@ottocode/sdk 0.1.200 → 0.1.201

package/src/core/src/mcp/oauth/store.ts

@@ -0,0 +1,121 @@
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+
+export interface StoredOAuthData {
+	tokens?: {
+		access_token: string;
+		token_type?: string;
+		expires_in?: number;
+		refresh_token?: string;
+		scope?: string;
+		expires_at?: number;
+	};
+	clientInfo?: {
+		client_id: string;
+		client_secret?: string;
+		[key: string]: unknown;
+	};
+	codeVerifier?: string;
+}
+
+export class OAuthCredentialStore {
+	private storePath: string;
+
+	constructor(storePath?: string) {
+		this.storePath =
+			storePath ??
+			join(
+				process.env.HOME ?? process.env.USERPROFILE ?? '',
+				'.config',
+				'otto',
+				'oauth',
+			);
+	}
+
+	private filePath(serverName: string): string {
+		const safe = serverName.replace(/[^a-zA-Z0-9_-]/g, '_');
+		return join(this.storePath, `${safe}.json`);
+	}
+
+	private async read(serverName: string): Promise<StoredOAuthData> {
+		try {
+			const text = await fs.readFile(this.filePath(serverName), 'utf-8');
+			return JSON.parse(text);
+		} catch {
+			return {};
+		}
+	}
+
+	private async write(
+		serverName: string,
+		data: StoredOAuthData,
+	): Promise<void> {
+		await fs.mkdir(this.storePath, { recursive: true, mode: 0o700 });
+		await fs.writeFile(
+			this.filePath(serverName),
+			JSON.stringify(data, null, '\t'),
+			{ encoding: 'utf-8', mode: 0o600 },
+		);
+	}
+
+	async loadTokens(
+		serverName: string,
+	): Promise<StoredOAuthData['tokens'] | undefined> {
+		const data = await this.read(serverName);
+		return data.tokens;
+	}
+
+	async saveTokens(
+		serverName: string,
+		tokens: StoredOAuthData['tokens'],
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.tokens = tokens;
+		await this.write(serverName, data);
+	}
+
+	async loadClientInfo(
+		serverName: string,
+	): Promise<StoredOAuthData['clientInfo'] | undefined> {
+		const data = await this.read(serverName);
+		return data.clientInfo;
+	}
+
+	async saveClientInfo(
+		serverName: string,
+		clientInfo: StoredOAuthData['clientInfo'],
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.clientInfo = clientInfo;
+		await this.write(serverName, data);
+	}
+
+	async loadCodeVerifier(serverName: string): Promise<string | undefined> {
+		const data = await this.read(serverName);
+		return data.codeVerifier;
+	}
+
+	async saveCodeVerifier(
+		serverName: string,
+		codeVerifier: string,
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.codeVerifier = codeVerifier;
+		await this.write(serverName, data);
+	}
+
+	async clearServer(serverName: string): Promise<void> {
+		try {
+			await fs.unlink(this.filePath(serverName));
+		} catch {}
+	}
+
+	async isAuthenticated(serverName: string): Promise<boolean> {
+		const tokens = await this.loadTokens(serverName);
+		if (!tokens?.access_token) return false;
+		if (tokens.expires_at && tokens.expires_at < Date.now() / 1000) {
+			return !!tokens.refresh_token;
+		}
+		return true;
+	}
+}

