@slashfi/agents-sdk 0.34.0 → 0.35.0

package/src/auth-governance.ts

@@ -39,7 +39,7 @@ export function canSeeAgent(
   agent: AgentDefinition,
   auth: ResolvedAuth | null,
 ): boolean {
-  const visibility = ((agent as any).visibility ??
+  const visibility = (agent.visibility ??
     agent.config?.visibility ??
     "internal") as Visibility;
   if (hasAdminScope(auth)) return true;
@@ -87,7 +87,7 @@ export function getVisibleTools(
   agent: AgentDefinition,
   auth: ResolvedAuth | null,
 ): typeof agent.tools {
-  const agentVisibility = ((agent as any).visibility ??
+  const agentVisibility = (agent.visibility ??
     agent.config?.visibility ??
     "internal") as Visibility;
   return agent.tools.filter((t) => canSeeTool(t, auth, agentVisibility));

package/src/call-agent-schema.test.ts

@@ -293,7 +293,10 @@ describe("zodToOpenAiJsonSchema", () => {
       required: z.string(),
       optional: z.string().optional(),
     });
-    const jsonSchema = zodToOpenAiJsonSchema(schema) as any;
+    const jsonSchema = zodToOpenAiJsonSchema(schema) as Record<
+      string,
+      unknown
+    >;
 
     // Required field should be in required array
     expect(jsonSchema.required).toContain("required");

package/src/call-agent-schema.ts

@@ -66,14 +66,46 @@ export function nullTolerant<T extends ZodTypeAny>(schema: T) {
  * This is the standard way to generate input schemas for MCP tools
  * that will be called by LLMs.
  */
+/**
+ * Recursively normalize a JSON schema for Anthropic compatibility.
+ * Replaces `additionalProperties: {}` (empty schema = any) with `true`,
+ * which is semantically equivalent but accepted by Anthropic's validator.
+ */
+function normalizeJsonSchema(schema: Record<string, unknown>): Record<string, unknown> {
+  if (typeof schema !== "object" || schema === null) return schema;
+
+  const result: Record<string, unknown> = {};
+  for (const [key, value] of Object.entries(schema)) {
+    if (
+      key === "additionalProperties" &&
+      typeof value === "object" &&
+      value !== null &&
+      Object.keys(value).length === 0
+    ) {
+      result[key] = true;
+    } else if (Array.isArray(value)) {
+      result[key] = value.map((item) =>
+        typeof item === "object" && item !== null
+          ? normalizeJsonSchema(item as Record<string, unknown>)
+          : item,
+      );
+    } else if (typeof value === "object" && value !== null) {
+      result[key] = normalizeJsonSchema(value as Record<string, unknown>);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
 export function zodToOpenAiJsonSchema(
   schema: ZodTypeAny,
 ): Record<string, unknown> {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  return zodToJsonSchema(schema as any, { target: "openAi" }) as Record<
+  const raw = zodToJsonSchema(schema, { target: "openAi" }) as Record<
     string,
     unknown
   >;
+  return normalizeJsonSchema(raw);
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -86,7 +118,7 @@ const callAgentBaseSchema = z.object({
   path: z.string().describe("Agent path (e.g., '@my-agent')"),
   callerId: z.string().optional().describe("Caller ID for access control"),
   callerType: callerTypeSchema.optional().describe("Caller type"),
-  metadata: z.record(z.unknown()).optional().describe("Additional metadata"),
+  metadata: z.object({}).passthrough().optional().describe("Additional metadata"),
 });
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -126,7 +158,7 @@ export const executeToolActionSchema = callAgentBaseSchema.extend({
   action: z.literal("execute_tool"),
   tool: z.string().describe("Tool name to call"),
   params: z
-    .record(z.unknown())
+    .object({}).passthrough()
     .optional()
     .describe("Parameters for the tool"),
 });
@@ -137,7 +169,9 @@ export const describeToolsActionSchema = callAgentBaseSchema.extend({
   tools: z
     .array(z.string())
     .optional()
-    .describe("Optional: filter to specific tool names. Omit to list all."),
+    .describe(
+      "Optional filter: specific tool names. Use undefined / omit for all tools; do not use [] (empty array is not 'all tools').",
+    ),
 });
 
 /** Load: get agent definition */

package/src/consumer.test.ts

@@ -70,7 +70,7 @@ describe("Registry Consumer E2E", () => {
     await server.stop();
   });
 
