@zhijiewang/openharness 2.10.0 → 2.12.0

package/dist/mcp/transport.js

@@ -0,0 +1,219 @@
+import { createRequire } from "node:module";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+const pkg = createRequire(import.meta.url)("../../package.json");
+export class RemoteAuthRequiredError extends Error {
+    serverName;
+    wwwAuthenticate;
+    constructor(serverName, wwwAuthenticate) {
+        super(`MCP server '${serverName}' requires authentication. ` +
+            `Add 'auth: oauth' to enable the OAuth 2.1 flow, or set headers.Authorization for a static bearer token.`);
+        this.name = "RemoteAuthRequiredError";
+        this.serverName = serverName;
+        this.wwwAuthenticate = wwwAuthenticate;
+    }
+}
+export class UnreachableError extends Error {
+    serverName;
+    cause;
+    constructor(serverName, cause) {
+        const causeMsg = cause instanceof Error ? cause.message : String(cause);
+        super(`MCP server '${serverName}' unreachable: ${causeMsg}`);
+        this.name = "UnreachableError";
+        this.serverName = serverName;
+        this.cause = cause;
+    }
+}
+export class ProtocolError extends Error {
+    serverName;
+    cause;
+    constructor(serverName, cause) {
+        const causeMsg = cause instanceof Error ? cause.message : String(cause);
+        super(`MCP server '${serverName}' protocol error: ${causeMsg}`);
+        this.name = "ProtocolError";
+        this.serverName = serverName;
+        this.cause = cause;
+    }
+}
+/**
+ * Construct an SDK Transport for a normalized config.
+ * Does NOT call .start() — caller (Client.connect) handles that.
+ */
+export async function buildTransport(cfg, opts = {}) {
+    if (cfg.type === "stdio") {
+        return new StdioClientTransport({
+            command: cfg.command,
+            args: cfg.args,
+            env: cfg.env,
+        });
+    }
+    if (cfg.type === "http") {
+        return new StreamableHTTPClientTransport(new URL(cfg.url), {
+            requestInit: cfg.headers ? { headers: cfg.headers } : undefined,
+            authProvider: opts.authProvider,
+        });
+    }
+    if (cfg.type === "sse") {
+        return new SSEClientTransport(new URL(cfg.url), {
+            requestInit: cfg.headers ? { headers: cfg.headers } : undefined,
+            authProvider: opts.authProvider,
+        });
+    }
+    throw new Error(`unknown transport type: ${cfg.type}`);
+}
+/**
+ * Does this error indicate "try the legacy SSE transport instead"?
+ * Yes for 4xx OTHER than 401-with-WWW-Authenticate (which is a real auth challenge).
+ */
+function isFallbackCandidate(err) {
+    const code = err?.code;
+    if (typeof code !== "number")
+        return false;
+    if (code < 400 || code >= 500)
+        return false;
+    if (code === 401) {
+        const www = err?.headers?.["www-authenticate"];
+        if (typeof www === "string" && www.length > 0)
+            return false;
+    }
+    return true;
+}
+function extractWwwAuthenticate(err) {
+    const code = err?.code;
+    if (code !== 401)
+        return undefined;
+    const www = err?.headers?.["www-authenticate"];
+    return typeof www === "string" ? www : undefined;
+}
+/**
+ * Connect to an MCP server, with auto-fallback from Streamable HTTP to
+ * legacy SSE when the config's type was INFERRED from url (not explicit).
+ *
+ * `doConnect` is the side-effecting step — build/connect a transport and
+ * return the opaque client. Kept injectable for tests; production call-site
+ * wires it to `buildClient` (Task 7).
+ */
+export async function connectWithFallback(cfg, doConnect) {
+    try {
+        return await doConnect(cfg);
+    }
+    catch (err) {
+        // Auth challenge → surface immediately, never fall back
+        const www = extractWwwAuthenticate(err);
+        if (www !== undefined)
+            throw new RemoteAuthRequiredError(cfg.name, www);
+        // Explicit type → surface as-is
+        const inferred = cfg.inferredFromUrl === true;
+        if (!inferred)
+            throw err;
+        // Only http-was-inferred-first falls back to sse; other shapes surface
+        if (cfg.type !== "http")
+            throw err;
+        if (!isFallbackCandidate(err))
+            throw err;
+        // Log + retry
+        console.warn(`[mcp] ${cfg.name}: Streamable HTTP failed (${err.message}); trying legacy SSE`);
+        const sseCfg = { ...cfg, type: "sse" };
+        return await doConnect(sseCfg);
+    }
+}
+const DEFAULT_TIMEOUT_MS = 5_000;
+const CLIENT_INFO = { name: "openharness", version: pkg.version };
+/** Duck-type check: does this provider expose awaitCallback (our OhOAuthProvider)? */
+function hasAwaitCallback(p) {
+    return typeof p.awaitCallback === "function";
+}
+/**
+ * Build a connected SDK Client for a normalized config.
+ * Maps connect-time errors into OH's typed error taxonomy.
+ *
+ * When the auth provider exposes `awaitCallback()` (i.e. OhOAuthProvider), this
+ * function handles the full OAuth callback → finishAuth → reconnect loop so callers
+ * don't need to orchestrate it manually.
+ */
+export async function buildClient(cfg, opts = {}) {
+    const transport = await buildTransport(cfg, opts);
+    const client = new Client(CLIENT_INFO, { capabilities: {} });
+    const timeoutMs = cfg.timeout ?? DEFAULT_TIMEOUT_MS;
+    async function tryConnect() {
+        let timer = null;
+        try {
+            await Promise.race([
+                client.connect(transport),
+                new Promise((_, reject) => {
+                    timer = setTimeout(() => reject(new Error(`init timeout after ${timeoutMs}ms`)), timeoutMs);
+                }),
+            ]);
+        }
+        finally {
+            if (timer !== null)
+                clearTimeout(timer);
+        }
+    }
+    try {
+        await tryConnect();
+        return client;
+    }
+    catch (err) {
+        // If the SDK requires a browser-based OAuth flow (UnauthorizedError after REDIRECT),
+        // and our provider knows how to await the callback, complete the loop here.
+        // Per the SDK design, after finishAuth we must create a fresh transport + client
+        // because the original transport is already in a "started" state.
+        if (err instanceof UnauthorizedError && opts.authProvider && hasAwaitCallback(opts.authProvider)) {
+            try {
+                const { code } = await opts.authProvider.awaitCallback();
+                await transport.finishAuth(code);
+                // Close the old transport before constructing a fresh one — the SDK's
+                // Transport is one-shot after an UnauthorizedError; leaving it open leaks
+                // the underlying TCP socket / event stream.
+                try {
+                    await transport.close?.();
+                }
+                catch {
+                    // best-effort
+                }
+                // Build a fresh transport + client for the authenticated retry
+                const freshTransport = await buildTransport(cfg, opts);
+                const freshClient = new Client(CLIENT_INFO, { capabilities: {} });
+                let freshTimer = null;
+                try {
+                    await Promise.race([
+                        freshClient.connect(freshTransport),
+                        new Promise((_, reject) => {
+                            freshTimer = setTimeout(() => reject(new Error(`init timeout after ${timeoutMs}ms`)), timeoutMs);
+                        }),
+                    ]);
+                }
+                finally {
+                    if (freshTimer !== null)
+                        clearTimeout(freshTimer);
+                }
+                return freshClient;
+            }
+            catch (oauthErr) {
+                // Classify the retry error the same way as the primary path
+                if (oauthErr instanceof RemoteAuthRequiredError ||
+                    oauthErr instanceof UnreachableError ||
+                    oauthErr instanceof ProtocolError) {
+                    throw oauthErr;
+                }
+                throw new ProtocolError(cfg.name, oauthErr);
+            }
+        }
+        // Leave RemoteAuthRequiredError / UnreachableError / ProtocolError as-is
+        if (err instanceof RemoteAuthRequiredError || err instanceof UnreachableError || err instanceof ProtocolError) {
+            throw err;
+        }
+        // Network-shaped errors (DNS, TCP, TLS, timeout) → Unreachable
+        const msg = err?.message ?? String(err);
+        if (/timeout|ECONNREFUSED|ENOTFOUND|ETIMEDOUT|EAI_AGAIN|network|fetch failed/i.test(msg)) {
+            throw new UnreachableError(cfg.name, err);
+        }
+        // Otherwise protocol-shaped
+        throw new ProtocolError(cfg.name, err);
+    }
+}
+//# sourceMappingURL=transport.js.map

