agents 0.0.0-07086ea → 0.0.0-0bb74b8

package/src/index.ts

@@ -1,20 +1,32 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import type { SSEClientTransportOptions } from "@modelcontextprotocol/sdk/client/sse.js";
+
+import type {
+  Prompt,
+  Resource,
+  ServerCapabilities,
+  Tool
+} from "@modelcontextprotocol/sdk/types.js";
+import { parseCronExpression } from "cron-schedule";
+import { nanoid } from "nanoid";
+import { EmailMessage } from "cloudflare:email";
 import {
-  Server,
-  routePartykitRequest,
-  type PartyServerOptions,
-  getServerByName,
   type Connection,
   type ConnectionContext,
+  type PartyServerOptions,
+  Server,
   type WSMessage,
+  getServerByName,
+  routePartykitRequest
 } from "partyserver";
-
-import { parseCronExpression } from "cron-schedule";
-import { nanoid } from "nanoid";
-
-import { AsyncLocalStorage } from "node:async_hooks";
+import { camelCaseToKebabCase } from "./client";
 import { MCPClientManager } from "./mcp/client";
+// import type { MCPClientConnection } from "./mcp/client-connection";
+import { DurableObjectOAuthClientProvider } from "./mcp/do-oauth-client-provider";
+import { genericObservability, type Observability } from "./observability";
 
-export type { Connection, WSMessage, ConnectionContext } from "partyserver";
+export type { Connection, ConnectionContext, WSMessage } from "partyserver";
 
 /**
  * RPC request message from client
@@ -98,7 +110,6 @@ export type CallableMetadata = {
   streaming?: boolean;
 };
 
-// biome-ignore lint/complexity/noBannedTypes: <explanation>
 const callableMetadata = new Map<Function, CallableMetadata>();
 
 /**
@@ -108,6 +119,7 @@ const callableMetadata = new Map<Function, CallableMetadata>();
 export function unstable_callable(metadata: CallableMetadata = {}) {
   return function callableDecorator<This, Args extends unknown[], Return>(
     target: (this: This, ...args: Args) => Return,
+    // biome-ignore lint/correctness/noUnusedFunctionParameters: later
     context: ClassMethodDecoratorContext
   ) {
     if (!callableMetadata.has(target)) {
@@ -159,29 +171,96 @@ function getNextCronTime(cron: string) {
   return interval.getNextDate();
 }
 
+/**
+ * MCP Server state update message from server -> Client
+ */
+export type MCPServerMessage = {
+  type: "cf_agent_mcp_servers";
+  mcp: MCPServersState;
+};
+
+export type MCPServersState = {
+  servers: {
+    [id: string]: MCPServer;
+  };
+  tools: Tool[];
+  prompts: Prompt[];
+  resources: Resource[];
+};
+
+export type MCPServer = {
+  name: string;
+  server_url: string;
+  auth_url: string | null;
+  // This state is specifically about the temporary process of getting a token (if needed).
+  // Scope outside of that can't be relied upon because when the DO sleeps, there's no way
+  // to communicate a change to a non-ready state.
+  state: "authenticating" | "connecting" | "ready" | "discovering" | "failed";
+  instructions: string | null;
+  capabilities: ServerCapabilities | null;
+};
+
+/**
+ * MCP Server data stored in DO SQL for resuming MCP Server connections
+ */
+type MCPServerRow = {
+  id: string;
+  name: string;
+  server_url: string;
+  client_id: string | null;
+  auth_url: string | null;
+  callback_url: string;
+  server_options: string;
+};
+
 const STATE_ROW_ID = "cf_state_row_id";
 const STATE_WAS_CHANGED = "cf_state_was_changed";
 
 const DEFAULT_STATE = {} as unknown;
 
-export const unstable_context = new AsyncLocalStorage<{
+const agentContext = new AsyncLocalStorage<{
   agent: Agent<unknown>;
   connection: Connection | undefined;
   request: Request | undefined;
+  email: AgentEmail | undefined;
 }>();
 
+export function getCurrentAgent<
+  T extends Agent<unknown, unknown> = Agent<unknown, unknown>
+>(): {
+  agent: T | undefined;
+  connection: Connection | undefined;
+  request: Request<unknown, CfProperties<unknown>> | undefined;
+} {
+  const store = agentContext.getStore() as
+    | {
+        agent: T;
+        connection: Connection | undefined;
+        request: Request<unknown, CfProperties<unknown>> | undefined;
+      }
+    | undefined;
+  if (!store) {
+    return {
+      agent: undefined,
+      connection: undefined,
+      request: undefined
+    };
+  }
+  return store;
+}
+
 /**
  * Base class for creating Agent implementations
  * @template Env Environment type containing bindings
  * @template State State type to store within the Agent
  */
 export class Agent<Env, State = unknown> extends Server<Env> {
-  #state = DEFAULT_STATE as State;
+  private _state = DEFAULT_STATE as State;
 
-  #ParentClass: typeof Agent<Env, State> =
+  private _ParentClass: typeof Agent<Env, State> =
     Object.getPrototypeOf(this).constructor;
 
