@exulu/backend 1.30.5 → 1.31.0

package/CHANGELOG.md

@@ -1,6 +1,6 @@
-## [1.30.5](https://github.com/Qventu/exulu-backend/compare/v1.30.4...v1.30.5) (2025-11-04)
+# [1.31.0](https://github.com/Qventu/exulu-backend/compare/v1.30.5...v1.31.0) (2025-11-06)
 
 
-### Bug Fixes
+### Features
 
-* bug if queue enum is empty ([85ef7bc](https://github.com/Qventu/exulu-backend/commit/85ef7bc8c8ff03e1890cb12cb82d6537ec65588f))
+* implement per-agent MCP servers with project-level tracking ([63c8887](https://github.com/Qventu/exulu-backend/commit/63c88870d344e430625530d6e8eb93004d9af898))

package/dist/index.cjs

@@ -437,8 +437,6 @@ var sanitizeName = (name) => {
 
 // src/registry/classes.ts
 var import_crypto_js2 = __toESM(require("crypto-js"), 1);
-var import_streamableHttp = require("@modelcontextprotocol/sdk/client/streamableHttp.js");
-var import_mcp_stdio = require("ai/mcp-stdio");
 
 // src/registry/utils/graphql.ts
 var import_schema = require("@graphql-tools/schema");
@@ -1141,6 +1139,10 @@ var statisticsSchema = {
     {
       name: "role",
       type: "uuid"
+    },
+    {
+      name: "project",
+      type: "uuid"
     }
   ]
 };
@@ -4040,7 +4042,6 @@ type StatisticsResult {
 }
 `;
   const fullSDL = typeDefs + mutationDefs + modelDefs + genericTypes;
-  console.log("[EXULU] Full SDL:", fullSDL);
   const schema = (0, import_schema.makeExecutableSchema)({
     typeDefs: fullSDL,
     resolvers
@@ -4633,7 +4634,6 @@ var createUppyRoutes = async (app, config) => {
 };
 
 // src/registry/classes.ts
-var import_streamableHttp2 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
 var s3Client2;
 function sanitizeToolName(name) {
   if (typeof name !== "string") return "";
@@ -4875,7 +4875,6 @@ var ExuluAgent2 = class {
     return typeof model === "string" ? model : model?.modelId || "";
   }
   // Exports the agent as a tool that can be used by another agent
-  // todo test this
   tool = async (instance, agents) => {
     const agentInstance = await loadAgent(instance);
     if (!agentInstance) {
@@ -5794,6 +5793,7 @@ var updateStatistic = async (statistic) => {
   const existing = await db3.from("tracking").where({
     ...statistic.user ? { user: statistic.user } : {},
     ...statistic.role ? { role: statistic.role } : {},
+    ...statistic.project ? { project: statistic.project } : {},
     name: statistic.name,
     label: statistic.label,
     type: statistic.type,
@@ -5807,16 +5807,14 @@ var updateStatistic = async (statistic) => {
       total: statistic.count ?? 1,
       createdAt: currentDate,
       ...statistic.user ? { user: statistic.user } : {},
-      ...statistic.role ? { role: statistic.role } : {}
+      ...statistic.role ? { role: statistic.role } : {},
+      ...statistic.project ? { project: statistic.project } : {}
     });
   } else {
     await db3.from("tracking").update({
       total: db3.raw("total + ?", [statistic.count ?? 1])
     }).where({
-      name: statistic.name,
-      label: statistic.label,
-      type: statistic.type,
-      createdAt: currentDate
+      id: existing.id
     });
   }
 };
@@ -5906,6 +5904,9 @@ var CLAUDE_MESSAGES = {
 \x1B[0m`,
   not_enabled: `
 \x1B[41m -- The agent you selected does not have a valid API key set for it. --
+\x1B[0m`,
+  missing_project: `
+\x1B[41m -- Project not found or you do not have access to it. --
 \x1B[0m`
 };
 
