letta-nightly 0.9.1.dev20250731104458__py3-none-any.whl → 0.10.0.dev20250801010504__py3-none-any.whl

letta/services/helpers/agent_manager_helper.py

@@ -1,4 +1,5 @@
 import os
+import uuid
 from datetime import datetime
 from typing import List, Literal, Optional, Set
 
@@ -216,7 +217,7 @@ def compile_memory_metadata_block(
     ]
 
     # Only include archival memory line if there are archival memories
-    if archival_memory_size > 0:
+    if archival_memory_size is not None and archival_memory_size > 0:
         metadata_lines.append(
             f"- {archival_memory_size} total memories you created are stored in archival memory (use tools to access them)"
         )
@@ -247,6 +248,7 @@ def safe_format(template: str, variables: dict) -> str:
     return escaped.format_map(PreserveMapping(variables))
 
 
+@trace_method
 def compile_system_message(
     system_prompt: str,
     in_context_memory: Memory,
@@ -326,6 +328,87 @@ def compile_system_message(
     return formatted_prompt
 
 
+@trace_method
+async def compile_system_message_async(
+    system_prompt: str,
+    in_context_memory: Memory,
+    in_context_memory_last_edit: datetime,  # TODO move this inside of BaseMemory?
+    timezone: str,
+    user_defined_variables: Optional[dict] = None,
+    append_icm_if_missing: bool = True,
+    template_format: Literal["f-string", "mustache", "jinja2"] = "f-string",
+    previous_message_count: int = 0,
+    archival_memory_size: int = 0,
+    tool_rules_solver: Optional[ToolRulesSolver] = None,
+    sources: Optional[List] = None,
+    max_files_open: Optional[int] = None,
+) -> str:
+    """Prepare the final/full system message that will be fed into the LLM API
+
+    The base system message may be templated, in which case we need to render the variables.
+
+    The following are reserved variables:
+      - CORE_MEMORY: the in-context memory of the LLM
+    """
+
+    # Add tool rule constraints if available
+    tool_constraint_block = None
+    if tool_rules_solver is not None:
+        tool_constraint_block = tool_rules_solver.compile_tool_rule_prompts()
+
+    if user_defined_variables is not None:
+        # TODO eventually support the user defining their own variables to inject
+        raise NotImplementedError
+    else:
+        variables = {}
+
+    # Add the protected memory variable
+    if IN_CONTEXT_MEMORY_KEYWORD in variables:
+        raise ValueError(f"Found protected variable '{IN_CONTEXT_MEMORY_KEYWORD}' in user-defined vars: {str(user_defined_variables)}")
+    else:
+        # TODO should this all put into the memory.__repr__ function?
+        memory_metadata_string = compile_memory_metadata_block(
+            memory_edit_timestamp=in_context_memory_last_edit,
+            previous_message_count=previous_message_count,
+            archival_memory_size=archival_memory_size,
+            timezone=timezone,
+        )
+
+        memory_with_sources = await in_context_memory.compile_async(
+            tool_usage_rules=tool_constraint_block, sources=sources, max_files_open=max_files_open
+        )
+        full_memory_string = memory_with_sources + "\n\n" + memory_metadata_string
+
+        # Add to the variables list to inject
+        variables[IN_CONTEXT_MEMORY_KEYWORD] = full_memory_string
+
+    if template_format == "f-string":
+        memory_variable_string = "{" + IN_CONTEXT_MEMORY_KEYWORD + "}"
+
+        # Catch the special case where the system prompt is unformatted
+        if append_icm_if_missing:
+            if memory_variable_string not in system_prompt:
+                # In this case, append it to the end to make sure memory is still injected
+                # warnings.warn(f"{IN_CONTEXT_MEMORY_KEYWORD} variable was missing from system prompt, appending instead")
+                system_prompt += "\n\n" + memory_variable_string
+
+        # render the variables using the built-in templater
+        try:
+            if user_defined_variables:
+                formatted_prompt = safe_format(system_prompt, variables)
+            else:
+                formatted_prompt = system_prompt.replace(memory_variable_string, full_memory_string)
+        except Exception as e:
+            raise ValueError(f"Failed to format system prompt - {str(e)}. System prompt value:\n{system_prompt}")
+
+    else:
+        # TODO support for mustache and jinja2
+        raise NotImplementedError(template_format)
+
+    return formatted_prompt
+
+
+@trace_method
 def initialize_message_sequence(
     agent_state: AgentState,
     memory_edit_timestamp: Optional[datetime] = None,
@@ -351,21 +434,110 @@ def initialize_message_sequence(
     first_user_message = get_login_event(agent_state.timezone)  # event letting Letta know the user just logged in
 