-  test("discover registry via .well-known/configuration", async () => {
+  test("discover registry via MCP initialize", async () => {
     const config = {
       registries: [`http://localhost:${PORT}`],
     };
@@ -80,6 +80,9 @@ describe("Registry Consumer E2E", () => {
 
     expect(discovery).toBeDefined();
     expect(discovery.issuer).toBeDefined();
+    expect(discovery.token_endpoint).toBe(
+      `http://localhost:${PORT}/oauth/token`,
+    );
   });
 
   test("list agents from registry", async () => {

package/src/define.ts

@@ -240,8 +240,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
               config: { type: "object" },
             },
           },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
     if (h.connect) {
@@ -260,8 +261,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
             },
             required: ["registryId"] as const,
           },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
     if (h.discover) {
@@ -275,8 +277,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
             type: "object" as const,
             properties: { url: { type: "string" } },
           },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
     if (h.list) {
@@ -287,8 +290,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
           description: `List connected ${h.displayName} instances.`,
           visibility: "public" as const,
           inputSchema: { type: "object" as const, properties: {} },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
     if (h.get) {
@@ -303,8 +307,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
             properties: { registryId: { type: "string" } },
             required: ["registryId"] as const,
           },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
     if (h.update) {
@@ -323,8 +328,9 @@ export function defineAgent<TContext extends ToolContext = ToolContext>(
             },
             required: ["registryId"] as const,
           },
-          execute: (input: any, ctx: any) => fn(input, ctx),
-        }) as any,
+          execute: (input: Record<string, unknown>, ctx: ToolContext) =>
+            fn(input, ctx),
+        }) as ToolDefinition<ToolContext>,
       );
     }
   }

package/src/index.ts

@@ -90,12 +90,23 @@ export type {
   SecurityScheme,
   AgentResource,
   SecuritySchemeSummary,
+  AuthClientCredentialsTokenResult,
+  AuthSecretValue,
+  ExchangeTokenLinkedSuccess,
+  ExchangeTokenNeedsIdentity,
+  ExchangeTokenRejected,
+  ExchangeTokenToolResult,
   IntegrationMethods,
   IntegrationMethodResult,
   IntegrationMethodContext,
   IntegrationHooks,
   Visibility,
 } from "./types.js";
+export {
+  isCallAgentErrorResponse,
+  isExchangeTokenLinkedSuccess,
+  isExchangeTokenNeedsIdentity,
+} from "./types.js";
 
 // Define functions
 export { defineAgent, defineTool } from "./define.js";

package/src/key-manager.ts

@@ -13,7 +13,14 @@
  * - Signs JWTs with the active key
  */
 
-import { type JWK, SignJWT, exportJWK, generateKeyPair, importJWK } from "jose";
+import {
+  type JWK,
+  type JWTPayload,
+  SignJWT,
+  exportJWK,
+  generateKeyPair,
+  importJWK,
+} from "jose";
 
 // ── Types ──
 
@@ -236,7 +243,7 @@ export async function createKeyManager(
 
     async signJwt(claims: Record<string, unknown>): Promise<string> {
       const key = getActiveKey();
-      let builder = new SignJWT({ ...claims } as any)
+      let builder = new SignJWT({ ...claims } as JWTPayload)
         .setProtectedHeader({ alg: ALG, kid: key.kid })
         .setIssuer(issuer)
         .setIssuedAt();

