agents 0.0.78 → 0.0.80

package/dist/index.d.ts

@@ -1,9 +1,9 @@
 import { Server, Connection, PartyServerOptions } from "partyserver";
 export { Connection, ConnectionContext, WSMessage } from "partyserver";
 import { MCPClientManager } from "./mcp/client.js";
+import { Tool, Prompt, Resource } from "@modelcontextprotocol/sdk/types.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import "zod";
-import "@modelcontextprotocol/sdk/types.js";
-import "@modelcontextprotocol/sdk/client/index.js";
 import "@modelcontextprotocol/sdk/client/sse.js";
 import "./mcp/do-oauth-client-provider.js";
 import "@modelcontextprotocol/sdk/client/auth.js";
@@ -103,6 +103,27 @@ type Schedule<T = string> = {
       cron: string;
     }
 );
+/**
+ * MCP Server state update message from server -> Client
+ */
+type MCPServerMessage = {
+  type: "cf_agent_mcp_servers";
+  mcp: MCPServersState;
+};
+type MCPServersState = {
+  servers: {
+    [id: string]: MCPServer;
+  };
+  tools: Tool[];
+  prompts: Prompt[];
+  resources: Resource[];
+};
+type MCPServer = {
+  name: string;
+  server_url: string;
+  auth_url: string | null;
+  state: "authenticating" | "connecting" | "ready" | "discovering" | "failed";
+};
 declare function getCurrentAgent<
   T extends Agent<unknown, unknown> = Agent<unknown, unknown>,
 >(): {
@@ -209,14 +230,43 @@ declare class Agent<Env, State = unknown> extends Server<Env> {
    */
   cancelSchedule(id: string): Promise<boolean>;
   /**
-   * Method called when an alarm fires
-   * Executes any scheduled tasks that are due
+   * Method called when an alarm fires.
+   * Executes any scheduled tasks that are due.
+   *
+   * @remarks
+   * To schedule a task, please use the `this.schedule` method instead.
+   * See {@link https://developers.cloudflare.com/agents/api-reference/schedule-tasks/}
    */
-  alarm(): Promise<void>;
+  readonly alarm: () => Promise<void>;
   /**
    * Destroy the Agent, removing all state and scheduled tasks
    */
   destroy(): Promise<void>;
+  /**
+   * Connect to a new MCP Server
+   *
+   * @param url MCP Server SSE URL
+   * @param callbackHost Base host for the agent, used for the redirect URI.
+   * @param agentsPrefix agents routing prefix if not using `agents`
+   * @param options MCP client and transport (header) options
+   * @returns authUrl
+   */
+  addMcpServer(
+    serverName: string,
+    url: string,
+    callbackHost: string,
+    agentsPrefix?: string,
+    options?: {
+      client?: ConstructorParameters<typeof Client>[1];
+      transport?: {
+        headers: HeadersInit;
+      };
+    }
+  ): Promise<{
+    id: string;
+    authUrl: string | undefined;
+  }>;
+  removeMcpServer(id: string): Promise<void>;
 }
 /**
  * Namespace for creating Agent instances
@@ -301,6 +351,9 @@ export {
   type AgentNamespace,
   type AgentOptions,
   type CallableMetadata,
+  type MCPServer,
+  type MCPServerMessage,
+  type MCPServersState,
   type RPCRequest,
   type RPCResponse,
   type Schedule,

package/dist/index.js

@@ -6,8 +6,10 @@ import {
   routeAgentEmail,
   routeAgentRequest,
   unstable_callable
-} from "./chunk-5W7ZWKOP.js";
-import "./chunk-Q5ZBHY4Z.js";
+} from "./chunk-YFPCCSZO.js";
+import "./chunk-D6UOOELW.js";
+import "./chunk-RN4SNE73.js";
+import "./chunk-25YDMV4H.js";
 import "./chunk-HMLY7DHA.js";
 export {
   Agent,

