@ottocode/sdk 0.1.200 → 0.1.202

package/src/core/src/mcp/oauth/provider.ts

@@ -0,0 +1,149 @@
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type {
+	OAuthClientMetadata,
+	OAuthClientInformationMixed,
+	OAuthTokens,
+} from '@modelcontextprotocol/sdk/shared/auth.js';
+import type { OAuthCredentialStore } from './store.ts';
+import { OAuthCallbackServer } from './callback.ts';
+
+const DEFAULT_CALLBACK_PORT = 8090;
+
+export interface OttoOAuthProviderOptions {
+	clientId?: string;
+	callbackPort?: number;
+	scopes?: string[];
+}
+
+export class OttoOAuthProvider implements OAuthClientProvider {
+	private serverName: string;
+	private store: OAuthCredentialStore;
+	private callbackPort: number;
+	private presetClientId?: string;
+	private scopes?: string[];
+	private callbackServer: OAuthCallbackServer | null = null;
+	private _pendingAuthUrl: string | null = null;
+	private _authResolve: ((code: string) => void) | null = null;
+
+	constructor(
+		serverName: string,
+		store: OAuthCredentialStore,
+		options?: OttoOAuthProviderOptions,
+	) {
+		this.serverName = serverName;
+		this.store = store;
+		this.callbackPort = options?.callbackPort ?? DEFAULT_CALLBACK_PORT;
+		this.presetClientId = options?.clientId;
+		this.scopes = options?.scopes;
+	}
+
+	get redirectUrl(): string {
+		return `http://localhost:${this.callbackPort}/callback`;
+	}
+
+	get clientMetadata(): OAuthClientMetadata {
+		return {
+			client_name: 'ottocode',
+			redirect_uris: [this.redirectUrl],
+			grant_types: ['authorization_code', 'refresh_token'],
+			response_types: ['code'],
+			token_endpoint_auth_method: 'none',
+			...(this.scopes?.length ? { scope: this.scopes.join(' ') } : {}),
+		} as OAuthClientMetadata;
+	}
+
+	get pendingAuthUrl(): string | null {
+		return this._pendingAuthUrl;
+	}
+
+	async clientInformation(): Promise<OAuthClientInformationMixed | undefined> {
+		if (this.presetClientId) {
+			return { client_id: this.presetClientId } as OAuthClientInformationMixed;
+		}
+
+		const stored = await this.store.loadClientInfo(this.serverName);
+		if (stored?.client_id) {
+			return stored as unknown as OAuthClientInformationMixed;
+		}
+		return undefined;
+	}
+
+	async saveClientInformation(
+		clientInformation: OAuthClientInformationMixed,
+	): Promise<void> {
+		await this.store.saveClientInfo(
+			this.serverName,
+			clientInformation as unknown as {
+				client_id: string;
+				[key: string]: unknown;
+			},
+		);
+	}
+
+	async tokens(): Promise<OAuthTokens | undefined> {
+		const stored = await this.store.loadTokens(this.serverName);
+		if (!stored) return undefined;
+		return stored as unknown as OAuthTokens;
+	}
+
+	async saveTokens(tokens: OAuthTokens): Promise<void> {
+		const expiresAt = tokens.expires_in
+			? Math.floor(Date.now() / 1000) + tokens.expires_in
+			: undefined;
+
+		await this.store.saveTokens(this.serverName, {
+			...(tokens as unknown as Record<string, unknown>),
+			expires_at: expiresAt,
+		} as {
+			access_token: string;
+			token_type?: string;
+			expires_in?: number;
+			refresh_token?: string;
+			scope?: string;
+			expires_at?: number;
+		});
+	}
+
+	async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
+		this._pendingAuthUrl = authorizationUrl.toString();
+
+		this.callbackServer = new OAuthCallbackServer(this.callbackPort);
+
+		this.callbackServer
+			.waitForCallback()
+			.then((result) => {
+				if (this._authResolve) {
+					this._authResolve(result.code);
+					this._authResolve = null;
+				}
+			})
+			.catch(() => {});
+	}
+
+	async saveCodeVerifier(codeVerifier: string): Promise<void> {
+		await this.store.saveCodeVerifier(this.serverName, codeVerifier);
+	}
+
+	async codeVerifier(): Promise<string> {
+		const stored = await this.store.loadCodeVerifier(this.serverName);
+		if (!stored) throw new Error('No code verifier found');
+		return stored;
+	}
+
+	waitForAuthCode(): Promise<string> {
