mcp-use 0.2.0 → 1.0.0

package/dist/src/oauth-helper.js

@@ -1,427 +0,0 @@
-/**
- * OAuth helper for browser-based MCP authentication
- *
- * This helper provides OAuth 2.0 authorization code flow support for MCP servers
- * that require authentication, such as Linear's MCP server.
- */
-export class OAuthHelper {
-    config;
-    discovery;
-    state;
-    clientRegistration;
-    serverUrl;
-    storageKey;
-    constructor(config) {
-        this.config = config;
-        this.storageKey = `mcp-oauth-${btoa(config.redirectUri)}`;
-        this.state = {
-            isRequired: false,
-            isAuthenticated: false,
-            isAuthenticating: false,
-            isCompletingOAuth: false,
-            authError: null,
-            oauthTokens: null,
-        };
-        // Load persisted client registration
-        this.loadClientRegistration();
-    }
-    /**
-     * Get current OAuth state
-     */
-    getState() {
-        return { ...this.state };
-    }
-    /**
-     * Load client registration from localStorage
-     */
-    loadClientRegistration() {
-        try {
-            const stored = localStorage.getItem(this.storageKey);
-            if (stored) {
-                const data = JSON.parse(stored);
-                this.clientRegistration = data.clientRegistration;
-                this.serverUrl = data.serverUrl;
-                console.log('🔄 [OAuthHelper] Loaded persisted client registration:', {
-                    client_id: this.clientRegistration?.client_id,
-                    server: this.serverUrl,
-                });
-            }
-        }
-        catch (error) {
-            console.warn('⚠️ [OAuthHelper] Failed to load client registration:', error);
-        }
-    }
-    /**
-     * Save client registration to localStorage
-     */
-    saveClientRegistration() {
-        try {
-            const data = {
-                clientRegistration: this.clientRegistration,
-                serverUrl: this.serverUrl,
-            };
-            localStorage.setItem(this.storageKey, JSON.stringify(data));
-            console.log('💾 [OAuthHelper] Saved client registration to localStorage');
-        }
-        catch (error) {
-            console.warn('⚠️ [OAuthHelper] Failed to save client registration:', error);
-        }
-    }
-    /**
-     * Check if a server requires authentication by pinging the URL
-     */
-    async checkAuthRequired(serverUrl) {
-        console.log('🔍 [OAuthHelper] Checking auth requirement for:', serverUrl);
-        try {
-            const response = await fetch(serverUrl, {
-                method: 'GET',
-                headers: {
-                    'Accept': 'text/event-stream',
-                    'Cache-Control': 'no-cache',
-                },
-                redirect: 'manual',
-                signal: AbortSignal.timeout(10000), // 10 second timeout
-            });
-            console.log('🔍 [OAuthHelper] Auth check response:', {
-                status: response.status,
-                statusText: response.statusText,
-                url: serverUrl,
-            });
-            // 401 Unauthorized, 403 Forbidden, or 400 Bad Request means auth is required
-            if (response.status === 401 || response.status === 403 || response.status === 400) {
-                console.log('🔐 [OAuthHelper] Authentication required for:', serverUrl);
-                return true;
-            }
-            // Any other response (200, 404, 500, etc.) means no auth required
-            console.log('✅ [OAuthHelper] No authentication required for:', serverUrl);
-            return false;
-        }
-        catch (error) {
-            console.warn('⚠️ [OAuthHelper] Could not check auth requirement for:', serverUrl, error);
-            // Handle specific error types
-            if (error.name === 'TypeError'
-                && (error.message?.includes('CORS') || error.message?.includes('Failed to fetch'))) {
-                console.log('🔍 [OAuthHelper] CORS blocked direct check, using heuristics for:', serverUrl);
-                return this.checkAuthByHeuristics(serverUrl);
-            }
-            if (error.name === 'AbortError') {
-                console.log('⏰ [OAuthHelper] Request timeout, assuming no auth required for:', serverUrl);
-                return false;
-            }
-            // If we can't reach the server at all, try heuristics
-            return this.checkAuthByHeuristics(serverUrl);