@@ -6208,7 +6209,6 @@ Mood: friendly and intelligent.
       console.log("[EXULU] agent tools", agentInstance.tools?.map((x) => x.name + " (" + x.id + ")"));
       const disabledTools = req.body.disabledTools ? req.body.disabledTools : [];
       let enabledTools = await getEnabledTools(agentInstance, tools, disabledTools, agents, user);
-      console.log("[EXULU] enabled tools", enabledTools?.map((x) => x.name + " (" + x.id + ")"));
       const variableName = agentInstance.providerapikey;
       const variable = await db3.from("variables").where({ name: variableName }).first();
       if (!variable) {
@@ -6356,11 +6356,12 @@ Mood: friendly and intelligent.
       }
     });
   });
-  app.use("/gateway/anthropic/:id", import_express3.default.raw({ type: "*/*", limit: REQUEST_SIZE_LIMIT }), async (req, res) => {
+  app.use("/gateway/anthropic/:agent/:project", import_express3.default.raw({ type: "*/*", limit: REQUEST_SIZE_LIMIT }), async (req, res) => {
     try {
       if (!req.body.tools) {
         req.body.tools = [];
       }
+      const { db: db3 } = await postgresClient();
       const authenticationResult = await requestValidators.authenticate(req);
       if (!authenticationResult.user?.id) {
         console.log("[EXULU] failed authentication result", authenticationResult);
@@ -6368,20 +6369,35 @@ Mood: friendly and intelligent.
         return;
       }
       const user = authenticationResult.user;
-      const { db: db3 } = await postgresClient();
-      let query = db3("agents");
-      query.select("*");
-      query = applyAccessControl(agentsSchema2(), authenticationResult.user, query);
-      query.where({ id: req.params.id });
-      const agent = await query.first();
+      let agentQuery = db3("agents");
+      agentQuery.select("*");
+      agentQuery = applyAccessControl(agentsSchema2(), authenticationResult.user, agentQuery);
+      agentQuery.where({ id: req.params.agent });
+      const agent = await agentQuery.first();
       if (!agent) {
         const arrayBuffer = createCustomAnthropicStreamingMessage(`
-\x1B[41m -- Agent ${req.params.id} not found or you do not have access to it. --
+\x1B[41m -- Agent ${req.params.agent} not found or you do not have access to it. --
 \x1B[0m`);
         res.setHeader("Content-Type", "application/json");
         res.end(Buffer.from(arrayBuffer));
         return;
       }
+      let project = null;
+      if (!req.body.project || req.body.project === "DEFAULT") {
+        project = null;
+      } else {
+        let projectQuery = db3("projects");
+        projectQuery.select("*");
+        projectQuery = applyAccessControl(projectsSchema2(), authenticationResult.user, projectQuery);
+        projectQuery.where({ id: req.params.project });
+        project = await projectQuery.first();
+        if (!project) {
+          const arrayBuffer = createCustomAnthropicStreamingMessage(CLAUDE_MESSAGES.missing_project);
+          res.setHeader("Content-Type", "application/json");
+          res.end(Buffer.from(arrayBuffer));
+          return;
+        }
+      }
       console.log("[EXULU] anthropic proxy called for agent:", agent?.name);
       if (!process.env.NEXTAUTH_SECRET) {
         const arrayBuffer = createCustomAnthropicStreamingMessage(CLAUDE_MESSAGES.missing_nextauth_secret);
@@ -6425,10 +6441,47 @@ Mood: friendly and intelligent.
         apiKey: anthropicApiKey
       });
       const tokens = {};
-      for await (const event of client2.messages.stream(req.body)) {
-        console.log("[EXULU] Event", event);
-        if (event.message?.usage) {
-        }
+      const disabledTools = req.body.disabledTools ? req.body.disabledTools : [];
+      let enabledTools = await getEnabledTools(agent, tools, disabledTools, agents, user);
+      let system = req.body.system;
+      if (Array.isArray(req.body.system)) {
+        system = [
+          ...req.body.system,
+          ...agent ? [
+            {
+              type: "text",
+              text: `
+                            You are an agent named: ${agent?.name}
+                            Here are some additional instructions for you: ${agent?.instructions}`
+            }
+          ] : [],
+          ...project ? [
+            {
+              type: "text",
+              text: `Additional information:
+
+                            The project you are working on is: ${project?.name}
+                            Here is some additional information about the project: ${project?.description}`
+            }
+          ] : []
+        ];
+      } else {
+        system = `${req.body.system}
+
+
+                ${agent ? `You are an agent named: ${agent?.name}
+                Here are some additional instructions for you: ${agent?.instructions}` : ""}
+
+                ${project?.id ? `Additional information:
+
+                The project you are working on is: ${project?.name}
+                The project description is: ${project?.description}` : ""}
+                `;
+      }
+      for await (const event of client2.messages.stream({
+        ...req.body,
+        system
+      })) {
         if (event.message?.id) {
           tokens[event.message.id] = {
             input_tokens: event.message.usage.input_tokens,
@@ -6437,11 +6490,45 @@ Mood: friendly and intelligent.
             output_tokens: event.message.usage.output_tokens
           };
         }
-        const msg = `event: ${event.type}
+        if (event.message?.type === "tool_use" && event.message?.name?.includes("exulu_")) {
+          const toolName = event.message?.name;
+          console.log("[EXULU] Using tool", toolName);
+          const inputs = event.message?.input;
+          const id = event.message?.id;
+          const tool2 = enabledTools.find((tool3) => tool3.id === toolName.replace("exulu_", ""));
+          if (!tool2 || !tool2.tool.execute) {
+            console.error("[EXULU] Tool not found or not enabled.", toolName);
+            continue;
+          }
+          const toolResult = await tool2.tool.execute(inputs, {
+            toolCallId: id,
+            messages: [{
+              ...event.message,
+              role: "tool"
+            }]
+          });
+          console.log("[EXULU] Tool result", toolResult);
+          const toolResultMessage = {
+            role: "user",
+            content: [
+              {
+                type: "tool_result",
+                tool_use_id: id,
+                content: toolResult
+              }
+            ]
+          };
+          res.write(`event: tool_result
+data: ${JSON.stringify(toolResultMessage)}
+
+`);
+        } else {
+          const msg = `event: ${event.type}
 data: ${JSON.stringify(event)}
 
