@ottocode/sdk 0.1.205 → 0.1.207

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/sdk",
-	"version": "0.1.205",
+	"version": "0.1.207",
 	"description": "AI agent SDK for building intelligent assistants - tree-shakable and comprehensive",
 	"author": "nitishxyz",
 	"license": "MIT",

package/src/auth/src/copilot-oauth.ts

@@ -6,6 +6,10 @@ const POLLING_SAFETY_MARGIN_MS = 3000;
 const DEVICE_CODE_URL = 'https://github.com/login/device/code';
 const ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token';
 
+const COPILOT_DEFAULT_SCOPE = 'read:user';
+const COPILOT_MCP_SCOPE =
+	'repo read:org read:packages gist notifications read:project security_events';
+
 export type CopilotDeviceCodeResponse = {
 	verification_uri: string;
 	user_code: string;
@@ -41,7 +45,9 @@ async function openBrowser(url: string) {
 	});
 }
 
-export async function requestDeviceCode(): Promise<CopilotDeviceCodeResponse> {
+export async function requestDeviceCode(
+	scope?: string,
+): Promise<CopilotDeviceCodeResponse> {
 	const response = await fetch(DEVICE_CODE_URL, {
 		method: 'POST',
 		headers: {
@@ -50,7 +56,7 @@ export async function requestDeviceCode(): Promise<CopilotDeviceCodeResponse> {
 		},
 		body: JSON.stringify({
 			client_id: CLIENT_ID,
-			scope: 'read:user',
+			scope: scope ?? COPILOT_DEFAULT_SCOPE,
 		}),
 	});
 
@@ -120,13 +126,14 @@ export async function pollForToken(
 	}
 }
 
-export async function authorizeCopilot(): Promise<{
+export async function authorizeCopilot(options?: { mcp?: boolean }): Promise<{
 	verificationUri: string;
 	userCode: string;
 	deviceCode: string;
 	interval: number;
 }> {
-	const deviceData = await requestDeviceCode();
+	const scope = options?.mcp ? COPILOT_MCP_SCOPE : COPILOT_DEFAULT_SCOPE;
+	const deviceData = await requestDeviceCode(scope);
 	return {
 		verificationUri: deviceData.verification_uri,
 		userCode: deviceData.user_code,

package/src/core/src/index.ts

@@ -30,7 +30,7 @@ export type { ProviderId, ModelInfo } from '../../types/src/index.ts';
 // Tools
 // =======================
 export { discoverProjectTools } from './tools/loader';
-export type { DiscoveredTool } from './tools/loader';
+export type { DiscoveredTool, DiscoverResult } from './tools/loader';
 export { setTerminalManager, getTerminalManager } from './tools/loader';
 
 // Tool error handling utilities

package/src/core/src/mcp/client.ts

@@ -166,15 +166,18 @@ export class MCPClientWrapper {
 		args: Record<string, unknown>,
 	): Promise<unknown> {
 		const result = await this.client.callTool({ name, arguments: args });
+		const images = extractImages(result.content);
 		if (result.isError) {
 			return {
 				ok: false,
 				error: formatContent(result.content),
+				...(images.length > 0 && { images }),
 			};
 		}
 		return {
 			ok: true,
 			result: formatContent(result.content),
+			...(images.length > 0 && { images }),
 		};
 	}
 
@@ -218,12 +221,34 @@ function formatContent(content: unknown): string {
 		if (item && typeof item === 'object' && 'text' in item) {
 			parts.push(String(item.text));
 		} else if (item && typeof item === 'object' && 'data' in item) {
-			parts.push(
-				`[binary data: ${(item as { mimeType?: string }).mimeType ?? 'unknown'}]`,
-			);
+			const mimeType = (item as { mimeType?: string }).mimeType ?? 'unknown';
+			if (mimeType.startsWith('image/')) {
+				parts.push(`[image: ${mimeType}]`);
+			} else {
+				parts.push(`[binary data: ${mimeType}]`);
+			}
 		} else {
 			parts.push(JSON.stringify(item));
 		}
 	}
 	return parts.join('\n');
 }
+
+function extractImages(
+	content: unknown,
+): Array<{ data: string; mimeType: string }> {
+	if (!Array.isArray(content)) return [];
+	const images: Array<{ data: string; mimeType: string }> = [];
+	for (const item of content) {
+		if (item && typeof item === 'object' && 'data' in item) {
+			const mimeType = (item as { mimeType?: string }).mimeType ?? 'unknown';
+			if (mimeType.startsWith('image/')) {
+				images.push({
+					data: String((item as { data: unknown }).data),
+					mimeType,
+				});
+			}
+		}
+	}
+	return images;
+}

package/src/core/src/mcp/index.ts

@@ -13,6 +13,14 @@ export { MCPServerManager } from './server-manager.ts';
 
 export { convertMCPToolsToAISDK } from './tools.ts';
 