-  mcp: MCPClientManager = new MCPClientManager(this.#ParentClass.name, "0.0.1");
+  mcp: MCPClientManager = new MCPClientManager(this._ParentClass.name, "0.0.1");
 
   /**
    * Initial state for the Agent
@@ -193,9 +272,9 @@ export class Agent<Env, State = unknown> extends Server<Env> {
    * Current state of the Agent
    */
   get state(): State {
-    if (this.#state !== DEFAULT_STATE) {
+    if (this._state !== DEFAULT_STATE) {
       // state was previously set, and populated internal state
-      return this.#state;
+      return this._state;
     }
     // looks like this is the first time the state is being accessed
     // check if the state was set in a previous life
@@ -215,8 +294,8 @@ export class Agent<Env, State = unknown> extends Server<Env> {
     ) {
       const state = result[0]?.state as string; // could be null?
 
-      this.#state = JSON.parse(state);
-      return this.#state;
+      this._state = JSON.parse(state);
+      return this._state;
     }
 
     // ok, this is the first time the state is being accessed
@@ -237,9 +316,14 @@ export class Agent<Env, State = unknown> extends Server<Env> {
    */
   static options = {
     /** Whether the Agent should hibernate when inactive */
-    hibernate: true, // default to hibernate
+    hibernate: true // default to hibernate
   };
 
+  /**
+   * The observability implementation to use for the Agent
+   */
+  observability?: Observability = genericObservability;
+
   /**
    * Execute SQL queries against the Agent's database
    * @template T Type of the returned rows
@@ -277,7 +361,7 @@ export class Agent<Env, State = unknown> extends Server<Env> {
     `;
 
     void this.ctx.blockConcurrencyWhile(async () => {
-      return this.#tryCatch(async () => {
+      return this._tryCatch(async () => {
         // Create alarms table if it doesn't exist
         this.sql`
         CREATE TABLE IF NOT EXISTS cf_agents_schedules (
@@ -297,25 +381,65 @@ export class Agent<Env, State = unknown> extends Server<Env> {
       });
     });
 
+    this.sql`
+      CREATE TABLE IF NOT EXISTS cf_agents_mcp_servers (
+        id TEXT PRIMARY KEY NOT NULL,
+        name TEXT NOT NULL,
+        server_url TEXT NOT NULL,
+        callback_url TEXT NOT NULL,
+        client_id TEXT,
+        auth_url TEXT,
+        server_options TEXT
+      )
+    `;
+
+    const _onRequest = this.onRequest.bind(this);
+    this.onRequest = (request: Request) => {
+      return agentContext.run(
+        { agent: this, connection: undefined, request, email: undefined },
+        async () => {
+          if (this.mcp.isCallbackRequest(request)) {
+            await this.mcp.handleCallbackRequest(request);
+
+            // after the MCP connection handshake, we can send updated mcp state
+            this.broadcast(
+              JSON.stringify({
+                mcp: this.getMcpServers(),
+                type: "cf_agent_mcp_servers"
+              })
+            );
+
+            // We probably should let the user configure this response/redirect, but this is fine for now.
+            return new Response("<script>window.close();</script>", {
+              headers: { "content-type": "text/html" },
+              status: 200
+            });
+          }
+
+          return this._tryCatch(() => _onRequest(request));
+        }
+      );
+    };
+
     const _onMessage = this.onMessage.bind(this);
     this.onMessage = async (connection: Connection, message: WSMessage) => {
-      return unstable_context.run(
-        { agent: this, connection, request: undefined },
+      return agentContext.run(
+        { agent: this, connection, request: undefined, email: undefined },
         async () => {
           if (typeof message !== "string") {
-            return this.#tryCatch(() => _onMessage(connection, message));
+            return this._tryCatch(() => _onMessage(connection, message));
           }
 
           let parsed: unknown;
           try {
             parsed = JSON.parse(message);
-          } catch (e) {
+          } catch (_e) {
             // silently fail and let the onMessage handler handle it
-            return this.#tryCatch(() => _onMessage(connection, message));
+            return this._tryCatch(() => _onMessage(connection, message));
           }
 
           if (isStateUpdateMessage(parsed)) {
-            this.#setStateInternal(parsed.state as State, connection);
+            this._setStateInternal(parsed.state as State, connection);
             return;
           }
 
@@ -329,11 +453,10 @@ export class Agent<Env, State = unknown> extends Server<Env> {
                 throw new Error(`Method ${method} does not exist`);
               }
 
-              if (!this.#isCallable(method)) {
+              if (!this._isCallable(method)) {
                 throw new Error(`Method ${method} is not callable`);
               }
 
-              // biome-ignore lint/complexity/noBannedTypes: <explanation>
               const metadata = callableMetadata.get(methodFn as Function);
 
               // For streaming methods, pass a StreamingResponse object
@@ -345,22 +468,39 @@ export class Agent<Env, State = unknown> extends Server<Env> {
 
