@ottocode/sdk 0.1.199 → 0.1.201

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/sdk",
-	"version": "0.1.199",
+	"version": "0.1.201",
 	"description": "AI agent SDK for building intelligent assistants - tree-shakable and comprehensive",
 	"author": "nitishxyz",
 	"license": "MIT",
@@ -98,6 +98,7 @@
 		"@ai-sdk/google": "^3.0.0",
 		"@ai-sdk/openai": "^3.0.0",
 		"@ai-sdk/openai-compatible": "^2.0.0",
+		"@modelcontextprotocol/sdk": "^1.12",
 		"@openauthjs/openauth": "^0.4.3",
 		"@openrouter/ai-sdk-provider": "^1.2.0",
 		"@solana/web3.js": "^1.95.2",

package/src/core/src/index.ts

@@ -108,3 +108,32 @@ export {
 // =======================
 export { logger, debug, info, warn, error, time } from './utils/logger.ts';
 export { isDebugEnabled, isTraceEnabled } from './utils/debug.ts';
+
+// =======================
+// MCP (Model Context Protocol)
+// =======================
+export {
+	MCPClientWrapper,
+	MCPServerManager,
+	convertMCPToolsToAISDK,
+	getMCPManager,
+	initializeMCP,
+	shutdownMCP,
+	loadMCPConfig,
+	addMCPServerToConfig,
+	removeMCPServerFromConfig,
+	OAuthCredentialStore,
+	OttoOAuthProvider,
+	OAuthCallbackServer,
+} from './mcp/index.ts';
+export type {
+	MCPServerConfig,
+	MCPConfig,
+	MCPServerStatus,
+	MCPToolInfo,
+	MCPTransport,
+	MCPOAuthConfig,
+	StoredOAuthData,
+	OttoOAuthProviderOptions,
+	CallbackResult,
+} from './mcp/index.ts';