+export {
+	getMCPToolBriefs,
+	buildLoadMCPToolsTool,
+	getMCPToolsRecord,
+	buildMCPToolCatalogDescription,
+	type MCPToolBrief,
+} from './lazy-tools.ts';
+
 export {
 	getMCPManager,
 	initializeMCP,

package/src/core/src/mcp/lazy-tools.ts

@@ -0,0 +1,89 @@
+import { tool, type Tool } from 'ai';
+import { z } from 'zod/v3';
+import type { MCPServerManager } from './server-manager.ts';
+import { convertMCPToolsToAISDK } from './tools.ts';
+
+export type MCPToolBrief = {
+	name: string;
+	server: string;
+	description: string;
+};
+
+export function getMCPToolBriefs(manager: MCPServerManager): MCPToolBrief[] {
+	return manager.getTools().map(({ name, server, tool: t }) => ({
+		name,
+		server,
+		description: t.description ?? `MCP tool: ${t.name}`,
+	}));
+}
+
+export function buildMCPToolCatalogDescription(briefs: MCPToolBrief[]): string {
+	if (briefs.length === 0) return 'No MCP tools available.';
+	const grouped = new Map<string, MCPToolBrief[]>();
+	for (const b of briefs) {
+		const list = grouped.get(b.server) ?? [];
+		list.push(b);
+		grouped.set(b.server, list);
+	}
+	const lines: string[] = [];
+	for (const [server, tools] of grouped) {
+		lines.push(`[${server}]`);
+		for (const t of tools) {
+			lines.push(`  ${t.name}: ${t.description.slice(0, 120)}`);
+		}
+	}
+	return lines.join('\n');
+}
+
+export function buildLoadMCPToolsTool(briefs: MCPToolBrief[]): {
+	name: string;
+	tool: Tool;
+} {
+	const catalog = buildMCPToolCatalogDescription(briefs);
+	const validNames = new Set(briefs.map((b) => b.name));
+
+	return {
+		name: 'load_mcp_tools',
+		tool: tool({
+			description: `Load MCP tools by name so they become available for use in the next step. Call this with the tool names you need before using them.\n\nAvailable MCP tools:\n${catalog}`,
+			inputSchema: z.object({
+				tools: z
+					.array(z.string())
+					.describe(
+						'Array of MCP tool names to load (e.g. ["chrome__click", "chrome__screenshot"])',
+					),
+			}),
+			execute: async ({ tools: requested }) => {
+				const loaded: string[] = [];
+				const notFound: string[] = [];
+				for (const name of requested) {
+					if (validNames.has(name)) {
+						loaded.push(name);
+					} else {
+						notFound.push(name);
+					}
+				}
+				return {
+					ok: true,
+					loaded,
+					...(notFound.length > 0 ? { notFound } : {}),
+					message:
+						loaded.length > 0
+							? `Loaded ${loaded.length} tool(s). They are now available for use.`
+							: 'No valid tools to load.',
+				};
+			},
+		}),
+	};
+}
+
+export function getMCPToolsRecord(
+	manager: MCPServerManager,
+): Record<string, Tool> {
+	const mcpTools = convertMCPToolsToAISDK(manager);
+	const record: Record<string, Tool> = {};
+	for (const { name, tool: t } of mcpTools) {
+		record[name] = t;
+	}
+	return record;
+}

