@debugg-ai/debugg-ai-mcp 3.2.0 → 3.4.0

package/CHANGELOG.md

@@ -5,6 +5,39 @@ All notable changes to the DebuggAI MCP project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.4.0]
+
+### Added — MCP Resources (browse projects / environments / executions)
+
+The server now declares the `resources` capability and exposes the read-only
+entities as addressable resources, so clients can browse and @-mention them as
+context instead of only calling tools:
+
+- **Collections** (`resources/list`): `debugg-ai://projects`, `debugg-ai://environments`, `debugg-ai://executions`
+- **Templates** (`resources/templates/list`): `debugg-ai://project/{uuid}`, `debugg-ai://environment/{uuid}`, `debugg-ai://execution/{uuid}`
+- **`resources/read`** dispatches each URI to the same entity handler the tools
+  use — identical data + auth, no drift — and returns the JSON payload.
+
+Additive: clients without resource support keep using the tools unchanged.
+Implementation in `handlers/resourcesHandler.ts`.
+
+## [3.3.0]
+
+### Added — Run artifacts returned as resource links
+
+`check_app_in_browser` and `executions {action:"get"}` now surface execution
+artifacts — **run recording, HAR, console log** — as MCP
+[`resource_link`](https://modelcontextprotocol.io/specification/2025-06-18/server/tools)
+content blocks pointing at their presigned URLs, instead of base64-inlining them.
+Leaner responses, and the URLs stay renewable / fetchable on demand. The legacy
+run-recording GIF (previously downloaded and inlined as multi-MB base64) is now a
+link; the `browserSession` presigned URLs are auto-detected and linked
+(deduped).
+
+Screenshots are **deliberately kept inline** as image blocks so vision-capable
+clients can still see them — the core visual-verification workflow. Helpers:
+`resourceLinkBlock` + `artifactResourceLinks` in `utils/imageUtils.ts`.
+
 ## [3.2.0]
 
 ### Added — Structured tool output (`structuredContent`)

package/README.md

@@ -158,6 +158,24 @@ Every filter-mode response is paginated. Response shape:
 
 Pass optional `page` (1-indexed, default 1) and `pageSize` (default 20, max 200; oversized values are clamped). No response is ever silently truncated.
 
+## Resources
+
+Alongside tools, the server exposes the read-only entities as MCP **resources**
+so clients can browse and @-mention them as context:
+
+| URI | What |
+|---|---|
+| `debugg-ai://projects` | All projects (first page) |
+| `debugg-ai://environments` | Environments for the auto-detected project |
+| `debugg-ai://executions` | Recent executions (first page) |
+| `debugg-ai://project/{uuid}` | One project, full detail |
+| `debugg-ai://environment/{uuid}` | One environment (credentials inline, passwords redacted) |
+| `debugg-ai://execution/{uuid}` | One execution, full node detail + artifact links |
+
+Reads dispatch to the same handlers as the `project` / `environment` /
+`executions` tools, so the data and auth are identical. Resources are additive —
+clients without resource support keep using the tools.
+
 ### Security invariants
 
 - Passwords are write-only. They never appear in any response body from any tool.

