aui-agent-builder 0.3.159 → 0.3.160

package/dist/commands/integration.js

@@ -25,142 +25,21 @@ import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
  * `--json` implies non-interactive and emits machine-readable output via
  * `outputJson` / `outputJsonError`.
  *
- * Composio (native) settings: `settings.composio.user_id` is the agent's
- * `network_id` (per backend `ComposioIntegrationSchema` →
- * `IntegrationMCPSettings`), so each agent owns its own Composio user
- * namespace. The MCP server is provisioned once on create; its caller-
- * stable id is persisted at `settings.composio.server_id` and the
- * provisioned HTTP URL is persisted at `settings.server_url` so the
- * runtime can hit the MCP endpoint without round-tripping Composio.
+ * Composio (native) settings: `settings.user_id` is the agent's `network_id`
+ * (per MCP_SCHEMA_CHANGES → IntegrationComposioMCPSettingsView), so each
+ * agent owns its own Composio user namespace.
  */
 import { readFileSync } from "fs";
 import { render, Box, Text } from "ink";
 import inquirer from "inquirer";
 import chalk from "chalk";
-import { getAuthenticatedSession, discoverMCPTools, discoverComposioTools, saveIntegration as saveIntegrationSvc, resolveScopeIds, resolveNetworkCategoryId, listComposioToolkits, connectComposioToolkit, waitForComposioConnection, resetComposioClient, fetchComposioApiKey, getComposioToolkitAuthInfo, getComposioServerUrl, buildAuthFromFlags, parseTransportType, } from "../services/integration.service.js";
+import { getAuthenticatedSession, discoverMCPTools, discoverComposioTools, saveIntegration as saveIntegrationSvc, resolveScopeIds, resolveNetworkCategoryId, listComposioToolkits, connectComposioToolkit, waitForComposioConnection, resetComposioClient, fetchComposioApiKey, getComposioToolkitAuthInfo, } from "../services/integration.service.js";
 import { MCPToolList, IntegrationCreatedView, NativeIntegrationCreatedView, } from "../ui/views/IntegrationView.js";
 import { Header, Spinner, StatusLine, ErrorDisplay, } from "../ui/components/index.js";
 import { AUIClient } from "../api-client/index.js";
 import { getConfig, loadProjectConfig, loadSession, saveSession, } from "../config/index.js";
 import { isJsonMode, outputJson, outputJsonError, stderrLog } from "../utils/json-output.js";
 import open from "open";
-// NOTE: `buildAuthFromFlags`, `parseTransportType`, and `MCPAuthFlags`
-// live in `../services/integration.service.ts` so all MCP commands
-// (`create`, `discover`, `mcp-test`) share one parser → one canonical
-// `MCPAuthentication` shape. See the JSDoc on `buildAuthFromFlags` for
-// the legacy `token` alias, the `bearer_token` header default, and the
-// `oauth_client_credentials` flag-set.
-// ─── Shared interactive DIRECT MCP auth prompt ───
-/**
- * Inquirer-driven picker for DIRECT MCP authentication. Covers the full
- * canonical `MCPAuthenticationType` surface — `none`, `bearer_token`,
- * `api_key`, `oauth_client_credentials` — and returns the canonical
- * shape so callers can pass it straight to `discoverMCPTools`,
- * `saveIntegration`, or the Apollo MCP-test endpoint without reshaping.
- *
- * Exported so `integration-mcp-test.tsx` can share the same prompt UX
- * (single source of truth for what auth modes the CLI surfaces). The
- * legacy `--auth-type token` alias is NOT offered here on purpose —
- * interactive users get the canonical names; only flag invocations keep
- * the alias for backwards compat.
- */
-export async function promptDirectMCPAuth() {
-    const { authMethod } = await inquirer.prompt([
-        {
-            type: "list",
-            name: "authMethod",
-            message: "Authentication method:",
-            choices: [
-                { name: "None", value: "none" },
-                { name: "Bearer token", value: "bearer_token" },
-                { name: "API key (custom header)", value: "api_key" },
-                { name: "OAuth client credentials", value: "oauth_client_credentials" },
-            ],
-        },
-    ]);
-    if (authMethod === "none")
-        return { type: "none" };
-    if (authMethod === "bearer_token") {
-        const { token } = await inquirer.prompt([
-            {
-                type: "password",
-                name: "token",
-                message: "Bearer token:",
-                mask: "*",
-                validate: (v) => v.trim().length > 0 || "Token is required",
-            },
-        ]);
-        return {
-            type: "bearer_token",
-            value: token.trim(),
-        };
-    }
-    if (authMethod === "api_key") {
-        const { headerName, apiKey } = await inquirer.prompt([
-            {
-                type: "input",
-                name: "headerName",
-                message: "Header name (e.g. X-API-Key):",
-                validate: (v) => v.trim().length > 0 || "Header name is required",
-            },
-            {
-                type: "password",
-                name: "apiKey",
-                message: "API key value:",
-                mask: "*",
-                validate: (v) => v.trim().length > 0 || "API key is required",
-            },
-        ]);
-        return {
-            type: "api_key",
-            value: apiKey.trim(),
-            header_name: headerName.trim(),
-        };
-    }
-    // oauth_client_credentials — collect the token-endpoint + client credentials.