 `;
-        res.write(msg);
+          res.write(msg);
+        }
       }
       let totalInputTokens = 0;
       let totalOutputTokens = 0;
@@ -6461,7 +6548,8 @@ data: ${JSON.stringify(event)}
           trigger: statistics.trigger,
           count: 1,
           user: user.id,
-          role: user?.role?.id
+          role: user?.role?.id,
+          ...project ? { project: project.id } : {}
         }),
         ...totalInputTokens ? [
           updateStatistic({
@@ -6471,7 +6559,8 @@ data: ${JSON.stringify(event)}
             trigger: statistics.trigger,
             count: totalInputTokens,
             user: user.id,
-            role: user?.role?.id
+            role: user?.role?.id,
+            ...project ? { project: project.id } : {}
           })
         ] : [],
         ...totalOutputTokens ? [
@@ -6480,7 +6569,10 @@ data: ${JSON.stringify(event)}
             label: statistics.label,
             type: STATISTICS_TYPE_ENUM.AGENT_RUN,
             trigger: statistics.trigger,
-            count: totalOutputTokens
+            count: totalInputTokens,
+            user: user.id,
+            role: user?.role?.id,
+            ...project ? { project: project.id } : {}
           })
         ] : []
       ]);
@@ -7199,97 +7291,159 @@ function getAverage(arr) {
 // src/mcp/index.ts
 var import_mcp = require("@modelcontextprotocol/sdk/server/mcp.js");
 var import_node_crypto4 = require("crypto");
-var import_streamableHttp3 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
+var import_streamableHttp = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
 var import_types = require("@modelcontextprotocol/sdk/types.js");
-var import_zod2 = require("zod");
 var import_express4 = require("express");
 var import_api3 = require("@opentelemetry/api");
+var import_crypto_js5 = __toESM(require("crypto-js"), 1);
+var import_zod2 = require("zod");
 var SESSION_ID_HEADER = "mcp-session-id";
 var ExuluMCP = class {
-  server;
+  server = {};
   transports = {};
-  express;
   constructor() {
   }
-  create = async ({ express: express3, contexts, agents, config, tools, tracer }) => {
-    this.express = express3;
-    if (!this.server) {
+  configure = async ({ user, agentInstance, allTools, allAgents, allContexts, config, tracer }) => {
+    let server = this.server[agentInstance.id];
+    if (!server) {
       console.log("[EXULU] Creating MCP server.");
-      this.server = new import_mcp.McpServer({
-        name: "exulu-mcp-server",
-        version: "1.0.0"
+      server = {
+        mcp: new import_mcp.McpServer({
+          name: "exulu-mcp-server-" + agentInstance.name + "(" + agentInstance.id + ")",
+          version: "1.0.0"
+        }),
+        tools: {}
+      };
+      this.server[agentInstance.id] = server;
+    }
+    const disabledTools = [];
+    let enabledTools = await getEnabledTools(agentInstance, allTools, disabledTools, allAgents, user);
+    const backend = allAgents.find((a) => a.id === agentInstance.backend);
+    if (!backend) {
+      throw new Error("Agent backend not found for agent " + agentInstance.name + " (" + agentInstance.id + ").");
+    }
+    const agentTool = await backend.tool(agentInstance.id, allAgents);
+    if (agentTool) {
+      enabledTools = [
+        ...enabledTools,
+        agentTool
+      ];
+    }
+    const variableName = agentInstance.providerapikey;
+    const { db: db3 } = await postgresClient();
+    const variable = await db3.from("variables").where({ name: variableName }).first();
+    if (!variable) {
+      throw new Error("Provider API key variable not found.");
+    }
+    let providerapikey = variable.value;
+    if (!variable.encrypted) {
+      throw new Error("Provider API key variable not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys.");
+    }
+    if (variable.encrypted) {
+      const bytes = import_crypto_js5.default.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+      providerapikey = bytes.toString(import_crypto_js5.default.enc.Utf8);
+    }
+    console.log("[EXULU] Enabled tools", enabledTools?.map((x) => x.name + " (" + x.id + ")"));
+    for (const tool2 of enabledTools || []) {
+      if (server.tools[tool2.id]) {
+        continue;
+      }
+      server.mcp.registerTool(sanitizeToolName(tool2.name + "_agent_" + tool2.id), {
+        title: tool2.name + " agent",
+        description: tool2.description,
+        inputSchema: {
+          inputs: tool2.inputSchema || import_zod2.z.object({})
+        }
+      }, async ({ inputs }, args) => {
+        console.log("[EXULU] MCP tool name", tool2.name);
+        console.log("[EXULU] MCP tool inputs", inputs);
+        console.log("[EXULU] MCP tool args", args);
+        const configValues = agentInstance.tools;
+        const tools = convertToolsArrayToObject(
+          [tool2],
+          allTools,
+          configValues,
+          providerapikey,
+          allContexts,
+          user,
+          config
+        );
+        const convertedTool = tools[sanitizeToolName(tool2.name)];
+        if (!convertedTool?.execute) {
+          console.error("[EXULU] Tool not found in converted tools array.", tools);
+          throw new Error("Tool not found in converted tools array.");
+        }
+        const iterator = await convertedTool.execute(inputs, {