-        }
-    }
-    /**
-     * Fallback heuristics for determining auth requirements when direct checking fails
-     */
-    checkAuthByHeuristics(serverUrl) {
-        console.log('🔍 [OAuthHelper] Using heuristics to determine auth for:', serverUrl);
-        // Known patterns that typically require auth
-        const authRequiredPatterns = [
-            /api\.githubcopilot\.com/i, // GitHub Copilot
-            /api\.github\.com/i, // GitHub API
-            /.*\.googleapis\.com/i, // Google APIs
-            /api\.openai\.com/i, // OpenAI
-            /api\.anthropic\.com/i, // Anthropic
-            /.*\.atlassian\.net/i, // Atlassian (Jira, Confluence)
-            /.*\.slack\.com/i, // Slack
-            /api\.notion\.com/i, // Notion
-            /api\.linear\.app/i, // Linear
-        ];
-        // Known patterns that typically don't require auth (public MCP servers)
-        const noAuthPatterns = [
-            /localhost/i, // Local development
-            /127\.0\.0\.1/, // Local development
-            /\.local/i, // Local development
-            /mcp\..*\.com/i, // Generic MCP server pattern (often public)
-        ];
-        // Check no-auth patterns first
-        for (const pattern of noAuthPatterns) {
-            if (pattern.test(serverUrl)) {
-                console.log('✅ [OAuthHelper] Heuristic: No auth required (matches no-auth pattern):', serverUrl);
-                return false;
-            }
-        }
-        // Check auth-required patterns
-        for (const pattern of authRequiredPatterns) {
-            if (pattern.test(serverUrl)) {
-                console.log('🔐 [OAuthHelper] Heuristic: Auth required (matches auth pattern):', serverUrl);
-                return true;
-            }
-        }
-        // Default: assume no auth required for unknown patterns
-        console.log('❓ [OAuthHelper] Heuristic: Unknown pattern, assuming no auth required:', serverUrl);
-        return false;
-    }
-    /**
-     * Discover OAuth configuration from a server
-     */
-    async discoverOAuthConfig(serverUrl) {
-        try {
-            const discoveryUrl = `${serverUrl}/.well-known/oauth-authorization-server`;
-            const response = await fetch(discoveryUrl);
-            if (!response.ok) {
-                throw new Error(`OAuth discovery failed: ${response.status} ${response.statusText}`);
-            }
-            this.discovery = await response.json();
-            return this.discovery;
-        }
-        catch (error) {
-            throw new Error(`Failed to discover OAuth configuration: ${error}`);
-        }
-    }
-    /**
-     * Register a new OAuth client dynamically
-     */
-    async registerClient(serverUrl) {
-        if (!this.discovery) {
-            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
-        }
-        if (!this.discovery.registration_endpoint) {
-            throw new Error('Server does not support dynamic client registration');
-        }
-        try {
-            const registrationData = {
-                client_name: this.config.clientName || 'MCP Use Example',
-                redirect_uris: [this.config.redirectUri],
-                grant_types: ['authorization_code'],
-                response_types: ['code'],
-                token_endpoint_auth_method: 'none', // Use public client (no secret)
-                scope: this.config.scope || 'read write',
-            };
-            console.log('🔐 [OAuthHelper] Registering OAuth client dynamically:', {
-                registration_endpoint: this.discovery.registration_endpoint,
-                client_name: registrationData.client_name,
-                redirect_uri: this.config.redirectUri,
-            });
-            const response = await fetch(this.discovery.registration_endpoint, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify(registrationData),
-            });
-            if (!response.ok) {
-                const errorText = await response.text();
-                throw new Error(`Client registration failed: ${response.status} ${response.statusText} - ${errorText}`);
-            }
-            this.clientRegistration = await response.json();
-            this.serverUrl = serverUrl;
-            this.saveClientRegistration();
-            console.log('✅ [OAuthHelper] Client registered successfully:', {
-                client_id: this.clientRegistration.client_id,
