@ottocode/sdk 0.1.200 → 0.1.202

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/sdk",
-	"version": "0.1.200",
+	"version": "0.1.202",
 	"description": "AI agent SDK for building intelligent assistants - tree-shakable and comprehensive",
 	"author": "nitishxyz",
 	"license": "MIT",
@@ -98,6 +98,7 @@
 		"@ai-sdk/google": "^3.0.0",
 		"@ai-sdk/openai": "^3.0.0",
 		"@ai-sdk/openai-compatible": "^2.0.0",
+		"@modelcontextprotocol/sdk": "^1.12",
 		"@openauthjs/openauth": "^0.4.3",
 		"@openrouter/ai-sdk-provider": "^1.2.0",
 		"@solana/web3.js": "^1.95.2",

package/src/config/src/paths.ts

@@ -35,29 +35,31 @@ export function getGlobalAuthPath(): string {
 	return joinPath(getGlobalConfigDir(), 'auth.json');
 }
 
-// Secure location for auth secrets (not in config dir or project)
-// - Linux: $XDG_STATE_HOME/otto/auth.json or ~/.local/state/otto/auth.json
-// - macOS: ~/Library/Application Support/otto/auth.json
-// - Windows: %APPDATA%\otto\auth.json
-export function getSecureAuthPath(): string {
+export function getSecureBaseDir(): string {
 	const platform = process.platform;
 	if (platform === 'darwin') {
-		return joinPath(
-			getHomeDir(),
-			'Library',
-			'Application Support',
-			'otto',
-			'auth.json',
-		);
+		return joinPath(getHomeDir(), 'Library', 'Application Support', 'otto');
 	}
 	if (platform === 'win32') {
 		const appData = (process.env.APPDATA || '').replace(/\\/g, '/');
 		const base = appData || joinPath(getHomeDir(), 'AppData', 'Roaming');
-		return joinPath(base, 'otto', 'auth.json');
+		return joinPath(base, 'otto');
 	}
 	const stateHome = (process.env.XDG_STATE_HOME || '').replace(/\\/g, '/');
 	const base = stateHome || joinPath(getHomeDir(), '.local', 'state');
-	return joinPath(base, 'otto', 'auth.json');
+	return joinPath(base, 'otto');
+}
+
+export function getSecureOAuthDir(): string {
+	return joinPath(getSecureBaseDir(), 'oauth');
+}
+
+// Secure location for auth secrets (not in config dir or project)
+// - Linux: $XDG_STATE_HOME/otto/auth.json or ~/.local/state/otto/auth.json
+// - macOS: ~/Library/Application Support/otto/auth.json
+// - Windows: %APPDATA%\otto\auth.json
+export function getSecureAuthPath(): string {
+	return joinPath(getSecureBaseDir(), 'auth.json');
 }
 
 // Global content under config dir

package/src/core/src/index.ts

@@ -108,3 +108,33 @@ export {
 // =======================
 export { logger, debug, info, warn, error, time } from './utils/logger.ts';
 export { isDebugEnabled, isTraceEnabled } from './utils/debug.ts';
+
+// =======================
+// MCP (Model Context Protocol)
+// =======================
+export {
+	MCPClientWrapper,
+	MCPServerManager,
+	convertMCPToolsToAISDK,
+	getMCPManager,
+	initializeMCP,
+	shutdownMCP,
+	loadMCPConfig,
+	addMCPServerToConfig,
+	removeMCPServerFromConfig,
+	OAuthCredentialStore,
+	OttoOAuthProvider,
+	OAuthCallbackServer,
+} from './mcp/index.ts';
+export type {
+	MCPServerConfig,
+	MCPConfig,
+	MCPServerStatus,
+	MCPToolInfo,
+	MCPTransport,
+	MCPOAuthConfig,
+	MCPScope,
+	StoredOAuthData,
+	OttoOAuthProviderOptions,
+	CallbackResult,
+} from './mcp/index.ts';

