@slashfi/agents-sdk 0.87.0 → 0.89.0

package/src/config-store.test.ts

@@ -533,6 +533,93 @@ describe("ADK ref.call() full auto-refresh flow", () => {
     expect((result as any)?.result?.token).toBe("refreshed-token");
   });
 
+  test("ref.authStatus persists authFields={} in registry-cache for security:none refs (regression: isRefConnected miss-classifies auto-installed no-auth refs)", async () => {
+    // Regression: `authStatus` short-circuited at `security.type === "none"`
+    // (and at `security == null`) WITHOUT writing the slim `{required,
+    // automated}` authFields shape into `registry-cache.json`. Host-side
+    // `isRefAuthComplete` then returned `null` for those refs ("no
+    // authFields in cache"), and the LLM-facing `isRefConnected` filter
+    // in atlas-os-sdk fell back to a coarse `[access_token|api_key|token]`
+    // credential presence check — which a security:none ref like
+    // web-search/Firecrawl never has by definition. Result: auto-installed
+    // no-auth refs silently disappeared from `list_agents` and from
+    // `~/.adk/refs/` materialization.
+    //
+    // The fix: when `inspect` confirmed `security` is absent or
+    // `{type:"none"}`, persist `authFields: {}` so `isRefAuthComplete`
+    // returns `true` (no required fields to satisfy) and downstream
+    // filters treat the ref as connected.
+    //
+    // The `@math` agent registered above has no `config.security`, so it
+    // exercises the "registry returned no security field at all" path.
+    const fs = createMemoryFs();
+    const adk = createAdk(fs, {
+      encryptionKey: "test-key-32-chars-long-enough!!",
+    });
+
+    await adk.registry.add({
+      name: "oauth-reg",
+      url: `http://localhost:${REG_PORT}`,
+    });
+    await adk.ref.add({
+      ref: "@math",
+      name: "math",
+      sourceRegistry: {
+        url: `http://localhost:${REG_PORT}`,
+        agentPath: "@math",
+      },
+    });
+
+    const status = await adk.ref.authStatus("math");
+    expect(status.complete).toBe(true);
+    expect(status.fields).toEqual({});
+
+    // The cache must now carry authFields={} so isRefAuthComplete can
+    // answer "yes, ready to call" without re-fetching the security scheme.
+    const cacheRaw = await fs.readFile("registry-cache.json");
+    expect(cacheRaw).not.toBeNull();
+    const cache = JSON.parse(cacheRaw!);
+    expect(cache.refs.math).toBeDefined();
+    expect(cache.refs.math.authFields).toEqual({});
+  });
+
+  test("ref.authStatus does NOT persist authFields when inspect fails (registry unreachable)", async () => {
+    // Sibling guard: if the registry inspect call throws / returns null
+    // (network error, registry doesn't host the ref, etc.), we must NOT
+    // cache a false-positive `authFields: {}` — that would let the host
+    // treat an unreachable ref as "connected" on the next call.
+    const fs = createMemoryFs();
+    const adk = createAdk(fs, {
+      encryptionKey: "test-key-32-chars-long-enough!!",
+    });
+
+    // Point at a port that nothing is listening on.
+    await adk.registry.add({
+      name: "dead-reg",
+      url: `http://localhost:1`,
+    });
+    await adk.ref.add({
+      ref: "@phantom",
+      name: "phantom",
+      sourceRegistry: {
+        url: `http://localhost:1`,
+        agentPath: "@phantom",
+      },
+    });
+
+    const status = await adk.ref.authStatus("phantom");
+    expect(status.complete).toBe(true);
+    expect(status.security).toBeNull();
+
+    // Registry was unreachable, so we shouldn't have written a cache
+    // entry that claims this ref is no-auth.
+    const cacheRaw = await fs.readFile("registry-cache.json");
+    if (cacheRaw !== null) {
+      const cache = JSON.parse(cacheRaw);
+      expect(cache.refs?.phantom?.authFields).toBeUndefined();
+    }
+  });
+
   test("ref.authStatus reports access_token.automated=false for authorizationCode (user must consent)", async () => {
     // Regression: previously `access_token.automated` was hardcoded to
     // `true` for every oauth2 scheme. That made cached-authFields
@@ -566,6 +653,225 @@ describe("ADK ref.call() full auto-refresh flow", () => {
   });
 });
 