               // For regular methods, execute and send response
               const result = await methodFn.apply(this, args);
+
+              this.observability?.emit(
+                {
+                  displayMessage: `RPC call to ${method}`,
+                  id: nanoid(),
+                  payload: {
+                    args,
+                    method,
+                    streaming: metadata?.streaming,
+                    success: true
+                  },
+                  timestamp: Date.now(),
+                  type: "rpc"
+                },
+                this.ctx
+              );
+
               const response: RPCResponse = {
-                type: "rpc",
+                done: true,
                 id,
-                success: true,
                 result,
-                done: true,
+                success: true,
+                type: "rpc"
               };
               connection.send(JSON.stringify(response));
             } catch (e) {
               // Send error response
               const response: RPCResponse = {
-                type: "rpc",
-                id: parsed.id,
-                success: false,
                 error:
                   e instanceof Error ? e.message : "Unknown error occurred",
+                id: parsed.id,
+                success: false,
+                type: "rpc"
               };
               connection.send(JSON.stringify(response));
               console.error("RPC error:", e);
@@ -368,7 +508,7 @@ export class Agent<Env, State = unknown> extends Server<Env> {
             return;
           }
 
-          return this.#tryCatch(() => _onMessage(connection, message));
+          return this._tryCatch(() => _onMessage(connection, message));
         }
       );
     };
@@ -377,27 +517,94 @@ export class Agent<Env, State = unknown> extends Server<Env> {
     this.onConnect = (connection: Connection, ctx: ConnectionContext) => {
       // TODO: This is a hack to ensure the state is sent after the connection is established
       // must fix this
-      return unstable_context.run(
-        { agent: this, connection, request: ctx.request },
+      return agentContext.run(
+        { agent: this, connection, request: ctx.request, email: undefined },
         async () => {
           setTimeout(() => {
             if (this.state) {
               connection.send(
                 JSON.stringify({
-                  type: "cf_agent_state",
                   state: this.state,
+                  type: "cf_agent_state"
                 })
               );
             }
-            return this.#tryCatch(() => _onConnect(connection, ctx));
+
+            connection.send(
+              JSON.stringify({
+                mcp: this.getMcpServers(),
+                type: "cf_agent_mcp_servers"
+              })
+            );
+
+            this.observability?.emit(
+              {
+                displayMessage: "Connection established",
+                id: nanoid(),
+                payload: {
+                  connectionId: connection.id
+                },
+                timestamp: Date.now(),
+                type: "connect"
+              },
+              this.ctx
+            );
+            return this._tryCatch(() => _onConnect(connection, ctx));
           }, 20);
         }
       );
     };
+
+    const _onStart = this.onStart.bind(this);
+    this.onStart = async () => {
+      return agentContext.run(
+        {
+          agent: this,
+          connection: undefined,
+          request: undefined,
+          email: undefined
+        },
+        async () => {
+          const servers = this.sql<MCPServerRow>`
+            SELECT id, name, server_url, client_id, auth_url, callback_url, server_options FROM cf_agents_mcp_servers;
+          `;
+
+          // from DO storage, reconnect to all servers not currently in the oauth flow using our saved auth information
+          Promise.allSettled(
+            servers.map((server) => {
+              return this._connectToMcpServerInternal(
+                server.name,
+                server.server_url,
+                server.callback_url,
+                server.server_options
+                  ? JSON.parse(server.server_options)
+                  : undefined,
+                {
+                  id: server.id,
+                  oauthClientId: server.client_id ?? undefined
+                }
+              );
+            })
+          ).then((_results) => {
+            this.broadcast(
+              JSON.stringify({
+                mcp: this.getMcpServers(),
+                type: "cf_agent_mcp_servers"
+              })
+            );
+          });
+          await this._tryCatch(() => _onStart());
+        }
+      );
+    };
   }
 
-  #setStateInternal(state: State, source: Connection | "server" = "server") {
-    this.#state = state;
+  private _setStateInternal(
+    state: State,
+    source: Connection | "server" = "server"
+  ) {
+    const previousState = this._state;
+    this._state = state;
     this.sql`
     INSERT OR REPLACE INTO cf_agents_state (id, state)
     VALUES (${STATE_ROW_ID}, ${JSON.stringify(state)})
@@ -408,16 +615,29 @@ export class Agent<Env, State = unknown> extends Server<Env> {
   `;
     this.broadcast(
       JSON.stringify({
-        type: "cf_agent_state",
         state: state,
+        type: "cf_agent_state"
       }),
       source !== "server" ? [source.id] : []
     );
-    return this.#tryCatch(() => {
-      const { connection, request } = unstable_context.getStore() || {};
-      return unstable_context.run(
-        { agent: this, connection, request },
+    return this._tryCatch(() => {
+      const { connection, request, email } = agentContext.getStore() || {};
+      return agentContext.run(
+        { agent: this, connection, request, email },
         async () => {
+          this.observability?.emit(
+            {
+              displayMessage: "State updated",
+              id: nanoid(),
+              payload: {
+                previousState,
+                state
+              },
+              timestamp: Date.now(),
+              type: "state:update"
+            },
+            this.ctx
+          );
           return this.onStateUpdate(state, source);
         }
       );
@@ -429,7 +649,7 @@ export class Agent<Env, State = unknown> extends Server<Env> {
    * @param state New state to set
    */
   setState(state: State) {
-    this.#setStateInternal(state, "server");
+    this._setStateInternal(state, "server");
   }
 
