ashlrcode 1.0.0

package/src/mcp/client.ts

@@ -0,0 +1,197 @@
+/**
+ * MCP Client — connects to an MCP server via stdio transport.
+ *
+ * Spawns a child process and communicates via JSON-RPC over stdin/stdout.
+ */
+
+import type {
+  MCPServerConfig,
+  MCPToolInfo,
+  MCPToolResult,
+  MCPInitializeResult,
+  JsonRpcRequest,
+  JsonRpcResponse,
+} from "./types.ts";
+
+export class MCPClient {
+  private proc: any = null;
+  private nextId = 1;
+  private pending = new Map<number, {
+    resolve: (value: unknown) => void;
+    reject: (error: Error) => void;
+  }>();
+  private rawBuffer = Buffer.alloc(0);
+  private serverInfo: MCPInitializeResult | null = null;
+  private _tools: MCPToolInfo[] = [];
+
+  constructor(
+    readonly name: string,
+    private config: MCPServerConfig
+  ) {}
+
+  get tools(): MCPToolInfo[] {
+    return this._tools;
+  }
+
+  get isConnected(): boolean {
+    return this.proc !== null;
+  }
+
+  async connect(): Promise<void> {
+    const env = { ...process.env, ...this.config.env };
+
+    this.proc = Bun.spawn([this.config.command, ...(this.config.args ?? [])], {
+      stdin: "pipe",
+      stdout: "pipe",
+      stderr: "pipe",
+      env,
+    });
+
+    // Read stdout in background
+    this.readLoop();
+
+    // Initialize
+    this.serverInfo = await this.request("initialize", {
+      protocolVersion: "2024-11-05",
+      capabilities: {},
+      clientInfo: { name: "ashlrcode", version: "0.7.0" },
+    }) as MCPInitializeResult;
+
+    // Send initialized notification
+    this.notify("notifications/initialized", {});
+
+    // List tools
+    const result = await this.request("tools/list", {}) as { tools: MCPToolInfo[] };
+    this._tools = result.tools ?? [];
+  }
+
+  async callTool(name: string, args: Record<string, unknown>): Promise<MCPToolResult> {
+    const result = await this.request("tools/call", {
+      name,
+      arguments: args,
+    });
+    return result as MCPToolResult;
+  }
+
+  async disconnect(): Promise<void> {
+    if (this.proc) {
+      try {
+        this.proc.stdin.end();
+        this.proc.kill();
+      } catch {
+        // Process may already be dead
+      }
+      this.proc = null;
+    }
+    // Reject pending requests
+    for (const [, pending] of this.pending) {
+      pending.reject(new Error("MCP client disconnected"));
+    }
+    this.pending.clear();
+  }
+
+  private async request(method: string, params: Record<string, unknown>): Promise<unknown> {
+    const id = this.nextId++;
+    const message: JsonRpcRequest = {
+      jsonrpc: "2.0",
+      id,
+      method,
+      params,
+    };
+
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pending.delete(id);
+        reject(new Error(`MCP request timeout: ${method}`));
+      }, 5_000); // 5s timeout (was 30s — don't block startup)
+
+      this.pending.set(id, {
+        resolve: (value) => { clearTimeout(timeout); resolve(value); },
+        reject: (err) => { clearTimeout(timeout); reject(err); },
+      });
+
+      this.send(message as unknown as Record<string, unknown>);
+    });
+  }
+
+  private notify(method: string, params: Record<string, unknown>): void {
+    this.send({ jsonrpc: "2.0", method, params });
+  }
+
+  private send(message: Record<string, unknown>): void {
+    if (!this.proc) throw new Error("MCP client not connected");
+    const json = JSON.stringify(message);
+    // Use Buffer.byteLength for spec-correct Content-Length (UTF-8 bytes)
+    // Write as Buffer to ensure byte-level consistency with the header
+    const header = `Content-Length: ${Buffer.byteLength(json, "utf-8")}\r\n\r\n`;
+    const buf = Buffer.concat([Buffer.from(header), Buffer.from(json, "utf-8")]);
+    this.proc.stdin.write(buf);
+  }
+
+  private async readLoop(): Promise<void> {
+    if (!this.proc) return;
+
+    const reader = this.proc.stdout.getReader();
+
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        this.rawBuffer = Buffer.concat([this.rawBuffer, Buffer.from(value)]);
+        this.processBuffer();
+      }
+    } catch {
+      // Stream ended or errored
+    }
+
+    // Reject all pending requests when read loop exits (server crash/EOF)
+    for (const [id, pending] of this.pending) {
+      this.pending.delete(id);
+      pending.reject(new Error("MCP server connection closed"));
+    }
+  }
+
+  private processBuffer(): void {
+    while (true) {
+      // Look for Content-Length header in byte buffer
+      const separator = Buffer.from("\r\n\r\n");
+      const headerEnd = this.rawBuffer.indexOf(separator);
+      if (headerEnd === -1) break;
+
+      const header = this.rawBuffer.subarray(0, headerEnd).toString("utf-8");
+      const match = header.match(/Content-Length:\s*(\d+)/i);
+      if (!match) {
+        // Skip malformed header
+        this.rawBuffer = this.rawBuffer.subarray(headerEnd + 4);
+        continue;
+      }
+
+      const contentLength = parseInt(match[1]!, 10);
+      const bodyStart = headerEnd + 4;
+      const bodyEnd = bodyStart + contentLength;
+
+      if (this.rawBuffer.length < bodyEnd) break; // Need more data
+
+      const body = this.rawBuffer.subarray(bodyStart, bodyEnd).toString("utf-8");
+      this.rawBuffer = this.rawBuffer.subarray(bodyEnd);
+
+      try {
+        const message = JSON.parse(body) as JsonRpcResponse;
+        if ("id" in message && message.id !== undefined) {
+          const pending = this.pending.get(message.id);
+          if (pending) {
+            this.pending.delete(message.id);
+            if (message.error) {
+              pending.reject(new Error(`MCP error: ${message.error.message}`));
+            } else {
+              pending.resolve(message.result);
+            }
+          }
+        }
+        // Notifications (no id) are ignored for now
+      } catch {
+        // Malformed JSON, skip
+      }
+    }
+  }
+}