package/dist/handlers/resourcesHandler.js

@@ -0,0 +1,127 @@
+/**
+ * MCP Resources (epic pglam).
+ *
+ * Exposes the read-only entities (projects / environments / executions) as
+ * addressable resources so clients can browse and @-mention them as context
+ * instead of (or alongside) calling the `project`/`environment`/`executions`
+ * tools. Reads reuse the exact tool handlers — same data, same auth, no drift.
+ *
+ *   Collections (resources/list):     debugg-ai://projects | environments | executions
+ *   Items (resources/templates/list): debugg-ai://project/{uuid}
+ *                                     debugg-ai://environment/{uuid}
+ *                                     debugg-ai://execution/{uuid}
+ *
+ * Resources are additive: clients that don't support the capability simply
+ * keep using the tools.
+ */
+import { config } from '../config/index.js';
+import { MCPError, MCPErrorCode, } from '../types/index.js';
+import { projectHandler } from './projectHandler.js';
+import { environmentHandler } from './environmentHandler.js';
+import { executionsHandler } from './executionsHandler.js';
+const SCHEME = 'debugg-ai';
+const JSON_MIME = 'application/json';
+/** Concrete collection resources returned by resources/list. */
+export const RESOURCE_COLLECTIONS = [
+    {
+        uri: `${SCHEME}://projects`,
+        name: 'projects',
+        title: 'DebuggAI Projects',
+        description: 'All projects visible to this API key (first page).',
+        mimeType: JSON_MIME,
+    },
+    {
+        uri: `${SCHEME}://environments`,
+        name: 'environments',
+        title: 'DebuggAI Environments',
+        description: 'Environments for the auto-detected project (credentials redacted).',
+        mimeType: JSON_MIME,
+    },
+    {
+        uri: `${SCHEME}://executions`,
+        name: 'executions',
+        title: 'DebuggAI Executions',
+        description: 'Recent workflow executions (first page).',
+        mimeType: JSON_MIME,
+    },
+];
+/** URI templates returned by resources/templates/list. */
+export const RESOURCE_TEMPLATES = [
+    {
+        uriTemplate: `${SCHEME}://project/{uuid}`,
+        name: 'project',
+        title: 'DebuggAI Project',
+        description: 'A single project by UUID, with full detail.',
+        mimeType: JSON_MIME,
+    },
+    {
+        uriTemplate: `${SCHEME}://environment/{uuid}`,
+        name: 'environment',
+        title: 'DebuggAI Environment',
+        description: 'A single environment by UUID, with credentials inline (passwords redacted).',
+        mimeType: JSON_MIME,
+    },
+    {
+        uriTemplate: `${SCHEME}://execution/{uuid}`,
+        name: 'execution',
+        title: 'DebuggAI Execution',
+        description: 'A single execution by UUID, with full node detail + artifact links.',
+        mimeType: JSON_MIME,
+    },
+];
+function readContext() {
+    return { timestamp: new Date() };
+}
+/** Pull the JSON payload that every entity handler emits as its single text block. */
+function payloadText(res) {
+    const text = res.content?.find((c) => c.type === 'text')?.text;
+    return typeof text === 'string' ? text : '{}';
+}
+// debugg-ai://<kind>            (collection)
+// debugg-ai://<kind>/<uuid>     (item)
+const URI_RE = new RegExp(`^${SCHEME}://([a-z]+)(?:/([^/?#]+))?$`);
+/**
+ * Resolve a debugg-ai:// resource URI by dispatching to the matching tool
+ * handler and wrapping its JSON payload as a resource content block.
+ */
+export async function readResource(uri) {
+    if (!config.api.key) {
+        throw new MCPError(MCPErrorCode.CONFIGURATION_ERROR, 'DEBUGGAI_API_KEY is not set. Configure it in your MCP server registration. Get a key at https://debugg.ai.', { missingEnvVars: ['DEBUGGAI_API_KEY'] });
+    }
+    const match = URI_RE.exec(uri);
+    if (!match) {
+        throw new MCPError(MCPErrorCode.INVALID_PARAMS, `Unrecognized resource URI: ${uri}`);
+    }
+    const [, kind, id] = match;
+    const ctx = readContext();
+    const requireId = () => {
+        if (!id) {
+            throw new MCPError(MCPErrorCode.INVALID_PARAMS, `Resource ${uri} requires a UUID: ${SCHEME}://${kind}/{uuid}`);
+        }
+        return id;
+    };
+    let res;
+    switch (kind) {
+        case 'projects':
+            res = await projectHandler({ action: 'list' }, ctx);
+            break;
+        case 'project':
+            res = await projectHandler({ action: 'get', uuid: requireId() }, ctx);
+            break;
+        case 'environments':
+            res = await environmentHandler({ action: 'list' }, ctx);
+            break;
+        case 'environment':
+            res = await environmentHandler({ action: 'get', uuid: requireId() }, ctx);
+            break;
+        case 'executions':
+            res = await executionsHandler({ action: 'list' }, ctx);
+            break;
+        case 'execution':
+            res = await executionsHandler({ action: 'get', uuid: requireId() }, ctx);
+            break;
+        default:
+            throw new MCPError(MCPErrorCode.INVALID_PARAMS, `Unknown resource kind "${kind}" in ${uri}`);
+    }
+    return { contents: [{ uri, mimeType: JSON_MIME, text: payloadText(res) }] };
+}