+		return new Promise((resolve) => {
+			this._authResolve = resolve;
+		});
+	}
+
+	cleanup(): void {
+		this.callbackServer?.close();
+		this.callbackServer = null;
+		this._pendingAuthUrl = null;
+		this._authResolve = null;
+	}
+
+	async clearCredentials(): Promise<void> {
+		await this.store.clearServer(this.serverName);
+	}
+}

package/src/core/src/mcp/oauth/store.ts

@@ -0,0 +1,115 @@
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+import { getSecureOAuthDir } from '../../../../config/src/paths.ts';
+
+export interface StoredOAuthData {
+	tokens?: {
+		access_token: string;
+		token_type?: string;
+		expires_in?: number;
+		refresh_token?: string;
+		scope?: string;
+		expires_at?: number;
+	};
+	clientInfo?: {
+		client_id: string;
+		client_secret?: string;
+		[key: string]: unknown;
+	};
+	codeVerifier?: string;
+}
+
+export class OAuthCredentialStore {
+	private storePath: string;
+
+	constructor(storePath?: string) {
+		this.storePath = storePath ?? getSecureOAuthDir();
+	}
+
+	private filePath(serverName: string): string {
+		const safe = serverName.replace(/[^a-zA-Z0-9_-]/g, '_');
+		return join(this.storePath, `${safe}.json`);
+	}
+
+	private async read(serverName: string): Promise<StoredOAuthData> {
+		try {
+			const text = await fs.readFile(this.filePath(serverName), 'utf-8');
+			return JSON.parse(text);
+		} catch {
+			return {};
+		}
+	}
+
+	private async write(
+		serverName: string,
+		data: StoredOAuthData,
+	): Promise<void> {
+		await fs.mkdir(this.storePath, { recursive: true, mode: 0o700 });
+		await fs.writeFile(
+			this.filePath(serverName),
+			JSON.stringify(data, null, '\t'),
+			{ encoding: 'utf-8', mode: 0o600 },
+		);
+	}
+
+	async loadTokens(
+		serverName: string,
+	): Promise<StoredOAuthData['tokens'] | undefined> {
+		const data = await this.read(serverName);
+		return data.tokens;
+	}
+
+	async saveTokens(
+		serverName: string,
+		tokens: StoredOAuthData['tokens'],
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.tokens = tokens;
+		await this.write(serverName, data);
+	}
+
+	async loadClientInfo(
+		serverName: string,
+	): Promise<StoredOAuthData['clientInfo'] | undefined> {
+		const data = await this.read(serverName);
+		return data.clientInfo;
+	}
+
+	async saveClientInfo(
+		serverName: string,
+		clientInfo: StoredOAuthData['clientInfo'],
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.clientInfo = clientInfo;
+		await this.write(serverName, data);
+	}
+
+	async loadCodeVerifier(serverName: string): Promise<string | undefined> {
+		const data = await this.read(serverName);
+		return data.codeVerifier;
+	}
+
+	async saveCodeVerifier(
+		serverName: string,
+		codeVerifier: string,
+	): Promise<void> {
+		const data = await this.read(serverName);
+		data.codeVerifier = codeVerifier;
+		await this.write(serverName, data);
+	}
+
+	async clearServer(serverName: string): Promise<void> {
+		try {
+			await fs.unlink(this.filePath(serverName));
+		} catch {}
+	}
+
+	async isAuthenticated(serverName: string): Promise<boolean> {
+		const tokens = await this.loadTokens(serverName);
+		if (!tokens?.access_token) return false;
+		if (tokens.expires_at && tokens.expires_at < Date.now() / 1000) {
+			return !!tokens.refresh_token;
+		}
+		return true;
+	}
+}

package/src/core/src/mcp/server-manager.ts

@@ -0,0 +1,332 @@
+import { MCPClientWrapper, type MCPToolInfo } from './client.ts';
+import type { MCPServerConfig, MCPServerStatus } from './types.ts';
+import { OAuthCredentialStore } from './oauth/store.ts';
+import { OttoOAuthProvider } from './oauth/provider.ts';
+import { createHash } from 'node:crypto';
+
+type IndexedTool = {
+	server: string;
+	tool: MCPToolInfo;
+};
+
+export class MCPServerManager {
+	private clients = new Map<string, MCPClientWrapper>();
+	private toolsMap = new Map<string, IndexedTool>();
+	private authProviders = new Map<string, OttoOAuthProvider>();
+	private pendingAuth = new Map<string, string>();