     if include_initial_boot_message:
+        llm_config = agent_state.llm_config
+        uuid_str = str(uuid.uuid4())
+
+        # Some LMStudio models (e.g. ministral) require the tool call ID to be 9 alphanumeric characters
+        tool_call_id = uuid_str[:9] if llm_config.provider_name == "lmstudio_openai" else uuid_str
+
         if agent_state.agent_type == AgentType.sleeptime_agent:
             initial_boot_messages = []
-        elif agent_state.llm_config.model is not None and "gpt-3.5" in agent_state.llm_config.model:
-            initial_boot_messages = get_initial_boot_messages("startup_with_send_message_gpt35", agent_state.timezone)
+        elif llm_config.model is not None and "gpt-3.5" in llm_config.model:
+            initial_boot_messages = get_initial_boot_messages("startup_with_send_message_gpt35", agent_state.timezone, tool_call_id)
         else:
-            initial_boot_messages = get_initial_boot_messages("startup_with_send_message", agent_state.timezone)
-        messages = (
-            [
-                {"role": "system", "content": full_system_message},
-            ]
-            + initial_boot_messages
-            + [
-                {"role": "user", "content": first_user_message},
-            ]
-        )
+            initial_boot_messages = get_initial_boot_messages("startup_with_send_message", agent_state.timezone, tool_call_id)
+
+        # Some LMStudio models (e.g. meta-llama-3.1) require the user message before any tool calls
+        if llm_config.provider_name == "lmstudio_openai":
+            messages = (
+                [
+                    {"role": "system", "content": full_system_message},
+                ]
+                + [
+                    {"role": "user", "content": first_user_message},
+                ]
+                + initial_boot_messages
+            )
+        else:
+            messages = (
+                [
+                    {"role": "system", "content": full_system_message},
+                ]
+                + initial_boot_messages
+                + [
+                    {"role": "user", "content": first_user_message},
+                ]
+            )
+
+    else:
+        messages = [
+            {"role": "system", "content": full_system_message},
+            {"role": "user", "content": first_user_message},
+        ]
+
+    return messages
+
+
+@trace_method
+async def initialize_message_sequence_async(
+    agent_state: AgentState,
+    memory_edit_timestamp: Optional[datetime] = None,
+    include_initial_boot_message: bool = True,
+    previous_message_count: int = 0,
+    archival_memory_size: int = 0,
+) -> List[dict]:
+    if memory_edit_timestamp is None:
+        memory_edit_timestamp = get_local_time()
+
+    full_system_message = await compile_system_message_async(
+        system_prompt=agent_state.system,
+        in_context_memory=agent_state.memory,
+        in_context_memory_last_edit=memory_edit_timestamp,
+        timezone=agent_state.timezone,
+        user_defined_variables=None,
+        append_icm_if_missing=True,
+        previous_message_count=previous_message_count,
+        archival_memory_size=archival_memory_size,
+        sources=agent_state.sources,
+        max_files_open=agent_state.max_files_open,
+    )
+    first_user_message = get_login_event(agent_state.timezone)  # event letting Letta know the user just logged in
+
+    if include_initial_boot_message:
+        llm_config = agent_state.llm_config
+        uuid_str = str(uuid.uuid4())
+
+        # Some LMStudio models (e.g. ministral) require the tool call ID to be 9 alphanumeric characters
+        tool_call_id = uuid_str[:9] if llm_config.provider_name == "lmstudio_openai" else uuid_str
+
+        if agent_state.agent_type == AgentType.sleeptime_agent:
+            initial_boot_messages = []
+        elif llm_config.model is not None and "gpt-3.5" in llm_config.model:
+            initial_boot_messages = get_initial_boot_messages("startup_with_send_message_gpt35", agent_state.timezone, tool_call_id)
+        else:
+            initial_boot_messages = get_initial_boot_messages("startup_with_send_message", agent_state.timezone, tool_call_id)
+
+        # Some LMStudio models (e.g. meta-llama-3.1) require the user message before any tool calls
+        if llm_config.provider_name == "lmstudio_openai":
+            messages = (
+                [
+                    {"role": "system", "content": full_system_message},
+                ]
+                + [
+                    {"role": "user", "content": first_user_message},
+                ]
+                + initial_boot_messages
+            )
+        else:
+            messages = (
+                [
+                    {"role": "system", "content": full_system_message},
+                ]
+                + initial_boot_messages
+                + [
+                    {"role": "user", "content": first_user_message},
+                ]
+            )
 
     else:
         messages = [

letta/services/job_manager.py

@@ -831,8 +831,8 @@ class JobManager:
             logger.error(error_message)
             result["callback_error"] = error_message
             # Continue silently - callback failures should not affect job completion
-
-        return result
+        finally:
+            return result
 