-                client_secret: this.clientRegistration.client_secret ? '***' : 'none',
-            });
-            return this.clientRegistration;
-        }
-        catch (error) {
-            console.error('❌ [OAuthHelper] Client registration failed:', error);
-            throw new Error(`Failed to register OAuth client: ${error}`);
-        }
-    }
-    /**
-     * Generate authorization URL for OAuth flow
-     */
-    generateAuthUrl(serverUrl, additionalParams) {
-        if (!this.discovery) {
-            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
-        }
-        if (!this.clientRegistration) {
-            throw new Error('Client not registered. Call registerClient first.');
-        }
-        const params = new URLSearchParams({
-            client_id: this.clientRegistration.client_id,
-            redirect_uri: this.config.redirectUri,
-            response_type: 'code',
-            scope: this.config.scope || 'read',
-            state: this.config.state || this.generateState(),
-            ...additionalParams,
-        });
-        return `${this.discovery.authorization_endpoint}?${params.toString()}`;
-    }
-    /**
-     * Exchange authorization code for access token
-     */
-    async exchangeCodeForToken(serverUrl, code, codeVerifier) {
-        if (!this.discovery) {
-            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
-        }
-        if (!this.clientRegistration) {
-            throw new Error('Client not registered. Call registerClient first.');
-        }
-        const body = new URLSearchParams({
-            grant_type: 'authorization_code',
-            client_id: this.clientRegistration.client_id,
-            code,
-            redirect_uri: this.config.redirectUri,
-        });
-        if (codeVerifier) {
-            body.append('code_verifier', codeVerifier);
-        }
-        const response = await fetch(this.discovery.token_endpoint, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/x-www-form-urlencoded',
-            },
-            body: body.toString(),
-        });
-        if (!response.ok) {
-            const error = await response.text();
-            throw new Error(`Token exchange failed: ${response.status} ${response.statusText} - ${error}`);
-        }
-        return await response.json();
-    }
-    /**
-     * Handle OAuth callback and extract authorization code
-     */
-    handleCallback() {
-        const urlParams = new URLSearchParams(window.location.search);
-        const code = urlParams.get('code');
-        const state = urlParams.get('state');
-        if (!code || !state) {
-            return null;
-        }
-        // Clean up URL
-        const url = new URL(window.location.href);
-        url.searchParams.delete('code');
-        url.searchParams.delete('state');
-        window.history.replaceState({}, '', url.toString());
-        return { code, state };
-    }
-    /**
-     * Start OAuth flow by opening popup window (similar to your implementation)
-     */
-    async startOAuthFlow(serverUrl) {
-        this.setState({
-            isAuthenticating: true,
-            authError: null,
-        });
-        try {
-            // Step 1: Discover OAuth configuration
-            await this.discoverOAuthConfig(serverUrl);
-            // Step 2: Register client dynamically (if not already registered)
-            if (!this.clientRegistration) {
-                await this.registerClient(serverUrl);
-            }
-            // Step 3: Generate authorization URL
-            const authUrl = this.generateAuthUrl(serverUrl);
-            // Step 4: Open popup window for authentication
-            const authWindow = window.open(authUrl, 'mcp-oauth', 'width=500,height=600,scrollbars=yes,resizable=yes,status=yes,location=yes');
-            if (!authWindow) {
-                throw new Error('Failed to open authentication window. Please allow popups for this site and try again.');
-            }
-            console.log('✅ [OAuthHelper] OAuth popup opened successfully');
-        }
-        catch (error) {
-            console.error('❌ [OAuthHelper] Failed to start OAuth flow:', error);
-            this.setState({
-                isAuthenticating: false,
-                authError: error instanceof Error ? error.message : 'Failed to start authentication',
-            });
-            throw error;
-        }
-    }
-    /**
-     * Complete OAuth flow by exchanging code for token
