uri !== "string")
+        return null;
+    const trimmed = uri.trim();
+    if (!trimmed.startsWith("ui://"))
+        return null;
+    return (unversionMcpAppResourceUri(trimmed) ??
+        trimmed.replace(/\/+$/g, "").replace(/\/shell-v\d+(?=([?#]|$))/g, ""));
+}
+function matchesMcpAppResourceUri(resourceUri, requestedUri) {
+    if (typeof requestedUri !== "string")
+        return false;
+    const requested = requestedUri.trim();
+    if (resourceUri.uri === requested)
+        return true;
+    if (resourceUri.legacyUris?.includes(requested))
+        return true;
+    const requestedBase = normalizeMcpAppResourceUriForMatch(requested);
+    const currentBase = normalizeMcpAppResourceUriForMatch(resourceUri.uri);
+    return Boolean(requestedBase && currentBase && requestedBase === currentBase);
+}
 function getMcpAppResourceUri(config, actionName, entry) {
     const resource = entry.mcpApp?.resource;
     if (!resource)
@@ -932,11 +1018,14 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
                     ? result.text
                     : result;
                 const mcpAppResource = await resolveMcpAppResourceSafely(config, name, entry, requestMeta);
-                const { block, _meta } = buildLinkArtifacts(entry, args ?? {}, rawResult, requestMeta);
+                const rawResultForClient = mcpAppResource
+                    ? await withServerMintedMcpAppEmbedStart(rawResult, requestMeta)
+                    : rawResult;
+                const { block, _meta } = buildLinkArtifacts(entry, args ?? {}, rawResultForClient, requestMeta);
                 const responseMeta = {
                     ...(_meta ?? {}),
                     ...(mcpAppResource
-                        ? mcpAppEmbedOpenLinkMeta(rawResult, mcpAppResource, requestMeta)
+                        ? mcpAppEmbedOpenLinkMeta(rawResultForClient, mcpAppResource, requestMeta)
                         : {}),
                     ...(mcpAppResource ? openAiToolResultMeta(mcpAppResource) : {}),
                 };
@@ -946,7 +1035,7 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
                     toolVisibility.length > 0 &&
                     toolVisibility.every((v) => v === "app");
                 const structuredContent = mcpAppResource
-                    ? mcpAppStructuredContent(rawResult, responseMeta)
+                    ? mcpAppStructuredContent(rawResultForClient, responseMeta)
                     : isAppOnlyVisibility &&
                         rawResult &&
                         typeof rawResult === "object" &&
@@ -1018,9 +1107,7 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
                 let found = null;
                 for (const [name, entry] of Object.entries(advertisedActions)) {
                     const resourceUri = getMcpAppResourceUri(config, name, entry);
-                    if (!resourceUri ||
-                        (resourceUri.uri !== uri &&
-                            !resourceUri.legacyUris?.includes(uri))) {
+                    if (!resourceUri || !matchesMcpAppResourceUri(resourceUri, uri)) {
                         continue;
                     }
                     const resource = await resolveMcpAppResourceSafely(config, name, entry, requestMeta);