morpheus-cli 0.9.33 → 0.9.40

package/dist/runtime/oauth/manager.js

@@ -0,0 +1,218 @@
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { DynamicStructuredTool } from '@langchain/core/tools';
+import { OAuthStore } from './store.js';
+import { MorpheusOAuthProvider } from './provider.js';
+import { DisplayManager } from '../display.js';
+const display = DisplayManager.getInstance();
+/**
+ * OAuthManager — singleton coordinating OAuth 2 flows for HTTP MCP servers.
+ *
+ * Responsibilities:
+ * - Creates MorpheusOAuthProvider per server
+ * - Tracks pending transports awaiting user authorization (auth_code flow)
+ * - Handles callback (finishAuth) after user authorizes
+ * - Provides status of all OAuth MCP servers
+ */
+export class OAuthManager {
+    static instance = null;
+    store;
+    pending = new Map();
+    redirectUri;
+    notifyFn = null;
+    constructor(port) {
+        this.store = OAuthStore.getInstance();
+        this.redirectUri = `http://localhost:${port}/api/oauth/callback`;
+    }
+    static getInstance(port) {
+        if (!OAuthManager.instance) {
+            if (!port)
+                throw new Error('OAuthManager.getInstance() requires port on first call');
+            OAuthManager.instance = new OAuthManager(port);
+        }
+        return OAuthManager.instance;
+    }
+    static resetInstance() {
+        OAuthManager.instance = null;
+    }
+    /** Set the notification function (called when user needs to authorize) */
+    setNotifyFn(fn) {
+        this.notifyFn = fn;
+    }
+    getRedirectUri() {
+        return this.redirectUri;
+    }
+    // ── Connection ────────────────────────────────────────
+    /**
+     * Attempt to connect to an HTTP MCP server with OAuth support.
+     * Returns loaded tools if successful, or empty array if auth is pending.
+     */
+    async connectHttpMcp(serverName, serverUrl, oauth2Config, extraHeaders) {
+        const provider = new MorpheusOAuthProvider(serverName, this.store, async (url) => {
+            display.log(`MCP '${serverName}' requires OAuth authorization`, {
+                level: 'info',
+                source: 'OAuth',
+                meta: { url: url.toString() },
+            });
+            if (this.notifyFn) {
+                await this.notifyFn(serverName, url);
+            }
+        }, this.redirectUri, oauth2Config?.scope, oauth2Config?.client_id, oauth2Config?.client_secret, oauth2Config?.grant_type);
+        const transportUrl = new URL(serverUrl);
+        const transport = new StreamableHTTPClientTransport(transportUrl, {
+            authProvider: provider,
+            requestInit: extraHeaders ? { headers: extraHeaders } : undefined,
+        });
+        try {
+            const client = new Client({ name: `morpheus-${serverName}`, version: '1.0.0' });
+            await client.connect(transport);
+            // Connection succeeded — extract tools
+            const { tools: toolDefs } = await client.listTools();
+            const tools = toolDefs.map((td) => this.mcpToolToStructuredTool(serverName, td, client));
+            display.log(`OAuth MCP '${serverName}': loaded ${tools.length} tools`, {
+                level: 'info',
+                source: 'OAuth',
+            });
+            return { tools, authPending: false };
+        }
+        catch (error) {
+            // Check if auth redirect was triggered (SDK calls redirectToAuthorization)
+            if (error?.message?.includes('Unauthorized') || error?.code === 401) {
+                display.log(`OAuth MCP '${serverName}': authorization required, waiting for user`, {
+                    level: 'info',
+                    source: 'OAuth',
+                });
+                this.pending.set(serverName, { transport, provider, serverUrl });
+                return { tools: [], authPending: true };
+            }
+            // The SDK may throw after calling redirectToAuthorization for auth_code flow.
+            // Check if we have a pending state for this server (set during redirectToAuthorization).
+            const hasPkce = this.store.getLatestPkceVerifier(serverName);
+            if (hasPkce) {
+                display.log(`OAuth MCP '${serverName}': authorization redirect sent, waiting for callback`, {
+                    level: 'info',
+                    source: 'OAuth',
+                });
+                this.pending.set(serverName, { transport, provider, serverUrl });
+                return { tools: [], authPending: true };
+            }
+            throw error;
+        }
+    }
+    // ── Callback ──────────────────────────────────────────
+    /**
+     * Handle OAuth callback after user authorizes.
+     * Called by GET /api/oauth/callback?code=...&state=...
+     */
+    async finishAuth(code, state) {