+          toolCallId: tool2.id + "_" + (0, import_node_crypto4.randomUUID)(),
+          messages: []
+        });
+        let result;
+        for await (const value of iterator) {
+          result = value;
+        }
+        console.log("[EXULU] MCP tool result", result);
+        return {
+          content: [{ type: "text", text: JSON.stringify(result) }],
+          structuredContent: result
+        };
       });
+      server.tools[tool2.id] = tool2.name;
     }
-    this.server.registerTool(
-      "getAgents",
-      {
-        title: "Get agents",
-        description: "Retrieves a list of all available agents"
-      },
-      async () => ({
-        content: agents ? agents.map((agent) => {
-          return {
-            type: "text",
-            text: `${agent.name} - ${agent.description}`
-          };
-        }) : [{
-          type: "text",
-          text: "No agents found."
-        }]
-      })
-    );
-    this.server.registerResource(
-      "greeting",
-      new import_mcp.ResourceTemplate("greeting://{name}", { list: void 0 }),
-      {
-        title: "Greeting Resource",
-        // Display name for UI
-        description: "Dynamic greeting generator"
-      },
-      async (uri, { name }) => ({
-        contents: [{
-          uri: uri.href,
-          text: `Hello, ${name}!`
-        }]
-      })
-    );
-    this.server.registerPrompt(
-      "review-code",
-      {
-        title: "Code Review",
-        description: "Review code for best practices and potential issues",
-        argsSchema: { code: import_zod2.z.string() }
-      },
-      ({ code }) => ({
-        messages: [{
-          role: "user",
-          content: {
-            type: "text",
-            text: `Please review this code:
-
-${code}`
-          }
-        }]
-      })
-    );
+    return server.mcp;
   };
-  connect = async () => {
-    if (!this.express) {
+  create = async ({ express: express3, allTools, allAgents, allContexts, config }) => {
+    if (!express3) {
       throw new Error("Express not initialized.");
     }
     if (!this.server) {
       throw new Error("MCP server not initialized.");
     }
-    this.express.post("/mcp", async (req, res) => {
-      if (!this.server) {
-        throw new Error("MCP server not initialized.");
+    express3.post("/mcp/:agent", async (req, res) => {
+      console.log("[EXULU] MCP request received.", req.params.agent);
+      if (!req.params.agent) {
+        res.status(400).json({
+          error: "Bad Request: No agent ID provided"
+        });
+        return;
+      }
+      const agentInstance = await loadAgent(req.params.agent);
+      if (!agentInstance) {
+        console.error("[EXULU] Agent not found.", req.params.agent);
+        res.status(404).json({
+          error: "Agent not found"
+        });
+        return;
+      }
+      const authenticationResult = await requestValidators.authenticate(req);
+      if (!authenticationResult.user?.id) {
+        res.status(authenticationResult.code || 500).json({ detail: `${authenticationResult.message}` });
+        return;
+      }
+      const user = authenticationResult.user;
+      const hasAccessToAgent = await checkRecordAccess(agentInstance, "read", user);
+      if (!hasAccessToAgent) {
+        res.status(401).json({
+          message: "You don't have access to this agent."
+        });
+        return;
+      }
+      const server = await this.configure({
+        agentInstance,
+        user,
+        allTools,
+        allAgents,
+        allContexts,
+        config
+      });
+      if (!server) {
+        throw new Error("MCP server for agent " + req.params.agent + " not initialized.");
       }
       const sessionId = req.headers[SESSION_ID_HEADER];
       let transport;
       if (sessionId && this.transports[sessionId]) {
         transport = this.transports[sessionId];
       } else if (!sessionId && (0, import_types.isInitializeRequest)(req.body)) {
-        transport = new import_streamableHttp3.StreamableHTTPServerTransport({
+        transport = new import_streamableHttp.StreamableHTTPServerTransport({
           sessionIdGenerator: () => (0, import_node_crypto4.randomUUID)(),
           onsessioninitialized: (sessionId2) => {
             this.transports[sessionId2] = transport;
@@ -7304,13 +7458,14 @@ ${code}`
             delete this.transports[transport.sessionId];
           }
         };
-        await this.server.connect(transport);
+        await server.connect(transport);
       } else {
         res.status(400).json({
           error: "Bad Request: No valid session ID provided"
         });
         return;
       }
+      req.headers["exulu-agent-id"] = req.params.agent;
       await transport.handleRequest(req, res, req.body);
     });
     const handleSessionRequest = async (req, res) => {
@@ -7323,9 +7478,10 @@ ${code}`
       const transport = this.transports[sessionId];
       await transport.handleRequest(req, res);
     };
-    this.express.get("/mcp", handleSessionRequest);
-    this.express.delete("/mcp", handleSessionRequest);
-    return this.express;
+    express3.get("/mcp/:agent", handleSessionRequest);
+    express3.delete("/mcp/:agent", handleSessionRequest);
+    console.log("[EXULU] MCP server created.");
+    return express3;
   };
 };
 