package/src/core/src/mcp/server-manager.ts

@@ -3,6 +3,65 @@ import type { MCPServerConfig, MCPServerStatus } from './types.ts';
 import { OAuthCredentialStore } from './oauth/store.ts';
 import { OttoOAuthProvider } from './oauth/provider.ts';
 import { createHash } from 'node:crypto';
+import { getAuth } from '../../../auth/src/index.ts';
+
+const GITHUB_COPILOT_HOSTS = [
+	'api.githubcopilot.com',
+	'copilot-proxy.githubusercontent.com',
+];
+
+function isGitHubCopilotUrl(url?: string): boolean {
+	if (!url) return false;
+	try {
+		const parsed = new URL(url);
+		return GITHUB_COPILOT_HOSTS.some(
+			(h) => parsed.hostname === h || parsed.hostname.endsWith(`.${h}`),
+		);
+	} catch {
+		return false;
+	}
+}
+
+const COPILOT_MCP_REQUIRED_SCOPES = [
+	'repo',
+	'read:org',
+	'gist',
+	'notifications',
+	'read:project',
+	'security_events',
+];
+
+function hasMCPScopes(scopes?: string): boolean {
+	if (!scopes) return false;
+	const granted = scopes.split(/[\s,]+/).filter(Boolean);
+	return COPILOT_MCP_REQUIRED_SCOPES.every((s) => granted.includes(s));
+}
+
+async function getCopilotToken(): Promise<string | null> {
+	try {
+		const auth = await getAuth('copilot');
+		if (auth?.type === 'oauth' && auth.refresh) {
+			return auth.refresh;
+		}
+	} catch {}
+	return null;
+}
+
+async function getCopilotMCPToken(): Promise<{
+	token: string | null;
+	needsReauth: boolean;
+}> {
+	try {
+		const auth = await getAuth('copilot');
+		if (auth?.type === 'oauth' && auth.refresh) {
+			if (!hasMCPScopes(auth.scopes)) {
+				return { token: auth.refresh, needsReauth: true };
+			}
+			return { token: auth.refresh, needsReauth: false };
+		}
+	} catch {}
+	return { token: null, needsReauth: true };
+}
 
 type IndexedTool = {
 	server: string;
@@ -55,6 +114,57 @@ export class MCPServerManager {
 		const transport = config.transport ?? 'stdio';
 
 		if (transport !== 'stdio') {
+			if (isGitHubCopilotUrl(config.url)) {
+				const { token, needsReauth } = await getCopilotMCPToken();
+				if (token && !needsReauth) {
+					config = {
+						...config,
+						headers: {
+							...config.headers,
+							Authorization: `Bearer ${token}`,
+						},
+					};
+					const updatedClient = new MCPClientWrapper(config);
+					try {
+						await updatedClient.connect();
+						this.clients.set(config.name, updatedClient);
+						const tools = await updatedClient.listTools();
+						for (const tool of tools) {
+							const fullName = `${config.name}__${tool.name}`;
+							this.toolsMap.set(fullName, { server: config.name, tool });
+						}
+					} catch (err) {
+						this.clients.set(config.name, updatedClient);
+						const msg = err instanceof Error ? err.message : String(err);
+						if (
+							msg.includes('insufficient scopes') ||
+							msg.includes('Forbidden')
+						) {
+							console.error(
+								`[mcp] GitHub Copilot MCP server "${config.name}" has insufficient scopes. Run \`otto mcp auth ${config.name}\` to re-authenticate with required permissions.`,
+							);
+						} else {
+							console.error(
+								`[mcp] Failed to start server "${config.name}": ${msg}`,
+							);
+						}
+					}
+					return;
+				}
+				if (token && needsReauth) {
+					console.error(
+						`[mcp] GitHub Copilot MCP server "${config.name}" needs broader permissions. Run \`otto mcp auth ${config.name}\` to re-authenticate.`,
+					);
+					this.clients.set(config.name, client);
+					return;
+				}
+				console.error(
+					`[mcp] GitHub Copilot MCP server "${config.name}" requires authentication. Run \`otto auth login copilot\` or \`otto mcp auth ${config.name}\`.`,
+				);
+				this.clients.set(config.name, client);
+				return;
+			}
+
 			const hasStaticAuth =
 				config.headers?.Authorization || config.headers?.authorization;
 			if (!hasStaticAuth) {
@@ -184,10 +294,15 @@ export class MCPServerManager {
 				.filter(([, v]) => v.server === name)
 				.map(([k]) => k);
 			const config = client.serverConfig;
-			const key = this.oauthKey(name);
-			const authenticated = await this.oauthStore
-				.isAuthenticated(key)
-				.catch(() => false);
+			let authenticated = false;
+			if (isGitHubCopilotUrl(config.url)) {
+				authenticated = !!(await getCopilotToken());
+			} else {
+				const key = this.oauthKey(name);
+				authenticated = await this.oauthStore
+					.isAuthenticated(key)
+					.catch(() => false);
+			}
 
 			statuses.push({
 				name,
@@ -218,8 +333,40 @@ export class MCPServerManager {
 		const transport = config.transport ?? 'stdio';
 		if (transport === 'stdio') return null;
 
