@zhijiewang/openharness 2.10.0 → 2.12.0

package/README.md

@@ -366,6 +366,20 @@ mcpServers:
 
 MCP tools appear alongside built-in tools. `/status` shows connected servers.
 
+### Remote MCP servers (HTTP / SSE)
+
+```yaml
+mcpServers:
+  - name: linear
+    type: http
+    url: https://mcp.linear.app/mcp
+    headers:
+      Authorization: "Bearer ${LINEAR_API_KEY}"
+```
+
+See [docs/mcp-servers.md](docs/mcp-servers.md) for the full reference.
+See [docs/mcp-servers.md](docs/mcp-servers.md#authentication) for OAuth 2.1 setup (auto-triggered on 401; `/mcp-login` and `/mcp-logout` commands available).
+
 **MCP Server Registry** — browse and install from a curated catalog:
 
 ```

package/dist/commands/index.d.ts

@@ -17,7 +17,7 @@ import type { CommandContext, CommandResult } from "./types.js";
 /**
  * Check if input is a slash command. If so, execute it.
  */
-export declare function processSlashCommand(input: string, context: CommandContext): CommandResult | null;
+export declare function processSlashCommand(input: string, context: CommandContext): Promise<CommandResult | null>;
 /**
  * Get all registered command names (for autocomplete/display).
  */

package/dist/commands/index.js

@@ -34,7 +34,7 @@ registerSkillCommands(register);
 /**
  * Check if input is a slash command. If so, execute it.
  */
-export function processSlashCommand(input, context) {
+export async function processSlashCommand(input, context) {
     const trimmed = input.trim();
     if (!trimmed.startsWith("/"))
         return null;

package/dist/commands/info.js

@@ -8,7 +8,10 @@ import { gitBranch, isGitRepo, isInMergeOrRebase } from "../git/index.js";
 import { readOhConfig } from "../harness/config.js";
 import { estimateMessageTokens } from "../harness/context-warning.js";
 import { getContextWindow } from "../harness/cost.js";
+import { normalizeMcpConfig } from "../mcp/config-normalize.js";
 import { connectedMcpServers } from "../mcp/loader.js";
+import { getAuthStatus } from "../mcp/oauth.js";
+import { mcpLoginHandler, mcpLogoutHandler } from "./mcp-auth.js";
 export function registerInfoCommands(register, getCommandMap) {
     register("help", "Show available commands", () => {
         const categories = {
@@ -39,6 +42,8 @@ export function registerInfoCommands(register, getCommandMap) {
                 "doctor",
                 "context",
                 "mcp",
+                "mcp-login",
+                "mcp-logout",
                 "mcp-registry",
                 "init",
                 "bug",
@@ -387,19 +392,50 @@ export function registerInfoCommands(register, getCommandMap) {
         ];
         return { output: lines.join("\n"), handled: true };
     });
-    register("mcp", "Show MCP server status", () => {
-        const mcp = connectedMcpServers();
-        if (mcp.length === 0) {
+    register("mcp", "Show MCP server status", async () => {
+        const connected = connectedMcpServers();
+        if (connected.length === 0) {
             return {
                 output: "No MCP servers connected.\nConfigure in .oh/config.yaml under mcpServers.\nRun /mcp-registry to browse available servers.",
                 handled: true,
             };
         }
-        const lines = [`MCP Servers (${mcp.length} connected):\n`];
-        for (const name of mcp) {
-            lines.push(`  ✓ ${name}`);
+        const cfg = readOhConfig();
+        const servers = cfg?.mcpServers ?? [];
+        const storageDir = join(homedir(), ".oh", "credentials", "mcp");
+        const lines = [`MCP Servers (${connected.length} connected):`, ""];
+        for (const name of connected) {
+            const entry = servers.find((s) => s.name === name);
+            if (!entry) {
+                lines.push(`  ${name.padEnd(20)}  unknown  —`);
+                continue;
+            }
+            const normalized = normalizeMcpConfig(entry, process.env);
+            if (normalized.kind === "error") {
+                lines.push(`  ${name.padEnd(20)}  error    ${normalized.message}`);
+                continue;
+            }