package/src/core/src/mcp/server-manager.ts

@@ -0,0 +1,304 @@
+import { MCPClientWrapper, type MCPToolInfo } from './client.ts';
+import type { MCPServerConfig, MCPServerStatus } from './types.ts';
+import { OAuthCredentialStore } from './oauth/store.ts';
+import { OttoOAuthProvider } from './oauth/provider.ts';
+
+type IndexedTool = {
+	server: string;
+	tool: MCPToolInfo;
+};
+
+export class MCPServerManager {
+	private clients = new Map<string, MCPClientWrapper>();
+	private toolsMap = new Map<string, IndexedTool>();
+	private authProviders = new Map<string, OttoOAuthProvider>();
+	private pendingAuth = new Map<string, string>();
+	private oauthStore = new OAuthCredentialStore();
+	private _started = false;
+
+	get started(): boolean {
+		return this._started;
+	}
+
+	async startServers(configs: MCPServerConfig[]): Promise<void> {
+		await this.stopAll();
+
+		for (const config of configs) {
+			if (config.disabled) continue;
+			await this.startSingleServer(config);
+		}
+		this._started = true;
+	}
+
+	private async startSingleServer(config: MCPServerConfig): Promise<void> {
+		const client = new MCPClientWrapper(config);
+		const transport = config.transport ?? 'stdio';
+
+		if (transport !== 'stdio') {
+			const hasStaticAuth =
+				config.headers?.Authorization || config.headers?.authorization;
+			if (!hasStaticAuth) {
+				const provider = new OttoOAuthProvider(config.name, this.oauthStore, {
+					clientId: config.oauth?.clientId,
+					callbackPort: config.oauth?.callbackPort,
+					scopes: config.oauth?.scopes,
+				});
+				client.setAuthProvider(provider);
+				this.authProviders.set(config.name, provider);
+			}
+		}
+
+		try {
+			await client.connect();
+			this.clients.set(config.name, client);
+
+			const tools = await client.listTools();
+			for (const tool of tools) {
+				const fullName = `${config.name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: config.name, tool });
+			}
+		} catch (err) {
+			this.clients.set(config.name, client);
+
+			if (client.authRequired) {
+				const provider = this.authProviders.get(config.name);
+				if (provider?.pendingAuthUrl) {
+					this.pendingAuth.set(config.name, provider.pendingAuthUrl);
+					this.waitForAuthAndReconnect(config.name, provider);
+				}
+				return;
+			}
+
+			const msg = err instanceof Error ? err.message : String(err);
+			console.error(`[mcp] Failed to start server "${config.name}": ${msg}`);
+		}
+	}
+
+	private waitForAuthAndReconnect(
+		name: string,
+		provider: OttoOAuthProvider,
+	): void {
+		provider
+			.waitForAuthCode()
+			.then(async (code) => {
+				console.log(`[mcp] Auth code received for "${name}", reconnecting...`);
+				const success = await this.completeAuth(name, code);
+				if (success) {
+					console.log(`[mcp] Successfully authenticated "${name}"`);
+				} else {
+					console.error(`[mcp] Failed to complete auth for "${name}"`);
+				}
+			})
+			.catch(() => {});
+	}
+
+	async stopAll(): Promise<void> {
+		for (const provider of this.authProviders.values()) {
+			provider.cleanup();
+		}
+		const disconnects = Array.from(this.clients.values()).map((c) =>
+			c.disconnect().catch(() => {}),
+		);
+		await Promise.all(disconnects);
+		this.clients.clear();
+		this.toolsMap.clear();
+		this.authProviders.clear();
+		this.pendingAuth.clear();
+		this._started = false;
+	}
+
+	getTools(): Array<{ name: string; server: string; tool: MCPToolInfo }> {
+		return Array.from(this.toolsMap.entries()).map(
+			([name, { server, tool }]) => ({
+				name,
+				server,
+				tool,
+			}),
+		);
+	}
+
+	async callTool(
+		fullName: string,
+		args: Record<string, unknown>,
+	): Promise<unknown> {
+		const entry = this.toolsMap.get(fullName);
+		if (!entry) throw new Error(`Unknown MCP tool: ${fullName}`);
+
+		const client = this.clients.get(entry.server);
+		if (!client) throw new Error(`MCP server not connected: ${entry.server}`);
+
+		return client.callTool(entry.tool.name, args);
+	}
+
+	getStatus(): MCPServerStatus[] {
+		const statuses: MCPServerStatus[] = [];
+		for (const [name, client] of this.clients) {
+			const tools = Array.from(this.toolsMap.entries())
+				.filter(([, v]) => v.server === name)
+				.map(([k]) => k);
+			const config = client.serverConfig;
+			const _authenticated = this.oauthStore
+				.isAuthenticated(name)
+				.catch(() => false);
+
+			statuses.push({