+describe("ADK ref.call() auto-refresh on direct MCP 401", () => {
+  // Regression: refs whose entry has a direct `url` and `mode !== "api"`
+  // (Linear, Notion, Figma, DoorDash, Houzz, etc.) take the
+  // `callMcpDirect` branch instead of the registry-mediated `callRegistry`
+  // branch. Before this fix, a 401 from the upstream MCP server was
+  // surfaced as `{ success: false, error: "MCP tools/call failed (401):
+  // ..." }` with no `httpStatus` field, so `isUnauthorized(result)` never
+  // matched and the refresh-on-401 retry path in `ref.call` was silently
+  // skipped — even when the ref had a valid `refresh_token` on hand. The
+  // fix attaches `httpStatus` to the error envelope, restoring parity
+  // with the registry-mediated path (which already gets `_httpStatus`
+  // forwarded as structured data).
+  let registryServer: AgentServer;
+  let mcpServer: ReturnType<typeof Bun.serve>;
+  let tokenServer: ReturnType<typeof Bun.serve>;
+  const REG_PORT = 19930;
+  const MCP_PORT = 19931;
+  const TOKEN_PORT = 19932;
+  let toolCallCount = 0;
+  let tokenRefreshCount = 0;
+  let serverActiveToken = "";
+
+  beforeAll(async () => {
+    // Registry exposes the agent with an oauth2 security scheme so
+    // `ref.authStatus` can discover the tokenUrl that `refreshToken`
+    // POSTs to. The agent has no tools that ever get invoked here —
+    // the actual tool call goes direct to mcpServer below.
+    const stubTool = defineTool({
+      name: "some_tool",
+      description: "Never invoked via the registry in this test",
+      inputSchema: { type: "object" as const, properties: {} },
+      execute: async () => ({ message: "unused" }),
+    });
+    const agent = defineAgent({
+      path: "direct-mcp-agent",
+      entrypoint: "Direct-MCP agent (security discovery only)",
+      tools: [stubTool],
+      visibility: "public",
+      config: {
+        description: "Direct-MCP test agent (security discovery only)",
+        security: {
+          type: "oauth2",
+          flows: {
+            authorizationCode: {
+              authorizationUrl: "http://localhost/authorize",
+              tokenUrl: `http://localhost:${TOKEN_PORT}`,
+            },
+          },
+        },
+      },
+    });
+    const registry = createAgentRegistry();
+    registry.register(agent);
+    registryServer = createAgentServer(registry, { port: REG_PORT });
+    await registryServer.start();
+
+    // Direct MCP server — returns 401 unless the bearer token matches
+    // `serverActiveToken`. Real MCP servers signal 401 with an HTTP 401
+    // (not via httpStatus on the JSON-RPC body); that's exactly what the
+    // fix has to recover.
+    mcpServer = Bun.serve({
+      port: MCP_PORT,
+      async fetch(req) {
+        const body = (await req.json()) as {
+          method?: string;
+          id?: number;
+          params?: { name?: string };
+        };
+        const respond = (status: number, payload: unknown) =>
+          new Response(JSON.stringify(payload), {
+            status,
+            headers: { "Content-Type": "application/json" },
+          });
+
+        if (body.method === "initialize") {
+          return respond(200, {
+            jsonrpc: "2.0",
+            id: body.id,
+            result: {
+              protocolVersion: "2024-11-05",
+              capabilities: {},
+              serverInfo: { name: "mock-mcp", version: "1.0.0" },
+            },
+          });
+        }
+        if (body.method === "notifications/initialized") {
+          return respond(200, { jsonrpc: "2.0", id: body.id, result: {} });
+        }
+        if (body.method === "tools/call") {
+          toolCallCount++;
+          const auth = req.headers.get("Authorization") ?? "";
+          const token = auth.replace(/^Bearer /, "");
+          if (token !== serverActiveToken) {
+            return respond(401, {
+              jsonrpc: "2.0",
+              id: body.id,