-     */
-    async completeOAuthFlow(serverUrl, code) {
-        this.setState({
-            isCompletingOAuth: true,
-            authError: null,
-        });
-        try {
-            // If we don't have discovery data, re-discover it
-            if (!this.discovery) {
-                console.log('🔍 [OAuthHelper] Re-discovering OAuth configuration for callback');
-                await this.discoverOAuthConfig(serverUrl);
-            }
-            // Only re-register if we don't have a client registration for this server
-            if (!this.clientRegistration || this.serverUrl !== serverUrl) {
-                console.log('🔐 [OAuthHelper] Re-registering client for callback');
-                await this.registerClient(serverUrl);
-            }
-            else {
-                console.log('🔄 [OAuthHelper] Using existing client registration for callback');
-            }
-            const tokenResponse = await this.exchangeCodeForToken(serverUrl, code);
-            this.setState({
-                isAuthenticating: false,
-                isAuthenticated: true,
-                isCompletingOAuth: false,
-                authError: null,
-                oauthTokens: tokenResponse,
-            });
-            console.log('✅ [OAuthHelper] OAuth flow completed successfully');
-            return tokenResponse;
-        }
-        catch (error) {
-            console.error('❌ [OAuthHelper] Failed to complete OAuth flow:', error);
-            this.setState({
-                isAuthenticating: false,
-                isCompletingOAuth: false,
-                authError: error instanceof Error ? error.message : 'Failed to complete authentication',
-            });
-            throw error;
-        }
-    }
-    /**
-     * Reset authentication state
-     */
-    resetAuth() {
-        this.setState({
-            isRequired: false,
-            isAuthenticated: false,
-            isAuthenticating: false,
-            isCompletingOAuth: false,
-            authError: null,
-            oauthTokens: null,
-        });
-        // Clear stored client registration
-        this.clientRegistration = undefined;
-        this.serverUrl = undefined;
-        try {
-            localStorage.removeItem(this.storageKey);
-            console.log('🗑️ [OAuthHelper] Cleared stored client registration');
-        }
-        catch (error) {
-            console.warn('⚠️ [OAuthHelper] Failed to clear client registration:', error);
-        }
-    }
-    /**
-     * Set OAuth state (internal method)
-     */
-    setState(newState) {
-        this.state = { ...this.state, ...newState };
-    }
-    /**
-     * Generate a random state parameter for CSRF protection
-     */
-    generateState() {
-        return Math.random().toString(36).substring(2, 15)
-            + Math.random().toString(36).substring(2, 15);
-    }
-}
-/**
- * Linear-specific OAuth configuration
- */
-export const LINEAR_OAUTH_CONFIG = {
-    // No clientId needed - will use dynamic client registration
-    redirectUri: typeof window !== 'undefined' ? window.location.origin + window.location.pathname : 'http://localhost:5174',
-    scope: 'read write',
-    clientName: 'MCP Use Example',
-};
-/**
- * Helper function to create OAuth-enabled MCP configuration
- */
-export function createOAuthMCPConfig(serverUrl, accessToken) {
-    return {
-        mcpServers: {
-            linear: {
-                url: serverUrl,
-                authToken: accessToken,
-                transport: 'sse',
-            },
-        },
-    };
-}

package/dist/src/observability/index.js

@@ -1,12 +0,0 @@
-/**
- * Observability module for MCP-use.
- *
- * This module provides centralized observability management for LangChain agents,
- * supporting multiple platforms like Langfuse and Laminar.
- */
-// Import observability providers - order matters for initialization
-import './langfuse.js';
-// Re-export individual handlers for direct usage if needed
-export { langfuseClient, langfuseHandler, langfuseInitPromise, } from './langfuse.js';
-// Export the manager and its utilities
-export { createManager, getDefaultManager, ObservabilityManager, } from './manager.js';

package/dist/src/observability/langfuse.js

@@ -1,211 +0,0 @@
-/**
- * Langfuse observability integration for MCP-use.
- *
- * This module provides automatic instrumentation and callback handler
- * for Langfuse observability platform.