+            const kind = normalized.cfg.type;
+            const status = await getAuthStatus(normalized.cfg, storageDir);
+            let statusText;
+            switch (status) {
+                case "n/a":
+                    statusText = "—";
+                    break;
+                case "none":
+                    statusText = "not authenticated";
+                    break;
+                case "authenticated":
+                    statusText = "authenticated";
+                    break;
+                case "expired":
+                    statusText = "expired (re-authenticate with /mcp-login)";
+                    break;
+            }
+            lines.push(`  ${name.padEnd(20)}  ${kind.padEnd(6)}  ${statusText}`);
         }
-        lines.push("\nRun /mcp-registry to browse and add more servers.");
+        lines.push("");
+        lines.push("Run /mcp-registry to browse and add more servers.");
         return { output: lines.join("\n"), handled: true };
     });
     register("mcp-registry", "Browse and add MCP servers from the curated registry", (args) => {
@@ -426,6 +462,12 @@ export function registerInfoCommands(register, getCommandMap) {
         }
         return { output: `Found ${results.length} servers:\n\n${formatRegistry(results)}`, handled: true };
     });
+    register("mcp-login", "Authenticate to a remote MCP server via OAuth", async (args) => {
+        return mcpLoginHandler(args);
+    });
+    register("mcp-logout", "Wipe local OAuth tokens for an MCP server", async (args) => {
+        return mcpLogoutHandler(args);
+    });
     register("init", "Initialize project with .oh/ config", () => {
         const ohDir = join(process.cwd(), ".oh");
         if (existsSync(ohDir)) {

package/dist/commands/mcp-auth.d.ts

@@ -0,0 +1,11 @@
+export type CommandResult = {
+    output: string;
+    handled: true;
+};
+export declare function mcpLogoutHandler(name: string, opts?: {
+    storageDir?: string;
+}): Promise<CommandResult>;
+export declare function mcpLoginHandler(name: string, opts?: {
+    storageDir?: string;
+}): Promise<CommandResult>;
+//# sourceMappingURL=mcp-auth.d.ts.map

package/dist/commands/mcp-auth.js

@@ -0,0 +1,57 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { readOhConfig } from "../harness/config.js";
+import { McpClient } from "../mcp/client.js";
+import { normalizeMcpConfig } from "../mcp/config-normalize.js";
+import { clearTokens } from "../mcp/oauth.js";
+import { loadCredentials } from "../mcp/oauth-storage.js";
+function defaultStorageDir() {
+    return join(homedir(), ".oh", "credentials", "mcp");
+}
+export async function mcpLogoutHandler(name, opts = {}) {
+    const storageDir = opts.storageDir ?? defaultStorageDir();
+    const trimmed = name.trim();
+    if (!trimmed) {
+        return { output: "Usage: /mcp-logout <server-name>", handled: true };
+    }
+    const existing = await loadCredentials(storageDir, trimmed);
+    if (!existing) {
+        return { output: `No credentials stored for '${trimmed}'.`, handled: true };
+    }
+    await clearTokens(storageDir, trimmed);
+    return {
+        output: `Local token for '${trimmed}' wiped. Server-side session may remain valid until expiry.`,
+        handled: true,
+    };
+}
+export async function mcpLoginHandler(name, opts = {}) {
+    const storageDir = opts.storageDir ?? defaultStorageDir();
+    const trimmed = name.trim();
+    if (!trimmed) {
+        return { output: "Usage: /mcp-login <server-name>", handled: true };
+    }
+    const cfg = readOhConfig();
+    const servers = cfg?.mcpServers ?? [];
+    const entry = servers.find((s) => s.name === trimmed);
+    if (!entry) {
+        return { output: `No MCP server named '${trimmed}' in .oh/config.yaml.`, handled: true };
+    }
+    const normalized = normalizeMcpConfig(entry, process.env);
+    if (normalized.kind === "error") {
+        return { output: `Invalid config for '${trimmed}': ${normalized.message}`, handled: true };
+    }
+    if (normalized.cfg.type === "stdio") {