   /**
@@ -437,24 +657,90 @@ export class Agent<Env, State = unknown> extends Server<Env> {
    * @param state Updated state
    * @param source Source of the state update ("server" or a client connection)
    */
+  // biome-ignore lint/correctness/noUnusedFunctionParameters: overridden later
   onStateUpdate(state: State | undefined, source: Connection | "server") {
     // override this to handle state updates
   }
 
   /**
-   * Called when the Agent receives an email
+   * Called when the Agent receives an email via routeAgentEmail()
+   * Override this method to handle incoming emails
    * @param email Email message to process
    */
-  onEmail(email: ForwardableEmailMessage) {
-    return unstable_context.run(
-      { agent: this, connection: undefined, request: undefined },
+  async _onEmail(email: AgentEmail) {
+    // nb: we use this roundabout way of getting to onEmail
+    // because of https://github.com/cloudflare/workerd/issues/4499
+    return agentContext.run(
+      { agent: this, connection: undefined, request: undefined, email: email },
       async () => {
-        console.error("onEmail not implemented");
+        if ("onEmail" in this && typeof this.onEmail === "function") {
+          return this._tryCatch(() =>
+            (this.onEmail as (email: AgentEmail) => Promise<void>)(email)
+          );
+        } else {
+          console.log("Received email from:", email.from, "to:", email.to);
+          console.log("Subject:", email.headers.get("subject"));
+          console.log(
+            "Implement onEmail(email: AgentEmail): Promise<void> in your agent to process emails"
+          );
+        }
       }
     );
   }
 
-  async #tryCatch<T>(fn: () => T | Promise<T>) {
+  /**
+   * Reply to an email
+   * @param email The email to reply to
+   * @param options Options for the reply
+   * @returns void
+   */
+  async replyToEmail(
+    email: AgentEmail,
+    options: {
+      fromName: string;
+      subject?: string | undefined;
+      body: string;
+      contentType?: string;
+      headers?: Record<string, string>;
+    }
+  ): Promise<void> {
+    return this._tryCatch(async () => {
+      const agentName = camelCaseToKebabCase(this._ParentClass.name);
+      const agentId = this.name;
+
+      const { createMimeMessage } = await import("mimetext");
+      const msg = createMimeMessage();
+      msg.setSender({ addr: email.to, name: options.fromName });
+      msg.setRecipient(email.from);
+      msg.setSubject(
+        options.subject || `Re: ${email.headers.get("subject")}` || "No subject"
+      );
+      msg.addMessage({
+        contentType: options.contentType || "text/plain",
+        data: options.body
+      });
+
+      const domain = email.from.split("@")[1];
+      const messageId = `<${agentId}@${domain}>`;
+      msg.setHeader("In-Reply-To", email.headers.get("Message-ID")!);
+      msg.setHeader("Message-ID", messageId);
+      msg.setHeader("X-Agent-Name", agentName);
+      msg.setHeader("X-Agent-ID", agentId);
+
+      if (options.headers) {
+        for (const [key, value] of Object.entries(options.headers)) {
+          msg.setHeader(key, value);
+        }
+      }
+      await email.reply({
+        from: email.to,
+        raw: msg.asRaw(),
+        to: email.from
+      });
+    });
+  }
+
+  private async _tryCatch<T>(fn: () => T | Promise<T>) {
     try {
       return await fn();
     } catch (e) {
@@ -511,6 +797,18 @@ export class Agent<Env, State = unknown> extends Server<Env> {
   ): Promise<Schedule<T>> {
     const id = nanoid(9);
 
+    const emitScheduleCreate = (schedule: Schedule<T>) =>
+      this.observability?.emit(
+        {
+          displayMessage: `Schedule ${schedule.id} created`,
+          id: nanoid(),
+          payload: schedule,
+          timestamp: Date.now(),
+          type: "schedule:create"
+        },
+        this.ctx
+      );
+
     if (typeof callback !== "string") {
       throw new Error("Callback must be a string");
     }
@@ -528,15 +826,19 @@ export class Agent<Env, State = unknown> extends Server<Env> {
         )}, 'scheduled', ${timestamp})
       `;
 
-      await this.#scheduleNextAlarm();
+      await this._scheduleNextAlarm();
 
-      return {
-        id,
+      const schedule: Schedule<T> = {
         callback: callback,
+        id,
         payload: payload as T,
         time: timestamp,
-        type: "scheduled",
+        type: "scheduled"
       };
+
+      emitScheduleCreate(schedule);
+
+      return schedule;
     }
     if (typeof when === "number") {
       const time = new Date(Date.now() + when * 1000);
@@ -549,16 +851,20 @@ export class Agent<Env, State = unknown> extends Server<Env> {
         )}, 'delayed', ${when}, ${timestamp})
       `;
 
-      await this.#scheduleNextAlarm();
+      await this._scheduleNextAlarm();
 