package/dist/mcp/client.d.ts

@@ -1,5 +1,5 @@
 import * as zod from 'zod';
-import { ClientCapabilities, Tool, Prompt, Resource, ResourceTemplate, ServerCapabilities, CallToolRequest, CallToolResultSchema, CompatibilityCallToolResultSchema, ReadResourceRequest, GetPromptRequest } from '@modelcontextprotocol/sdk/types.js';
+import { Tool, Prompt, Resource, ResourceTemplate, ServerCapabilities, CallToolRequest, CallToolResultSchema, CompatibilityCallToolResultSchema, ReadResourceRequest, GetPromptRequest } from '@modelcontextprotocol/sdk/types.js';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { SSEClientTransportOptions } from '@modelcontextprotocol/sdk/client/sse.js';
 import { AgentsOAuthProvider } from './do-oauth-client-provider.js';
@@ -15,7 +15,6 @@ declare class MCPClientConnection {
             authProvider?: AgentsOAuthProvider;
         };
         client: ConstructorParameters<typeof Client>[1];
-        capabilities: ClientCapabilities;
     };
     client: Client;
     connectionState: "authenticating" | "connecting" | "ready" | "discovering" | "failed";
@@ -30,7 +29,6 @@ declare class MCPClientConnection {
             authProvider?: AgentsOAuthProvider;
         };
         client: ConstructorParameters<typeof Client>[1];
-        capabilities: ClientCapabilities;
     });
     /**
      * Initialize a client connection
@@ -38,7 +36,7 @@ declare class MCPClientConnection {
      * @param code Optional OAuth code to initialize the connection with if auth hasn't been initialized
      * @returns
      */
-    init(code?: string, clientId?: string): Promise<void>;
+    init(code?: string): Promise<void>;
     /**
      * Notification handler registration
      */
@@ -57,13 +55,21 @@ declare class MCPClientConnection {
             } | undefined;
         };
         description?: string | undefined;
+        annotations?: {
+            [x: string]: unknown;
+            title?: string | undefined;
+            readOnlyHint?: boolean | undefined;
+            destructiveHint?: boolean | undefined;
+            idempotentHint?: boolean | undefined;
+            openWorldHint?: boolean | undefined;
+        } | undefined;
     }[]>;
     fetchResources(): Promise<{
         [x: string]: unknown;
-        uri: string;
         name: string;
-        mimeType?: string | undefined;
+        uri: string;
         description?: string | undefined;
+        mimeType?: string | undefined;
     }[]>;
     fetchPrompts(): Promise<{
         [x: string]: unknown;
@@ -80,8 +86,8 @@ declare class MCPClientConnection {
         [x: string]: unknown;
         name: string;
         uriTemplate: string;
-        mimeType?: string | undefined;
         description?: string | undefined;
+        mimeType?: string | undefined;
     }[]>;
 }
 
@@ -116,10 +122,10 @@ declare class MCPClientManager {
             authProvider?: AgentsOAuthProvider;
         };
         client?: ConstructorParameters<typeof Client>[1];
-        capabilities?: ClientCapabilities;
     }): Promise<{
         id: string;
-        authUrl: string | undefined;
+        authUrl?: string;
+        clientId?: string;
     }>;
     isCallbackRequest(req: Request): boolean;
     handleCallbackRequest(req: Request): Promise<{

package/dist/mcp/client.js

@@ -1,7 +1,7 @@
 import {
   MCPClientManager,
   getNamespacedData
-} from "../chunk-Q5ZBHY4Z.js";
+} from "../chunk-25YDMV4H.js";
 import "../chunk-HMLY7DHA.js";
 export {
   MCPClientManager,