@@ -8760,13 +8916,11 @@ var ExuluApp = class {
           const mcp = new ExuluMCP();
           await mcp.create({
             express: app,
-            contexts: this._contexts,
-            agents: this._agents,
-            config: this._config,
-            tools: this._tools,
-            tracer
+            allTools: this._tools,
+            allAgents: this._agents,
+            allContexts: Object.values(this._contexts ?? {}),
+            config: this._config
           });
-          await mcp.connect();
         }
         return app;
       }
@@ -10203,7 +10357,7 @@ var create = ({
 };
 
 // src/index.ts
-var import_crypto_js5 = __toESM(require("crypto-js"), 1);
+var import_crypto_js6 = __toESM(require("crypto-js"), 1);
 var ExuluJobs = {
   redis: redisClient,
   jobs: {
@@ -10240,8 +10394,8 @@ var ExuluVariables = {
       throw new Error(`Variable ${name} not found.`);
     }
     if (variable.encrypted) {
-      const bytes = import_crypto_js5.default.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
-      variable.value = bytes.toString(import_crypto_js5.default.enc.Utf8);
+      const bytes = import_crypto_js6.default.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+      variable.value = bytes.toString(import_crypto_js6.default.enc.Utf8);
     }
     return variable.value;
   }

package/dist/index.js

@@ -385,8 +385,6 @@ var sanitizeName = (name) => {
 
 // src/registry/classes.ts
 import CryptoJS2 from "crypto-js";
-import "@modelcontextprotocol/sdk/client/streamableHttp.js";
-import "ai/mcp-stdio";
 
 // src/registry/utils/graphql.ts
 import { makeExecutableSchema } from "@graphql-tools/schema";
@@ -1089,6 +1087,10 @@ var statisticsSchema = {
     {
       name: "role",
       type: "uuid"
+    },
+    {
+      name: "project",
+      type: "uuid"
     }
   ]
 };
@@ -3988,7 +3990,6 @@ type StatisticsResult {
 }
 `;
   const fullSDL = typeDefs + mutationDefs + modelDefs + genericTypes;
-  console.log("[EXULU] Full SDL:", fullSDL);
   const schema = makeExecutableSchema({
     typeDefs: fullSDL,
     resolvers
@@ -4600,7 +4601,6 @@ var createUppyRoutes = async (app, config) => {
 };
 
 // src/registry/classes.ts
-import "@modelcontextprotocol/sdk/server/streamableHttp.js";
 var s3Client2;
 function sanitizeToolName(name) {
   if (typeof name !== "string") return "";
@@ -4842,7 +4842,6 @@ var ExuluAgent2 = class {
     return typeof model === "string" ? model : model?.modelId || "";
   }
   // Exports the agent as a tool that can be used by another agent
-  // todo test this
   tool = async (instance, agents) => {
     const agentInstance = await loadAgent(instance);
     if (!agentInstance) {
@@ -5761,6 +5760,7 @@ var updateStatistic = async (statistic) => {
   const existing = await db3.from("tracking").where({
     ...statistic.user ? { user: statistic.user } : {},
     ...statistic.role ? { role: statistic.role } : {},
+    ...statistic.project ? { project: statistic.project } : {},
     name: statistic.name,
     label: statistic.label,
     type: statistic.type,
@@ -5774,16 +5774,14 @@ var updateStatistic = async (statistic) => {
       total: statistic.count ?? 1,
       createdAt: currentDate,
       ...statistic.user ? { user: statistic.user } : {},
-      ...statistic.role ? { role: statistic.role } : {}
+      ...statistic.role ? { role: statistic.role } : {},
+      ...statistic.project ? { project: statistic.project } : {}
     });
   } else {
     await db3.from("tracking").update({
       total: db3.raw("total + ?", [statistic.count ?? 1])
     }).where({
-      name: statistic.name,
-      label: statistic.label,
-      type: statistic.type,
-      createdAt: currentDate
+      id: existing.id
     });
   }
 };
@@ -5873,6 +5871,9 @@ var CLAUDE_MESSAGES = {
 \x1B[0m`,
   not_enabled: `
 \x1B[41m -- The agent you selected does not have a valid API key set for it. --
+\x1B[0m`,
+  missing_project: `
+\x1B[41m -- Project not found or you do not have access to it. --
 \x1B[0m`
 };
 