+        // Resolve which server this callback is for
+        let serverName;
+        if (state) {
+            serverName = this.store.resolveServerByState(state);
+        }
+        if (!serverName) {
+            // Fallback: use the only pending server if there's just one
+            const pendingNames = [...this.pending.keys()];
+            if (pendingNames.length === 1) {
+                serverName = pendingNames[0];
+            }
+        }
+        if (!serverName) {
+            throw new Error('Could not resolve OAuth callback: unknown state parameter');
+        }
+        const entry = this.pending.get(serverName);
+        if (!entry) {
+            throw new Error(`No pending OAuth flow for server '${serverName}'`);
+        }
+        // Complete the auth flow — SDK exchanges code for token
+        await entry.transport.finishAuth(code);
+        this.pending.delete(serverName);
+        // Clean up PKCE
+        if (state)
+            this.store.deletePkce(serverName, state);
+        // Now reconnect to get tools
+        const client = new Client({ name: `morpheus-${serverName}`, version: '1.0.0' });
+        const transport = new StreamableHTTPClientTransport(new URL(entry.serverUrl), {
+            authProvider: entry.provider,
+        });
+        await client.connect(transport);
+        const { tools: toolDefs } = await client.listTools();
+        display.log(`OAuth MCP '${serverName}': authorized! ${toolDefs.length} tools available`, {
+            level: 'info',
+            source: 'OAuth',
+        });
+        return { serverName, toolCount: toolDefs.length };
+    }
+    // ── Status ────────────────────────────────────────────
+    getStatus() {
+        const statuses = [];
+        for (const name of this.store.listServers()) {
+            const tokens = this.store.getTokens(name);
+            if (!tokens) {
+                statuses.push({ name, status: this.pending.has(name) ? 'pending_auth' : 'no_token' });
+                continue;
+            }
+            // OAuthTokens may have expires_in but not expires_at — check if present
+            const expiresAt = tokens.expires_at;
+            if (expiresAt && Date.now() > expiresAt) {
+                statuses.push({ name, status: 'expired', expiresAt });
+            }
+            else {
+                statuses.push({ name, status: 'authorized', expiresAt });
+            }
+        }
+        // Add pending servers that aren't in the store yet
+        for (const name of this.pending.keys()) {
+            if (!statuses.find(s => s.name === name)) {
+                statuses.push({ name, status: 'pending_auth' });
+            }
+        }
+        return statuses;
+    }
+    isPending(serverName) {
+        return this.pending.has(serverName);
+    }
+    // ── Revoke ────────────────────────────────────────────
+    revokeToken(serverName) {
+        this.store.deleteTokens(serverName);
+        this.pending.delete(serverName);
+        display.log(`OAuth tokens revoked for MCP '${serverName}'`, {
+            level: 'info',
+            source: 'OAuth',
+        });
+    }
+    // ── Internal: convert MCP tool def to LangChain StructuredTool ──
+    mcpToolToStructuredTool(serverName, toolDef, mcpClient) {
+        const prefixedName = `${serverName}_${toolDef.name}`;
+        const originalToolName = toolDef.name;
+        // Pass raw JSON Schema directly (same approach as @langchain/mcp-adapters).
+        // Avoids Zod v4 $required serialization issues with LangChain's zodToJsonSchema.
+        const rawSchema = toolDef.inputSchema ?? { type: 'object', properties: {} };
+        if (!rawSchema.properties)
+            rawSchema.properties = {};
+        return new DynamicStructuredTool({
+            name: prefixedName,
+            description: toolDef.description || `MCP tool ${toolDef.name} from ${serverName}`,
+            schema: rawSchema,
+            func: async (input) => {
+                try {
+                    const result = await mcpClient.callTool({
+                        name: originalToolName,
+                        arguments: input,
+                    });
+                    if (Array.isArray(result.content)) {
+                        return result.content
+                            .map((c) => c.text ?? JSON.stringify(c))
+                            .join('\n');
+                    }
+                    return typeof result.content === 'string'
+                        ? result.content
+                        : JSON.stringify(result.content);
+                }
+                catch (error) {
+                    return `Error calling MCP tool ${originalToolName}: ${error.message}`;
+                }
+            },
+        });
+    }
+}