package/src/mcp/manager.ts

@@ -0,0 +1,125 @@
+/**
+ * MCP Connection Manager — manages multiple MCP server connections.
+ */
+
+import chalk from "chalk";
+import { MCPClient } from "./client.ts";
+import type { MCPServerConfig, MCPToolInfo } from "./types.ts";
+import { authorizeOAuth } from "./oauth.ts";
+import type { OAuthConfig } from "./oauth.ts";
+
+export class MCPManager {
+  private clients = new Map<string, MCPClient>();
+
+  /**
+   * Connect to all configured MCP servers.
+   */
+  async connectAll(
+    servers: Record<string, MCPServerConfig>
+  ): Promise<void> {
+    const entries = Object.entries(servers);
+    if (entries.length === 0) return;
+
+    const results = await Promise.allSettled(
+      entries.map(async ([name, config]) => {
+        // If OAuth is configured, authenticate before connecting
+        let effectiveConfig = config;
+        if (config.oauth) {
+          try {
+            const oauthConfig: OAuthConfig = {
+              ...config.oauth,
+              scopes: config.oauth.scopes ?? [],
+            };
+            const token = await authorizeOAuth(name, oauthConfig);
+            // Pass the Bearer token to the MCP server via environment
+            effectiveConfig = {
+              ...config,
+              env: {
+                ...config.env,
+                MCP_AUTH_TOKEN: token.accessToken,
+                MCP_AUTH_TYPE: token.tokenType,
+              },
+            };
+          } catch (err) {
+            console.log(
+              chalk.dim(
+                `  MCP: ${name} OAuth failed — ${err instanceof Error ? err.message : "unknown error"}`
+              )
+            );
+            return;
+          }
+        }
+
+        const client = new MCPClient(name, effectiveConfig);
+        try {
+          await client.connect();
+          this.clients.set(name, client);
+          console.log(
+            chalk.dim(
+              `  MCP: ${name} connected (${client.tools.length} tools)`
+            )
+          );
+        } catch {
+          // Silently skip failed MCP servers — they may not be running
+        }
+      })
+    );
+  }
+
+  /**
+   * Get all discovered tools across all connected servers.
+   */
+  getAllTools(): Array<{ serverName: string; tool: MCPToolInfo }> {
+    const tools: Array<{ serverName: string; tool: MCPToolInfo }> = [];
+    for (const [name, client] of this.clients) {
+      for (const tool of client.tools) {
+        tools.push({ serverName: name, tool });
+      }
+    }
+    return tools;
+  }
+
+  /**
+   * Call a tool on a specific server.
+   */
+  async callTool(
+    serverName: string,
+    toolName: string,
+    args: Record<string, unknown>
+  ): Promise<string> {
+    const client = this.clients.get(serverName);
+    if (!client) {
+      return `MCP server "${serverName}" not connected`;
+    }
+
+    const result = await client.callTool(toolName, args);
+
+    // Extract text from result content blocks
+    const text = result.content
+      .map((c) => c.text ?? JSON.stringify(c))
+      .join("\n");
+
+    if (result.isError) {
+      return `MCP Error: ${text}`;
+    }
+
+    return text;
+  }
+
+  /**
+   * Disconnect all servers.
+   */
+  async disconnectAll(): Promise<void> {
+    for (const [, client] of this.clients) {
+      await client.disconnect();
+    }
+    this.clients.clear();
+  }
+
+  /**
+   * Get connected server names.
+   */
+  getServerNames(): string[] {
+    return Array.from(this.clients.keys());
+  }
+}