+        return { output: `Server '${trimmed}' is stdio; OAuth is not applicable.`, handled: true };
+    }
+    await clearTokens(storageDir, trimmed);
+    try {
+        const client = await McpClient.connect(entry, { storageDir });
+        client.disconnect();
+        return { output: `\u2713 Authenticated to '${trimmed}'.`, handled: true };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { output: `Authentication failed for '${trimmed}': ${msg}`, handled: true };
+    }
+}
+//# sourceMappingURL=mcp-auth.js.map

package/dist/commands/types.d.ts

@@ -22,7 +22,7 @@ export type CommandResult = {
     /** If set, toggle fast mode */
     toggleFastMode?: boolean;
 };
-export type CommandHandler = (args: string, context: CommandContext) => CommandResult;
+export type CommandHandler = (args: string, context: CommandContext) => CommandResult | Promise<CommandResult>;
 export type CommandContext = {
     messages: Message[];
     model: string;

package/dist/components/REPL.js

@@ -405,8 +405,14 @@ export default function REPL({ provider, tools, permissionMode, systemPrompt, mo
                 totalOutputTokens: costRef.current.totalOutputTokens,
                 sessionId,
             };
-            const result = processSlashCommand(trimmed, ctx);
-            if (result) {
+            void processSlashCommand(trimmed, ctx).then((result) => {
+                if (!result) {
+                    const userMsg = createUserMessage(input);
+                    setMessages((prev) => [...prev, userMsg]);
+                    pendingPromptRef.current = input;
+                    setSubmitCount((c) => c + 1);
+                    return;
+                }
                 if (result.openCybergotchiSetup) {
                     setShowCybergotchiSetup(true);
                     return;
@@ -446,7 +452,8 @@ export default function REPL({ provider, tools, permissionMode, systemPrompt, mo
                     setSubmitCount((c) => c + 1);
                     return;
                 }
-            }
+            });
+            return;
         }
         const userMsg = createUserMessage(input);
         setMessages((prev) => [...prev, userMsg]);

package/dist/harness/config.d.ts

@@ -2,14 +2,30 @@
  * .oh/config.yaml — provider, model, permissionMode and other persisted settings.
  */
 import type { PermissionMode } from "../types/permissions.js";
-export type McpServerConfig = {
+export type McpCommonConfig = {
     name: string;
+    riskLevel?: "low" | "medium" | "high";
+    timeout?: number;
+};
+export type McpStdioConfig = McpCommonConfig & {
+    type?: "stdio";
     command: string;
     args?: string[];
     env?: Record<string, string>;
-    riskLevel?: "low" | "medium" | "high";
-    timeout?: number;
 };
+export type McpHttpConfig = McpCommonConfig & {
+    type: "http";
+    url: string;
+    headers?: Record<string, string>;
+    auth?: "oauth" | "none";
+};
+export type McpSseConfig = McpCommonConfig & {
+    type: "sse";
+    url: string;
+    headers?: Record<string, string>;
+    auth?: "oauth" | "none";
+};
+export type McpServerConfig = McpStdioConfig | McpHttpConfig | McpSseConfig;
 export type HookDef = {
     command?: string;
     http?: string;

package/dist/harness/submit-handler.js

@@ -58,7 +58,7 @@ export async function handleUserInput(input, ctx) {
             totalOutputTokens: ctx.cost.totalOutputTokens,
             sessionId: ctx.sessionId,
         };
-        const result = processSlashCommand(trimmed, cmdCtx);
+        const result = await processSlashCommand(trimmed, cmdCtx);
         if (result) {
             if (result.clearMessages)
                 messages = [];

package/dist/mcp/client.d.ts

@@ -1,18 +1,29 @@
+import type { Client as SdkClient } from "@modelcontextprotocol/sdk/client/index.js";
 import type { McpServerConfig } from "../harness/config.js";
 import type { McpToolDef } from "./types.js";
+type ForTestingOptions = {
+    name: string;
+    cfg: McpServerConfig;
+    sdk: SdkClient;
+    timeoutMs: number;
+    reconnect?: () => Promise<SdkClient>;
+};
 export declare class McpClient {