package/dist/runtime/oauth/provider.js

@@ -0,0 +1,90 @@
+import crypto from 'crypto';
+/**
+ * Morpheus implementation of OAuthClientProvider from the MCP SDK.
+ * Delegates persistence to OAuthStore and user notification to a callback.
+ */
+export class MorpheusOAuthProvider {
+    serverName;
+    store;
+    notifyUser;
+    _redirectUri;
+    _scope;
+    _clientId;
+    _clientSecret;
+    _grantType;
+    _lastState;
+    constructor(serverName, store, notifyUser, _redirectUri, _scope, _clientId, _clientSecret, _grantType) {
+        this.serverName = serverName;
+        this.store = store;
+        this.notifyUser = notifyUser;
+        this._redirectUri = _redirectUri;
+        this._scope = _scope;
+        this._clientId = _clientId;
+        this._clientSecret = _clientSecret;
+        this._grantType = _grantType;
+    }
+    get redirectUrl() {
+        if (this._grantType === 'client_credentials')
+            return undefined;
+        return this._redirectUri;
+    }
+    get clientMetadata() {
+        const meta = {
+            redirect_uris: [new URL(this._redirectUri)],
+            client_name: `Morpheus - ${this.serverName}`,
+            grant_types: this._grantType === 'client_credentials'
+                ? ['client_credentials']
+                : ['authorization_code', 'refresh_token'],
+            response_types: this._grantType === 'client_credentials' ? [] : ['code'],
+        };
+        if (this._scope)
+            meta.scope = this._scope;
+        return meta;
+    }
+    async state() {
+        this._lastState = crypto.randomUUID();
+        return this._lastState;
+    }
+    async clientInformation() {
+        // If user provided client_id, return it as pre-registered info
+        if (this._clientId) {
+            return {
+                client_id: this._clientId,
+                client_secret: this._clientSecret,
+            };
+        }
+        // Otherwise check store for dynamically registered client info
+        return this.store.getClientInfo(this.serverName);
+    }
+    async saveClientInformation(info) {
+        // OAuthClientInformationFull has client_id_issued_at
+        this.store.saveClientInfo(this.serverName, info);
+    }
+    async tokens() {
+        return this.store.getTokens(this.serverName);
+    }
+    async saveTokens(tokens) {
+        this.store.saveTokens(this.serverName, tokens);
+    }
+    async redirectToAuthorization(authorizationUrl) {
+        await this.notifyUser(authorizationUrl);
+    }
+    async saveCodeVerifier(codeVerifier) {
+        const state = this._lastState ?? '__default';
+        this.store.savePkceVerifier(this.serverName, state, codeVerifier);
+    }
+    async codeVerifier() {
+        const verifier = this.store.getLatestPkceVerifier(this.serverName);
+        if (!verifier)
+            throw new Error(`No PKCE code verifier found for ${this.serverName}`);
+        return verifier;
+    }
+    async invalidateCredentials(scope) {
+        if (scope === 'all' || scope === 'tokens') {
+            this.store.deleteTokens(this.serverName);
+        }
+        if (scope === 'all') {
+            this.store.deleteServer(this.serverName);
+        }
+    }
+}