package/src/registry-consumer.ts

@@ -1,9 +1,10 @@
 /**
  * Registry Consumer — Connects to registries and resolves refs.
  *
- * The consumer reads a `ConsumerConfig`, discovers registries via
- * `/.well-known/configuration`, resolves refs to agent definitions,
- * and provides a unified interface for calling tools across all connected agents.
+ * The consumer reads a `ConsumerConfig`, connects to each registry at its MCP URL,
+ * resolves refs to agent definitions, and provides a unified interface for calling
+ * tools across all connected agents. Registry metadata comes from the MCP
+ * `initialize` handshake (`discover()`).
  *
  * @example
  * ```typescript
@@ -181,16 +182,15 @@ function buildRegistryAuthHeaders(
 // Registry Discovery Types
 // ============================================
 
-/** Registry well-known configuration (from /.well-known/configuration) */
+/**
+ * Registry configuration derived from the MCP `initialize` response and the registry
+ * URL (OAuth/JWKS paths follow the usual layout under `issuer`).
+ */
 export interface RegistryConfiguration {
   issuer: string;
   jwks_uri?: string;
   token_endpoint?: string;
-  agents_endpoint?: string;
-  call_endpoint?: string;
   supported_grant_types?: string[];
-  /** @deprecated Use agents_endpoint + GET /list instead */
-  agents?: string[];
 }
 
 /** An agent definition as listed by a registry */
@@ -367,6 +367,73 @@ async function listFromMcpServer(
   }];
 }
 
+function issuerFromMcpUrlAndServerInfo(
+  serverUrl: string,
+  serverInfo?: { name?: string },
+): string {
+  const name = serverInfo?.name;
+  if (name && /^https?:\/\//.test(name)) {
+    return name.replace(/\/$/, "");
+  }
+  return new URL(serverUrl).origin;
+}
+
+/**
+ * Load registry OAuth-facing metadata via MCP initialize (same URL as tools/call).
+ */
+async function discoverRegistryViaMcp(
+  registryUrl: string,
+  authHeaders: Record<string, string>,
+  fetchFn: typeof globalThis.fetch,
+): Promise<RegistryConfiguration> {
+  const serverUrl = registryUrl.replace(/\/$/, "");
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+    ...authHeaders,
+  };
+
+  let reqId = 0;
+  async function rpc(method: string, params?: Record<string, unknown>) {
+    const res = await fetchFn(serverUrl, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: ++reqId,
+        method,
+        ...(params && { params }),
+      }),
+    });
+    if (!res.ok) {
+      throw new Error(`MCP initialize to ${serverUrl} failed: ${res.status}`);
+    }
+    const json = (await res.json()) as { result?: unknown; error?: { message: string } };
+    if (json.error) {
+      throw new Error(`MCP RPC error: ${json.error.message}`);
+    }
+    return json.result;
+  }
+
+  const initResult = (await rpc("initialize", {
+    protocolVersion: "2024-11-05",
+    capabilities: {},
+    clientInfo: { name: "agents-sdk-consumer", version: "1.0.0" },
+  })) as {
+    serverInfo?: { name?: string; version?: string };
+  };
+
+  await rpc("notifications/initialized").catch(() => {});
+
+  const issuer = issuerFromMcpUrlAndServerInfo(serverUrl, initResult?.serverInfo);
+
+  return {
+    issuer,
+    jwks_uri: `${issuer}/.well-known/jwks.json`,
+    token_endpoint: `${issuer}/oauth/token`,
+    supported_grant_types: ["client_credentials", "jwt_exchange"],
+  };
+}
+
 /**
  * Call a tool on a direct MCP server.
  */
@@ -571,17 +638,15 @@ export async function createRegistryConsumer(
     const cached = discoveryCache.get(registryUrl);
     if (cached) return cached;
 
-    const url = `${registryUrl.replace(/\/$/, "")}/.well-known/configuration`;
-    const headers: Record<string, string> = registry
+    const authHeaders = registry
       ? buildRegistryAuthHeaders(registry, options.token)
       : (options.token ? { Authorization: `Bearer ${options.token}` } : {});
-    const res = await fetchFn(url, { headers });
-    if (!res.ok) {
-      throw new Error(
-        `Failed to discover registry ${registryUrl}: ${res.status}`,
-      );
-    }
-    const configuration = (await res.json()) as RegistryConfiguration;
+
+    const configuration = await discoverRegistryViaMcp(
+      registryUrl,
+      authHeaders,
+      fetchFn,
+    );
     discoveryCache.set(registryUrl, configuration);
     return configuration;
   }
@@ -591,9 +656,7 @@ export async function createRegistryConsumer(
     registry: ResolvedRegistry,
     query?: string,
   ): Promise<AgentListing[]> {
-    const configuration = await discover(registry.url, registry);
-    const mcpUrl =
-      configuration.call_endpoint ?? registry.url.replace(/\/$/, "");
+    const mcpUrl = registry.url.replace(/\/$/, "");
 
     const response = await callMcpTool(
       mcpUrl,
@@ -624,9 +687,7 @@ export async function createRegistryConsumer(
     registry: ResolvedRegistry,
     request: CallAgentRequest,
   ): Promise<unknown> {
-    const configuration = await discover(registry.url, registry);
-    const mcpUrl =
-      configuration.call_endpoint ?? registry.url.replace(/\/$/, "");
+    const mcpUrl = registry.url.replace(/\/$/, "");
 
     const headers: Record<string, string> = {
       "Content-Type": "application/json",
@@ -840,7 +901,7 @@ export async function createRegistryConsumer(
           const data = (await callRegistry(registry, {
             action: "describe_tools",
             path: agentPath,
-            tools: [],
+            tools: undefined,
           })) as { tools?: unknown[]; description?: string } | null;
           if (!data) return null;
           return {

package/src/registry.ts

@@ -707,7 +707,9 @@ export function createAgentRegistry(
               ),
             )
             .filter((t: ToolDefinition) =>
-              request.tools ? request.tools.includes(t.name) : true,
+              request.tools && request.tools.length > 0
+                ? request.tools.includes(t.name)
+                : true,
             )
             .map((t: ToolDefinition) => ({
               name: t.name,