-    const { url, clientId, clientSecret } = await inquirer.prompt([
-        {
-            type: "input",
-            name: "url",
-            message: "OAuth token endpoint URL:",
-            validate: (v) => {
-                const t = v.trim();
-                if (!t)
-                    return "URL is required";
-                try {
-                    new URL(t);
-                    return true;
-                }
-                catch {
-                    return "Must be a valid URL";
-                }
-            },
-        },
-        {
-            type: "input",
-            name: "clientId",
-            message: "OAuth client ID:",
-            validate: (v) => v.trim().length > 0 || "Client ID is required",
-        },
-        {
-            type: "password",
-            name: "clientSecret",
-            message: "OAuth client secret:",
-            mask: "*",
-            validate: (v) => v.trim().length > 0 || "Client secret is required",
-        },
-    ]);
-    return {
-        type: "oauth_client_credentials",
-        oauth_client_credentials: {
-            url: url.trim(),
-            method: "POST",
-            client_id: clientId.trim(),
-            client_secret: clientSecret.trim(),
-            grant_type: "client_credentials",
-        },
-    };
-}
 // ─── BYO Credentials File Loader ───
 function loadCredentialsFile(filePath) {
     let raw;
@@ -512,17 +391,10 @@ export async function integration(_options = {}) {
 export async function integrationDiscover(options = {}) {
     const session = await getAuthenticatedSession();
     let serverUrl = options.url || "";
-    // Canonical MCPAuthentication shape — built once in the command layer
-    // via the shared service-layer helper and passed straight through to
-    // discoverMCPTools (no per-callee reshaping). Handles the canonical
-    // surface declared by the backend `MCPAuthentication` schema:
-    // none | bearer_token | api_key | oauth_client_credentials
-    // (plus the CLI-only `--auth-type token` alias, collapsed to
-    // bearer_token inside buildAuthFromFlags before any wire emission).
-    let auth = buildAuthFromFlags(options);
-    // Validate --transport-type up-front (throws on a bad value). undefined
-    // means "let the service apply the schema default of STREAMABLE_HTTP".
-    const transportType = parseTransportType(options.transportType);
+    let auth = { type: "none" };
+    if (options.authType === "token" && options.authToken) {
+        auth = { type: "token", token: options.authToken };
+    }
     // Resolve scope
     const scope = resolveScopeIds(session, {
         organizationId: options.organizationId,
@@ -555,13 +427,28 @@ export async function integrationDiscover(options = {}) {
             },
         ]);
         serverUrl = answers.url.trim();
-        // Interactive auth picker covers the full canonical surface so users
-        // can discover against any MCP server they would also `create` /
-        // `mcp-test` against. The prompt only runs when the user didn't pass
-        // --auth-type (so flag-driven invocations short-circuit and use the
-        // value we already parsed via buildAuthFromFlags).
-        if (!options.authType) {
-            auth = await promptDirectMCPAuth();
+        const { authMethod } = await inquirer.prompt([
+            {
+                type: "list",
+                name: "authMethod",
+                message: "Authentication method:",
+                choices: [
+                    { name: "None", value: "none" },
+                    { name: "Token", value: "token" },
+                ],
+            },
+        ]);
+        if (authMethod === "token") {
+            const { token } = await inquirer.prompt([
+                {
+                    type: "password",
+                    name: "token",
+                    message: "Authentication token:",
+                    mask: "*",
+                    validate: (input) => input.trim().length > 0 || "Token is required",
+                },
+            ]);
+            auth = { type: "token", token: token.trim() };
         }
     }
     if (isJsonMode()) {
@@ -571,7 +458,7 @@ export async function integrationDiscover(options = {}) {
         ? null
         : startSpinner("Discovering tools from MCP server...");
     try {
-        const result = await discoverMCPTools(session, serverUrl, scope, auth, transportType);
+        const result = await discoverMCPTools(session, serverUrl, scope, auth);
         if (isJsonMode()) {
             outputJson({
                 server_url: serverUrl,
@@ -701,15 +588,10 @@ async function manualIntegrationFlow(session, options, target) {
     let integrationName = options.name || "";
     let description = options.description || "";
     let serverUrl = options.url || "";
-    // Canonical MCPAuthentication shape — see the discover call site above
-    // for the shape rationale; buildAuthFromFlags centralises the parsing.