package/dist/runtime/oauth/store.js

@@ -0,0 +1,118 @@
+import fs from 'fs';
+import path from 'path';
+import { PATHS } from '../../config/paths.js';
+/**
+ * Persists OAuth tokens, client info, and PKCE state in ~/.morpheus/oauth-tokens.json.
+ * Atomic writes (temp → rename). Lazy reads.
+ */
+export class OAuthStore {
+    static instance = null;
+    data = null;
+    filePath;
+    constructor() {
+        this.filePath = PATHS.oauthTokens;
+    }
+    static getInstance() {
+        if (!OAuthStore.instance) {
+            OAuthStore.instance = new OAuthStore();
+        }
+        return OAuthStore.instance;
+    }
+    static resetInstance() {
+        OAuthStore.instance = null;
+    }
+    // ── Read ──────────────────────────────────────────────
+    read() {
+        if (this.data)
+            return this.data;
+        try {
+            const raw = fs.readFileSync(this.filePath, 'utf-8');
+            this.data = JSON.parse(raw);
+        }
+        catch {
+            this.data = {};
+        }
+        return this.data;
+    }
+    getRecord(serverName) {
+        const data = this.read();
+        if (!data[serverName])
+            data[serverName] = {};
+        return data[serverName];
+    }
+    // ── Write ─────────────────────────────────────────────
+    persist() {
+        const dir = path.dirname(this.filePath);
+        if (!fs.existsSync(dir))
+            fs.mkdirSync(dir, { recursive: true });
+        const tmp = this.filePath + '.tmp';
+        fs.writeFileSync(tmp, JSON.stringify(this.data ?? {}, null, 2), 'utf-8');
+        fs.renameSync(tmp, this.filePath);
+    }
+    // ── Tokens ────────────────────────────────────────────
+    getTokens(serverName) {
+        return this.getRecord(serverName).tokens;
+    }
+    saveTokens(serverName, tokens) {
+        this.getRecord(serverName).tokens = tokens;
+        this.persist();
+    }
+    deleteTokens(serverName) {
+        const record = this.getRecord(serverName);
+        delete record.tokens;
+        this.persist();
+    }
+    // ── Client Info (dynamic registration) ────────────────
+    getClientInfo(serverName) {
+        return this.getRecord(serverName).clientInfo;
+    }
+    saveClientInfo(serverName, info) {
+        this.getRecord(serverName).clientInfo = info;
+        this.persist();
+    }
+    // ── PKCE ──────────────────────────────────────────────
+    savePkceVerifier(serverName, state, verifier) {
+        const record = this.getRecord(serverName);
+        if (!record.pkce)
+            record.pkce = {};
+        record.pkce[state] = verifier;
+        this.persist();
+    }
+    getPkceVerifier(serverName, state) {
+        return this.getRecord(serverName).pkce?.[state];
+    }
+    getLatestPkceVerifier(serverName) {
+        const pkce = this.getRecord(serverName).pkce;
+        if (!pkce)
+            return undefined;
+        const entries = Object.values(pkce);
+        return entries[entries.length - 1];
+    }
+    deletePkce(serverName, state) {
+        const pkce = this.getRecord(serverName).pkce;
+        if (pkce) {
+            delete pkce[state];
+            this.persist();
+        }
+    }
+    // ── Queries ───────────────────────────────────────────
+    /** List all server names with stored OAuth data */
+    listServers() {
+        return Object.keys(this.read());
+    }
+    /** Remove all data for a server */
+    deleteServer(serverName) {
+        const data = this.read();
+        delete data[serverName];
+        this.persist();
+    }
+    /** Map state → serverName for callback resolution */
+    resolveServerByState(state) {
+        const data = this.read();
+        for (const [name, record] of Object.entries(data)) {
+            if (record.pkce?.[state])
+                return name;
+        }
+        return undefined;
+    }
+}

package/dist/runtime/oauth/types.js

@@ -0,0 +1 @@
+export {};