package/src/mcp/oauth.ts

@@ -0,0 +1,252 @@
+/**
+ * MCP OAuth 2.0 — authentication flow for MCP servers.
+ * Supports authorization code flow with PKCE, token refresh, and API key fallback.
+ */
+
+import { createServer } from "http";
+import { randomBytes, createHash } from "crypto";
+import { readFile, writeFile, mkdir, unlink } from "fs/promises";
+import { existsSync } from "fs";
+import { join } from "path";
+import { getConfigDir } from "../config/settings.ts";
+
+export interface OAuthConfig {
+  authorizationUrl: string;
+  tokenUrl: string;
+  clientId: string;
+  clientSecret?: string;
+  scopes: string[];
+  redirectPort?: number; // Default: 8742
+}
+
+export interface TokenSet {
+  accessToken: string;
+  refreshToken?: string;
+  expiresAt: number; // Unix timestamp ms
+  tokenType: string;
+  scope?: string;
+}
+
+function getTokenCachePath(serverId: string): string {
+  return join(getConfigDir(), "mcp-tokens", `${serverId}.json`);
+}
+
+/** Load cached tokens for an MCP server */
+export async function loadCachedToken(
+  serverId: string
+): Promise<TokenSet | null> {
+  const path = getTokenCachePath(serverId);
+  if (!existsSync(path)) return null;
+  try {
+    const raw = await readFile(path, "utf-8");
+    const token = JSON.parse(raw) as TokenSet;
+    // If expired and no refresh token, discard
+    if (token.expiresAt && Date.now() > token.expiresAt - 60_000) {
+      if (token.refreshToken) return token; // Can still refresh
+      return null;
+    }
+    return token;
+  } catch {
+    return null;
+  }
+}
+
+/** Save tokens to cache */
+async function saveToken(serverId: string, token: TokenSet): Promise<void> {
+  const dir = join(getConfigDir(), "mcp-tokens");
+  await mkdir(dir, { recursive: true });
+  await writeFile(
+    getTokenCachePath(serverId),
+    JSON.stringify(token, null, 2),
+    { encoding: "utf-8", mode: 0o600 }
+  );
+}
+
+/** Generate PKCE code verifier and challenge (S256) */
+function generatePKCE(): { verifier: string; challenge: string } {
+  const verifier = randomBytes(32).toString("base64url");
+  const challenge = createHash("sha256").update(verifier).digest("base64url");
+  return { verifier, challenge };
+}
+
+/** Refresh an expired token */
+async function refreshAccessToken(
+  config: OAuthConfig,
+  refreshTokenStr: string
+): Promise<TokenSet> {
+  const response = await fetch(config.tokenUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: refreshTokenStr,
+      client_id: config.clientId,
+      ...(config.clientSecret
+        ? { client_secret: config.clientSecret }
+        : {}),
+    }),
+  });
+
+  if (!response.ok) {
+    throw new Error(`Token refresh failed: ${response.status}`);
+  }
+
+  const data = (await response.json()) as Record<string, unknown>;
+  return {
+    accessToken: data.access_token as string,
+    refreshToken:
+      (data.refresh_token as string | undefined) ?? refreshTokenStr,
+    expiresAt:
+      Date.now() + ((data.expires_in as number | undefined) ?? 3600) * 1000,
+    tokenType: (data.token_type as string | undefined) ?? "Bearer",
+    scope: data.scope as string | undefined,
+  };
+}
+
+/**
+ * Run OAuth 2.0 authorization code flow with PKCE.
+ * Opens browser for auth, listens on localhost for redirect.
+ * Returns a valid TokenSet (from cache, refresh, or fresh authorization).
+ */
+export async function authorizeOAuth(
+  serverId: string,
+  config: OAuthConfig
+): Promise<TokenSet> {
+  // 1. Check cache — return immediately if still valid
+  const cached = await loadCachedToken(serverId);
+  if (cached && Date.now() < cached.expiresAt - 60_000) return cached;
+
+  // 2. Try refresh if we have a refresh token
+  if (cached?.refreshToken) {
+    try {
+      const refreshed = await refreshAccessToken(config, cached.refreshToken);
+      await saveToken(serverId, refreshed);
+      return refreshed;
+    } catch {
+      // Refresh failed — fall through to full authorization
+    }
+  }
+
+  // 3. Full authorization code flow with PKCE
+  const port = config.redirectPort ?? 8742;
+  const redirectUri = `http://localhost:${port}/callback`;
+  const { verifier, challenge } = generatePKCE();
+  const state = randomBytes(16).toString("hex");
+
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: config.clientId,
+    redirect_uri: redirectUri,
+    scope: config.scopes.join(" "),
+    state,
+    code_challenge: challenge,
+    code_challenge_method: "S256",
+  });
+  const authUrl = `${config.authorizationUrl}?${params}`;
+
+  // Open browser (platform-aware)
+  const openCmd =
+    process.platform === "darwin"
+      ? "open"
+      : process.platform === "win32"
+        ? "start"
+        : "xdg-open";
+  Bun.spawn([openCmd, authUrl], { stdout: "pipe", stderr: "pipe" });
+
+  console.log(`\n  🔐 Opening browser for authorization...`);
+  console.log(`  If browser doesn't open, visit: ${authUrl}\n`);
+
+  // Listen for the OAuth callback
+  const code = await new Promise<string>((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new Error("OAuth timeout — no callback received within 120s"));
+    }, 120_000);
+
+    const server = createServer((req, res) => {
+      const url = new URL(req.url!, `http://localhost:${port}`);
+
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+
+      const returnedState = url.searchParams.get("state");
+      const returnedCode = url.searchParams.get("code");
+      const error = url.searchParams.get("error");
+
+      if (error) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<h1>Authorization Failed</h1><p>You can close this window.</p>"
+        );
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error(`OAuth error: ${error}`));
+        return;
+      }
+
+      if (returnedState !== state || !returnedCode) {
+        res.writeHead(400);
+        res.end("Invalid state or missing code");
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error("Invalid OAuth state or missing code"));
+        return;
+      }
+
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(
+        "<h1>Authorization Complete</h1><p>You can close this window and return to AshlrCode.</p>"
+      );
+      clearTimeout(timeout);
+      server.close();
+      resolve(returnedCode);
+    });
+
+    server.listen(port);
+  });
+
+  // 4. Exchange authorization code for tokens
+  const tokenResponse = await fetch(config.tokenUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      client_id: config.clientId,
+      ...(config.clientSecret
+        ? { client_secret: config.clientSecret }
+        : {}),
+      code_verifier: verifier,
+    }),
+  });
+
+  if (!tokenResponse.ok) {
+    throw new Error(`Token exchange failed: ${tokenResponse.status}`);
+  }
+
+  const data = (await tokenResponse.json()) as Record<string, unknown>;
+  const token: TokenSet = {
+    accessToken: data.access_token as string,
+    refreshToken: data.refresh_token as string | undefined,
+    expiresAt:
+      Date.now() + ((data.expires_in as number | undefined) ?? 3600) * 1000,
+    tokenType: (data.token_type as string | undefined) ?? "Bearer",
+    scope: data.scope as string | undefined,
+  };
+
+  await saveToken(serverId, token);
+  console.log("  ✓ Authorization successful\n");
+  return token;
+}
+
+/** Revoke / delete cached token for a server */
+export async function revokeToken(serverId: string): Promise<void> {
+  const path = getTokenCachePath(serverId);
+  if (existsSync(path)) {
+    await unlink(path);
+  }
+}