package/dist/mcp/do-oauth-client-provider.js

@@ -1,106 +1,7 @@
+import {
+  DurableObjectOAuthClientProvider
+} from "../chunk-D6UOOELW.js";
 import "../chunk-HMLY7DHA.js";
-
-// src/mcp/do-oauth-client-provider.ts
-var DurableObjectOAuthClientProvider = class {
-  constructor(storage, clientName, baseRedirectUrl) {
-    this.storage = storage;
-    this.clientName = clientName;
-    this.baseRedirectUrl = baseRedirectUrl;
-  }
-  get clientMetadata() {
-    return {
-      redirect_uris: [this.redirectUrl],
-      token_endpoint_auth_method: "none",
-      grant_types: ["authorization_code", "refresh_token"],
-      response_types: ["code"],
-      client_name: this.clientName,
-      client_uri: "example.com"
-    };
-  }
-  get redirectUrl() {
-    return `${this.baseRedirectUrl}/${this.serverId}`;
-  }
-  get clientId() {
-    if (!this.clientId_) {
-      throw new Error("Trying to access clientId before it was set");
-    }
-    return this.clientId_;
-  }
-  set clientId(clientId_) {
-    this.clientId_ = clientId_;
-  }
-  get serverId() {
-    if (!this.serverId_) {
-      throw new Error("Trying to access serverId before it was set");
-    }
-    return this.serverId_;
-  }
-  set serverId(serverId_) {
-    this.serverId_ = serverId_;
-  }
-  keyPrefix(clientId) {
-    return `/${this.clientName}/${this.serverId}/${clientId}`;
-  }
-  clientInfoKey(clientId) {
-    return `${this.keyPrefix(clientId)}/client_info/`;
-  }
-  async clientInformation() {
-    if (!this.clientId_) {
-      return void 0;
-    }
-    return await this.storage.get(
-      this.clientInfoKey(this.clientId)
-    ) ?? void 0;
-  }
-  async saveClientInformation(clientInformation) {
-    await this.storage.put(
-      this.clientInfoKey(clientInformation.client_id),
-      clientInformation
-    );
-    this.clientId = clientInformation.client_id;
-  }
-  tokenKey(clientId) {
-    return `${this.keyPrefix(clientId)}/token`;
-  }
-  async tokens() {
-    if (!this.clientId_) {
-      return void 0;
-    }
-    return await this.storage.get(this.tokenKey(this.clientId)) ?? void 0;
-  }
-  async saveTokens(tokens) {
-    await this.storage.put(this.tokenKey(this.clientId), tokens);
-  }
-  get authUrl() {
-    return this.authUrl_;
-  }
-  /**
-   * Because this operates on the server side (but we need browser auth), we send this url back to the user
-   * and require user interact to initiate the redirect flow
-   */
-  async redirectToAuthorization(authUrl) {
-    const client_id = authUrl.searchParams.get("client_id");
-    if (client_id) {
-      authUrl.searchParams.append("state", client_id);
-    }
-    this.authUrl_ = authUrl.toString();
-  }
-  codeVerifierKey(clientId) {
-    return `${this.keyPrefix(clientId)}/code_verifier`;
-  }
-  async saveCodeVerifier(verifier) {
-    await this.storage.put(this.codeVerifierKey(this.clientId), verifier);
-  }
-  async codeVerifier() {
-    const codeVerifier = await this.storage.get(
-      this.codeVerifierKey(this.clientId)
-    );
-    if (!codeVerifier) {
-      throw new Error("No code verifier found");
-    }
-    return codeVerifier;
-  }
-};
 export {
   DurableObjectOAuthClientProvider
 };