package/src/core/src/mcp/client.ts

@@ -0,0 +1,229 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { UnauthorizedError } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { MCPServerConfig } from './types.ts';
+
+export type MCPToolInfo = {
+	name: string;
+	description?: string;
+	inputSchema: Record<string, unknown>;
+};
+
+export class MCPClientWrapper {
+	private client: Client;
+	private transport: Transport | null = null;
+	private config: MCPServerConfig;
+	private _connected = false;
+	private _authRequired = false;
+	private _authProvider: OAuthClientProvider | null = null;
+	private _authUrl: string | null = null;
+
+	constructor(config: MCPServerConfig) {
+		this.config = config;
+		this.client = new Client(
+			{ name: 'ottocode', version: '1.0.0' },
+			{ capabilities: {} },
+		);
+	}
+
+	get connected(): boolean {
+		return this._connected;
+	}
+
+	get name(): string {
+		return this.config.name;
+	}
+
+	get authRequired(): boolean {
+		return this._authRequired;
+	}
+
+	get authUrl(): string | null {
+		return this._authUrl;
+	}
+
+	get serverConfig(): MCPServerConfig {
+		return this.config;
+	}
+
+	setAuthProvider(provider: OAuthClientProvider): void {
+		this._authProvider = provider;
+	}
+
+	async connect(): Promise<void> {
+		const transport = this.config.transport ?? 'stdio';
+
+		switch (transport) {
+			case 'stdio':
+				await this.connectStdio();
+				break;
+			case 'http':
+				await this.connectHTTP();
+				break;
+			case 'sse':
+				await this.connectSSE();
+				break;
+			default:
+				throw new Error(`Unknown transport: ${transport}`);
+		}
+	}
+
+	private async connectStdio(): Promise<void> {
+		if (!this.config.command) {
+			throw new Error('command is required for stdio transport');
+		}
+
+		const env = this.resolveEnv(this.config.env ?? {});
+		this.transport = new StdioClientTransport({
+			command: this.config.command,
+			args: this.config.args,
+			env: { ...process.env, ...env } as Record<string, string>,
+			cwd: this.config.cwd,
+			stderr: 'pipe',
+		});
+
+		await this.client.connect(this.transport);
+		this._connected = true;
+	}
+
+	private async connectHTTP(): Promise<void> {
+		if (!this.config.url) {
+			throw new Error('url is required for http transport');
+		}
+
+		const url = new URL(this.config.url);
+		const headers = this.resolveHeaders(this.config.headers ?? {});
+
+		try {
+			this.transport = new StreamableHTTPClientTransport(url, {
+				authProvider: this._authProvider ?? undefined,
+				requestInit: Object.keys(headers).length > 0 ? { headers } : undefined,
+			});
+
+			await this.client.connect(this.transport);
+			this._connected = true;
+			this._authRequired = false;
+		} catch (err) {
+			if (err instanceof UnauthorizedError) {
+				this._authRequired = true;
+				throw err;
+			}
+			throw err;
+		}
+	}
+
+	private async connectSSE(): Promise<void> {
+		if (!this.config.url) {
+			throw new Error('url is required for sse transport');
+		}
+
+		const url = new URL(this.config.url);
+		const headers = this.resolveHeaders(this.config.headers ?? {});
+
+		try {
+			this.transport = new SSEClientTransport(url, {
+				authProvider: this._authProvider ?? undefined,
+				requestInit: Object.keys(headers).length > 0 ? { headers } : undefined,
+			});
+
+			await this.client.connect(this.transport);
+			this._connected = true;
+			this._authRequired = false;
+		} catch (err) {
+			if (err instanceof UnauthorizedError) {
+				this._authRequired = true;
+				throw err;
+			}
+			throw err;
+		}
+	}
+
+	async finishAuth(authorizationCode: string): Promise<void> {
+		const transport = this.transport as
+			| StreamableHTTPClientTransport
+			| SSEClientTransport
+			| null;
+		if (transport && 'finishAuth' in transport) {
+			await transport.finishAuth(authorizationCode);
+		}
+	}
+
+	async listTools(): Promise<MCPToolInfo[]> {
+		const result = await this.client.listTools();
+		return (result.tools ?? []).map((t) => ({
+			name: t.name,
+			description: t.description,
+			inputSchema: t.inputSchema as Record<string, unknown>,
+		}));
+	}
+
+	async callTool(
+		name: string,
+		args: Record<string, unknown>,
+	): Promise<unknown> {
+		const result = await this.client.callTool({ name, arguments: args });
+		if (result.isError) {
+			return {
+				ok: false,
+				error: formatContent(result.content),
+			};
+		}
+		return {
+			ok: true,
+			result: formatContent(result.content),
+		};
+	}
+
+	async disconnect(): Promise<void> {
+		this._connected = false;
+		try {
+			await this.transport?.close();
+		} catch {}
+		this.transport = null;
+	}
+
+	private resolveEnv(env: Record<string, string>): Record<string, string> {
+		const resolved: Record<string, string> = {};
+		for (const [key, value] of Object.entries(env)) {
+			resolved[key] = value.replace(
+				/\$\{(\w+)\}/g,
+				(_, name) => process.env[name] ?? '',
+			);
+		}
+		return resolved;
+	}
+
+	private resolveHeaders(
+		headers: Record<string, string>,
+	): Record<string, string> {
+		const resolved: Record<string, string> = {};
+		for (const [key, value] of Object.entries(headers)) {
+			resolved[key] = value.replace(
+				/\$\{(\w+)\}/g,
+				(_, name) => process.env[name] ?? '',
+			);
+		}
+		return resolved;
+	}
+}
+
+function formatContent(content: unknown): string {
+	if (!Array.isArray(content)) return String(content ?? '');
+	const parts: string[] = [];
+	for (const item of content) {
+		if (item && typeof item === 'object' && 'text' in item) {
+			parts.push(String(item.text));
+		} else if (item && typeof item === 'object' && 'data' in item) {
+			parts.push(
+				`[binary data: ${(item as { mimeType?: string }).mimeType ?? 'unknown'}]`,
+			);
+		} else {
+			parts.push(JSON.stringify(item));
+		}
+	}
+	return parts.join('\n');
+}