package/src/mcp/types.ts

@@ -0,0 +1,61 @@
+/**
+ * MCP (Model Context Protocol) types — JSON-RPC over stdio.
+ */
+
+export interface MCPServerConfig {
+  command: string;
+  args?: string[];
+  env?: Record<string, string>;
+  oauth?: {
+    authorizationUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    clientSecret?: string;
+    scopes: string[];
+  };
+}
+
+// JSON-RPC 2.0 message types
+export interface JsonRpcRequest {
+  jsonrpc: "2.0";
+  id: number;
+  method: string;
+  params?: Record<string, unknown>;
+}
+
+export interface JsonRpcResponse {
+  jsonrpc: "2.0";
+  id: number;
+  result?: unknown;
+  error?: { code: number; message: string; data?: unknown };
+}
+
+export interface JsonRpcNotification {
+  jsonrpc: "2.0";
+  method: string;
+  params?: Record<string, unknown>;
+}
+
+// MCP-specific types
+export interface MCPToolInfo {
+  name: string;
+  description?: string;
+  inputSchema: Record<string, unknown>;
+}
+
+export interface MCPToolResult {
+  content: Array<{ type: string; text?: string }>;
+  isError?: boolean;
+}
+
+export interface MCPServerCapabilities {
+  tools?: Record<string, unknown>;
+  resources?: Record<string, unknown>;
+  prompts?: Record<string, unknown>;
+}
+
+export interface MCPInitializeResult {
+  protocolVersion: string;
+  capabilities: MCPServerCapabilities;
+  serverInfo: { name: string; version?: string };
+}