npm - @mastra/mcp - Versions diffs - 1.6.0 → 1.6.1-alpha.1 - Mend

@mastra/mcp 1.6.0 → 1.6.1-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md +18 -0
package/dist/client/client.d.ts.map +1 -1
package/dist/docs/SKILL.md +1 -2
package/dist/docs/assets/SOURCE_MAP.json +1 -1
package/dist/docs/references/docs-mcp-overview.md +25 -0
package/dist/docs/references/reference-tools-mcp-server.md +1 -3
package/dist/index.cjs +137 -7
package/dist/index.cjs.map +1 -1
package/dist/index.js +136 -7
package/dist/index.js.map +1 -1
package/dist/server/server.d.ts +16 -2
package/dist/server/server.d.ts.map +1 -1
package/package.json +9 -9
package/dist/docs/references/docs-mcp-publishing-mcp-server.md +0 -115

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { AsyncLocalStorage } from 'async_hooks';
+import { createRequire } from 'module';
 import { MastraBase } from '@mastra/core/base';
 import { createTool, isValidationError } from '@mastra/core/tools';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
@@ -415,7 +416,57 @@ function isReconnectableMCPError(error) {
 // src/client/client.ts
 var DEFAULT_SERVER_CONNECT_TIMEOUT_MSEC = 3e3;
+var require2 = createRequire(import.meta.url);
 var SSE_FALLBACK_STATUS_CODES = [400, 404, 405];
+var DATADOG_TRACER_TEST_SYMBOL = /* @__PURE__ */ Symbol.for("mastra.mcp.dd-trace-test-tracer");
+function shouldDetachPersistentTransportRequest(init) {
+  return (init?.method ?? "GET").toUpperCase() === "GET";
+}
+function getDatadogScope() {
+  const testTracer = globalThis[DATADOG_TRACER_TEST_SYMBOL];
+  const tracer = testTracer ?? loadDatadogTracer();
+  if (typeof tracer?.scope === "function") {
+    return tracer.scope();
+  }
+  if (typeof tracer?.default?.scope === "function") {
+    return tracer.default.scope();
+  }
+  return null;
+}
+function loadDatadogTracer() {
+  if (!isDatadogTracerLikelyLoaded()) {
+    return null;
+  }
+  try {
+    return require2("dd-trace");
+  } catch {
+    return null;
+  }
+}
+function isDatadogTracerLikelyLoaded() {
+  if (globalThis[DATADOG_TRACER_TEST_SYMBOL]) {
+    return true;
+  }
+  if (process.execArgv.some((arg) => arg.includes("dd-trace"))) {
+    return true;
+  }
+  if (process.env.NODE_OPTIONS?.includes("dd-trace")) {
+    return true;
+  }
+  try {
+    const resolvedPath = require2.resolve("dd-trace");
+    return Boolean(require2.cache[resolvedPath]);
+  } catch {
+    return false;
+  }
+}
+function runOutsideDatadogTraceScope(callback) {
+  const scope = getDatadogScope();
+  if (!scope) {
+    return callback();
+  }
+  return scope.activate(null, callback);
+}
 function convertLogLevelToLoggerMethod(level) {
   switch (level) {
     case "debug":
@@ -610,7 +661,11 @@ var InternalMastraMCPClient = class extends MastraBase {
   }
   async connectHttp(url) {
     const { requestInit, eventSourceInit, authProvider, connectTimeout, fetch: userFetch } = this.serverConfig;
-    const fetch2 = userFetch ? (url2, init) => userFetch(url2, init, this.operationContextStore.getStore() ?? null) : void 0;
+    const fetch2 = (requestUrl, init) => {
+      const requestContext = this.operationContextStore.getStore() ?? null;
+      const executeFetch = () => userFetch ? userFetch(requestUrl, init, requestContext) : globalThis.fetch(requestUrl, init);
+      return shouldDetachPersistentTransportRequest(init) ? runOutsideDatadogTraceScope(executeFetch) : executeFetch();
+    };
     this.log("debug", `Attempting to connect to URL: ${url}`);
     let shouldTrySSE = url.pathname.endsWith(`/sse`);
     if (!shouldTrySSE) {
@@ -639,7 +694,7 @@ var InternalMastraMCPClient = class extends MastraBase {
     if (shouldTrySSE) {
       this.log("debug", "Falling back to deprecated HTTP+SSE transport...");
       try {
-        const sseEventSourceInit = fetch2 ? { ...eventSourceInit, fetch: fetch2 } : eventSourceInit;
+        const sseEventSourceInit = { ...eventSourceInit, fetch: fetch2 };
         const sseTransport = new SSEClientTransport(url, {
           requestInit,
           eventSourceInit: sseEventSourceInit,
@@ -2764,9 +2819,11 @@ var MCPServer = class extends MCPServerBase {
    * This allows us to create multiple server instances with identical functionality.