+				name,
+				connected: client.connected,
+				tools,
+				transport: config.transport,
+				url: config.url,
+				authRequired: client.authRequired,
+				authenticated: false,
+			});
+		}
+		return statuses;
+	}
+
+	async getStatusAsync(): Promise<MCPServerStatus[]> {
+		const statuses: MCPServerStatus[] = [];
+		for (const [name, client] of this.clients) {
+			const tools = Array.from(this.toolsMap.entries())
+				.filter(([, v]) => v.server === name)
+				.map(([k]) => k);
+			const config = client.serverConfig;
+			const authenticated = await this.oauthStore
+				.isAuthenticated(name)
+				.catch(() => false);
+
+			statuses.push({
+				name,
+				connected: client.connected,
+				tools,
+				transport: config.transport,
+				url: config.url,
+				authRequired: client.authRequired,
+				authenticated,
+			});
+		}
+		return statuses;
+	}
+
+	getServerNames(): string[] {
+		return Array.from(this.clients.keys());
+	}
+
+	isServerConnected(name: string): boolean {
+		return this.clients.get(name)?.connected ?? false;
+	}
+
+	getAuthUrl(name: string): string | null {
+		return this.pendingAuth.get(name) ?? null;
+	}
+
+	async initiateAuth(config: MCPServerConfig): Promise<string | null> {
+		const transport = config.transport ?? 'stdio';
+		if (transport === 'stdio') return null;
+
+		const provider = new OttoOAuthProvider(config.name, this.oauthStore, {
+			clientId: config.oauth?.clientId,
+			callbackPort: config.oauth?.callbackPort,
+			scopes: config.oauth?.scopes,
+		});
+		this.authProviders.set(config.name, provider);
+
+		const client = new MCPClientWrapper(config);
+		client.setAuthProvider(provider);
+
+		try {
+			await client.connect();
+			this.clients.set(config.name, client);
+			const tools = await client.listTools();
+			for (const tool of tools) {
+				const fullName = `${config.name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: config.name, tool });
+			}
+			return null;
+		} catch {
+			this.clients.set(config.name, client);
+
+			if (provider.pendingAuthUrl) {
+				this.pendingAuth.set(config.name, provider.pendingAuthUrl);
+				return provider.pendingAuthUrl;
+			}
+			return null;
+		}
+	}
+
+	async completeAuth(name: string, code: string): Promise<boolean> {
+		const client = this.clients.get(name);
+		const provider = this.authProviders.get(name);
+		if (!client || !provider) return false;
+
+		try {
+			await client.finishAuth(code);
+			await client.disconnect();
+
+			const config = client.serverConfig;
+			const newClient = new MCPClientWrapper(config);
+			newClient.setAuthProvider(provider);
+			await newClient.connect();
+
+			this.clients.set(name, newClient);
+
+			const tools = await newClient.listTools();
+			for (const [key, val] of this.toolsMap) {
+				if (val.server === name) this.toolsMap.delete(key);
+			}
+			for (const tool of tools) {
+				const fullName = `${name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: name, tool });
+			}
+
+			this.pendingAuth.delete(name);
+			provider.cleanup();
+			return true;
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.error(`[mcp] Failed to complete auth for "${name}": ${msg}`);
+			return false;
+		}
+	}
+
+	async revokeAuth(name: string): Promise<void> {
+		const provider = this.authProviders.get(name);
+		if (provider) {
+			await provider.clearCredentials();
+			provider.cleanup();
+		}
+		this.authProviders.delete(name);
+		await this.stopServer(name);
+	}
+
+	async getAuthStatus(
+		name: string,
+	): Promise<{ authenticated: boolean; expiresAt?: number }> {
+		const tokens = await this.oauthStore.loadTokens(name);
+		if (!tokens?.access_token) return { authenticated: false };
+		return {
+			authenticated: true,
+			expiresAt: tokens.expires_at,
+		};
+	}
+
+	async restartServer(config: MCPServerConfig): Promise<void> {
+		await this.stopServer(config.name);
+		await this.startSingleServer(config);
+	}
+
+	async stopServer(name: string): Promise<void> {
+		const provider = this.authProviders.get(name);
+		if (provider) {
+			provider.cleanup();
+			this.authProviders.delete(name);
+		}
+		const client = this.clients.get(name);
+		if (client) {
+			await client.disconnect().catch(() => {});
+			this.clients.delete(name);
+			for (const [key, val] of this.toolsMap) {
+				if (val.server === name) this.toolsMap.delete(key);
+			}
+		}
+		this.pendingAuth.delete(name);
+	}
+}