package/dist/runtime/providers/factory.js

@@ -5,8 +5,99 @@ import { ConfigManager } from "../../config/manager.js";
 import { TaskRequestContext } from "../tasks/context.js";
 import { ChannelRegistry } from "../../channels/registry.js";
 import { getStrategy, registerStrategy } from "./strategies.js";
+import { isInteropZodSchema } from "@langchain/core/utils/types";
+import { toJsonSchema } from "@langchain/core/utils/json_schema";
 /** Channels that should NOT receive verbose tool notifications */
 const SILENT_CHANNELS = new Set(['api', 'ui']);
+/** The ONLY JSON Schema keywords the Gemini API accepts.
+ *  Anything not in this set is stripped after $ref dereferencing. */
+const GEMINI_ALLOWED_SCHEMA_FIELDS = new Set([
+    'type', 'description', 'properties', 'required',
+    'enum', 'items', 'format', 'nullable',
+    'anyOf', 'oneOf', 'allOf',
+    'minimum', 'maximum',
+]);
+/**
+ * Collect all entries from $defs and definitions into a flat lookup map.
+ */
+function collectDefs(obj, defs = {}) {
+    if (obj === null || typeof obj !== 'object' || Array.isArray(obj))
+        return defs;
+    const record = obj;
+    for (const key of ['$defs', 'definitions']) {
+        if (record[key] && typeof record[key] === 'object' && !Array.isArray(record[key])) {
+            Object.assign(defs, record[key]);
+        }
+    }
+    for (const v of Object.values(record))
+        collectDefs(v, defs);
+    return defs;
+}
+/**
+ * Resolve a $ref string like "#/$defs/Foo" or "#/definitions/Foo" to its def name.
+ */
+function resolveRef(ref) {
+    const m = ref.match(/^#\/(?:\$defs|definitions)\/(.+)$/);
+    return m ? m[1] : null;
+}
+/**
+ * Recursively strip unsupported keywords and inline $ref references.
+ */
+function sanitizeSchemaForGemini(obj, defs, depth = 0) {
+    if (depth > 20)
+        return {}; // guard against circular refs
+    if (obj === null || typeof obj !== 'object')
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map((v) => sanitizeSchemaForGemini(v, defs, depth));
+    const record = obj;
+    // Inline $ref — look up and recurse into the definition
+    if ('$ref' in record && typeof record['$ref'] === 'string') {
+        const defName = resolveRef(record['$ref']);
+        if (defName && defs[defName]) {
+            return sanitizeSchemaForGemini(defs[defName], defs, depth + 1);
+        }
+        return {}; // unresolvable ref — fall back to empty schema
+    }
+    const out = {};
+    for (const [k, v] of Object.entries(record)) {
+        if (!GEMINI_ALLOWED_SCHEMA_FIELDS.has(k))
+            continue;
+        out[k] = sanitizeSchemaForGemini(v, defs, depth);
+    }
+    // Ensure every entry in `required` has a matching key in `properties`
+    if (Array.isArray(out['required']) && out['properties'] && typeof out['properties'] === 'object') {
+        const props = out['properties'];
+        out['required'] = out['required'].filter((r) => r in props);
+        if (out['required'].length === 0)
+            delete out['required'];
+    }
+    return out;
+}
+function sanitizeToolSchemasForGemini(tools) {
+    for (const tool of tools) {
+        const schema = tool.schema;
+        if (!schema || typeof schema !== 'object')
+            continue;
+        // If the schema is a Zod instance, convert to plain JSON Schema first.
+        // Otherwise LangChain recognises it as Zod and re-generates $defs.
+        let jsonSchema;
+        if (isInteropZodSchema(schema)) {
+            try {
+                jsonSchema = toJsonSchema(schema);
+            }
+            catch {
+                jsonSchema = schema;
+            }
+        }
+        else {
+            jsonSchema = schema;
+        }
+        const defs = collectDefs(jsonSchema);
+        tool.schema = sanitizeSchemaForGemini(jsonSchema, defs);
+    }
+    return tools;
+}
 export { registerStrategy };
 export class ProviderFactory {
     static buildMonitoringMiddleware() {
@@ -84,7 +175,8 @@ export class ProviderFactory {
         try {
             const model = ProviderFactory.buildModel(config);
             const middleware = ProviderFactory.buildMonitoringMiddleware();
-            return createAgent({ model, tools, middleware: [middleware] });
+            const safeTools = config.provider === 'gemini' ? sanitizeToolSchemasForGemini(tools) : tools;
+            return createAgent({ model, tools: safeTools, middleware: [middleware] });
         }
         catch (error) {
             ProviderFactory.handleProviderError(config, error);