     readonly name: string;
-    private proc;
-    private nextId;
-    private pending;
-    private ready;
-    private dead;
+    instructions: string | null;
+    private sdk;
     private cfg;
     private timeoutMs;
+    private reconnectImpl;
     private constructor();
-    /** Server-provided instructions (from capabilities during init) */
-    instructions: string | null;
-    static connect(cfg: McpServerConfig, timeoutMs?: number): Promise<McpClient>;
+    static connect(cfg: McpServerConfig, timeoutMsOrOpts?: number | {
+        timeoutMs?: number;
+        openFn?: (url: string) => Promise<void>;
+        storageDir?: string;
+    } | undefined): Promise<McpClient>;
+    /** Test-only constructor. Not exported from the package's public API. */
+    static _forTesting(opts: ForTestingOptions): McpClient;
+    private defaultReconnect;
     listTools(): Promise<McpToolDef[]>;
     listResources(): Promise<Array<{
         uri: string;
@@ -21,8 +32,7 @@ export declare class McpClient {
     }>>;
     readResource(uri: string): Promise<string>;
     callTool(name: string, args: Record<string, unknown>): Promise<string>;
-    private callWithTimeout;
-    private call;
     disconnect(): void;
 }
+export {};
 //# sourceMappingURL=client.d.ts.map

package/dist/mcp/client.js

@@ -1,150 +1,130 @@
-import { spawn } from "node:child_process";
-import { createInterface } from "node:readline";
-import { safeEnv } from "../utils/safe-env.js";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import open from "open";
+import { normalizeMcpConfig } from "./config-normalize.js";
+import { buildAuthProvider } from "./oauth.js";
+import { buildClient, connectWithFallback } from "./transport.js";
+function credentialsDir() {
+    return join(homedir(), ".oh", "credentials", "mcp");
+}
+const DEFAULT_TIMEOUT_MS = 5_000;
 export class McpClient {
     name;
-    proc;
-    nextId = 1;
-    pending = new Map();
-    // biome-ignore lint/correctness/noUnusedPrivateClassMembers: set via Object.assign in static factory
-    ready = false;
-    dead = false;
+    instructions = null;
+    sdk;
     cfg;
     timeoutMs;
-    constructor(name, proc, cfg, timeoutMs) {
+    reconnectImpl;
+    constructor(name, cfg, sdk, timeoutMs, reconnect) {
         this.name = name;
-        this.proc = proc;
         this.cfg = cfg;
+        this.sdk = sdk;
         this.timeoutMs = timeoutMs;
-        const rl = createInterface({ input: proc.stdout });
-        rl.on("line", (line) => {
-            try {
-                const msg = JSON.parse(line);
-                const p = this.pending.get(msg.id);
-                if (p) {
-                    this.pending.delete(msg.id);
-                    p.resolve(msg);
-                }
-            }
-            catch {
-                // non-JSON line from server (e.g. startup noise) — ignore
-            }
-        });
-        proc.on("exit", () => {
-            this.dead = true;
-            for (const p of this.pending.values()) {
-                p.reject(new Error(`MCP server '${name}' exited`));
-            }
-            this.pending.clear();
-        });
+        this.reconnectImpl = reconnect ?? (() => this.defaultReconnect());
+        const instr = sdk.getInstructions?.();
+        if (instr && typeof instr === "string") {
+            this.instructions = instr;
+        }
     }
-    /** Server-provided instructions (from capabilities during init) */
-    instructions = null;
-    static async connect(cfg, timeoutMs = cfg.timeout ?? 5_000) {
-        const proc = spawn(cfg.command, cfg.args ?? [], {
-            stdio: ["pipe", "pipe", "pipe"],
-            env: safeEnv(cfg.env),
+    static async connect(cfg, timeoutMsOrOpts = undefined) {
+        // Backward-compatible: accept number for timeout OR options object
+        const opts = typeof timeoutMsOrOpts === "number" ? { timeoutMs: timeoutMsOrOpts } : (timeoutMsOrOpts ?? {});
+        const timeoutMs = opts.timeoutMs ?? cfg.timeout ?? DEFAULT_TIMEOUT_MS;
+        const openFn = opts.openFn ??