package/src/core/src/mcp/client.ts

@@ -0,0 +1,229 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { UnauthorizedError } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { MCPServerConfig } from './types.ts';
+
+export type MCPToolInfo = {
+	name: string;
+	description?: string;
+	inputSchema: Record<string, unknown>;
+};
+
+export class MCPClientWrapper {
+	private client: Client;
+	private transport: Transport | null = null;
+	private config: MCPServerConfig;
+	private _connected = false;
+	private _authRequired = false;
+	private _authProvider: OAuthClientProvider | null = null;
+	private _authUrl: string | null = null;
+
+	constructor(config: MCPServerConfig) {
+		this.config = config;
+		this.client = new Client(
+			{ name: 'ottocode', version: '1.0.0' },
+			{ capabilities: {} },
+		);
+	}
+
+	get connected(): boolean {
+		return this._connected;
+	}
+
+	get name(): string {
+		return this.config.name;
+	}
+
+	get authRequired(): boolean {
+		return this._authRequired;
+	}
+
+	get authUrl(): string | null {
+		return this._authUrl;
+	}
+
+	get serverConfig(): MCPServerConfig {
+		return this.config;
+	}
+
+	setAuthProvider(provider: OAuthClientProvider): void {
+		this._authProvider = provider;
+	}
+
+	async connect(): Promise<void> {
+		const transport = this.config.transport ?? 'stdio';
+
+		switch (transport) {
+			case 'stdio':
+				await this.connectStdio();
+				break;
+			case 'http':
+				await this.connectHTTP();
+				break;
+			case 'sse':
+				await this.connectSSE();
+				break;
+			default:
+				throw new Error(`Unknown transport: ${transport}`);
+		}
+	}
+
+	private async connectStdio(): Promise<void> {
+		if (!this.config.command) {
+			throw new Error('command is required for stdio transport');
+		}
+
+		const env = this.resolveEnv(this.config.env ?? {});
+		this.transport = new StdioClientTransport({
+			command: this.config.command,
+			args: this.config.args,
+			env: { ...process.env, ...env } as Record<string, string>,
+			cwd: this.config.cwd,
+			stderr: 'pipe',
+		});
+
+		await this.client.connect(this.transport);
+		this._connected = true;
+	}
+
+	private async connectHTTP(): Promise<void> {
+		if (!this.config.url) {
+			throw new Error('url is required for http transport');
+		}
+
+		const url = new URL(this.config.url);
+		const headers = this.resolveHeaders(this.config.headers ?? {});
+
+		try {
+			this.transport = new StreamableHTTPClientTransport(url, {
+				authProvider: this._authProvider ?? undefined,
+				requestInit: Object.keys(headers).length > 0 ? { headers } : undefined,
+			});
+
+			await this.client.connect(this.transport);
+			this._connected = true;
+			this._authRequired = false;
+		} catch (err) {
+			if (err instanceof UnauthorizedError) {
+				this._authRequired = true;
+				throw err;
+			}
+			throw err;
+		}
+	}
+
+	private async connectSSE(): Promise<void> {
+		if (!this.config.url) {
+			throw new Error('url is required for sse transport');
+		}
+
+		const url = new URL(this.config.url);
+		const headers = this.resolveHeaders(this.config.headers ?? {});
+
+		try {
+			this.transport = new SSEClientTransport(url, {
+				authProvider: this._authProvider ?? undefined,
+				requestInit: Object.keys(headers).length > 0 ? { headers } : undefined,
+			});
+
+			await this.client.connect(this.transport);
+			this._connected = true;
+			this._authRequired = false;
+		} catch (err) {
+			if (err instanceof UnauthorizedError) {
+				this._authRequired = true;
+				throw err;
+			}
+			throw err;
+		}
+	}
+
+	async finishAuth(authorizationCode: string): Promise<void> {
+		const transport = this.transport as
+			| StreamableHTTPClientTransport
+			| SSEClientTransport
+			| null;
+		if (transport && 'finishAuth' in transport) {
+			await transport.finishAuth(authorizationCode);
+		}
+	}
+
+	async listTools(): Promise<MCPToolInfo[]> {
+		const result = await this.client.listTools();
+		return (result.tools ?? []).map((t) => ({
+			name: t.name,
+			description: t.description,
+			inputSchema: t.inputSchema as Record<string, unknown>,
+		}));
+	}
+
+	async callTool(
+		name: string,
+		args: Record<string, unknown>,
+	): Promise<unknown> {
+		const result = await this.client.callTool({ name, arguments: args });
+		if (result.isError) {
+			return {
+				ok: false,
+				error: formatContent(result.content),
+			};
+		}
+		return {
+			ok: true,
+			result: formatContent(result.content),
+		};
+	}
+
+	async disconnect(): Promise<void> {
+		this._connected = false;
+		try {
+			await this.transport?.close();
+		} catch {}
+		this.transport = null;
+	}
+
+	private resolveEnv(env: Record<string, string>): Record<string, string> {
+		const resolved: Record<string, string> = {};
+		for (const [key, value] of Object.entries(env)) {
+			resolved[key] = value.replace(
+				/\$\{(\w+)\}/g,
+				(_, name) => process.env[name] ?? '',
+			);
+		}
+		return resolved;
+	}
+
+	private resolveHeaders(
+		headers: Record<string, string>,
+	): Record<string, string> {
+		const resolved: Record<string, string> = {};
+		for (const [key, value] of Object.entries(headers)) {
+			resolved[key] = value.replace(
+				/\$\{(\w+)\}/g,
+				(_, name) => process.env[name] ?? '',
+			);
+		}
+		return resolved;
+	}
+}
+
+function formatContent(content: unknown): string {
+	if (!Array.isArray(content)) return String(content ?? '');
+	const parts: string[] = [];
+	for (const item of content) {
+		if (item && typeof item === 'object' && 'text' in item) {
+			parts.push(String(item.text));
+		} else if (item && typeof item === 'object' && 'data' in item) {
+			parts.push(
+				`[binary data: ${(item as { mimeType?: string }).mimeType ?? 'unknown'}]`,
+			);
+		} else {
+			parts.push(JSON.stringify(item));
+		}
+	}
+	return parts.join('\n');
+}