- */
-import { config } from 'dotenv';
-import { logger } from '../logging.js';
-config();
-// Check if Langfuse is disabled via environment variable
-const langfuseDisabled = process.env.MCP_USE_LANGFUSE?.toLowerCase() === 'false';
-// Initialize variables - using const with object to avoid linter issues with mutable exports
-const langfuseState = {
-    handler: null,
-    client: null,
-    initPromise: null,
-};
-async function initializeLangfuse(agentId, metadata, metadataProvider, tagsProvider) {
-    try {
-        // Dynamically import to avoid errors if package not installed
-        const langfuseModule = await import('langfuse-langchain').catch(() => null);
-        if (!langfuseModule) {
-            logger.debug('Langfuse package not installed - tracing disabled. Install with: npm install langfuse-langchain');
-            return;
-        }
-        const { CallbackHandler } = langfuseModule;
-        // Create a custom CallbackHandler wrapper to add logging and custom metadata
-        class LoggingCallbackHandler extends CallbackHandler {
-            agentId;
-            metadata;
-            metadataProvider;
-            tagsProvider;
-            verbose;
-            constructor(config, agentId, metadata, metadataProvider, tagsProvider) {
-                super(config);
-                this.agentId = agentId;
-                this.metadata = metadata;
-                this.metadataProvider = metadataProvider;
-                this.tagsProvider = tagsProvider;
-                this.verbose = config?.verbose ?? false;
-            }
-            // Override to add custom metadata to traces
-            async handleChainStart(chain, inputs, runId, parentRunId, tags, metadata, name, kwargs) {
-                logger.debug('Langfuse: Chain start intercepted');
-                // Add custom tags and metadata
-                const customTags = this.getCustomTags();
-                const metadataToAdd = this.getMetadata();
-                // Merge with existing tags and metadata
-                const enhancedTags = [...(tags || []), ...customTags];
-                const enhancedMetadata = { ...(metadata || {}), ...metadataToAdd };
-                if (this.verbose) {
-                    logger.debug(`Langfuse: Chain start with custom tags: ${JSON.stringify(enhancedTags)}`);
-                    logger.debug(`Langfuse: Chain start with metadata: ${JSON.stringify(enhancedMetadata)}`);
-                }
-                return super.handleChainStart(chain, inputs, runId, parentRunId, enhancedTags, enhancedMetadata, name, kwargs);
-            }
-            // Get custom tags based on environment and agent configuration
-            getCustomTags() {
-                const tags = [];
-                // Add environment tag
-                const env = this.getEnvironmentTag();
-                if (env) {
-                    tags.push(`env:${env}`);
-                }
-                // Add agent ID tag if available
-                if (this.agentId) {
-                    tags.push(`agent_id:${this.agentId}`);
-                }
-                // Add tags from provider if available
-                if (this.tagsProvider) {
-                    const providerTags = this.tagsProvider();
-                    if (providerTags && providerTags.length > 0) {
-                        tags.push(...providerTags);
-                    }
-                }
-                return tags;
-            }
-            // Get metadata
-            getMetadata() {
-                const metadata = {};
-                // Add environment metadata
-                const env = this.getEnvironmentTag();
-                if (env) {
-                    metadata.env = env;
-                }
-                // Add agent ID metadata if available
-                if (this.agentId) {
-                    metadata.agent_id = this.agentId;
-                }
-                // Add static metadata if provided
-                if (this.metadata) {
-                    Object.assign(metadata, this.metadata);
-                }
-                // Add dynamic metadata from provider if available
-                if (this.metadataProvider) {
-                    const dynamicMetadata = this.metadataProvider();
-                    if (dynamicMetadata) {
-                        Object.assign(metadata, dynamicMetadata);
-                    }
-                }
-                return metadata;
-            }
-            // Determine environment tag based on MCP_USE_AGENT_ENV
-            getEnvironmentTag() {
-                const agentEnv = process.env.MCP_USE_AGENT_ENV;
-                if (!agentEnv) {
-                    // Default to 'unknown' if environment is not explicitly set
-                    return 'unknown';
-                }
-                const envLower = agentEnv.toLowerCase();