package/dist/mcp/do-oauth-client-provider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/mcp/do-oauth-client-provider.ts"],"sourcesContent":["import type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n  OAuthTokens,\n  OAuthClientMetadata,\n  OAuthClientInformation,\n  OAuthClientInformationFull,\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\n\n// A slight extension to the standard OAuthClientProvider interface because `redirectToAuthorization` doesn't give us the interface we need\n// This allows us to track authentication for a specific server and associated dynamic client registration\nexport interface AgentsOAuthProvider extends OAuthClientProvider {\n  authUrl: string | undefined;\n  clientId: string | undefined;\n  serverId: string | undefined;\n}\n\nexport class DurableObjectOAuthClientProvider implements AgentsOAuthProvider {\n  private authUrl_: string | undefined;\n  private serverId_: string | undefined;\n  private clientId_: string | undefined;\n\n  constructor(\n    public storage: DurableObjectStorage,\n    public clientName: string,\n    public baseRedirectUrl: string\n  ) {}\n\n  get clientMetadata(): OAuthClientMetadata {\n    return {\n      redirect_uris: [this.redirectUrl],\n      token_endpoint_auth_method: \"none\",\n      grant_types: [\"authorization_code\", \"refresh_token\"],\n      response_types: [\"code\"],\n      client_name: this.clientName,\n      client_uri: \"example.com\",\n    };\n  }\n\n  get redirectUrl() {\n    return `${this.baseRedirectUrl}/${this.serverId}`;\n  }\n\n  get clientId() {\n    if (!this.clientId_) {\n      throw new Error(\"Trying to access clientId before it was set\");\n    }\n    return this.clientId_;\n  }\n\n  set clientId(clientId_: string) {\n    this.clientId_ = clientId_;\n  }\n\n  get serverId() {\n    if (!this.serverId_) {\n      throw new Error(\"Trying to access serverId before it was set\");\n    }\n    return this.serverId_;\n  }\n\n  set serverId(serverId_: string) {\n    this.serverId_ = serverId_;\n  }\n\n  keyPrefix(clientId: string) {\n    return `/${this.clientName}/${this.serverId}/${clientId}`;\n  }\n\n  clientInfoKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/client_info/`;\n  }\n\n  async clientInformation(): Promise<OAuthClientInformation | undefined> {\n    if (!this.clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthClientInformation>(\n        this.clientInfoKey(this.clientId)\n      )) ?? undefined\n    );\n  }\n\n  async saveClientInformation(\n    clientInformation: OAuthClientInformationFull\n  ): Promise<void> {\n    await this.storage.put(\n      this.clientInfoKey(clientInformation.client_id),\n      clientInformation\n    );\n    this.clientId = clientInformation.client_id;\n  }\n\n  tokenKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/token`;\n  }\n\n  async tokens(): Promise<OAuthTokens | undefined> {\n    if (!this.clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthTokens>(this.tokenKey(this.clientId))) ??