+              error: { code: -32001, message: "Unauthorized" },
+            });
+          }
+          return respond(200, {
+            jsonrpc: "2.0",
+            id: body.id,
+            result: {
+              content: [
+                {
+                  type: "text",
+                  text: JSON.stringify({ ok: true, token }),
+                },
+              ],
+            },
+          });
+        }
+        return respond(404, {
+          jsonrpc: "2.0",
+          id: body.id,
+          error: { code: -32601, message: "Method not found" },
+        });
+      },
+    });
+
+    // OAuth token endpoint — mints a fresh access token for a known refresh
+    // token + client_id. Rejects everything else with 400.
+    tokenServer = Bun.serve({
+      port: TOKEN_PORT,
+      async fetch(req) {
+        tokenRefreshCount++;
+        const params = new URLSearchParams(await req.text());
+        if (
+          params.get("grant_type") !== "refresh_token" ||
+          params.get("refresh_token") !== "direct-refresh-token" ||
+          params.get("client_id") !== "direct-client-id"
+        ) {
+          return new Response(JSON.stringify({ error: "invalid_request" }), {
+            status: 400,
+          });
+        }
+        return new Response(
+          JSON.stringify({
+            access_token: "refreshed-direct-token",
+            token_type: "Bearer",
+            expires_in: 3600,
+          }),
+          { headers: { "Content-Type": "application/json" } },
+        );
+      },
+    });
+  });
+
+  afterAll(async () => {
+    await registryServer.stop();
+    mcpServer.stop();
+    tokenServer.stop();
+  });
+
+  test("401 from direct MCP triggers refresh + retry (parity with registry-mediated refs)", async () => {
+    toolCallCount = 0;
+    tokenRefreshCount = 0;
+    // Server will only accept the refreshed token — the stale one we seed
+    // below must round-trip through refresh before the call can succeed.
+    serverActiveToken = "refreshed-direct-token";
+
+    const fs = createMemoryFs();
+    const adk = createAdk(fs, {
+      encryptionKey: "test-key-32-chars-long-enough!!",
+    });
+
+    // Point the ref at the registry for security discovery, but also set
+    // a direct `url` so `ref.call` takes the `callMcpDirect` branch (the
+    // exact code path that was broken).
+    await adk.registry.add({
+      name: "direct-mcp-registry",
+      url: `http://localhost:${REG_PORT}`,
+    });
+    await adk.ref.add({
+      ref: "direct-mcp-agent",
+      url: `http://localhost:${MCP_PORT}`,
+      sourceRegistry: {
+        url: `http://localhost:${REG_PORT}`,
+        agentPath: "direct-mcp-agent",
+      },
+    });
+
+    // Seed credentials directly. access_token is intentionally stale.
+    const config = await adk.readConfig();
+    await adk.writeConfig({
+      ...config,
+      refs: config.refs?.map((r: any) => {
+        if (r.ref === "direct-mcp-agent") {
+          return {
+            ...r,
+            // Force the direct-MCP branch: any mode that's not "api".
+            mode: "redirect",
+            config: {
+              ...r.config,
+              access_token: "stale-direct-token",
+              refresh_token: "direct-refresh-token",
+              client_id: "direct-client-id",
+            },
+          };
+        }
+        return r;
+      }),
+    });
+
+    const result = await adk.ref.call("direct-mcp-agent", "some_tool", {});
+
+    // Without the fix: tokenRefreshCount stays 0, toolCallCount === 1,
+    // result.success === false with `MCP tools/call failed (401)` in error.
+    // With the fix: 401 → refresh → retry succeeds.
+    expect(tokenRefreshCount).toBe(1);
+    expect(toolCallCount).toBe(2);
+    expect((result as any).success).toBe(true);
+    expect((result as any).result).toEqual({
+      ok: true,
+      token: "refreshed-direct-token",
+    });
+  });
+});
+
 // ─── Registry auth lifecycle ─────────────────────────────────────
 