+	private oauthStore = new OAuthCredentialStore();
+	private serverScopes = new Map<string, 'global' | 'project'>();
+	private _started = false;
+	private projectRoot: string | null = null;
+
+	get started(): boolean {
+		return this._started;
+	}
+
+	setProjectRoot(projectRoot: string): void {
+		this.projectRoot = projectRoot;
+	}
+
+	private oauthKey(serverName: string): string {
+		const scope = this.serverScopes.get(serverName);
+		if (scope === 'project' && this.projectRoot) {
+			const hash = createHash('sha256')
+				.update(this.projectRoot)
+				.digest('hex')
+				.slice(0, 8);
+			return `${serverName}_proj_${hash}`;
+		}
+		return serverName;
+	}
+
+	async startServers(configs: MCPServerConfig[]): Promise<void> {
+		await this.stopAll();
+
+		for (const config of configs) {
+			if (config.disabled) continue;
+			this.serverScopes.set(config.name, config.scope ?? 'global');
+			await this.startSingleServer(config);
+		}
+		this._started = true;
+	}
+
+	private async startSingleServer(config: MCPServerConfig): Promise<void> {
+		const client = new MCPClientWrapper(config);
+		const transport = config.transport ?? 'stdio';
+
+		if (transport !== 'stdio') {
+			const hasStaticAuth =
+				config.headers?.Authorization || config.headers?.authorization;
+			if (!hasStaticAuth) {
+				const key = this.oauthKey(config.name);
+				const provider = new OttoOAuthProvider(key, this.oauthStore, {
+					clientId: config.oauth?.clientId,
+					callbackPort: config.oauth?.callbackPort,
+					scopes: config.oauth?.scopes,
+				});
+				client.setAuthProvider(provider);
+				this.authProviders.set(config.name, provider);
+			}
+		}
+
+		try {
+			await client.connect();
+			this.clients.set(config.name, client);
+
+			const tools = await client.listTools();
+			for (const tool of tools) {
+				const fullName = `${config.name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: config.name, tool });
+			}
+		} catch (err) {
+			this.clients.set(config.name, client);
+
+			if (client.authRequired) {
+				const provider = this.authProviders.get(config.name);
+				if (provider?.pendingAuthUrl) {
+					this.pendingAuth.set(config.name, provider.pendingAuthUrl);
+					this.waitForAuthAndReconnect(config.name, provider);
+				}
+				return;
+			}
+
+			const msg = err instanceof Error ? err.message : String(err);
+			console.error(`[mcp] Failed to start server "${config.name}": ${msg}`);
+		}
+	}
+
+	private waitForAuthAndReconnect(
+		name: string,
+		provider: OttoOAuthProvider,
+	): void {
+		provider
+			.waitForAuthCode()
+			.then(async (code) => {
+				console.log(`[mcp] Auth code received for "${name}", reconnecting...`);
+				const success = await this.completeAuth(name, code);
+				if (success) {
+					console.log(`[mcp] Successfully authenticated "${name}"`);
+				} else {
+					console.error(`[mcp] Failed to complete auth for "${name}"`);
+				}
+			})
+			.catch(() => {});
+	}
+
+	async stopAll(): Promise<void> {
+		for (const provider of this.authProviders.values()) {
+			provider.cleanup();
+		}
+		const disconnects = Array.from(this.clients.values()).map((c) =>
+			c.disconnect().catch(() => {}),
+		);
+		await Promise.all(disconnects);
+		this.clients.clear();
+		this.toolsMap.clear();
+		this.authProviders.clear();
+		this.pendingAuth.clear();
+		this.serverScopes.clear();
+		this._started = false;
+	}
+
+	getTools(): Array<{ name: string; server: string; tool: MCPToolInfo }> {
+		return Array.from(this.toolsMap.entries()).map(
+			([name, { server, tool }]) => ({
+				name,
+				server,
+				tool,
+			}),
+		);
+	}
+
+	async callTool(
+		fullName: string,
+		args: Record<string, unknown>,
+	): Promise<unknown> {
+		const entry = this.toolsMap.get(fullName);
+		if (!entry) throw new Error(`Unknown MCP tool: ${fullName}`);
+
+		const client = this.clients.get(entry.server);
+		if (!client) throw new Error(`MCP server not connected: ${entry.server}`);