package/dist/runtime/tools/cache.js

@@ -1,35 +1,8 @@
 import { MultiServerMCPClient } from "@langchain/mcp-adapters";
 import { loadMCPConfig } from "../../config/mcp-loader.js";
 import { DisplayManager } from "../display.js";
+import { OAuthManager } from "../oauth/manager.js";
 const display = DisplayManager.getInstance();
-/** Fields not supported by Google Gemini API */
-const UNSUPPORTED_SCHEMA_FIELDS = ['examples', 'additionalInfo', 'default', '$schema'];
-/**
- * Recursively removes unsupported fields from JSON schema objects.
- */
-function sanitizeSchema(obj) {
-    if (obj === null || typeof obj !== 'object')
-        return obj;
-    if (Array.isArray(obj))
-        return obj.map(sanitizeSchema);
-    const sanitized = {};
-    for (const [key, value] of Object.entries(obj)) {
-        if (!UNSUPPORTED_SCHEMA_FIELDS.includes(key)) {
-            sanitized[key] = sanitizeSchema(value);
-        }
-    }
-    return sanitized;
-}
-/**
- * Wraps a tool to sanitize its schema for Gemini compatibility.
- */
-function wrapToolWithSanitizedSchema(tool) {
-    const originalSchema = tool.schema;
-    if (originalSchema && typeof originalSchema === 'object') {
-        tool.schema = sanitizeSchema(originalSchema);
-    }
-    return tool;
-}
 /** Timeout (ms) for connecting to each MCP server */
 const MCP_CONNECT_TIMEOUT_MS = 60_000;
 function connectTimeout(serverName, ms) {
@@ -118,31 +91,31 @@ export class MCPToolCache {
                     source: 'MCPToolCache',
                     meta: { server: serverName, transport: serverConfig.transport }
                 });
-                const client = new MultiServerMCPClient({
-                    mcpServers: { [serverName]: serverConfig },
-                    onConnectionError: "ignore",
-                });
-                const tools = await Promise.race([
-                    client.getTools(),
-                    connectTimeout(serverName, MCP_CONNECT_TIMEOUT_MS),
-                ]);
-                // Rename tools with server prefix to avoid collisions
-                tools.forEach(tool => {
-                    const newName = `${serverName}_${tool.name}`;
-                    Object.defineProperty(tool, "name", { value: newName });
-                });
-                // Sanitize schemas for Gemini compatibility
-                const sanitizedTools = tools.map(wrapToolWithSanitizedSchema);
-                newTools.push(...sanitizedTools);
+                let serverTools;
+                if (serverConfig.transport === 'http') {
+                    // HTTP MCPs: use MCP SDK directly (supports OAuth auto-discovery)
+                    serverTools = await Promise.race([
+                        this.loadHttpMcpServer(serverName, serverConfig),
+                        connectTimeout(serverName, MCP_CONNECT_TIMEOUT_MS),
+                    ]);
+                }
+                else {
+                    // stdio MCPs: use MultiServerMCPClient as before
+                    serverTools = await Promise.race([
+                        this.loadStdioMcpServer(serverName, serverConfig),
+                        connectTimeout(serverName, MCP_CONNECT_TIMEOUT_MS),
+                    ]);
+                }
+                newTools.push(...serverTools);
                 newServerInfos.push({
                     name: serverName,
-                    toolCount: sanitizedTools.length,
-                    tools: sanitizedTools,
+                    toolCount: serverTools.length,
+                    tools: serverTools,
                     ok: true,
                     loadedAt: new Date(),
                 });
                 const elapsed = Date.now() - serverStart;
-                display.log(`Loaded ${sanitizedTools.length} tools from '${serverName}' in ${elapsed}ms`, {
+                display.log(`Loaded ${serverTools.length} tools from '${serverName}' in ${elapsed}ms`, {
                     level: 'info',
                     source: 'MCPToolCache'
                 });
@@ -174,6 +147,52 @@ export class MCPToolCache {
             source: 'MCPToolCache'
         });
     }
+    /**
+     * Load tools from an HTTP MCP server using MCP SDK directly.
+     * Supports OAuth auto-discovery — if the server returns 401,
+     * the SDK triggers authorization and the user gets a link.
+     */
+    async loadHttpMcpServer(serverName, serverConfig) {
+        let oauthManager;
+        try {
+            oauthManager = OAuthManager.getInstance();
+        }
+        catch {
+            // OAuthManager not initialized (no port yet) — fall back to basic HTTP
+            return this.loadViaMultiServerClient(serverName, serverConfig);
+        }
+        const { tools, authPending } = await oauthManager.connectHttpMcp(serverName, serverConfig.url, serverConfig.oauth2, serverConfig.headers);
+        if (authPending) {
+            display.log(`MCP '${serverName}': OAuth authorization pending — tools will load after user authorizes`, {
+                level: 'info',
+                source: 'MCPToolCache',
+            });
+            return [];
+        }
+        return tools;
+    }
+    /**
+     * Load tools from a stdio MCP server using MultiServerMCPClient.
+     */
+    async loadStdioMcpServer(serverName, serverConfig) {
+        return this.loadViaMultiServerClient(serverName, serverConfig);
+    }
+    /**
+     * Shared fallback: load tools via @langchain/mcp-adapters MultiServerMCPClient.
+     */
+    async loadViaMultiServerClient(serverName, serverConfig) {
+        const client = new MultiServerMCPClient({
+            mcpServers: { [serverName]: serverConfig },
+            onConnectionError: "ignore",
+        });
+        const tools = await client.getTools();
+        // Rename tools with server prefix to avoid collisions
+        tools.forEach(tool => {
+            const newName = `${serverName}_${tool.name}`;
+            Object.defineProperty(tool, "name", { value: newName });
+        });
+        return tools;
+    }
     /**
      * Force reload tools from MCP servers.
      * Clears the cache and loads fresh tools.