@@ -6175,7 +6176,6 @@ Mood: friendly and intelligent.
       console.log("[EXULU] agent tools", agentInstance.tools?.map((x) => x.name + " (" + x.id + ")"));
       const disabledTools = req.body.disabledTools ? req.body.disabledTools : [];
       let enabledTools = await getEnabledTools(agentInstance, tools, disabledTools, agents, user);
-      console.log("[EXULU] enabled tools", enabledTools?.map((x) => x.name + " (" + x.id + ")"));
       const variableName = agentInstance.providerapikey;
       const variable = await db3.from("variables").where({ name: variableName }).first();
       if (!variable) {
@@ -6323,11 +6323,12 @@ Mood: friendly and intelligent.
       }
     });
   });
-  app.use("/gateway/anthropic/:id", express.raw({ type: "*/*", limit: REQUEST_SIZE_LIMIT }), async (req, res) => {
+  app.use("/gateway/anthropic/:agent/:project", express.raw({ type: "*/*", limit: REQUEST_SIZE_LIMIT }), async (req, res) => {
     try {
       if (!req.body.tools) {
         req.body.tools = [];
       }
+      const { db: db3 } = await postgresClient();
       const authenticationResult = await requestValidators.authenticate(req);
       if (!authenticationResult.user?.id) {
         console.log("[EXULU] failed authentication result", authenticationResult);
@@ -6335,20 +6336,35 @@ Mood: friendly and intelligent.
         return;
       }
       const user = authenticationResult.user;
-      const { db: db3 } = await postgresClient();
-      let query = db3("agents");
-      query.select("*");
-      query = applyAccessControl(agentsSchema2(), authenticationResult.user, query);
-      query.where({ id: req.params.id });
-      const agent = await query.first();
+      let agentQuery = db3("agents");
+      agentQuery.select("*");
+      agentQuery = applyAccessControl(agentsSchema2(), authenticationResult.user, agentQuery);
+      agentQuery.where({ id: req.params.agent });
+      const agent = await agentQuery.first();
       if (!agent) {
         const arrayBuffer = createCustomAnthropicStreamingMessage(`
-\x1B[41m -- Agent ${req.params.id} not found or you do not have access to it. --
+\x1B[41m -- Agent ${req.params.agent} not found or you do not have access to it. --
 \x1B[0m`);
         res.setHeader("Content-Type", "application/json");
         res.end(Buffer.from(arrayBuffer));
         return;
       }
+      let project = null;
+      if (!req.body.project || req.body.project === "DEFAULT") {
+        project = null;
+      } else {
+        let projectQuery = db3("projects");
+        projectQuery.select("*");
+        projectQuery = applyAccessControl(projectsSchema2(), authenticationResult.user, projectQuery);
+        projectQuery.where({ id: req.params.project });
+        project = await projectQuery.first();
+        if (!project) {
+          const arrayBuffer = createCustomAnthropicStreamingMessage(CLAUDE_MESSAGES.missing_project);
+          res.setHeader("Content-Type", "application/json");
+          res.end(Buffer.from(arrayBuffer));
+          return;
+        }
+      }
       console.log("[EXULU] anthropic proxy called for agent:", agent?.name);
       if (!process.env.NEXTAUTH_SECRET) {
         const arrayBuffer = createCustomAnthropicStreamingMessage(CLAUDE_MESSAGES.missing_nextauth_secret);
@@ -6392,10 +6408,47 @@ Mood: friendly and intelligent.
         apiKey: anthropicApiKey
       });
       const tokens = {};
-      for await (const event of client2.messages.stream(req.body)) {
-        console.log("[EXULU] Event", event);
-        if (event.message?.usage) {
-        }
+      const disabledTools = req.body.disabledTools ? req.body.disabledTools : [];
+      let enabledTools = await getEnabledTools(agent, tools, disabledTools, agents, user);
+      let system = req.body.system;
+      if (Array.isArray(req.body.system)) {
+        system = [
+          ...req.body.system,
+          ...agent ? [
+            {
+              type: "text",
+              text: `
+                            You are an agent named: ${agent?.name}
+                            Here are some additional instructions for you: ${agent?.instructions}`
+            }
+          ] : [],
+          ...project ? [
+            {
+              type: "text",
+              text: `Additional information:
+
+                            The project you are working on is: ${project?.name}
+                            Here is some additional information about the project: ${project?.description}`
+            }
+          ] : []
+        ];
+      } else {
+        system = `${req.body.system}
+
+
+                ${agent ? `You are an agent named: ${agent?.name}
+                Here are some additional instructions for you: ${agent?.instructions}` : ""}
+
+                ${project?.id ? `Additional information:
+
+                The project you are working on is: ${project?.name}
+                The project description is: ${project?.description}` : ""}
+                `;
+      }
+      for await (const event of client2.messages.stream({
+        ...req.body,
+        system
+      })) {
         if (event.message?.id) {
           tokens[event.message.id] = {
             input_tokens: event.message.usage.input_tokens,
@@ -6404,11 +6457,45 @@ Mood: friendly and intelligent.
             output_tokens: event.message.usage.output_tokens
           };
         }
-        const msg = `event: ${event.type}
+        if (event.message?.type === "tool_use" && event.message?.name?.includes("exulu_")) {
+          const toolName = event.message?.name;
+          console.log("[EXULU] Using tool", toolName);
+          const inputs = event.message?.input;
+          const id = event.message?.id;
+          const tool2 = enabledTools.find((tool3) => tool3.id === toolName.replace("exulu_", ""));
+          if (!tool2 || !tool2.tool.execute) {
+            console.error("[EXULU] Tool not found or not enabled.", toolName);
+            continue;
+          }
+          const toolResult = await tool2.tool.execute(inputs, {
+            toolCallId: id,
+            messages: [{
+              ...event.message,
+              role: "tool"
+            }]
+          });
+          console.log("[EXULU] Tool result", toolResult);
+          const toolResultMessage = {
+            role: "user",
+            content: [
+              {
+                type: "tool_result",
+                tool_use_id: id,
+                content: toolResult
+              }
+            ]
+          };
+          res.write(`event: tool_result
+data: ${JSON.stringify(toolResultMessage)}
+
+`);
+        } else {
+          const msg = `event: ${event.type}
 data: ${JSON.stringify(event)}
 
 `;
-        res.write(msg);
+          res.write(msg);
+        }
       }
       let totalInputTokens = 0;
       let totalOutputTokens = 0;
@@ -6428,7 +6515,8 @@ data: ${JSON.stringify(event)}
           trigger: statistics.trigger,
           count: 1,
           user: user.id,
-          role: user?.role?.id
+          role: user?.role?.id,
+          ...project ? { project: project.id } : {}
         }),
         ...totalInputTokens ? [
           updateStatistic({
@@ -6438,7 +6526,8 @@ data: ${JSON.stringify(event)}
             trigger: statistics.trigger,
             count: totalInputTokens,
             user: user.id,
-            role: user?.role?.id
+            role: user?.role?.id,
+            ...project ? { project: project.id } : {}
           })
         ] : [],
         ...totalOutputTokens ? [
@@ -6447,7 +6536,10 @@ data: ${JSON.stringify(event)}
             label: statistics.label,
             type: STATISTICS_TYPE_ENUM.AGENT_RUN,
             trigger: statistics.trigger,
-            count: totalOutputTokens
+            count: totalInputTokens,
+            user: user.id,
+            role: user?.role?.id,
+            ...project ? { project: project.id } : {}
           })
         ] : []
       ]);
@@ -7164,99 +7256,161 @@ function getAverage(arr) {
 }
 