+
+		return client.callTool(entry.tool.name, args);
+	}
+
+	getStatus(): MCPServerStatus[] {
+		const statuses: MCPServerStatus[] = [];
+		for (const [name, client] of this.clients) {
+			const tools = Array.from(this.toolsMap.entries())
+				.filter(([, v]) => v.server === name)
+				.map(([k]) => k);
+			const config = client.serverConfig;
+			const key = this.oauthKey(name);
+			const _authenticated = this.oauthStore
+				.isAuthenticated(key)
+				.catch(() => false);
+
+			statuses.push({
+				name,
+				connected: client.connected,
+				tools,
+				transport: config.transport,
+				url: config.url,
+				authRequired: client.authRequired,
+				authenticated: false,
+			});
+		}
+		return statuses;
+	}
+
+	async getStatusAsync(): Promise<MCPServerStatus[]> {
+		const statuses: MCPServerStatus[] = [];
+		for (const [name, client] of this.clients) {
+			const tools = Array.from(this.toolsMap.entries())
+				.filter(([, v]) => v.server === name)
+				.map(([k]) => k);
+			const config = client.serverConfig;
+			const key = this.oauthKey(name);
+			const authenticated = await this.oauthStore
+				.isAuthenticated(key)
+				.catch(() => false);
+
+			statuses.push({
+				name,
+				connected: client.connected,
+				tools,
+				transport: config.transport,
+				url: config.url,
+				authRequired: client.authRequired,
+				authenticated,
+			});
+		}
+		return statuses;
+	}
+
+	getServerNames(): string[] {
+		return Array.from(this.clients.keys());
+	}
+
+	isServerConnected(name: string): boolean {
+		return this.clients.get(name)?.connected ?? false;
+	}
+
+	getAuthUrl(name: string): string | null {
+		return this.pendingAuth.get(name) ?? null;
+	}
+
+	async initiateAuth(config: MCPServerConfig): Promise<string | null> {
+		const transport = config.transport ?? 'stdio';
+		if (transport === 'stdio') return null;
+
+		this.serverScopes.set(config.name, config.scope ?? 'global');
+		const key = this.oauthKey(config.name);
+		const provider = new OttoOAuthProvider(key, this.oauthStore, {
+			clientId: config.oauth?.clientId,
+			callbackPort: config.oauth?.callbackPort,
+			scopes: config.oauth?.scopes,
+		});
+		this.authProviders.set(config.name, provider);
+
+		const client = new MCPClientWrapper(config);
+		client.setAuthProvider(provider);
+
+		try {
+			await client.connect();
+			this.clients.set(config.name, client);
+			const tools = await client.listTools();
+			for (const tool of tools) {
+				const fullName = `${config.name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: config.name, tool });
+			}
+			return null;
+		} catch {
+			this.clients.set(config.name, client);
+
+			if (provider.pendingAuthUrl) {
+				this.pendingAuth.set(config.name, provider.pendingAuthUrl);
+				return provider.pendingAuthUrl;
+			}
+			return null;
+		}
+	}
+
+	async completeAuth(name: string, code: string): Promise<boolean> {
+		const client = this.clients.get(name);
+		const provider = this.authProviders.get(name);
+		if (!client || !provider) return false;
+
+		try {
+			await client.finishAuth(code);
+			await client.disconnect();
+
+			const config = client.serverConfig;
+			const newClient = new MCPClientWrapper(config);
+			newClient.setAuthProvider(provider);
+			await newClient.connect();
+
+			this.clients.set(name, newClient);
+
+			const tools = await newClient.listTools();
+			for (const [key, val] of this.toolsMap) {
+				if (val.server === name) this.toolsMap.delete(key);
+			}
+			for (const tool of tools) {
+				const fullName = `${name}__${tool.name}`;
+				this.toolsMap.set(fullName, { server: name, tool });
+			}
+
+			this.pendingAuth.delete(name);
+			provider.cleanup();
+			return true;
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			console.error(`[mcp] Failed to complete auth for "${name}": ${msg}`);
+			return false;
+		}
+	}
+
+	async revokeAuth(name: string): Promise<void> {
+		const provider = this.authProviders.get(name);