\n      undefined\n    );\n  }\n\n  async saveTokens(tokens: OAuthTokens): Promise<void> {\n    await this.storage.put(this.tokenKey(this.clientId), tokens);\n  }\n\n  get authUrl() {\n    return this.authUrl_;\n  }\n\n  /**\n   * Because this operates on the server side (but we need browser auth), we send this url back to the user\n   * and require user interact to initiate the redirect flow\n   */\n  async redirectToAuthorization(authUrl: URL): Promise<void> {\n    // We want to track the client ID in state here because the typescript SSE client sometimes does\n    // a dynamic client registration AFTER generating this redirect URL.\n    const client_id = authUrl.searchParams.get(\"client_id\");\n    if (client_id) {\n      authUrl.searchParams.append(\"state\", client_id);\n    }\n    this.authUrl_ = authUrl.toString();\n  }\n\n  codeVerifierKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/code_verifier`;\n  }\n\n  async saveCodeVerifier(verifier: string): Promise<void> {\n    await this.storage.put(this.codeVerifierKey(this.clientId), verifier);\n  }\n\n  async codeVerifier(): Promise<string> {\n    const codeVerifier = await this.storage.get<string>(\n      this.codeVerifierKey(this.clientId)\n    );\n    if (!codeVerifier) {\n      throw new Error(\"No code verifier found\");\n    }\n    return codeVerifier;\n  }\n}\n"],"mappings":";;;AAgBO,IAAM,mCAAN,MAAsE;AAAA,EAK3E,YACS,SACA,YACA,iBACP;AAHO;AACA;AACA;AAAA,EACN;AAAA,EAEH,IAAI,iBAAsC;AACxC,WAAO;AAAA,MACL,eAAe,CAAC,KAAK,WAAW;AAAA,MAChC,4BAA4B;AAAA,MAC5B,aAAa,CAAC,sBAAsB,eAAe;AAAA,MACnD,gBAAgB,CAAC,MAAM;AAAA,MACvB,aAAa,KAAK;AAAA,MAClB,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EAEA,IAAI,cAAc;AAChB,WAAO,GAAG,KAAK,eAAe,IAAI,KAAK,QAAQ;AAAA,EACjD;AAAA,EAEA,IAAI,WAAW;AACb,QAAI,CAAC,KAAK,WAAW;AACnB,YAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAS,WAAmB;AAC9B,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,IAAI,WAAW;AACb,QAAI,CAAC,KAAK,WAAW;AACnB,YAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAS,WAAmB;AAC9B,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,UAAU,UAAkB;AAC1B,WAAO,IAAI,KAAK,UAAU,IAAI,KAAK,QAAQ,IAAI,QAAQ;AAAA,EACzD;AAAA,EAEA,cAAc,UAAkB;AAC9B,WAAO,GAAG,KAAK,UAAU,QAAQ,CAAC;AAAA,EACpC;AAAA,EAEA,MAAM,oBAAiE;AACrE,QAAI,CAAC,KAAK,WAAW;AACnB,aAAO;AAAA,IACT;AACA,WACG,MAAM,KAAK,QAAQ;AAAA,MAClB,KAAK,cAAc,KAAK,QAAQ;AAAA,IAClC,KAAM;AAAA,EAEV;AAAA,EAEA,MAAM,sBACJ,mBACe;AACf,UAAM,KAAK,QAAQ;AAAA,MACjB,KAAK,cAAc,kBAAkB,SAAS;AAAA,MAC9C;AAAA,IACF;AACA,SAAK,WAAW,kBAAkB;AAAA,EACpC;AAAA,EAEA,SAAS,UAAkB;AACzB,WAAO,GAAG,KAAK,UAAU,QAAQ,CAAC;AAAA,EACpC;AAAA,EAEA,MAAM,SAA2C;AAC/C,QAAI,CAAC,KAAK,WAAW;AACnB,aAAO;AAAA,IACT;AACA,WACG,MAAM,KAAK,QAAQ,IAAiB,KAAK,SAAS,KAAK,QAAQ,CAAC,KACjE;AAAA,EAEJ;AAAA,EAEA,MAAM,WAAW,QAAoC;AACnD,UAAM,KAAK,QAAQ,IAAI,KAAK,SAAS,KAAK,QAAQ,GAAG,MAAM;AAAA,EAC7D;AAAA,EAEA,IAAI,UAAU;AACZ,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,wBAAwB,SAA6B;AAGzD,UAAM,YAAY,QAAQ,aAAa,IAAI,WAAW;AACtD,QAAI,WAAW;AACb,cAAQ,aAAa,OAAO,SAAS,SAAS;AAAA,IAChD;AACA,SAAK,WAAW,QAAQ,SAAS;AAAA,EACnC;AAAA,EAEA,gBAAgB,UAAkB;AAChC,WAAO,GAAG,KAAK,UAAU,QAAQ,CAAC;AAAA,EACpC;AAAA,EAEA,MAAM,iBAAiB,UAAiC;AACtD,UAAM,KAAK,QAAQ,IAAI,KAAK,gBAAgB,KAAK,QAAQ,GAAG,QAAQ;AAAA,EACtE;AAAA,EAEA,MAAM,eAAgC;AACpC,UAAM,eAAe,MAAM,KAAK,QAAQ;AAAA,MACtC,KAAK,gBAAgB,KAAK,QAAQ;AAAA,IACpC;AACA,QAAI,CAAC,cAAc;AACjB,YAAM,IAAI,MAAM,wBAAwB;AAAA,IAC1C;AACA,WAAO;AAAA,EACT;AACF;","names":[]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/mcp/index.d.ts