 // src/mcp/index.ts
-import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { randomUUID as randomUUID4 } from "crypto";
-import { StreamableHTTPServerTransport as StreamableHTTPServerTransport2 } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
-import { z as z2 } from "zod";
 import "express";
 import "@opentelemetry/api";
+import CryptoJS5 from "crypto-js";
+import { z as z2 } from "zod";
 var SESSION_ID_HEADER = "mcp-session-id";
 var ExuluMCP = class {
-  server;
+  server = {};
   transports = {};
-  express;
   constructor() {
   }
-  create = async ({ express: express3, contexts, agents, config, tools, tracer }) => {
-    this.express = express3;
-    if (!this.server) {
+  configure = async ({ user, agentInstance, allTools, allAgents, allContexts, config, tracer }) => {
+    let server = this.server[agentInstance.id];
+    if (!server) {
       console.log("[EXULU] Creating MCP server.");
-      this.server = new McpServer({
-        name: "exulu-mcp-server",
-        version: "1.0.0"
+      server = {
+        mcp: new McpServer({
+          name: "exulu-mcp-server-" + agentInstance.name + "(" + agentInstance.id + ")",
+          version: "1.0.0"
+        }),
+        tools: {}
+      };
+      this.server[agentInstance.id] = server;
+    }
+    const disabledTools = [];
+    let enabledTools = await getEnabledTools(agentInstance, allTools, disabledTools, allAgents, user);
+    const backend = allAgents.find((a) => a.id === agentInstance.backend);
+    if (!backend) {
+      throw new Error("Agent backend not found for agent " + agentInstance.name + " (" + agentInstance.id + ").");
+    }
+    const agentTool = await backend.tool(agentInstance.id, allAgents);
+    if (agentTool) {
+      enabledTools = [
+        ...enabledTools,
+        agentTool
+      ];
+    }
+    const variableName = agentInstance.providerapikey;
+    const { db: db3 } = await postgresClient();
+    const variable = await db3.from("variables").where({ name: variableName }).first();
+    if (!variable) {
+      throw new Error("Provider API key variable not found.");
+    }
+    let providerapikey = variable.value;
+    if (!variable.encrypted) {
+      throw new Error("Provider API key variable not encrypted, for security reasons you are only allowed to use encrypted variables for provider API keys.");
+    }
+    if (variable.encrypted) {
+      const bytes = CryptoJS5.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+      providerapikey = bytes.toString(CryptoJS5.enc.Utf8);
+    }
+    console.log("[EXULU] Enabled tools", enabledTools?.map((x) => x.name + " (" + x.id + ")"));
+    for (const tool2 of enabledTools || []) {
+      if (server.tools[tool2.id]) {
+        continue;
+      }
+      server.mcp.registerTool(sanitizeToolName(tool2.name + "_agent_" + tool2.id), {
+        title: tool2.name + " agent",
+        description: tool2.description,
+        inputSchema: {
+          inputs: tool2.inputSchema || z2.object({})
+        }
+      }, async ({ inputs }, args) => {
+        console.log("[EXULU] MCP tool name", tool2.name);
+        console.log("[EXULU] MCP tool inputs", inputs);
+        console.log("[EXULU] MCP tool args", args);
+        const configValues = agentInstance.tools;
+        const tools = convertToolsArrayToObject(
+          [tool2],
+          allTools,
+          configValues,
+          providerapikey,
+          allContexts,
+          user,
+          config
+        );
+        const convertedTool = tools[sanitizeToolName(tool2.name)];
+        if (!convertedTool?.execute) {
+          console.error("[EXULU] Tool not found in converted tools array.", tools);
+          throw new Error("Tool not found in converted tools array.");
+        }
+        const iterator = await convertedTool.execute(inputs, {
+          toolCallId: tool2.id + "_" + randomUUID4(),
+          messages: []
+        });
+        let result;
+        for await (const value of iterator) {
+          result = value;
+        }
+        console.log("[EXULU] MCP tool result", result);
+        return {
+          content: [{ type: "text", text: JSON.stringify(result) }],
+          structuredContent: result
+        };
       });
+      server.tools[tool2.id] = tool2.name;
     }
-    this.server.registerTool(
-      "getAgents",
-      {
-        title: "Get agents",
-        description: "Retrieves a list of all available agents"
-      },
-      async () => ({
-        content: agents ? agents.map((agent) => {
-          return {
-            type: "text",
-            text: `${agent.name} - ${agent.description}`
-          };
-        }) : [{
-          type: "text",
-          text: "No agents found."
-        }]
-      })
-    );
-    this.server.registerResource(
-      "greeting",
-      new ResourceTemplate("greeting://{name}", { list: void 0 }),
-      {
-        title: "Greeting Resource",
-        // Display name for UI
-        description: "Dynamic greeting generator"
-      },
-      async (uri, { name }) => ({
-        contents: [{
-          uri: uri.href,
-          text: `Hello, ${name}!`
-        }]
-      })
-    );
-    this.server.registerPrompt(
-      "review-code",
-      {
-        title: "Code Review",
-        description: "Review code for best practices and potential issues",
-        argsSchema: { code: z2.string() }
-      },
-      ({ code }) => ({
-        messages: [{
-          role: "user",
-          content: {
-            type: "text",
-            text: `Please review this code:
-
-${code}`
-          }
-        }]
-      })
-    );
+    return server.mcp;
   };
-  connect = async () => {
-    if (!this.express) {
+  create = async ({ express: express3, allTools, allAgents, allContexts, config }) => {
+    if (!express3) {
       throw new Error("Express not initialized.");
     }
     if (!this.server) {
       throw new Error("MCP server not initialized.");
     }
-    this.express.post("/mcp", async (req, res) => {
-      if (!this.server) {
-        throw new Error("MCP server not initialized.");
+    express3.post("/mcp/:agent", async (req, res) => {
+      console.log("[EXULU] MCP request received.", req.params.agent);
+      if (!req.params.agent) {
+        res.status(400).json({
+          error: "Bad Request: No agent ID provided"
+        });
+        return;
+      }
+      const agentInstance = await loadAgent(req.params.agent);
+      if (!agentInstance) {
+        console.error("[EXULU] Agent not found.", req.params.agent);
+        res.status(404).json({
+          error: "Agent not found"
+        });
+        return;
+      }
+      const authenticationResult = await requestValidators.authenticate(req);
+      if (!authenticationResult.user?.id) {
+        res.status(authenticationResult.code || 500).json({ detail: `${authenticationResult.message}` });
+        return;
+      }
+      const user = authenticationResult.user;
+      const hasAccessToAgent = await checkRecordAccess(agentInstance, "read", user);
+      if (!hasAccessToAgent) {
+        res.status(401).json({
+          message: "You don't have access to this agent."
+        });
+        return;
+      }
+      const server = await this.configure({
+        agentInstance,
+        user,
+        allTools,
+        allAgents,
+        allContexts,
+        config
+      });
+      if (!server) {
+        throw new Error("MCP server for agent " + req.params.agent + " not initialized.");
       }
       const sessionId = req.headers[SESSION_ID_HEADER];
       let transport;
       if (sessionId && this.transports[sessionId]) {
         transport = this.transports[sessionId];
       } else if (!sessionId && isInitializeRequest(req.body)) {
-        transport = new StreamableHTTPServerTransport2({
+        transport = new StreamableHTTPServerTransport({
           sessionIdGenerator: () => randomUUID4(),
           onsessioninitialized: (sessionId2) => {
             this.transports[sessionId2] = transport;
@@ -7271,13 +7425,14 @@ ${code}`
             delete this.transports[transport.sessionId];
           }
         };
-        await this.server.connect(transport);
+        await server.connect(transport);
       } else {
         res.status(400).json({
           error: "Bad Request: No valid session ID provided"
         });
         return;
       }
+      req.headers["exulu-agent-id"] = req.params.agent;
       await transport.handleRequest(req, res, req.body);
     });
     const handleSessionRequest = async (req, res) => {
@@ -7290,9 +7445,10 @@ ${code}`
       const transport = this.transports[sessionId];
       await transport.handleRequest(req, res);
     };
-    this.express.get("/mcp", handleSessionRequest);
-    this.express.delete("/mcp", handleSessionRequest);
-    return this.express;
+    express3.get("/mcp/:agent", handleSessionRequest);
+    express3.delete("/mcp/:agent", handleSessionRequest);
+    console.log("[EXULU] MCP server created.");
+    return express3;
   };
 };
 