+		if (isGitHubCopilotUrl(config.url)) {
+			const token = await getCopilotToken();
+			if (token) {
+				const authedConfig = {
+					...config,
+					headers: {
+						...config.headers,
+						Authorization: `Bearer ${token}`,
+					},
+				};
+				const client = new MCPClientWrapper(authedConfig);
+				try {
+					await client.connect();
+					this.clients.set(config.name, client);
+					const tools = await client.listTools();
+					for (const tool of tools) {
+						const fullName = `${config.name}__${tool.name}`;
+						this.toolsMap.set(fullName, { server: config.name, tool });
+					}
+				} catch (err) {
+					this.clients.set(config.name, client);
+					const msg = err instanceof Error ? err.message : String(err);
+					console.error(
+						`[mcp] Failed to start server "${config.name}": ${msg}`,
+					);
+				}
+				return null;
+			}
+			return null;
+		}
+
 		this.serverScopes.set(config.name, config.scope ?? 'global');
 		const key = this.oauthKey(config.name);
+		await this.oauthStore.clearServer(key);
 		const provider = new OttoOAuthProvider(key, this.oauthStore, {
 			clientId: config.oauth?.clientId,
 			callbackPort: config.oauth?.callbackPort,
@@ -244,6 +391,7 @@ export class MCPServerManager {
 
 			if (provider.pendingAuthUrl) {
 				this.pendingAuth.set(config.name, provider.pendingAuthUrl);
+				this.waitForAuthAndReconnect(config.name, provider);
 				return provider.pendingAuthUrl;
 			}
 			return null;
@@ -295,9 +443,38 @@ export class MCPServerManager {
 		await this.stopServer(name);
 	}
 
+	async clearAuthData(
+		name: string,
+		scope?: 'global' | 'project',
+		projectRoot?: string,
+	): Promise<void> {
+		const provider = this.authProviders.get(name);
+		if (provider) {
+			await provider.clearCredentials();
+			provider.cleanup();
+		}
+		this.authProviders.delete(name);
+		if (scope) {
+			this.serverScopes.set(name, scope);
+		}
+		if (projectRoot) {
+			this.projectRoot = projectRoot;
+		}
+		const key = this.oauthKey(name);
+		await this.oauthStore.clearServer(key);
+		if (key !== name) {
+			await this.oauthStore.clearServer(name);
+		}
+	}
+
 	async getAuthStatus(
 		name: string,
 	): Promise<{ authenticated: boolean; expiresAt?: number }> {
+		const client = this.clients.get(name);
+		if (client && isGitHubCopilotUrl(client.serverConfig.url)) {
+			const token = await getCopilotToken();
+			return { authenticated: !!token };
+		}
 		const key = this.oauthKey(name);
 		const tokens = await this.oauthStore.loadTokens(key);
 		if (!tokens?.access_token) return { authenticated: false };

package/src/core/src/mcp/tools.ts

@@ -1,7 +1,15 @@
 import { tool, type Tool } from 'ai';
+import type { ToolResultOutput } from '@ai-sdk/provider-utils';
 import { z } from 'zod/v3';
 import type { MCPServerManager } from './server-manager.ts';
 
+type MCPToolResult = {
+	ok: boolean;
+	result?: string;
+	error?: string;
+	images?: Array<{ data: string; mimeType: string }>;
+};
+
 export function convertMCPToolsToAISDK(
 	manager: MCPServerManager,
 ): Array<{ name: string; tool: Tool }> {
@@ -16,13 +24,38 @@ export function convertMCPToolsToAISDK(
 			) as z.ZodObject<z.ZodRawShape>,
 			async execute(args: Record<string, unknown>) {
 				try {
-					return await manager.callTool(name, args);
+					return (await manager.callTool(name, args)) as MCPToolResult;
 				} catch (err) {
 					return {
 						ok: false,
 						error: err instanceof Error ? err.message : String(err),
-					};
+					} satisfies MCPToolResult;
+				}
+			},
+			toModelOutput({ output }): ToolResultOutput {
+				const result = output as MCPToolResult;
+				if (result.images && result.images.length > 0) {
+					const parts: Array<
+						| { type: 'text'; text: string }
+						| { type: 'image-data'; data: string; mediaType: string }
+					> = [];
+					const text = result.ok ? result.result : result.error;
+					if (text) {
+						parts.push({ type: 'text', text });
+					}
+					for (const img of result.images) {
+						parts.push({
+							type: 'image-data',
+							data: img.data,
+							mediaType: img.mimeType,
+						});
+					}
+					return { type: 'content', value: parts } as ToolResultOutput;
 				}
+				return {
+					type: 'json',
+					value: result as unknown as import('@ai-sdk/provider').JSONValue,
+				};
 			},
 		}),
 	}));