-    let auth = buildAuthFromFlags(options);
-    // Validate --transport-type up-front so a bad value fails before the
-    // discover spinner. undefined → let the service apply the schema
-    // default (STREAMABLE_HTTP). We reuse the parsed value for BOTH the
-    // discover call below and the save request further down so the same
-    // transport is exercised end-to-end.
-    const transportType = parseTransportType(options.transportType);
+    let auth = { type: "none" };
+    if (options.authType === "token" && options.authToken) {
+        auth = { type: "token", token: options.authToken };
+    }
     // ── Name & Description ──
     if (!integrationName) {
         if (noPrompt) {
@@ -780,15 +662,30 @@ async function manualIntegrationFlow(session, options, target) {
         serverUrl = urlAnswer.url.trim();
     }
     // ── Authentication ──
-    //
-    // Interactive picker only runs when the caller didn't pass --auth-type
-    // — flag invocations short-circuit and use the canonical shape we
-    // already built above. The picker covers the full canonical surface
-    // (bearer_token / api_key / oauth_client_credentials / none) via the
-    // shared `promptDirectMCPAuth` helper, so DIRECT integrations created
-    // interactively are no longer limited to the legacy `token` choice.
     if (!options.authType && !isNonInteractive && !noPrompt) {
-        auth = await promptDirectMCPAuth();
+        const { authMethod } = await inquirer.prompt([
+            {
+                type: "list",
+                name: "authMethod",
+                message: "Authentication method:",
+                choices: [
+                    { name: "None", value: "none" },
+                    { name: "Token", value: "token" },
+                ],
+            },
+        ]);
+        if (authMethod === "token") {
+            const { token } = await inquirer.prompt([
+                {
+                    type: "password",
+                    name: "token",
+                    message: "Authentication token:",
+                    mask: "*",
+                    validate: (input) => input.trim().length > 0 || "Token is required",
+                },
+            ]);
+            auth = { type: "token", token: token.trim() };
+        }
     }
     // ── Discover Tools ──
     if (isJsonMode()) {
@@ -799,7 +696,7 @@ async function manualIntegrationFlow(session, options, target) {
         : startSpinner("Discovering tools from MCP server...");
     let discoveredTools;
     try {
-        const result = await discoverMCPTools(session, serverUrl, scope, auth, transportType);
+        const result = await discoverMCPTools(session, serverUrl, scope, auth);
         discoveredTools = result.tools;
         if (discoveredTools.length === 0) {
             if (isJsonMode()) {
@@ -893,17 +790,13 @@ async function manualIntegrationFlow(session, options, target) {
         stderrLog("Creating integration...");
     }
     const saveSpinner = isJsonMode() ? null : startSpinner("Creating integration...");
-    // `transportType` was parsed at the top of this flow so the discovery
-    // call exercised the same transport the save body will carry.
     const request = {
-        type: "DIRECT",
         name: integrationName,
         display_name: integrationName,
         description,
         server_url: serverUrl,
         authentication: auth,
         tool_names: selectedToolNames,
-        ...(transportType ? { transport_type: transportType } : {}),
     };
     try {
         const result = await saveIntegrationSvc(session, request, scope);
@@ -1328,8 +1221,8 @@ async function nativeIntegrationFlow(session, options, target) {
     // ── Step 6: Connect Toolkit ──
     // The Composio user namespace is scoped to the agent's network_id so every
     // agent maintains its own isolated connection set. This is the same value
-    // persisted as `settings.composio.user_id` on the resulting integration
-    // (per backend `ComposioIntegrationSchema.user_id`).
+    // persisted as `settings.user_id` on the resulting integration
+    // (per MCP_SCHEMA_CHANGES: IntegrationComposioMCPSettingsView.user_id).
     const composioUserId = scope.networkId;
     if (isJsonMode()) {
         stderrLog("Connecting toolkit...");
@@ -1560,81 +1453,25 @@ async function nativeIntegrationFlow(session, options, target) {
             return;
         }
     }
-    // ── Step 11: Provision Composio MCP Server (URL + stable server_id) ──
-    //
-    // The integration record stores both values so downstream consumers
-    // (mcp-test, agent runtime, BFF) can hit the MCP endpoint directly
-    // and so subsequent runs reuse the same server instead of minting a
-    // fresh one. `--server-id` lets callers pin a stable name across
-    // invocations; when omitted, a 30-char UUID prefix is generated by
-    // `getComposioServerUrl` (matching the backend convention).