 describe("ADK registry auth lifecycle", () => {
@@ -1099,6 +1405,33 @@ describe("isRefAuthComplete + cached authFields", () => {
     expect(result).toBeNull();
   });
 
+  test("empty authFields object → true (security:none refs cache an empty map)", async () => {
+    // Companion to the authStatus regression: an explicit `authFields: {}`
+    // in the registry-cache (written by `authStatus` for security:none refs)
+    // means "no required fields to satisfy" — not "cache miss". The
+    // distinction matters because callers (`atlas-os-sdk` `isRefConnected`)
+    // use a different fallback strategy on null vs false. With an empty
+    // map, the required-fields loop runs zero times and we return true.
+    const { isRefAuthComplete } = await import("./config-store");
+    const result = isRefAuthComplete(
+      {
+        ref: "@web-search",
+        name: "@web-search",
+        scheme: "registry",
+        sourceRegistry: {
+          url: "http://localhost",
+          agentPath: "@web-search",
+        },
+      },
+      {
+        ref: "@web-search",
+        fetchedAt: new Date().toISOString(),
+        authFields: {},
+      },
+    );
+    expect(result).toBe(true);
+  });
+
   test("required field present → true", async () => {
     const { isRefAuthComplete } = await import("./config-store");
     const result = isRefAuthComplete(

package/src/config-store.ts

@@ -959,6 +959,21 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
     return data;
   }
 
+  /**
+   * Error thrown by `callMcpDirect` when the upstream MCP server returns a
+   * non-2xx HTTP response. Carries the numeric `status` so the catch handler
+   * can surface it as `httpStatus` on the returned CallAgentResponse, which
+   * `isUnauthorized` (and the retry-on-401 path in `ref.call`) relies on.
+   */
+  class McpHttpError extends Error {
+    readonly status: number;
+    constructor(status: number, message: string) {
+      super(message);
+      this.name = "McpHttpError";
+      this.status = status;
+    }
+  }
+
   /** Call an MCP server directly (bypasses registry). */
   async function callMcpDirect(
     serverUrl: string,
@@ -993,7 +1008,8 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
         }),
       });
       if (!res.ok) {
-        throw new Error(
+        throw new McpHttpError(
+          res.status,
           `MCP ${method} failed (${res.status}): ${await res.text().catch(() => "unknown")}`,
         );
       }
@@ -1066,10 +1082,21 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       }
       return { success: true, result } as CallAgentResponse;
     } catch (err) {
-      return {
-        success: false,
+      // Preserve upstream HTTP status (notably 401) so `isUnauthorized`
+      // can detect it and trigger the auto-refresh-and-retry path in
+      // `ref.call`. Without this, refs that go through callMcpDirect
+      // (mode: redirect/proxy with an MCP url, e.g. Linear, Notion) see
+      // their tokens expire and fail with a raw 401 instead of silently
+      // refreshing the way API-mode refs (Google, etc.) do via the
+      // registry's structured response. We attach httpStatus as an
+      // out-of-band field on the error envelope, matching the shape
+      // `isUnauthorized` already checks for on registry-mediated calls.
+      const errorResponse = {
+        success: false as const,
         error: err instanceof Error ? err.message : String(err),
-      } as CallAgentResponse;
+        ...(err instanceof McpHttpError && { httpStatus: err.status }),
+      };
+      return errorResponse as unknown as CallAgentResponse;
     }
   }
 
@@ -2229,6 +2256,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       if (!entry) throw new Error(`Ref "${name}" not found`);
 
       let security: SecuritySchemeSummary | null = null;
+      let inspectSucceeded = false;
       try {
         const consumer = await buildConsumerForRef(entry);
         // Pass `sourceRegistry.url` so inspect targets the registry the ref
@@ -2241,12 +2269,32 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
           entry.sourceRegistry?.agentPath ?? entry.ref,
           entry.sourceRegistry?.url,
         );
-        if (info?.security) security = info.security;
+        if (info) {
+          inspectSucceeded = true;
+          if (info.security) security = info.security;
+        }
       } catch {
         // Can't reach registry
       }
 
       if (!security || security.type === "none") {
+        // Persist an empty authFields map when the registry confirmed the
+        // ref needs no auth — either an explicit `security.type === "none"`
+        // or no `security` field on the agent at all. Host-side filters
+        // that consult the registry-cache (e.g. atlas-os-sdk
+        // `isRefConnected`) need this to distinguish "registry says this
+        // ref needs no auth" from "we never warmed the cache". Without
+        // it, auto-installed no-auth refs (e.g. web-search/Firecrawl)
+        // look identical to never-inspected refs and get filtered out
+        // of LLM-facing surfaces as "not connected" even though they
+        // have nothing to connect.
+        //
+        // Gate on `inspectSucceeded` so we don't cache a false positive
+        // when the registry was unreachable (network failure / consumer
+        // error — `inspect` returned null/threw).
+        if (inspectSucceeded) {
+          await upsertRegistryCacheAuthFields(name, entry.ref, {});
+        }
         return { name, security, complete: true, fields: {} };
       }