-      return {
-        id,
+      const schedule: Schedule<T> = {
         callback: callback,
-        payload: payload as T,
         delayInSeconds: when,
+        id,
+        payload: payload as T,
         time: timestamp,
-        type: "delayed",
+        type: "delayed"
       };
+
+      emitScheduleCreate(schedule);
+
+      return schedule;
     }
     if (typeof when === "string") {
       const nextExecutionTime = getNextCronTime(when);
@@ -571,16 +877,20 @@ export class Agent<Env, State = unknown> extends Server<Env> {
         )}, 'cron', ${when}, ${timestamp})
       `;
 
-      await this.#scheduleNextAlarm();
+      await this._scheduleNextAlarm();
 
-      return {
-        id,
+      const schedule: Schedule<T> = {
         callback: callback,
-        payload: payload as T,
         cron: when,
+        id,
+        payload: payload as T,
         time: timestamp,
-        type: "cron",
+        type: "cron"
       };
+
+      emitScheduleCreate(schedule);
+
+      return schedule;
     }
     throw new Error("Invalid schedule type");
   }
@@ -644,7 +954,7 @@ export class Agent<Env, State = unknown> extends Server<Env> {
       .toArray()
       .map((row) => ({
         ...row,
-        payload: JSON.parse(row.payload as string) as T,
+        payload: JSON.parse(row.payload as string) as T
       })) as Schedule<T>[];
 
     return result;
@@ -656,13 +966,26 @@ export class Agent<Env, State = unknown> extends Server<Env> {
    * @returns true if the task was cancelled, false otherwise
    */
   async cancelSchedule(id: string): Promise<boolean> {
+    const schedule = await this.getSchedule(id);
+    if (schedule) {
+      this.observability?.emit(
+        {
+          displayMessage: `Schedule ${id} cancelled`,
+          id: nanoid(),
+          payload: schedule,
+          timestamp: Date.now(),
+          type: "schedule:cancel"
+        },
+        this.ctx
+      );
+    }
     this.sql`DELETE FROM cf_agents_schedules WHERE id = ${id}`;
 
-    await this.#scheduleNextAlarm();
+    await this._scheduleNextAlarm();
     return true;
   }
 
-  async #scheduleNextAlarm() {
+  private async _scheduleNextAlarm() {
     // Find the next schedule that needs to be executed
     const result = this.sql`
       SELECT time FROM cf_agents_schedules 
@@ -679,10 +1002,14 @@ export class Agent<Env, State = unknown> extends Server<Env> {
   }
 
   /**
-   * Method called when an alarm fires
-   * Executes any scheduled tasks that are due
+   * Method called when an alarm fires.
+   * Executes any scheduled tasks that are due.
+   *
+   * @remarks
+   * To schedule a task, please use the `this.schedule` method instead.
+   * See {@link https://developers.cloudflare.com/agents/api-reference/schedule-tasks/}
    */
-  async alarm() {
+  public readonly alarm = async () => {
     const now = Math.floor(Date.now() / 1000);
 
     // Get all schedules that should be executed now
@@ -696,10 +1023,26 @@ export class Agent<Env, State = unknown> extends Server<Env> {
         console.error(`callback ${row.callback} not found`);
         continue;
       }
-      await unstable_context.run(
-        { agent: this, connection: undefined, request: undefined },
+      await agentContext.run(
+        {
+          agent: this,
+          connection: undefined,
+          request: undefined,
+          email: undefined
+        },
         async () => {
           try {
+            this.observability?.emit(
+              {
+                displayMessage: `Schedule ${row.id} executed`,
+                id: nanoid(),
+                payload: row,
+                timestamp: Date.now(),
+                type: "schedule:execute"
+              },
+              this.ctx
+            );
+
             await (
               callback as (
                 payload: unknown,
@@ -728,8 +1071,8 @@ export class Agent<Env, State = unknown> extends Server<Env> {
     }
 
     // Schedule the next alarm
-    await this.#scheduleNextAlarm();
-  }
+    await this._scheduleNextAlarm();
+  };
 
   /**
    * Destroy the Agent, removing all state and scheduled tasks
@@ -738,20 +1081,200 @@ export class Agent<Env, State = unknown> extends Server<Env> {
     // drop all tables
     this.sql`DROP TABLE IF EXISTS cf_agents_state`;
     this.sql`DROP TABLE IF EXISTS cf_agents_schedules`;
+    this.sql`DROP TABLE IF EXISTS cf_agents_mcp_servers`;
 
     // delete all alarms
     await this.ctx.storage.deleteAlarm();
     await this.ctx.storage.deleteAll();
+    this.ctx.abort("destroyed"); // enforce that the agent is evicted
+
+    this.observability?.emit(
+      {
+        displayMessage: "Agent destroyed",
+        id: nanoid(),
+        payload: {},
+        timestamp: Date.now(),
+        type: "destroy"
+      },
+      this.ctx
+    );
   }
 