package/src/core/src/mcp/index.ts

@@ -0,0 +1,31 @@
+export type {
+	MCPServerConfig,
+	MCPConfig,
+	MCPServerStatus,
+	MCPTransport,
+	MCPOAuthConfig,
+} from './types.ts';
+
+export { MCPClientWrapper, type MCPToolInfo } from './client.ts';
+
+export { MCPServerManager } from './server-manager.ts';
+
+export { convertMCPToolsToAISDK } from './tools.ts';
+
+export {
+	getMCPManager,
+	initializeMCP,
+	shutdownMCP,
+	loadMCPConfig,
+	addMCPServerToConfig,
+	removeMCPServerFromConfig,
+} from './lifecycle.ts';
+
+export {
+	OAuthCredentialStore,
+	OttoOAuthProvider,
+	OAuthCallbackServer,
+	type StoredOAuthData,
+	type OttoOAuthProviderOptions,
+	type CallbackResult,
+} from './oauth/index.ts';

package/src/core/src/mcp/lifecycle.ts

@@ -0,0 +1,134 @@
+import { MCPServerManager } from './server-manager.ts';
+import type { MCPConfig, MCPServerConfig } from './types.ts';
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+
+let globalMCPManager: MCPServerManager | null = null;
+
+export function getMCPManager(): MCPServerManager | null {
+	return globalMCPManager;
+}
+
+export async function initializeMCP(
+	config: MCPConfig,
+): Promise<MCPServerManager> {
+	if (globalMCPManager) {
+		await globalMCPManager.stopAll();
+	}
+	globalMCPManager = new MCPServerManager();
+	await globalMCPManager.startServers(config.servers);
+	return globalMCPManager;
+}
+
+export async function shutdownMCP(): Promise<void> {
+	if (globalMCPManager) {
+		await globalMCPManager.stopAll();
+		globalMCPManager = null;
+	}
+}
+
+export async function loadMCPConfig(
+	projectRoot: string,
+	globalConfigDir?: string,
+): Promise<MCPConfig> {
+	const servers: MCPServerConfig[] = [];
+	const seen = new Set<string>();
+
+	const globalPath = globalConfigDir
+		? join(globalConfigDir, 'config.json')
+		: null;
+	if (globalPath) {
+		const globalServers = await readMCPServersFromFile(globalPath);
+		for (const s of globalServers) {
+			seen.add(s.name);
+			servers.push(s);
+		}
+	}
+
+	const projectPath = join(projectRoot, '.otto', 'config.json');
+	const projectServers = await readMCPServersFromFile(projectPath);
+	for (const s of projectServers) {
+		if (seen.has(s.name)) {
+			const idx = servers.findIndex((existing) => existing.name === s.name);
+			if (idx >= 0) servers[idx] = s;
+		} else {
+			servers.push(s);
+		}
+	}
+
+	return { servers };
+}
+
+async function readMCPServersFromFile(
+	filePath: string,
+): Promise<MCPServerConfig[]> {
+	try {
+		const text = await fs.readFile(filePath, 'utf-8');
+		const json = JSON.parse(text);
+		if (!json?.mcp?.servers) return [];
+		const raw = json.mcp.servers;
+		if (!Array.isArray(raw)) return [];
+		return raw.filter(
+			(s: unknown): s is MCPServerConfig =>
+				typeof s === 'object' &&
+				s !== null &&
+				typeof (s as MCPServerConfig).name === 'string' &&
+				(typeof (s as MCPServerConfig).command === 'string' ||
+					typeof (s as MCPServerConfig).url === 'string'),
+		);
+	} catch {
+		return [];
+	}
+}
+
+export async function addMCPServerToConfig(
+	projectRoot: string,
+	server: MCPServerConfig,
+): Promise<void> {
+	const configPath = join(projectRoot, '.otto', 'config.json');
+	let json: Record<string, unknown> = {};
+	try {
+		const text = await fs.readFile(configPath, 'utf-8');
+		json = JSON.parse(text);
+	} catch {}
+
+	if (!json.mcp) json.mcp = {};
+	const mcp = json.mcp as Record<string, unknown>;
+	if (!Array.isArray(mcp.servers)) mcp.servers = [];
+
+	const servers = mcp.servers as MCPServerConfig[];
+	const idx = servers.findIndex((s) => s.name === server.name);
+	if (idx >= 0) {
+		servers[idx] = server;
+	} else {
+		servers.push(server);
+	}
+
+	await fs.mkdir(join(projectRoot, '.otto'), { recursive: true });
+	await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
+}
+
+export async function removeMCPServerFromConfig(
+	projectRoot: string,
+	name: string,
+): Promise<boolean> {
+	const configPath = join(projectRoot, '.otto', 'config.json');
+	let json: Record<string, unknown> = {};
+	try {
+		const text = await fs.readFile(configPath, 'utf-8');
+		json = JSON.parse(text);
+	} catch {
+		return false;
+	}
+
+	const mcp = json.mcp as Record<string, unknown> | undefined;
+	if (!mcp || !Array.isArray(mcp.servers)) return false;
+
+	const servers = mcp.servers as MCPServerConfig[];
+	const idx = servers.findIndex((s) => s.name === name);
+	if (idx < 0) return false;
+
+	servers.splice(idx, 1);
+	await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
+	return true;
+}