package/src/core/src/mcp/tools.ts

@@ -0,0 +1,97 @@
+import { tool, type Tool } from 'ai';
+import { z } from 'zod/v3';
+import type { MCPServerManager } from './server-manager.ts';
+
+export function convertMCPToolsToAISDK(
+	manager: MCPServerManager,
+): Array<{ name: string; tool: Tool }> {
+	const mcpTools = manager.getTools();
+
+	return mcpTools.map(({ name, tool: mcpTool }) => ({
+		name,
+		tool: tool({
+			description: mcpTool.description ?? `MCP tool: ${mcpTool.name}`,
+			inputSchema: jsonSchemaToZod(
+				mcpTool.inputSchema,
+			) as z.ZodObject<z.ZodRawShape>,
+			async execute(args: Record<string, unknown>) {
+				try {
+					return await manager.callTool(name, args);
+				} catch (err) {
+					return {
+						ok: false,
+						error: err instanceof Error ? err.message : String(err),
+					};
+				}
+			},
+		}),
+	}));
+}
+
+type JSONSchema = {
+	type?: string;
+	description?: string;
+	enum?: string[];
+	properties?: Record<string, JSONSchema>;
+	required?: string[];
+	items?: JSONSchema;
+	default?: unknown;
+};
+
+function jsonSchemaToZod(schema: Record<string, unknown>): z.ZodTypeAny {
+	const properties = schema.properties as
+		| Record<string, JSONSchema>
+		| undefined;
+	if (!properties) return z.object({});
+
+	const required = new Set((schema.required as string[]) ?? []);
+	const shape: Record<string, z.ZodTypeAny> = {};
+
+	for (const [key, prop] of Object.entries(properties)) {
+		let field = convertProperty(prop);
+		if (!required.has(key)) field = field.optional();
+		shape[key] = field;
+	}
+
+	return z.object(shape);
+}
+
+function convertProperty(prop: JSONSchema): z.ZodTypeAny {
+	if (prop.enum) {
+		const enumSchema = z.enum(prop.enum as [string, ...string[]]);
+		return prop.description
+			? enumSchema.describe(prop.description)
+			: enumSchema;
+	}
+
+	switch (prop.type) {
+		case 'string': {
+			const s = z.string();
+			return prop.description ? s.describe(prop.description) : s;
+		}
+		case 'number': {
+			const n = z.number();
+			return prop.description ? n.describe(prop.description) : n;
+		}
+		case 'integer': {
+			const i = z.number().int();
+			return prop.description ? i.describe(prop.description) : i;
+		}
+		case 'boolean': {
+			const b = z.boolean();
+			return prop.description ? b.describe(prop.description) : b;
+		}
+		case 'array': {
+			const items = prop.items ? convertProperty(prop.items) : z.unknown();
+			const a = z.array(items);
+			return prop.description ? a.describe(prop.description) : a;
+		}
+		case 'object': {
+			return jsonSchemaToZod(prop as Record<string, unknown>);
+		}
+		default: {
+			const u = z.unknown();
+			return prop.description ? u.describe(prop.description) : u;
+		}
+	}
+}

package/src/core/src/mcp/types.ts

@@ -0,0 +1,39 @@
+export type MCPTransport = 'stdio' | 'http' | 'sse';
+
+export interface MCPOAuthConfig {
+	clientId?: string;
+	callbackPort?: number;
+	scopes?: string[];
+}
+
+export interface MCPServerConfig {
+	name: string;
+	transport?: MCPTransport;
+
+	command?: string;
+	args?: string[];
+	env?: Record<string, string>;
+	cwd?: string;
+
+	url?: string;
+	headers?: Record<string, string>;
+
+	oauth?: MCPOAuthConfig;
+
+	disabled?: boolean;
+}
+
+export interface MCPConfig {
+	servers: MCPServerConfig[];
+}
+
+export interface MCPServerStatus {
+	name: string;
+	connected: boolean;
+	tools: string[];
+	error?: string;
+	transport?: MCPTransport;
+	url?: string;
+	authRequired?: boolean;
+	authenticated?: boolean;
+}