   /**
    * Get all methods marked as callable on this Agent
    * @returns A map of method names to their metadata
    */
-  #isCallable(method: string): boolean {
-    // biome-ignore lint/complexity/noBannedTypes: <explanation>
+  private _isCallable(method: string): boolean {
     return callableMetadata.has(this[method as keyof this] as Function);
   }
+
+  /**
+   * Connect to a new MCP Server
+   *
+   * @param url MCP Server SSE URL
+   * @param callbackHost Base host for the agent, used for the redirect URI.
+   * @param agentsPrefix agents routing prefix if not using `agents`
+   * @param options MCP client and transport (header) options
+   * @returns authUrl
+   */
+  async addMcpServer(
+    serverName: string,
+    url: string,
+    callbackHost: string,
+    agentsPrefix = "agents",
+    options?: {
+      client?: ConstructorParameters<typeof Client>[1];
+      transport?: {
+        headers: HeadersInit;
+      };
+    }
+  ): Promise<{ id: string; authUrl: string | undefined }> {
+    const callbackUrl = `${callbackHost}/${agentsPrefix}/${camelCaseToKebabCase(this._ParentClass.name)}/${this.name}/callback`;
+
+    const result = await this._connectToMcpServerInternal(
+      serverName,
+      url,
+      callbackUrl,
+      options
+    );
+    this.sql`
+        INSERT
+        OR REPLACE INTO cf_agents_mcp_servers (id, name, server_url, client_id, auth_url, callback_url, server_options)
+      VALUES (
+        ${result.id},
+        ${serverName},
+        ${url},
+        ${result.clientId ?? null},
+        ${result.authUrl ?? null},
+        ${callbackUrl},
+        ${options ? JSON.stringify(options) : null}
+        );
+    `;
+
+    this.broadcast(
+      JSON.stringify({
+        mcp: this.getMcpServers(),
+        type: "cf_agent_mcp_servers"
+      })
+    );
+
+    return result;
+  }
+
+  async _connectToMcpServerInternal(
+    _serverName: string,
+    url: string,
+    callbackUrl: string,
+    // it's important that any options here are serializable because we put them into our sqlite DB for reconnection purposes
+    options?: {
+      client?: ConstructorParameters<typeof Client>[1];
+      /**
+       * We don't expose the normal set of transport options because:
+       * 1) we can't serialize things like the auth provider or a fetch function into the DB for reconnection purposes
+       * 2) We probably want these options to be agnostic to the transport type (SSE vs Streamable)
+       *
+       * This has the limitation that you can't override fetch, but I think headers should handle nearly all cases needed (i.e. non-standard bearer auth).
+       */
+      transport?: {
+        headers?: HeadersInit;
+      };
+    },
+    reconnect?: {
+      id: string;
+      oauthClientId?: string;
+    }
+  ): Promise<{
+    id: string;
+    authUrl: string | undefined;
+    clientId: string | undefined;
+  }> {
+    const authProvider = new DurableObjectOAuthClientProvider(
+      this.ctx.storage,
+      this.name,
+      callbackUrl
+    );
+
+    if (reconnect) {
+      authProvider.serverId = reconnect.id;
+      if (reconnect.oauthClientId) {
+        authProvider.clientId = reconnect.oauthClientId;
+      }
+    }
+
+    // allows passing through transport headers if necessary
+    // this handles some non-standard bearer auth setups (i.e. MCP server behind CF access instead of OAuth)
+    let headerTransportOpts: SSEClientTransportOptions = {};
+    if (options?.transport?.headers) {
+      headerTransportOpts = {
+        eventSourceInit: {
+          fetch: (url, init) =>
+            fetch(url, {
+              ...init,
+              headers: options?.transport?.headers
+            })
+        },
+        requestInit: {
+          headers: options?.transport?.headers
+        }
+      };
+    }
+
+    const { id, authUrl, clientId } = await this.mcp.connect(url, {
+      client: options?.client,
+      reconnect,
+      transport: {
+        ...headerTransportOpts,
+        authProvider
+      }
+    });
+
+    return {
+      authUrl,
+      clientId,
+      id
+    };
+  }
+
+  async removeMcpServer(id: string) {
+    this.mcp.closeConnection(id);
+    this.sql`
+      DELETE FROM cf_agents_mcp_servers WHERE id = ${id};
+    `;
+    this.broadcast(
+      JSON.stringify({
+        mcp: this.getMcpServers(),
+        type: "cf_agent_mcp_servers"
+      })
+    );
+  }
+
+  getMcpServers(): MCPServersState {
+    const mcpState: MCPServersState = {
+      prompts: this.mcp.listPrompts(),
+      resources: this.mcp.listResources(),
+      servers: {},
+      tools: this.mcp.listTools()
+    };
+
+    const servers = this.sql<MCPServerRow>`
+      SELECT id, name, server_url, client_id, auth_url, callback_url, server_options FROM cf_agents_mcp_servers;
+    `;
+
+    for (const server of servers) {
+      const serverConn = this.mcp.mcpConnections[server.id];
+      mcpState.servers[server.id] = {
+        auth_url: server.auth_url,
+        capabilities: serverConn?.serverCapabilities ?? null,
+        instructions: serverConn?.instructions ?? null,
+        name: server.name,
+        server_url: server.server_url,
+        // mark as "authenticating" because the server isn't automatically connected, so it's pending authenticating
+        state: serverConn?.connectionState ?? "authenticating"
+      };
+    }
+
+    return mcpState;
+  }
 }
 