package/src/core/src/mcp/index.ts

@@ -0,0 +1,32 @@
+export type {
+	MCPServerConfig,
+	MCPConfig,
+	MCPServerStatus,
+	MCPTransport,
+	MCPOAuthConfig,
+	MCPScope,
+} from './types.ts';
+
+export { MCPClientWrapper, type MCPToolInfo } from './client.ts';
+
+export { MCPServerManager } from './server-manager.ts';
+
+export { convertMCPToolsToAISDK } from './tools.ts';
+
+export {
+	getMCPManager,
+	initializeMCP,
+	shutdownMCP,
+	loadMCPConfig,
+	addMCPServerToConfig,
+	removeMCPServerFromConfig,
+} from './lifecycle.ts';
+
+export {
+	OAuthCredentialStore,
+	OttoOAuthProvider,
+	OAuthCallbackServer,
+	type StoredOAuthData,
+	type OttoOAuthProviderOptions,
+	type CallbackResult,
+} from './oauth/index.ts';

package/src/core/src/mcp/lifecycle.ts

@@ -0,0 +1,168 @@
+import { MCPServerManager } from './server-manager.ts';
+import type { MCPConfig, MCPServerConfig, MCPScope } from './types.ts';
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+
+let globalMCPManager: MCPServerManager | null = null;
+
+export function getMCPManager(): MCPServerManager | null {
+	return globalMCPManager;
+}
+
+export async function initializeMCP(
+	config: MCPConfig,
+	projectRoot?: string,
+): Promise<MCPServerManager> {
+	if (globalMCPManager) {
+		await globalMCPManager.stopAll();
+	}
+	globalMCPManager = new MCPServerManager();
+	if (projectRoot) {
+		globalMCPManager.setProjectRoot(projectRoot);
+	}
+	await globalMCPManager.startServers(config.servers);
+	return globalMCPManager;
+}
+
+export async function shutdownMCP(): Promise<void> {
+	if (globalMCPManager) {
+		await globalMCPManager.stopAll();
+		globalMCPManager = null;
+	}
+}
+
+export async function loadMCPConfig(
+	projectRoot: string,
+	globalConfigDir?: string,
+): Promise<MCPConfig> {
+	const servers: MCPServerConfig[] = [];
+	const seen = new Set<string>();
+
+	const globalPath = globalConfigDir
+		? join(globalConfigDir, 'config.json')
+		: null;
+	if (globalPath) {
+		const globalServers = await readMCPServersFromFile(globalPath);
+		for (const s of globalServers) {
+			seen.add(s.name);
+			servers.push({ ...s, scope: 'global' });
+		}
+	}
+
+	const projectPath = join(projectRoot, '.otto', 'config.json');
+	const projectServers = await readMCPServersFromFile(projectPath);
+	for (const s of projectServers) {
+		if (seen.has(s.name)) {
+			const idx = servers.findIndex((existing) => existing.name === s.name);
+			if (idx >= 0) servers[idx] = { ...s, scope: 'project' };
+		} else {
+			servers.push({ ...s, scope: 'project' });
+		}
+	}
+
+	return { servers };
+}
+
+async function readMCPServersFromFile(
+	filePath: string,
+): Promise<MCPServerConfig[]> {
+	try {
+		const text = await fs.readFile(filePath, 'utf-8');
+		const json = JSON.parse(text);