+            (async (url) => {
+                await open(url);
+            });
+        const storageDirResolved = opts.storageDir ?? credentialsDir();
+        const normalized = normalizeMcpConfig(cfg, process.env);
+        if (normalized.kind === "error") {
+            throw new Error(normalized.message);
+        }
+        const authProvider = buildAuthProvider(normalized.cfg, storageDirResolved, openFn);
+        if (authProvider)
+            await authProvider.ready();
+        try {
+            const sdk = await connectWithFallback(normalized.cfg, (c) => buildClient(c, { authProvider }));
+            return new McpClient(cfg.name, cfg, sdk, timeoutMs);
+        }
+        finally {
+            authProvider?.close();
+        }
+    }
+    /** Test-only constructor. Not exported from the package's public API. */
+    static _forTesting(opts) {
+        return new McpClient(opts.name, opts.cfg, opts.sdk, opts.timeoutMs, opts.reconnect);
+    }
+    async defaultReconnect() {
+        const normalized = normalizeMcpConfig(this.cfg, process.env);
+        if (normalized.kind === "error")
+            throw new Error(normalized.message);
+        const authProvider = buildAuthProvider(normalized.cfg, credentialsDir(), async (url) => {
+            await open(url);
         });
-        const client = new McpClient(cfg.name, proc, cfg, timeoutMs);
-        // Initialize handshake
-        const initResponse = await Promise.race([
-            client.call("initialize", {
-                protocolVersion: "2024-11-05",
-                clientInfo: { name: "openharness", version: "0.2.1" },
-                capabilities: {},
-            }),
-            new Promise((_, reject) => setTimeout(() => reject(new Error(`MCP '${cfg.name}' init timeout`)), timeoutMs)),
-        ]);
-        // Extract server instructions from init response
-        const serverInfo = initResponse?.result;
-        if (serverInfo?.instructions && typeof serverInfo.instructions === "string") {
-            client.instructions = serverInfo.instructions;
+        if (authProvider)
+            await authProvider.ready();
+        try {
+            return await connectWithFallback(normalized.cfg, (c) => buildClient(c, { authProvider }));
+        }
+        finally {
+            authProvider?.close();
         }
-        await client.call("notifications/initialized", {});
-        client.ready = true;
-        return client;
     }
     async listTools() {
-        const res = await this.call("tools/list", {});
-        return (res.result?.tools ?? []);
+        const res = await this.sdk.listTools();
+        return (res?.tools ?? []);
     }
     async listResources() {
         try {
-            const res = await this.callWithTimeout("resources/list", {});
-            return (res.result?.resources ?? []);
+            const res = await this.sdk.listResources();
+            return (res?.resources ?? []);
         }
         catch {
             return []; // Server may not support resources
         }
     }
     async readResource(uri) {
-        const res = await this.callWithTimeout("resources/read", { uri });
-        if (res.error)
-            throw new Error(res.error.message);
-        const contents = res.result?.contents ?? [];
+        const res = await this.sdk.readResource({ uri });
+        const contents = res?.contents ?? [];
         return contents
-            .filter((c) => c.text)
+            .filter((c) => typeof c.text === "string")
             .map((c) => c.text)
             .join("\n");
     }
     async callTool(name, args) {
-        if (this.dead) {
-            try {
-                const fresh = await McpClient.connect(this.cfg, this.timeoutMs);
-                Object.assign(this, { proc: fresh.proc, dead: false, ready: true, nextId: 1, pending: new Map() });
-            }
-            catch {
-                throw new Error(`MCP server '${this.name}' died and restart failed`);
-            }
-        }
-        // Retry up to 2 times for transient failures
-        let lastError = null;
+        // Retry up to 2 times on transport-closed / timeout errors
+        let lastErr = null;
         for (let attempt = 0; attempt < 3; attempt++) {