-                if (envLower === 'local' || envLower === 'development') {
-                    return 'local';
-                }
-                else if (envLower === 'production' || envLower === 'prod') {
-                    return 'production';
-                }
-                else if (envLower === 'staging' || envLower === 'stage') {
-                    return 'staging';
-                }
-                else if (envLower === 'hosted' || envLower === 'cloud') {
-                    return 'hosted';
-                }
-                // For any other values, use the value as-is but sanitized
-                return envLower.replace(/[^a-z0-9_-]/g, '_');
-            }
-            async handleLLMStart(...args) {
-                logger.debug('Langfuse: LLM start intercepted');
-                if (this.verbose) {
-                    logger.debug(`Langfuse: LLM start args: ${JSON.stringify(args)}`);
-                }
-                return super.handleLLMStart(...args);
-            }
-            async handleToolStart(...args) {
-                logger.debug('Langfuse: Tool start intercepted');
-                if (this.verbose) {
-                    logger.debug(`Langfuse: Tool start args: ${JSON.stringify(args)}`);
-                }
-                return super.handleToolStart(...args);
-            }
-            async handleRetrieverStart(...args) {
-                logger.debug('Langfuse: Retriever start intercepted');
-                if (this.verbose) {
-                    logger.debug(`Langfuse: Retriever start args: ${JSON.stringify(args)}`);
-                }
-                return super.handleRetrieverStart(...args);
-            }
-            async handleAgentAction(...args) {
-                logger.debug('Langfuse: Agent action intercepted');
-                if (this.verbose) {
-                    logger.debug(`Langfuse: Agent action args: ${JSON.stringify(args)}`);
-                }
-                return super.handleAgentAction(...args);
-            }
-            async handleAgentEnd(...args) {
-                logger.debug('Langfuse: Agent end intercepted');
-                if (this.verbose) {
-                    logger.debug(`Langfuse: Agent end args: ${JSON.stringify(args)}`);
-                }
-                return super.handleAgentEnd(...args);
-            }
-        }
-        // Create the handler with configuration
-        const config = {
-            publicKey: process.env.LANGFUSE_PUBLIC_KEY,
-            secretKey: process.env.LANGFUSE_SECRET_KEY,
-            baseUrl: process.env.LANGFUSE_HOST || process.env.LANGFUSE_BASEURL || 'https://cloud.langfuse.com',
-            flushAt: Number.parseInt(process.env.LANGFUSE_FLUSH_AT || '15'),
-            flushInterval: Number.parseInt(process.env.LANGFUSE_FLUSH_INTERVAL || '10000'),
-            release: process.env.LANGFUSE_RELEASE,
-            requestTimeout: Number.parseInt(process.env.LANGFUSE_REQUEST_TIMEOUT || '10000'),
-            enabled: process.env.LANGFUSE_ENABLED !== 'false',
-        };
-        langfuseState.handler = new LoggingCallbackHandler(config, agentId, metadata, metadataProvider, tagsProvider);
-        logger.debug('Langfuse observability initialized successfully with logging enabled');
-        // Also initialize the client for direct usage if needed
-        try {
-            const langfuseCore = await import('langfuse').catch(() => null);
-            if (langfuseCore) {
-                const { Langfuse } = langfuseCore;
-                langfuseState.client = new Langfuse({
-                    publicKey: process.env.LANGFUSE_PUBLIC_KEY,
-                    secretKey: process.env.LANGFUSE_SECRET_KEY,
-                    baseUrl: process.env.LANGFUSE_HOST || 'https://cloud.langfuse.com',
-                });
-                logger.debug('Langfuse client initialized');
-            }
-        }
-        catch (error) {
-            logger.debug(`Langfuse client initialization failed: ${error}`);
-        }
-    }
-    catch (error) {
-        logger.debug(`Langfuse initialization error: ${error}`);
-    }
-}
-// Only initialize if not disabled and required keys are present
-if (langfuseDisabled) {
-    logger.debug('Langfuse tracing disabled via MCP_USE_LANGFUSE environment variable');
-}
-else if (!process.env.LANGFUSE_PUBLIC_KEY || !process.env.LANGFUSE_SECRET_KEY) {
-    logger.debug('Langfuse API keys not found - tracing disabled. Set LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY to enable');
-}
-else {
-    // Create initialization promise to ensure handlers are ready when needed
-    langfuseState.initPromise = initializeLangfuse();
-}
-// Export getters to access the state
-export const langfuseHandler = () => langfuseState.handler;
-export const langfuseClient = () => langfuseState.client;
-export const langfuseInitPromise = () => langfuseState.initPromise;
-export { initializeLangfuse };