package/src/core/src/tools/loader.ts

@@ -16,7 +16,12 @@ import { buildTerminalTool } from './builtin/terminal.ts';
 import type { TerminalManager } from '../terminals/index.ts';
 import { initializeSkills, buildSkillTool } from '../../../skills/index.ts';
 import { getMCPManager } from '../mcp/index.ts';
-import { convertMCPToolsToAISDK } from '../mcp/tools.ts';
+import {
+	getMCPToolBriefs,
+	buildLoadMCPToolsTool,
+	getMCPToolsRecord,
+	type MCPToolBrief,
+} from '../mcp/lazy-tools.ts';
 import fg from 'fast-glob';
 import { dirname, isAbsolute, join } from 'node:path';
 import { pathToFileURL } from 'node:url';
@@ -25,6 +30,11 @@ import { spawn as nodeSpawn } from 'node:child_process';
 
 export type DiscoveredTool = { name: string; tool: Tool };
 
+export type DiscoverResult = {
+	tools: DiscoveredTool[];
+	mcpToolsRecord: Record<string, Tool>;
+};
+
 type PluginParameter = {
 	type: 'string' | 'number' | 'boolean';
 	description?: string;
@@ -108,7 +118,7 @@ export function getTerminalManager(): TerminalManager | null {
 export async function discoverProjectTools(
 	projectRoot: string,
 	globalConfigDir?: string,
-): Promise<DiscoveredTool[]> {
+): Promise<DiscoverResult> {
 	const tools = new Map<string, Tool>();
 	for (const { name, tool } of buildFsTools(projectRoot)) tools.set(name, tool);
 	for (const { name, tool } of buildGitTools(projectRoot))
@@ -148,10 +158,14 @@ export async function discoverProjectTools(
 	tools.set(skillTool.name, skillTool.tool);
 
 	const mcpManager = getMCPManager();
+	let mcpToolsRecord: Record<string, Tool> = {};
+	let mcpBriefs: MCPToolBrief[] = [];
 	if (mcpManager?.started) {
-		const mcpTools = convertMCPToolsToAISDK(mcpManager);
-		for (const { name, tool } of mcpTools) {
-			tools.set(name, tool);
+		mcpBriefs = getMCPToolBriefs(mcpManager);
+		if (mcpBriefs.length > 0) {
+			mcpToolsRecord = getMCPToolsRecord(mcpManager);
+			const loadTool = buildLoadMCPToolsTool(mcpBriefs);
+			tools.set(loadTool.name, loadTool.tool);
 		}
 	}
 
@@ -210,7 +224,10 @@ export async function discoverProjectTools(
 
 	await loadFromBase(globalConfigDir);
 	await loadFromBase(join(projectRoot, '.otto'));
-	return Array.from(tools.entries()).map(([name, tool]) => ({ name, tool }));
+	return {
+		tools: Array.from(tools.entries()).map(([name, tool]) => ({ name, tool })),
+		mcpToolsRecord,
+	};
 }
 
 async function loadPlugin(

package/src/index.ts

@@ -218,7 +218,7 @@ export type { ProviderName, ModelConfig } from './core/src/index.ts';
 
 // Tools
 export { discoverProjectTools } from './core/src/index.ts';
-export type { DiscoveredTool } from './core/src/index.ts';
+export type { DiscoveredTool, DiscoverResult } from './core/src/index.ts';
 export { setTerminalManager, getTerminalManager } from './core/src/index.ts';
 export { buildFsTools } from './core/src/index.ts';
 export { buildGitTools } from './core/src/index.ts';

package/src/types/src/auth.ts

@@ -20,6 +20,7 @@ export type OAuth = {
 	expires: number;
 	accountId?: string;
 	idToken?: string;
+	scopes?: string;
 };
 
 /**