package/dist/handlers/searchExecutionsHandler.js

@@ -13,7 +13,7 @@ import { handleExternalServiceError } from '../utils/errors.js';
 import { DebuggAIServerClient } from '../services/index.js';
 import { config } from '../config/index.js';
 import { toPaginationParams } from '../utils/pagination.js';
-import { fetchImageAsBase64, imageContentBlock } from '../utils/imageUtils.js';
+import { fetchImageAsBase64, imageContentBlock, resourceLinkBlock, artifactResourceLinks } from '../utils/imageUtils.js';
 const logger = new Logger({ module: 'searchExecutionsHandler' });
 function notFound(uuid) {
     return {
@@ -80,10 +80,25 @@ export async function searchExecutionsHandler(input, _context) {
                     if (img)
                         content.push(imageContentBlock(img.data, img.mimeType));
                 }
-                if (gifUrl) {
-                    const gif = await fetchImageAsBase64(gifUrl).catch(() => null);
-                    if (gif)
-                        content.push(imageContentBlock(gif.data, 'image/gif'));
+                // Artifact links (bead 8qndk): run recording (legacy GIF field) + the
+                // browserSession presigned URLs (HAR / console log / recording). Linked,
+                // not base64-inlined. Screenshot stays inline above for vision.
+                const artifactLinks = [
+                    ...(gifUrl
+                        ? [resourceLinkBlock(gifUrl, `run-recording-${input.uuid}.gif`, {
+                                mimeType: 'image/gif',
+                                title: 'Run recording',
+                                description: 'Animated recording of the execution (presigned URL — open or fetch on demand).',
+                            })]
+                        : []),
+                    ...artifactResourceLinks(execution.browserSession),
+                ];
+                const seenArtifactUris = new Set();
+                for (const link of artifactLinks) {
+                    if (link.uri && !seenArtifactUris.has(link.uri)) {
+                        seenArtifactUris.add(link.uri);
+                        content.push(link);
+                    }
                 }
                 return { content };
             }

package/dist/handlers/testPageChangesHandler.js

@@ -6,7 +6,7 @@
 import { config } from '../config/index.js';
 import { Logger } from '../utils/logger.js';
 import { handleExternalServiceError } from '../utils/errors.js';
-import { fetchImageAsBase64, imageContentBlock } from '../utils/imageUtils.js';
+import { fetchImageAsBase64, imageContentBlock, resourceLinkBlock, artifactResourceLinks } from '../utils/imageUtils.js';
 import { DebuggAIServerClient } from '../services/index.js';
 import { TunnelProvisionError } from '../services/tunnels.js';
 import { resolveTargetUrl, buildContext, findExistingTunnel, ensureTunnel, sanitizeResponseUrls, touchTunnelById, } from '../utils/tunnelContext.js';
@@ -539,11 +539,26 @@ async function testPageChangesHandlerInner(input, context, rawProgressCallback)
             if (img)
                 content.push(imageContentBlock(img.data, img.mimeType));
         }
-        if (gifUrl) {
-            logger.info(`Embedding GIF/video: ${gifUrl}`);
-            const gif = await fetchImageAsBase64(gifUrl).catch(() => null);
-            if (gif)
-                content.push(imageContentBlock(gif.data, 'image/gif'));
+        // Artifact links (bead 8qndk): run recording (legacy GIF field) + the
+        // browserSession presigned URLs (HAR / console log / recording). Returned as
+        // resource_links, not base64-inlined. Screenshots stay inline above so
+        // vision-capable clients still SEE them.
+        const artifactLinks = [
+            ...(gifUrl
+                ? [resourceLinkBlock(gifUrl, 'run-recording.gif', {
+                        mimeType: 'image/gif',
+                        title: 'Run recording',
+                        description: 'Animated recording of the run (presigned URL — open or fetch on demand).',
+                    })]
+                : []),
+            ...artifactResourceLinks(sanitizedPayload.browserSession),
+        ];
+        const seenArtifactUris = new Set();
+        for (const link of artifactLinks) {
+            if (link.uri && !seenArtifactUris.has(link.uri)) {
+                seenArtifactUris.add(link.uri);
+                content.push(link);
+            }
         }
         return { content };
     }