-    if (isJsonMode()) {
-        stderrLog(`Provisioning Composio MCP server for ${toolkitSlug}...`);
-    }
-    const provisionSpinner = isJsonMode()
-        ? null
-        : startSpinner(`Provisioning MCP server for ${toolkitSlug}...`);
-    let mcpServerUrl;
-    let mcpServerId;
-    try {
-        const provisioned = await getComposioServerUrl(apiKey, {
-            composioUserId,
-            toolkit: toolkitSlug,
-            allowedTools: selectedToolNames,
-            serverId: options.serverId,
-        });
-        mcpServerUrl = provisioned.url;
-        mcpServerId = provisioned.serverId;
-        provisionSpinner?.succeed(`MCP server ready (${mcpServerId})`);
-    }
-    catch (error) {
-        provisionSpinner?.fail("Failed to provision MCP server");
-        if (isJsonMode()) {
-            outputJsonError({
-                code: "API_CLIENT_ERROR",
-                message: `Failed to provision Composio MCP server: ${error instanceof Error ? error.message : String(error)}`,
-            });
-        }
-        else {
-            log(_jsx(ErrorDisplay, { error: error, message: "Failed to provision Composio MCP server.", suggestion: "Re-run with AUI_DEBUG=1 to see the underlying Composio API call." }));
-        }
-        resetComposioClient();
-        return;
-    }
-    // ── Step 12: Save Integration ──
+    // ── Step 11: Save Integration ──
     if (isJsonMode()) {
         stderrLog("Creating integration...");
     }
     const saveSpinner = isJsonMode()
         ? null
         : startSpinner("Creating integration...");
-    // Build the COMPOSIO save body per `IntegrationMCPSettings`:
-    //   - the discriminated union forbids the DIRECT-only `authentication`
-    //     field here at compile time;
-    //   - `server_id` lives inside `composio` (per `ComposioIntegrationSchema`);
-    //   - `server_url` is sent in TWO places so consumers don't have to
-    //     coordinate: at the top level (`settings.server_url`, per
-    //     `IntegrationMCPSettings`) AND inside `composio` (alongside
-    //     `server_id`, so the nested payload is self-contained);
-    //   - `transport_type` is optional — when omitted the service defaults
-    //     it to STREAMABLE_HTTP, which is the only transport Composio MCP
-    //     servers currently support. `--transport-type SSE` is accepted for
-    //     parity with the canonical schema / manual flow.
-    const nativeTransportType = parseTransportType(options.transportType);
     const request = {
-        type: "COMPOSIO",
         name: integrationName,
         display_name: integrationName,
         description,
-        server_url: mcpServerUrl,
+        server_url: "",
+        authentication: { type: "none" },
+        tool_names: selectedToolNames,
         composio: {
             user_id: scope.networkId,
             toolkits: [toolkitSlug],
             tool_names: selectedToolNames,
-            server_id: mcpServerId,
-            server_url: mcpServerUrl,
         },
-        ...(nativeTransportType ? { transport_type: nativeTransportType } : {}),
     };
     try {
         const result = await saveIntegrationSvc(session, request, scope);
@@ -1656,8 +1493,6 @@ async function nativeIntegrationFlow(session, options, target) {
                     toolkit: toolkitSlug,
                     tool_names: selectedToolNames,
                     tool_count: selectedToolNames.length,
-                    server_url: mcpServerUrl,
-                    server_id: mcpServerId,
                     scope: {
                         organization_id: scope.organizationId,
                         account_id: scope.accountId,
@@ -1672,7 +1507,7 @@ async function nativeIntegrationFlow(session, options, target) {
             return;
         }
         saveSpinner?.succeed("Integration created");
-        log(_jsx(NativeIntegrationCreatedView, { name: integrationName, toolkitSlug: toolkitSlug, toolCount: selectedToolNames.length, toolNames: selectedToolNames, serverUrl: mcpServerUrl, serverId: mcpServerId }));
+        log(_jsx(NativeIntegrationCreatedView, { name: integrationName, toolkitSlug: toolkitSlug, toolCount: selectedToolNames.length, toolNames: selectedToolNames }));
     }
     catch (error) {
         if (isJsonMode()) {