package/src/core/src/mcp/oauth/callback.ts

@@ -0,0 +1,83 @@
+import { createServer, type Server } from 'node:http';
+
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<body style="font-family:system-ui;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;background:#111;color:#fff">
+<div style="text-align:center">
+<h1>Authorized</h1>
+<p>You can close this window and return to ottocode.</p>
+<script>setTimeout(()=>window.close(),2000)</script>
+</div>
+</body>
+</html>`;
+
+export interface CallbackResult {
+	code: string;
+	state?: string;
+}
+
+export class OAuthCallbackServer {
+	private server: Server | null = null;
+	private port: number;
+
+	constructor(port: number) {
+		this.port = port;
+	}
+
+	waitForCallback(timeoutMs = 300000): Promise<CallbackResult> {
+		return new Promise((resolve, reject) => {
+			const timer = setTimeout(() => {
+				this.close();
+				reject(new Error('OAuth callback timed out'));
+			}, timeoutMs);
+
+			this.server = createServer((req, res) => {
+				if (!req.url || req.url === '/favicon.ico') {
+					res.writeHead(404);
+					res.end();
+					return;
+				}
+
+				const parsed = new URL(req.url, `http://localhost:${this.port}`);
+				const code = parsed.searchParams.get('code');
+				const error = parsed.searchParams.get('error');
+				const state = parsed.searchParams.get('state');
+
+				if (error) {
+					res.writeHead(400, { 'Content-Type': 'text/html' });
+					res.end(`<h1>Authorization failed: ${error}</h1>`);
+					clearTimeout(timer);
+					this.close();
+					reject(new Error(`OAuth error: ${error}`));
+					return;
+				}
+
+				if (code) {
+					res.writeHead(200, { 'Content-Type': 'text/html' });
+					res.end(SUCCESS_HTML);
+					clearTimeout(timer);
+					this.close();
+					resolve({ code, state: state ?? undefined });
+					return;
+				}
+
+				res.writeHead(400, { 'Content-Type': 'text/plain' });
+				res.end('Missing authorization code');
+			});
+
+			this.server.listen(this.port, '127.0.0.1', () => {});
+
+			this.server.on('error', (err) => {
+				clearTimeout(timer);
+				reject(err);
+			});
+		});
+	}
+
+	close(): void {
+		if (this.server) {
+			this.server.close();
+			this.server = null;
+		}
+	}
+}

package/src/core/src/mcp/oauth/index.ts

@@ -0,0 +1,6 @@
+export { OAuthCredentialStore, type StoredOAuthData } from './store.ts';
+export { OAuthCallbackServer, type CallbackResult } from './callback.ts';
+export {
+	OttoOAuthProvider,
+	type OttoOAuthProviderOptions,
+} from './provider.ts';