package/dist/index.js

@@ -18,9 +18,10 @@
  */
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ListResourceTemplatesRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 import { config } from "./config/index.js";
 import { initTools, getTools, getTool } from "./tools/index.js";
+import { readResource, RESOURCE_COLLECTIONS, RESOURCE_TEMPLATES } from "./handlers/resourcesHandler.js";
 import { Logger, validateInput, createErrorResponse, toMCPError, handleConfigurationError, Telemetry, TelemetryEvents, withStructuredContent, } from "./utils/index.js";
 import { MCPErrorCode, MCPError, } from "./types/index.js";
 // Logger and server are initialized lazily in main() to avoid triggering
@@ -39,6 +40,9 @@ function createMCPServer() {
             tools: {
                 listChanged: false,
             },
+            resources: {
+                listChanged: false,
+            },
         },
     });
 }
@@ -135,6 +139,28 @@ function registerHandlers() {
         logger.info('Tools list requested', { toolCount: tools.length });
         return { tools };
     });
+    // Resources (epic pglam): browse projects/environments/executions as
+    // addressable read URIs. Reads dispatch to the same entity handlers as the
+    // tools, so data + auth stay consistent.
+    server.setRequestHandler(ListResourcesRequestSchema, async () => {
+        logger.info('Resources list requested', { resourceCount: RESOURCE_COLLECTIONS.length });
+        return { resources: RESOURCE_COLLECTIONS };
+    });
+    server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {
+        return { resourceTemplates: RESOURCE_TEMPLATES };
+    });
+    server.setRequestHandler(ReadResourceRequestSchema, async (req) => {
+        const uri = req.params?.uri;
+        logger.info('Resource read requested', { uri });
+        try {
+            return await readResource(uri);
+        }
+        catch (error) {
+            const mcpError = toMCPError(error, 'resource read');
+            logger.error('Resource read failed', { uri, errorCode: mcpError.code, message: mcpError.message });
+            throw mcpError;
+        }
+    });
 }
 /**
  * Main server initialization and startup

package/dist/utils/imageUtils.js

@@ -39,3 +39,60 @@ function inferMimeFromUrl(url) {
 export function imageContentBlock(data, mimeType) {
     return { type: 'image', data, mimeType };
 }
+/**
+ * Build an MCP resource_link content block (MCP 2025-06-18) pointing at an
+ * (often presigned) artifact URL — leaner than inlining the bytes, and the URL
+ * stays renewable/on-demand. Use for large non-vision artifacts (run-recording
+ * GIFs, HAR, console logs) rather than base64-embedding them.
+ */
+export function resourceLinkBlock(uri, name, opts = {}) {
+    const block = { type: 'resource_link', uri, name };
+    if (opts.mimeType)
+        block.mimeType = opts.mimeType;
+    if (opts.title)
+        block.title = opts.title;
+    if (opts.description)
+        block.description = opts.description;
+    return block;
+}
+const MIME_BY_EXT = {
+    gif: 'image/gif', png: 'image/png', jpg: 'image/jpeg', jpeg: 'image/jpeg',
+    webp: 'image/webp', mp4: 'video/mp4', webm: 'video/webm',
+    har: 'application/json', json: 'application/json', txt: 'text/plain', log: 'text/plain',
+};
+function titleize(key) {
+    return key
+        .replace(/[_-]+/g, ' ')
+        .replace(/([a-z])([A-Z])/g, '$1 $2')
+        .replace(/\bUrl\b|\bUri\b/gi, '')
+        .replace(/\s+/g, ' ')
+        .trim()
+        .replace(/^\w/, (c) => c.toUpperCase());
+}
+/**
+ * Build resource_link blocks for every (presigned) artifact URL found one level
+ * deep in `source` (e.g. an execution's browserSession: HAR, console log, run
+ * recording). Defensive about exact field names — it links any https value and
+ * skips tunnel/ngrok hosts. Returns [] for nullish/empty input.
+ */
+export function artifactResourceLinks(source) {
+    if (!source || typeof source !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(source)) {
+        if (typeof value !== 'string')
+            continue;
+        if (!/^https?:\/\//i.test(value))
+            continue;
+        if (/ngrok|tunnel/i.test(value))
+            continue;
+        const ext = (value.split('?')[0].match(/\.([a-z0-9]+)$/i)?.[1] ?? '').toLowerCase();
+        const name = ext ? `${key}.${ext}` : key;
+        out.push(resourceLinkBlock(value, name, {
+            mimeType: MIME_BY_EXT[ext],
+            title: titleize(key),
+            description: 'Execution artifact (presigned URL — open or fetch on demand).',
+        }));
+    }
+    return out;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@debugg-ai/debugg-ai-mcp",
-  "version": "3.2.0",
+  "version": "3.4.0",
   "description": "Zero-Config, Fully AI-Managed End-to-End Testing for all code gen platforms.",
   "type": "module",
   "bin": {