    */
   registerHandlersOnServer(serverInstance) {
-    serverInstance.setRequestHandler(ListToolsRequestSchema, async () => {
+    serverInstance.setRequestHandler(ListToolsRequestSchema, async (_request, extra) => {
+      const proxiedContext = this.createProxiedRequestContext(extra);
+      const tools = await this.getAuthorizedConvertedToolEntries(proxiedContext);
       return {
-        tools: Object.values(this.convertedTools).map((tool) => {
+        tools: tools.map(([, tool]) => {
           const toolSpec = {
             name: tool.id || "unknown",
             description: tool.description,
@@ -2858,6 +2915,7 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
             throw new Error(`The "extra" key is now nested under "mcp.extra" in tool arguments`);
           }
         };
+        await this.enforceToolExecutionFGA(request.params.name, proxiedContext);
         const result = await tool.execute(validation?.value ?? request.params.arguments ?? {}, mcpOptions);
         const duration = Date.now() - startTime;
         if (isValidationError(result)) {
@@ -4049,7 +4107,24 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
    * });
    * ```
    */
-  getToolListInfo() {
+  getToolListInfo(requestContext) {
+    const fgaProvider = this.mastra?.getServer?.()?.fga;
+    if (fgaProvider && requestContext) {
+      return this.getAuthorizedConvertedToolEntries(requestContext).then((tools) => ({
+        tools: tools.map(([toolId, tool]) => ({
+          id: toolId,
+          name: tool.id || toolId,
+          description: tool.description,
+          inputSchema: this.convertSchema(tool.parameters),
+          outputSchema: this.convertSchema(tool.outputSchema),
+          toolType: tool.mcp?.toolType,
+          _meta: withMastraToolStrictMeta(tool.mcp?._meta, tool.strict)
+        }))
+      }));
+    }
+    if (fgaProvider && !requestContext) {
+      return { tools: [] };
+    }
     this.logger.debug("Getting tool list", { server: this.name });
     return {
       tools: Object.entries(this.convertedTools).map(([toolId, tool]) => ({
@@ -4057,7 +4132,7 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
         name: tool.id || toolId,
         description: tool.description,
         inputSchema: this.convertSchema(tool.parameters),
-        outputSchema: this.convertSchema(tool.parameters),
+        outputSchema: this.convertSchema(tool.outputSchema),
         toolType: tool.mcp?.toolType,
         _meta: withMastraToolStrictMeta(tool.mcp?._meta, tool.strict)
       }))
@@ -4097,6 +4172,58 @@ Provided arguments: ${JSON.stringify(request.params.arguments, null, 2)}`
       _meta: withMastraToolStrictMeta(tool.mcp?._meta, tool.strict)
     };
   }
+  createProxiedRequestContext(extra) {
+    const proxiedContext = new RequestContext();
+    if (extra && typeof extra === "object") {
+      Object.entries(extra).forEach(([key, value]) => {
+        proxiedContext.set(key, value);
+      });
+    }
+    return proxiedContext;
+  }
+  async getAuthorizedConvertedToolEntries(requestContext) {
+    const entries = Object.entries(this.convertedTools);
+    const fgaProvider = this.mastra?.getServer?.()?.fga;
+    if (!fgaProvider) {
+      return entries;
+    }
+    const user = requestContext.get("user");
+    if (!user) {
+      return [];
+    }
+    const accessible = await Promise.all(
+      entries.map(async ([toolId, tool]) => {
+        try {
+          await this.enforceToolExecutionFGA(toolId, requestContext);
+          return [toolId, tool];
+        } catch (error) {
+          if (error instanceof Error && error.name === "FGADeniedError") {
+            return null;
+          }
+          throw error;
+        }
+      })
+    );
+    return accessible.filter((entry) => entry !== null);
+  }
+  async enforceToolExecutionFGA(toolId, requestContext) {
+    const fgaProvider = this.mastra?.getServer?.()?.fga;
+    if (!fgaProvider) {
+      return;
+    }
+    const { checkFGA, FGADeniedError, MastraFGAPermissions } = await import('@mastra/core/auth/ee');
+    const resourceId = JSON.stringify([this.id, toolId]);
+    const user = requestContext?.get("user");
+    if (!user) {
+      throw new FGADeniedError({ id: "unknown" }, { type: "tool", id: resourceId }, MastraFGAPermissions.TOOLS_EXECUTE);
+    }
+    await checkFGA({
+      fgaProvider,
+      user,
+      resource: { type: "tool", id: resourceId },
+      permission: MastraFGAPermissions.TOOLS_EXECUTE
+    });
+  }
   /**
    * Executes a specific tool provided by this MCP server.
    *
@@ -4179,8 +4306,10 @@ Provided arguments: ${JSON.stringify(args, null, 2)}`,
     try {
       const finalExecutionContext = {
         messages: executionContext?.messages || [],
-        toolCallId: executionContext?.toolCallId || randomUUID()
+        toolCallId: executionContext?.toolCallId || randomUUID(),
+        requestContext: executionContext?.requestContext
       };
+      await this.enforceToolExecutionFGA(toolId, finalExecutionContext.requestContext);
       const result = await tool.execute(validatedArgs, finalExecutionContext);
       this.logger.info("Tool executed successfully", { tool: toolId });
       return result;