@@ -8727,13 +8883,11 @@ var ExuluApp = class {
           const mcp = new ExuluMCP();
           await mcp.create({
             express: app,
-            contexts: this._contexts,
-            agents: this._agents,
-            config: this._config,
-            tools: this._tools,
-            tracer
+            allTools: this._tools,
+            allAgents: this._agents,
+            allContexts: Object.values(this._contexts ?? {}),
+            config: this._config
           });
-          await mcp.connect();
         }
         return app;
       }
@@ -10170,7 +10324,7 @@ var create = ({
 };
 
 // src/index.ts
-import CryptoJS5 from "crypto-js";
+import CryptoJS6 from "crypto-js";
 var ExuluJobs = {
   redis: redisClient,
   jobs: {
@@ -10207,8 +10361,8 @@ var ExuluVariables = {
       throw new Error(`Variable ${name} not found.`);
     }
     if (variable.encrypted) {
-      const bytes = CryptoJS5.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
-      variable.value = bytes.toString(CryptoJS5.enc.Utf8);
+      const bytes = CryptoJS6.AES.decrypt(variable.value, process.env.NEXTAUTH_SECRET);
+      variable.value = bytes.toString(CryptoJS6.enc.Utf8);
     }
     return variable.value;
   }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@exulu/backend",
   "author": "Qventu Bv.",
-  "version": "1.30.5",
+  "version": "1.31.0",
   "main": "./dist/index.js",
   "private": false,
   "publishConfig": {