+		if (provider) {
+			await provider.clearCredentials();
+			provider.cleanup();
+		}
+		this.authProviders.delete(name);
+		await this.stopServer(name);
+	}
+
+	async getAuthStatus(
+		name: string,
+	): Promise<{ authenticated: boolean; expiresAt?: number }> {
+		const key = this.oauthKey(name);
+		const tokens = await this.oauthStore.loadTokens(key);
+		if (!tokens?.access_token) return { authenticated: false };
+		return {
+			authenticated: true,
+			expiresAt: tokens.expires_at,
+		};
+	}
+
+	async restartServer(config: MCPServerConfig): Promise<void> {
+		await this.stopServer(config.name);
+		this.serverScopes.set(config.name, config.scope ?? 'global');
+		await this.startSingleServer(config);
+	}
+
+	async stopServer(name: string): Promise<void> {
+		const provider = this.authProviders.get(name);
+		if (provider) {
+			provider.cleanup();
+			this.authProviders.delete(name);
+		}
+		const client = this.clients.get(name);
+		if (client) {
+			await client.disconnect().catch(() => {});
+			this.clients.delete(name);
+			for (const [key, val] of this.toolsMap) {
+				if (val.server === name) this.toolsMap.delete(key);
+			}
+		}
+		this.pendingAuth.delete(name);
+	}
+}

package/src/core/src/mcp/tools.ts

@@ -0,0 +1,97 @@
+import { tool, type Tool } from 'ai';
+import { z } from 'zod/v3';
+import type { MCPServerManager } from './server-manager.ts';
+
+export function convertMCPToolsToAISDK(
+	manager: MCPServerManager,
+): Array<{ name: string; tool: Tool }> {
+	const mcpTools = manager.getTools();
+
+	return mcpTools.map(({ name, tool: mcpTool }) => ({
+		name,
+		tool: tool({
+			description: mcpTool.description ?? `MCP tool: ${mcpTool.name}`,
+			inputSchema: jsonSchemaToZod(
+				mcpTool.inputSchema,
+			) as z.ZodObject<z.ZodRawShape>,
+			async execute(args: Record<string, unknown>) {
+				try {
+					return await manager.callTool(name, args);
+				} catch (err) {
+					return {
+						ok: false,
+						error: err instanceof Error ? err.message : String(err),
+					};
+				}
+			},
+		}),
+	}));
+}
+
+type JSONSchema = {
+	type?: string;
+	description?: string;
+	enum?: string[];
+	properties?: Record<string, JSONSchema>;
+	required?: string[];
+	items?: JSONSchema;
+	default?: unknown;
+};
+
+function jsonSchemaToZod(schema: Record<string, unknown>): z.ZodTypeAny {
+	const properties = schema.properties as
+		| Record<string, JSONSchema>
+		| undefined;
+	if (!properties) return z.object({});
+
+	const required = new Set((schema.required as string[]) ?? []);
+	const shape: Record<string, z.ZodTypeAny> = {};
+
+	for (const [key, prop] of Object.entries(properties)) {
+		let field = convertProperty(prop);
+		if (!required.has(key)) field = field.optional();
+		shape[key] = field;
+	}
+
+	return z.object(shape);
+}
+
+function convertProperty(prop: JSONSchema): z.ZodTypeAny {
+	if (prop.enum) {
+		const enumSchema = z.enum(prop.enum as [string, ...string[]]);
+		return prop.description
+			? enumSchema.describe(prop.description)
+			: enumSchema;
+	}
+
+	switch (prop.type) {
+		case 'string': {
+			const s = z.string();
+			return prop.description ? s.describe(prop.description) : s;
+		}
+		case 'number': {
+			const n = z.number();
+			return prop.description ? n.describe(prop.description) : n;
+		}
+		case 'integer': {
+			const i = z.number().int();
+			return prop.description ? i.describe(prop.description) : i;
+		}
+		case 'boolean': {
+			const b = z.boolean();
+			return prop.description ? b.describe(prop.description) : b;
+		}
+		case 'array': {
+			const items = prop.items ? convertProperty(prop.items) : z.unknown();
+			const a = z.array(items);
+			return prop.description ? a.describe(prop.description) : a;
+		}
+		case 'object': {
+			return jsonSchemaToZod(prop as Record<string, unknown>);
+		}
+		default: {
+			const u = z.unknown();
+			return prop.description ? u.describe(prop.description) : u;
+		}
+	}
+}