+		if (!json?.mcp?.servers) return [];
+		const raw = json.mcp.servers;
+		if (!Array.isArray(raw)) return [];
+		return raw.filter(
+			(s: unknown): s is MCPServerConfig =>
+				typeof s === 'object' &&
+				s !== null &&
+				typeof (s as MCPServerConfig).name === 'string' &&
+				(typeof (s as MCPServerConfig).command === 'string' ||
+					typeof (s as MCPServerConfig).url === 'string'),
+		);
+	} catch {
+		return [];
+	}
+}
+
+function resolveConfigPath(
+	projectRoot: string,
+	globalConfigDir: string | undefined,
+	scope: MCPScope,
+): string {
+	if (scope === 'global' && globalConfigDir) {
+		return join(globalConfigDir, 'config.json');
+	}
+	return join(projectRoot, '.otto', 'config.json');
+}
+
+async function ensureConfigDir(configPath: string): Promise<void> {
+	const dir = configPath.replace(/[/\\][^/\\]+$/, '');
+	await fs.mkdir(dir, { recursive: true });
+}
+
+export async function addMCPServerToConfig(
+	projectRoot: string,
+	server: MCPServerConfig,
+	globalConfigDir?: string,
+): Promise<void> {
+	const scope: MCPScope = server.scope ?? 'global';
+	const configPath = resolveConfigPath(projectRoot, globalConfigDir, scope);
+
+	let json: Record<string, unknown> = {};
+	try {
+		const text = await fs.readFile(configPath, 'utf-8');
+		json = JSON.parse(text);
+	} catch {}
+
+	if (!json.mcp) json.mcp = {};
+	const mcp = json.mcp as Record<string, unknown>;
+	if (!Array.isArray(mcp.servers)) mcp.servers = [];
+
+	const servers = mcp.servers as MCPServerConfig[];
+	const idx = servers.findIndex((s) => s.name === server.name);
+
+	const { scope: _scope, ...serverWithoutScope } = server;
+	if (idx >= 0) {
+		servers[idx] = serverWithoutScope;
+	} else {
+		servers.push(serverWithoutScope);
+	}
+
+	await ensureConfigDir(configPath);
+	await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
+}
+
+export async function removeMCPServerFromConfig(
+	projectRoot: string,
+	name: string,
+	globalConfigDir?: string,
+): Promise<boolean> {
+	const paths = [
+		...(globalConfigDir ? [join(globalConfigDir, 'config.json')] : []),
+		join(projectRoot, '.otto', 'config.json'),
+	];
+
+	for (const configPath of paths) {
+		let json: Record<string, unknown> = {};
+		try {
+			const text = await fs.readFile(configPath, 'utf-8');
+			json = JSON.parse(text);
+		} catch {
+			continue;
+		}
+
+		const mcp = json.mcp as Record<string, unknown> | undefined;
+		if (!mcp || !Array.isArray(mcp.servers)) continue;
+
+		const servers = mcp.servers as MCPServerConfig[];
+		const idx = servers.findIndex((s) => s.name === name);
+		if (idx < 0) continue;
+
+		servers.splice(idx, 1);
+		await fs.writeFile(configPath, JSON.stringify(json, null, '\t'), 'utf-8');
+		return true;
+	}
+
+	return false;
+}