package/src/core/src/tools/builtin/ripgrep.ts

@@ -24,14 +24,14 @@ export function buildRipgrepTool(projectRoot: string): {
 				.array(z.string())
 				.optional()
 				.describe('One or more glob patterns to include'),
-			maxResults: z.number().int().min(1).max(5000).optional().default(500),
+			maxResults: z.number().int().min(1).max(5000).optional().default(100),
 		}),
 		async execute({
 			query,
 			path = '.',
 			ignoreCase,
 			glob,
-			maxResults = 500,
+			maxResults = 100,
 		}: {
 			query: string;
 			path?: string;
@@ -95,12 +95,20 @@ export function buildRipgrepTool(projectRoot: string): {
 							.split('\n')
 							.filter(Boolean)
 							.slice(0, maxResults);
+						const TEXT_MAX = 200;
 						const matches = lines.map((l) => {
 							const m = l.match(/^(.+?):(\d+):(.*)$/s);
-							if (!m) return { file: '', line: 0, text: l };
+							if (!m)
+								return {
+									file: '',
+									line: 0,
+									text: l.length > TEXT_MAX ? l.slice(0, TEXT_MAX) + '…' : l,
+								};
 							const file = m[1];
 							const line = Number.parseInt(m[2], 10);
-							const text = m[3];
+							const raw = m[3];
+							const text =
+								raw.length > TEXT_MAX ? raw.slice(0, TEXT_MAX) + '…' : raw;
 							return { file, line, text };
 						});
 						resolve({ ok: true, count: matches.length, matches });

package/src/core/src/tools/loader.ts

@@ -6,7 +6,6 @@ import { buildGitTools } from './builtin/git.ts';
 import { progressUpdateTool } from './builtin/progress.ts';
 import { buildBashTool } from './builtin/bash.ts';
 import { buildRipgrepTool } from './builtin/ripgrep.ts';
-import { buildGrepTool } from './builtin/grep.ts';
 import { buildGlobTool } from './builtin/glob.ts';
 import { buildApplyPatchTool } from './builtin/patch.ts';
 import { buildEditTool } from './builtin/edit.ts';
@@ -16,6 +15,8 @@ import { buildWebSearchTool } from './builtin/websearch.ts';
 import { buildTerminalTool } from './builtin/terminal.ts';
 import type { TerminalManager } from '../terminals/index.ts';
 import { initializeSkills, buildSkillTool } from '../../../skills/index.ts';
+import { getMCPManager } from '../mcp/index.ts';
+import { convertMCPToolsToAISDK } from '../mcp/tools.ts';
 import fg from 'fast-glob';
 import { dirname, isAbsolute, join } from 'node:path';
 import { pathToFileURL } from 'node:url';
@@ -120,8 +121,6 @@ export async function discoverProjectTools(
 	// Search
 	const rg = buildRipgrepTool(projectRoot);
 	tools.set(rg.name, rg.tool);
-	const grep = buildGrepTool(projectRoot);
-	tools.set(grep.name, grep.tool);
 	const glob = buildGlobTool(projectRoot);
 	tools.set(glob.name, glob.tool);
 	// Patch/apply
@@ -148,6 +147,14 @@ export async function discoverProjectTools(
 	const skillTool = buildSkillTool();
 	tools.set(skillTool.name, skillTool.tool);
 
+	const mcpManager = getMCPManager();
+	if (mcpManager?.started) {
+		const mcpTools = convertMCPToolsToAISDK(mcpManager);
+		for (const { name, tool } of mcpTools) {
+			tools.set(name, tool);
+		}
+	}
+
 	async function loadFromBase(base: string | null | undefined) {
 		if (!base) return;
 		try {

package/src/index.ts

@@ -333,3 +333,32 @@ export {
 } from './tunnel/index.ts';
 
 export type { TunnelConnection, TunnelEvents } from './tunnel/index.ts';
+
+// =======================
+// MCP (Model Context Protocol)
+// =======================
+export {
+	MCPClientWrapper,
+	MCPServerManager,
+	convertMCPToolsToAISDK,
+	getMCPManager,
+	initializeMCP,
+	shutdownMCP,
+	loadMCPConfig,
+	addMCPServerToConfig,
+	removeMCPServerFromConfig,
+	OAuthCredentialStore,
+	OttoOAuthProvider,
+	OAuthCallbackServer,
+} from './core/src/index.ts';
+export type {
+	MCPServerConfig,
+	MCPConfig,
+	MCPServerStatus,
+	MCPToolInfo,
+	MCPTransport,
+	MCPOAuthConfig,
+	StoredOAuthData,
+	OttoOAuthProviderOptions,
+	CallbackResult,
+} from './core/src/index.ts';