 /**
@@ -791,17 +1314,17 @@ export async function routeAgentRequest<Env>(
   const corsHeaders =
     options?.cors === true
       ? {
-          "Access-Control-Allow-Origin": "*",
-          "Access-Control-Allow-Methods": "GET, POST, HEAD, OPTIONS",
           "Access-Control-Allow-Credentials": "true",
-          "Access-Control-Max-Age": "86400",
+          "Access-Control-Allow-Methods": "GET, POST, HEAD, OPTIONS",
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Max-Age": "86400"
         }
       : options?.cors;
 
   if (request.method === "OPTIONS") {
     if (corsHeaders) {
       return new Response(null, {
-        headers: corsHeaders,
+        headers: corsHeaders
       });
     }
     console.warn(
@@ -814,7 +1337,7 @@ export async function routeAgentRequest<Env>(
     env as Record<string, unknown>,
     {
       prefix: "agents",
-      ...(options as PartyServerOptions<Record<string, unknown>>),
+      ...(options as PartyServerOptions<Record<string, unknown>>)
     }
   );
 
@@ -827,24 +1350,218 @@ export async function routeAgentRequest<Env>(
     response = new Response(response.body, {
       headers: {
         ...response.headers,
-        ...corsHeaders,
-      },
+        ...corsHeaders
+      }
     });
   }
   return response;
 }
 
+export type EmailResolver<Env> = (
+  email: ForwardableEmailMessage,
+  env: Env
+) => Promise<{
+  agentName: string;
+  agentId: string;
+} | null>;
+
+/**
+ * Create a resolver that uses the message-id header to determine the agent to route the email to
+ * @returns A function that resolves the agent to route the email to
+ */
+export function createHeaderBasedEmailResolver<Env>(): EmailResolver<Env> {
+  return async (email: ForwardableEmailMessage, _env: Env) => {
+    const messageId = email.headers.get("message-id");
+    if (messageId) {
+      const messageIdMatch = messageId.match(/<([^@]+)@([^>]+)>/);
+      if (messageIdMatch) {
+        const [, agentId, domain] = messageIdMatch;
+        const agentName = domain.split(".")[0];
+        return { agentName, agentId };
+      }
+    }
+
+    const references = email.headers.get("references");
+    if (references) {
+      const referencesMatch = references.match(
+        /<([A-Za-z0-9+/]{43}=)@([^>]+)>/
+      );
+      if (referencesMatch) {
+        const [, base64Id, domain] = referencesMatch;
+        const agentId = Buffer.from(base64Id, "base64").toString("hex");
+        const agentName = domain.split(".")[0];
+        return { agentName, agentId };
+      }
+    }
+
+    const agentName = email.headers.get("x-agent-name");
+    const agentId = email.headers.get("x-agent-id");
+    if (agentName && agentId) {
+      return { agentName, agentId };
+    }
+
+    return null;
+  };
+}
+
+/**
+ * Create a resolver that uses the email address to determine the agent to route the email to
+ * @param defaultAgentName The default agent name to use if the email address does not contain a sub-address
+ * @returns A function that resolves the agent to route the email to
+ */
+export function createAddressBasedEmailResolver<Env>(
+  defaultAgentName: string
+): EmailResolver<Env> {
+  return async (email: ForwardableEmailMessage, _env: Env) => {
+    const emailMatch = email.to.match(/^([^+@]+)(?:\+([^@]+))?@(.+)$/);
+    if (!emailMatch) {
+      return null;
+    }
+
+    const [, localPart, subAddress] = emailMatch;
+
+    if (subAddress) {
+      return {
+        agentName: localPart,
+        agentId: subAddress
+      };
+    }
+
+    // Option 2: Use defaultAgentName namespace, localPart as agentId
+    // Common for catch-all email routing to a single EmailAgent namespace
+    return {
+      agentName: defaultAgentName,
+      agentId: localPart
+    };
+  };
+}
+
+/**
+ * Create a resolver that uses the agentName and agentId to determine the agent to route the email to
+ * @param agentName The name of the agent to route the email to
+ * @param agentId The id of the agent to route the email to
+ * @returns A function that resolves the agent to route the email to
+ */
+export function createCatchAllEmailResolver<Env>(
+  agentName: string,
+  agentId: string
+): EmailResolver<Env> {
+  return async () => ({ agentName, agentId });
+}
+
+export type EmailRoutingOptions<Env> = AgentOptions<Env> & {
+  resolver: EmailResolver<Env>;
+};
+
 /**
  * Route an email to the appropriate Agent
- * @param email Email message to route
- * @param env Environment containing Agent bindings
- * @param options Routing options
+ * @param email The email to route
+ * @param env The environment containing the Agent bindings
+ * @param options The options for routing the email
+ * @returns A promise that resolves when the email has been routed
  */
 export async function routeAgentEmail<Env>(
   email: ForwardableEmailMessage,
   env: Env,
-  options?: AgentOptions<Env>
-): Promise<void> {}
+  options: EmailRoutingOptions<Env>
+): Promise<void> {
+  const routingInfo = await options.resolver(email, env);
+
+  if (!routingInfo) {
+    console.warn("No routing information found for email, dropping message");
+    return;
+  }
+
+  const namespaceBinding = env[routingInfo.agentName as keyof Env];
+  if (!namespaceBinding) {
+    throw new Error(
+      `Agent namespace '${routingInfo.agentName}' not found in environment`
+    );
+  }
+
+  // Type guard to check if this is actually a DurableObjectNamespace (AgentNamespace)
+  if (
+    typeof namespaceBinding !== "object" ||
+    !("idFromName" in namespaceBinding) ||
+    typeof namespaceBinding.idFromName !== "function"
+  ) {
+    throw new Error(
+      `Environment binding '${routingInfo.agentName}' is not an AgentNamespace (found: ${typeof namespaceBinding})`
+    );
+  }
+
+  // Safe cast after runtime validation
+  const namespace = namespaceBinding as unknown as AgentNamespace<Agent<Env>>;
+
+  const agent = await getAgentByName(namespace, routingInfo.agentId);
+
+  // let's make a serialisable version of the email
+  const serialisableEmail: AgentEmail = {
+    getRaw: async () => {
+      const reader = email.raw.getReader();
+      const chunks: Uint8Array[] = [];
+
+      let done = false;
+      while (!done) {
+        const { value, done: readerDone } = await reader.read();
+        done = readerDone;
+        if (value) {
+          chunks.push(value);
+        }
+      }
+
+      const totalLength = chunks.reduce((sum, chunk) => sum + chunk.length, 0);
+      const combined = new Uint8Array(totalLength);
+      let offset = 0;
+      for (const chunk of chunks) {
+        combined.set(chunk, offset);
+        offset += chunk.length;
+      }
+
+      return combined;
+    },
+    headers: email.headers,
+    rawSize: email.rawSize,
+    setReject: (reason: string) => {
+      email.setReject(reason);
+    },
+    forward: (rcptTo: string, headers?: Headers) => {
+      return email.forward(rcptTo, headers);
+    },
+    reply: (options: { from: string; to: string; raw: string }) => {
+      return email.reply(
+        new EmailMessage(options.from, options.to, options.raw)
+      );
+    },
+    from: email.from,
+    to: email.to
+  };
+
+  await agent._onEmail(serialisableEmail);
+}
+
+export type AgentEmail = {
+  from: string;
+  to: string;
+  getRaw: () => Promise<Uint8Array>;
+  headers: Headers;
+  rawSize: number;
+  setReject: (reason: string) => void;
+  forward: (rcptTo: string, headers?: Headers) => Promise<void>;
+  reply: (options: { from: string; to: string; raw: string }) => Promise<void>;
+};
+
+export type EmailSendOptions = {
+  to: string;
+  subject: string;
+  body: string;
+  contentType?: string;
+  headers?: Record<string, string>;
+  includeRoutingHeaders?: boolean;
+  agentName?: string;
+  agentId?: string;
+  domain?: string;
+};
 