package/src/core/src/mcp/oauth/callback.ts

@@ -0,0 +1,83 @@
+import { createServer, type Server } from 'node:http';
+
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<body style="font-family:system-ui;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;background:#111;color:#fff">
+<div style="text-align:center">
+<h1>Authorized</h1>
+<p>You can close this window and return to ottocode.</p>
+<script>setTimeout(()=>window.close(),2000)</script>
+</div>
+</body>
+</html>`;
+
+export interface CallbackResult {
+	code: string;
+	state?: string;
+}
+
+export class OAuthCallbackServer {
+	private server: Server | null = null;
+	private port: number;
+
+	constructor(port: number) {
+		this.port = port;
+	}
+
+	waitForCallback(timeoutMs = 300000): Promise<CallbackResult> {
+		return new Promise((resolve, reject) => {
+			const timer = setTimeout(() => {
+				this.close();
+				reject(new Error('OAuth callback timed out'));
+			}, timeoutMs);
+
+			this.server = createServer((req, res) => {
+				if (!req.url || req.url === '/favicon.ico') {
+					res.writeHead(404);
+					res.end();
+					return;
+				}
+
+				const parsed = new URL(req.url, `http://localhost:${this.port}`);
+				const code = parsed.searchParams.get('code');
+				const error = parsed.searchParams.get('error');
+				const state = parsed.searchParams.get('state');
+
+				if (error) {
+					res.writeHead(400, { 'Content-Type': 'text/html' });
+					res.end(`<h1>Authorization failed: ${error}</h1>`);
+					clearTimeout(timer);
+					this.close();
+					reject(new Error(`OAuth error: ${error}`));
+					return;
+				}
+
+				if (code) {
+					res.writeHead(200, { 'Content-Type': 'text/html' });
+					res.end(SUCCESS_HTML);
+					clearTimeout(timer);
+					this.close();
+					resolve({ code, state: state ?? undefined });
+					return;
+				}
+
+				res.writeHead(400, { 'Content-Type': 'text/plain' });
+				res.end('Missing authorization code');
+			});
+
+			this.server.listen(this.port, '127.0.0.1', () => {});
+
+			this.server.on('error', (err) => {
+				clearTimeout(timer);
+				reject(err);
+			});
+		});
+	}
+
+	close(): void {
+		if (this.server) {
+			this.server.close();
+			this.server = null;
+		}
+	}
+}

package/src/core/src/mcp/oauth/index.ts

@@ -0,0 +1,6 @@
+export { OAuthCredentialStore, type StoredOAuthData } from './store.ts';
+export { OAuthCallbackServer, type CallbackResult } from './callback.ts';
+export {
+	OttoOAuthProvider,
+	type OttoOAuthProviderOptions,
+} from './provider.ts';