             try {
-                const res = await this.callWithTimeout("tools/call", { name, arguments: args });
-                if (res.error)
-                    throw new Error(res.error.message);
-                const content = res.result?.content ?? [];
-                return content
-                    .filter((c) => c.type === "text")
+                const res = await this.sdk.callTool({ name, arguments: args });
+                const content = (res?.content ?? []);
+                const text = content
+                    .filter((c) => c.type === "text" && typeof c.text === "string")
                     .map((c) => c.text)
                     .join("\n");
+                if (res?.isError) {
+                    throw new Error(text || `MCP tool '${name}' returned an error`);
+                }
+                return text;
             }
             catch (err) {
-                lastError = err instanceof Error ? err : new Error(String(err));
-                // Only retry on timeout or server death — not on application errors
-                if (!lastError.message.includes("timeout") && !lastError.message.includes("exited")) {
-                    throw lastError;
+                lastErr = err instanceof Error ? err : new Error(String(err));
+                const msg = lastErr.message;
+                const retryable = /transport closed|timeout|ECONNRESET|stream closed|socket hang up/i.test(msg);
+                if (!retryable || attempt === 2)
+                    throw lastErr;
+                try {
+                    this.sdk = await this.reconnectImpl();
                 }
-                if (this.dead && attempt < 2) {
-                    try {
-                        const fresh = await McpClient.connect(this.cfg, this.timeoutMs);
-                        Object.assign(this, { proc: fresh.proc, dead: false, ready: true, nextId: 1, pending: new Map() });
-                    }
-                    catch {
-                        throw new Error(`MCP server '${this.name}' died and restart failed`);
-                    }
+                catch (reErr) {
+                    throw new Error(`MCP '${this.name}' died and reconnect failed: ${reErr instanceof Error ? reErr.message : String(reErr)}`);
                 }
             }
         }
-        throw lastError ?? new Error(`MCP '${this.name}' call failed after retries`);
-    }
-    callWithTimeout(method, params) {
-        return Promise.race([
-            this.call(method, params),
-            new Promise((_, reject) => setTimeout(() => reject(new Error(`MCP '${this.name}' call timeout (${this.timeoutMs}ms)`)), this.timeoutMs)),
-        ]);
-    }
-    call(method, params) {
-        return new Promise((resolve, reject) => {
-            const id = this.nextId++;
-            const req = { jsonrpc: "2.0", id, method, params };
-            this.pending.set(id, { resolve, reject });
-            this.proc.stdin.write(`${JSON.stringify(req)}\n`);
-        });
+        throw lastErr ?? new Error(`MCP '${this.name}' callTool failed after retries`);
     }
     disconnect() {
-        this.proc.kill();
+        void this.sdk.close?.();
     }
 }
 //# sourceMappingURL=client.js.map

package/dist/mcp/config-normalize.d.ts

@@ -0,0 +1,24 @@
+import type { McpHttpConfig, McpServerConfig, McpSseConfig, McpStdioConfig } from "../harness/config.js";
+/** Discriminated-union result: either a validated config or a human-readable error. */
+export type NormalizeResult = {
+    kind: "ok";
+    cfg: NormalizedConfig;
+} | {
+    kind: "error";
+    message: string;
+};
+export type NormalizedConfig = (McpStdioConfig & {
+    type: "stdio";
+}) | (McpHttpConfig & {
+    inferredFromUrl?: boolean;
+}) | (McpSseConfig & {
+    inferredFromUrl?: boolean;
+});
+/**
+ * Validate + normalize a raw MCP server config entry.
+ * - Infers missing `type` from `command`/`url`.
+ * - Interpolates ${ENV} in headers (http/sse only).
+ * - Returns {kind:"error"} with a reason for any invalid combination.
+ */
+export declare function normalizeMcpConfig(raw: McpServerConfig, env: Record<string, string | undefined>): NormalizeResult;
+//# sourceMappingURL=config-normalize.d.ts.map