package/src/core/src/mcp/oauth/provider.ts

@@ -0,0 +1,149 @@
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type {
+	OAuthClientMetadata,
+	OAuthClientInformationMixed,
+	OAuthTokens,
+} from '@modelcontextprotocol/sdk/shared/auth.js';
+import type { OAuthCredentialStore } from './store.ts';
+import { OAuthCallbackServer } from './callback.ts';
+
+const DEFAULT_CALLBACK_PORT = 8090;
+
+export interface OttoOAuthProviderOptions {
+	clientId?: string;
+	callbackPort?: number;
+	scopes?: string[];
+}
+
+export class OttoOAuthProvider implements OAuthClientProvider {
+	private serverName: string;
+	private store: OAuthCredentialStore;
+	private callbackPort: number;
+	private presetClientId?: string;
+	private scopes?: string[];
+	private callbackServer: OAuthCallbackServer | null = null;
+	private _pendingAuthUrl: string | null = null;
+	private _authResolve: ((code: string) => void) | null = null;
+
+	constructor(
+		serverName: string,
+		store: OAuthCredentialStore,
+		options?: OttoOAuthProviderOptions,
+	) {
+		this.serverName = serverName;
+		this.store = store;
+		this.callbackPort = options?.callbackPort ?? DEFAULT_CALLBACK_PORT;
+		this.presetClientId = options?.clientId;
+		this.scopes = options?.scopes;
+	}
+
+	get redirectUrl(): string {
+		return `http://localhost:${this.callbackPort}/callback`;
+	}
+
+	get clientMetadata(): OAuthClientMetadata {
+		return {
+			client_name: 'ottocode',
+			redirect_uris: [this.redirectUrl],
+			grant_types: ['authorization_code', 'refresh_token'],
+			response_types: ['code'],
+			token_endpoint_auth_method: 'none',
+			...(this.scopes?.length ? { scope: this.scopes.join(' ') } : {}),
+		} as OAuthClientMetadata;
+	}
+
+	get pendingAuthUrl(): string | null {
+		return this._pendingAuthUrl;
+	}
+
+	async clientInformation(): Promise<OAuthClientInformationMixed | undefined> {
+		if (this.presetClientId) {
+			return { client_id: this.presetClientId } as OAuthClientInformationMixed;
+		}
+
+		const stored = await this.store.loadClientInfo(this.serverName);
+		if (stored?.client_id) {
+			return stored as unknown as OAuthClientInformationMixed;
+		}
+		return undefined;
+	}
+
+	async saveClientInformation(
+		clientInformation: OAuthClientInformationMixed,
+	): Promise<void> {
+		await this.store.saveClientInfo(
+			this.serverName,
+			clientInformation as unknown as {
+				client_id: string;
+				[key: string]: unknown;
+			},
+		);
+	}
+
+	async tokens(): Promise<OAuthTokens | undefined> {
+		const stored = await this.store.loadTokens(this.serverName);
+		if (!stored) return undefined;
+		return stored as unknown as OAuthTokens;
+	}
+
+	async saveTokens(tokens: OAuthTokens): Promise<void> {
+		const expiresAt = tokens.expires_in
+			? Math.floor(Date.now() / 1000) + tokens.expires_in
+			: undefined;
+
+		await this.store.saveTokens(this.serverName, {
+			...(tokens as unknown as Record<string, unknown>),
+			expires_at: expiresAt,
+		} as {
+			access_token: string;
+			token_type?: string;
+			expires_in?: number;
+			refresh_token?: string;
+			scope?: string;
+			expires_at?: number;
+		});
+	}
+
+	async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
+		this._pendingAuthUrl = authorizationUrl.toString();
+
+		this.callbackServer = new OAuthCallbackServer(this.callbackPort);
+
+		this.callbackServer
+			.waitForCallback()
+			.then((result) => {
+				if (this._authResolve) {
+					this._authResolve(result.code);
+					this._authResolve = null;
+				}
+			})
+			.catch(() => {});
+	}
+
+	async saveCodeVerifier(codeVerifier: string): Promise<void> {
+		await this.store.saveCodeVerifier(this.serverName, codeVerifier);
+	}
+
+	async codeVerifier(): Promise<string> {
+		const stored = await this.store.loadCodeVerifier(this.serverName);
+		if (!stored) throw new Error('No code verifier found');
+		return stored;
+	}
+
+	waitForAuthCode(): Promise<string> {
+		return new Promise((resolve) => {
+			this._authResolve = resolve;
+		});
+	}
+
+	cleanup(): void {
+		this.callbackServer?.close();
+		this.callbackServer = null;
+		this._pendingAuthUrl = null;
+		this._authResolve = null;
+	}
+
+	async clearCredentials(): Promise<void> {
+		await this.store.clearServer(this.serverName);
+	}
+}