 /**
  * Get or create an Agent by name
@@ -855,7 +1572,7 @@ export async function routeAgentEmail<Env>(
  * @param options Options for Agent creation
  * @returns Promise resolving to an Agent instance stub
  */
-export function getAgentByName<Env, T extends Agent<Env>>(
+export async function getAgentByName<Env, T extends Agent<Env>>(
   namespace: AgentNamespace<T>,
   name: string,
   options?: {
@@ -870,13 +1587,13 @@ export function getAgentByName<Env, T extends Agent<Env>>(
  * A wrapper for streaming responses in callable methods
  */
 export class StreamingResponse {
-  #connection: Connection;
-  #id: string;
-  #closed = false;
+  private _connection: Connection;
+  private _id: string;
+  private _closed = false;
 
   constructor(connection: Connection, id: string) {
-    this.#connection = connection;
-    this.#id = id;
+    this._connection = connection;
+    this._id = id;
   }
 
   /**
@@ -884,17 +1601,17 @@ export class StreamingResponse {
    * @param chunk The data to send
    */
   send(chunk: unknown) {
-    if (this.#closed) {
+    if (this._closed) {
       throw new Error("StreamingResponse is already closed");
     }
     const response: RPCResponse = {
-      type: "rpc",
-      id: this.#id,
-      success: true,
-      result: chunk,
       done: false,
+      id: this._id,
+      result: chunk,
+      success: true,
+      type: "rpc"
     };
-    this.#connection.send(JSON.stringify(response));
+    this._connection.send(JSON.stringify(response));
   }
 
   /**
@@ -902,17 +1619,17 @@ export class StreamingResponse {
    * @param finalChunk Optional final chunk of data to send
    */
   end(finalChunk?: unknown) {
-    if (this.#closed) {
+    if (this._closed) {
       throw new Error("StreamingResponse is already closed");
     }
-    this.#closed = true;
+    this._closed = true;
     const response: RPCResponse = {
-      type: "rpc",
-      id: this.#id,
-      success: true,
-      result: finalChunk,
       done: true,
+      id: this._id,
+      result: finalChunk,
+      success: true,
+      type: "rpc"
     };
-    this.#connection.send(JSON.stringify(response));
+    this._connection.send(JSON.stringify(response));
   }
 }