package/dist/mcp/types.d.ts

@@ -1,19 +1,4 @@
-/** Minimal MCP protocol types (JSON-RPC 2.0 over stdio) */
-export interface JsonRpcRequest {
-    jsonrpc: "2.0";
-    id: number;
-    method: string;
-    params?: unknown;
-}
-export interface JsonRpcResponse {
-    jsonrpc: "2.0";
-    id: number;
-    result?: unknown;
-    error?: {
-        code: number;
-        message: string;
-    };
-}
+/** MCP tool definition as returned by `tools/list`. */
 export interface McpToolDef {
     name: string;
     description?: string;

package/dist/mcp/types.js

@@ -1,3 +1,2 @@
-/** Minimal MCP protocol types (JSON-RPC 2.0 over stdio) */
 export {};
 //# sourceMappingURL=types.js.map

package/dist/tools/TaskUpdateTool/index.d.ts

@@ -12,7 +12,7 @@ declare const inputSchema: z.ZodObject<{
     addBlockedBy: z.ZodOptional<z.ZodArray<z.ZodNumber, "many">>;
 }, "strip", z.ZodTypeAny, {
     taskId: number;
-    status?: "completed" | "pending" | "cancelled" | "in_progress" | "deleted" | undefined;
+    status?: "completed" | "cancelled" | "pending" | "in_progress" | "deleted" | undefined;
     description?: string | undefined;
     metadata?: Record<string, unknown> | undefined;
     subject?: string | undefined;
@@ -22,7 +22,7 @@ declare const inputSchema: z.ZodObject<{
     addBlockedBy?: number[] | undefined;
 }, {
     taskId: number;
-    status?: "completed" | "pending" | "cancelled" | "in_progress" | "deleted" | undefined;
+    status?: "completed" | "cancelled" | "pending" | "in_progress" | "deleted" | undefined;
     description?: string | undefined;
     metadata?: Record<string, unknown> | undefined;
     subject?: string | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhijiewang/openharness",
-  "version": "2.10.0",
+  "version": "2.12.0",
   "description": "Open-source terminal coding agent. Works with any LLM.",
   "type": "module",
   "bin": {
@@ -36,6 +36,7 @@
     "start": "node dist/main.js"
   },
   "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
     "better-sqlite3": "^12.9.0",
     "chalk": "^5.4.1",
     "commander": "^13.0.0",
@@ -43,6 +44,7 @@
     "ink-spinner": "^5.0.0",
     "ink-text-input": "^6.0.0",
     "marked": "^17.0.5",
+    "open": "^11.0.0",
     "react": "^18.3.1",
     "yaml": "^2.7.0",
     "zod": "^3.24.0"