@@ -18,6 +18,7 @@ interface CORSOptions {
     methods?: string;
     headers?: string;
     maxAge?: number;
+    exposeHeaders?: string;
 }
 type MaybePromise<T> = T | Promise<T>;
 declare abstract class McpAgent<Env = unknown, State = unknown, Props extends Record<string, unknown> = Record<string, unknown>> extends DurableObject<Env> {

package/dist/mcp/index.js

@@ -1,7 +1,9 @@
 import {
   Agent
-} from "../chunk-5W7ZWKOP.js";
-import "../chunk-Q5ZBHY4Z.js";
+} from "../chunk-YFPCCSZO.js";
+import "../chunk-D6UOOELW.js";
+import "../chunk-RN4SNE73.js";
+import "../chunk-25YDMV4H.js";
 import {
   __privateAdd,
   __privateGet,
@@ -20,16 +22,19 @@ import {
   JSONRPCMessageSchema
 } from "@modelcontextprotocol/sdk/types.js";
 var MAXIMUM_MESSAGE_SIZE_BYTES = 4 * 1024 * 1024;
-function handleCORS(request, corsOptions) {
-  const origin = request.headers.get("Origin") || "*";
-  const corsHeaders = {
-    "Access-Control-Allow-Origin": corsOptions?.origin || origin,
-    "Access-Control-Allow-Methods": corsOptions?.methods || "GET, POST, OPTIONS",
-    "Access-Control-Allow-Headers": corsOptions?.headers || "Content-Type",
-    "Access-Control-Max-Age": (corsOptions?.maxAge || 86400).toString()
+function corsHeaders(request, corsOptions = {}) {
+  const origin = "*";
+  return {
+    "Access-Control-Allow-Origin": corsOptions.origin || origin,
+    "Access-Control-Allow-Methods": corsOptions.methods || "GET, POST, OPTIONS",
+    "Access-Control-Allow-Headers": corsOptions.headers || "Content-Type, mcp-session-id",
+    "Access-Control-Max-Age": (corsOptions.maxAge || 86400).toString(),
+    "Access-Control-Expose-Headers": corsOptions.exposeHeaders || "mcp-session-id"
   };
+}
+function handleCORS(request, corsOptions) {
   if (request.method === "OPTIONS") {
-    return new Response(null, { headers: corsHeaders });
+    return new Response(null, { headers: corsHeaders(request, corsOptions) });
   }
   return null;
 }
@@ -460,7 +465,7 @@ data: ${JSON.stringify(result.data)}
               "Content-Type": "text/event-stream",
               "Cache-Control": "no-cache",
               Connection: "keep-alive",
-              "Access-Control-Allow-Origin": corsOptions?.origin || "*"
+              ...corsHeaders(request, corsOptions)
             }
           });
         }
@@ -500,7 +505,7 @@ data: ${JSON.stringify(result.data)}
                 "Content-Type": "text/event-stream",
                 "Cache-Control": "no-cache",
                 Connection: "keep-alive",
-                "Access-Control-Allow-Origin": corsOptions?.origin || "*"
+                ...corsHeaders(request, corsOptions)
               }
             });
           }
@@ -510,7 +515,7 @@ data: ${JSON.stringify(result.data)}
               "Content-Type": "text/event-stream",
               "Cache-Control": "no-cache",
               Connection: "keep-alive",
-              "Access-Control-Allow-Origin": corsOptions?.origin || "*"
+              ...corsHeaders(request, corsOptions)
             }
           });
         }
@@ -758,7 +763,10 @@ data: ${JSON.stringify(result.data)}
               ws.send(JSON.stringify(message));
             }
             ws.close();
-            return new Response(null, { status: 202 });
+            return new Response(null, {
+              status: 202,
+              headers: corsHeaders(request, corsOptions)
+            });
           }
           for (const message of messages) {
             if (isJSONRPCRequest(message)) {
@@ -772,7 +780,7 @@ data: ${JSON.stringify(result.data)}
               "Cache-Control": "no-cache",
               Connection: "keep-alive",
               "mcp-session-id": sessionId,
-              "Access-Control-Allow-Origin": corsOptions?.origin || "*"
+              ...corsHeaders(request, corsOptions)
             },
             status: 200
           });