     @trace_method
     async def _dispatch_callback_async(self, callback_info: dict) -> dict:
@@ -860,5 +860,5 @@ class JobManager:
             logger.error(error_message)
             result["callback_error"] = error_message
             # Continue silently - callback failures should not affect job completion
-
-        return result
+        finally:
+            return result

letta/services/mcp/oauth_utils.py

@@ -132,23 +132,18 @@ class MCPOAuthSession:
             except Exception:
                 pass
 
-    async def store_authorization_code(self, code: str, state: str) -> bool:
+    async def store_authorization_code(self, code: str, state: str) -> Optional[MCPOAuth]:
         """Store the authorization code from OAuth callback."""
         async with db_registry.async_session() as session:
             try:
                 oauth_record = await MCPOAuth.read_async(db_session=session, identifier=self.session_id, actor=None)
-
-                # if oauth_record.state != state:
-                #     return False
-
                 oauth_record.authorization_code = code
                 oauth_record.state = state
                 oauth_record.status = OAuthSessionStatus.AUTHORIZED
                 oauth_record.updated_at = datetime.now()
-                await oauth_record.update_async(db_session=session, actor=None)
-                return True
+                return await oauth_record.update_async(db_session=session, actor=None)
             except Exception:
-                return False
+                return None
 
     async def get_authorization_url(self) -> Optional[str]:
         """Get the authorization URL for this session."""
@@ -177,16 +172,18 @@ async def create_oauth_provider(
     redirect_uri: str,
     mcp_manager: MCPManager,
     actor: PydanticUser,
+    logo_uri: Optional[str] = None,
     url_callback: Optional[Callable[[str], None]] = None,
 ) -> OAuthClientProvider:
     """Create an OAuth provider for MCP server authentication."""
 
     client_metadata_dict = {
-        "client_name": "Letta MCP Client",
+        "client_name": "Letta",
         "redirect_uris": [redirect_uri],
         "grant_types": ["authorization_code", "refresh_token"],
         "response_types": ["code"],
         "token_endpoint_auth_method": "client_secret_post",
+        "logo_uri": logo_uri,
     }
 
     # Use manager-based storage
@@ -290,144 +287,3 @@ def drill_down_exception(exception, depth=0, max_depth=5):
 
     error_info = "".join(error_details)
     return error_info
-
-
-def get_oauth_success_html() -> str:
-    """Generate HTML for successful OAuth authorization."""
-    return """
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Authorization Successful - Letta</title>
-    <style>
-        * {
-            margin: 0;
-            padding: 0;
-            box-sizing: border-box;
-        }
-
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            min-height: 100vh;
-            margin: 0;
-            background-color: #f5f5f5;
-            background-image: url("data:image/svg+xml,%3Csvg width='1440' height='860' viewBox='0 0 1440 860' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0_14823_146864)'%3E%3Cpath d='M720.001 1003.14C1080.62 1003.14 1372.96 824.028 1372.96 603.083C1372.96 382.138 1080.62 203.026 720.001 203.026C359.384 203.026 67.046 382.138 67.046 603.083C67.046 824.028 359.384 1003.14 720.001 1003.14Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 978.04C910.334 978.04 1064.63 883.505 1064.63 766.891C1064.63 650.276 910.334 555.741 719.999 555.741C529.665 555.741 375.368 650.276 375.368 766.891C375.368 883.505 529.665 978.04 719.999 978.04Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M720 1020.95C1262.17 1020.95 1701.68 756.371 1701.68 430C1701.68 103.629 1262.17 -160.946 720 -160.946C177.834 -160.946 -261.678 103.629 -261.678 430C-261.678 756.371 177.834 1020.95 720 1020.95Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 323.658C910.334 323.658 1064.63 223.814 1064.63 100.649C1064.63 -22.5157 910.334 -122.36 719.999 -122.36C529.665 -122.36 375.368 -22.5157 375.368 100.649C375.368 223.814 529.665 323.658 719.999 323.658Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M720.001 706.676C1080.62 706.676 1372.96 517.507 1372.96 284.155C1372.96 50.8029 1080.62 -138.366 720.001 -138.366C359.384 -138.366 67.046 50.8029 67.046 284.155C67.046 517.507 359.384 706.676 720.001 706.676Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 874.604C1180.69 874.604 1554.15 645.789 1554.15 363.531C1554.15 81.2725 1180.69 -147.543 719.999 -147.543C259.311 -147.543 -114.15 81.2725 -114.15 363.531C-114.15 645.789 259.311 874.604 719.999 874.604Z' stroke='%23E1E2E3' stroke-width='1.5' stroke-miterlimit='10'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0_14823_146864'%3E%3Crect width='1440' height='860' fill='white'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E");
-            background-size: cover;
-            background-position: center;
-            background-repeat: no-repeat;
-        }
-
-        .card {
-            text-align: center;
-            padding: 48px;
-            background: white;
-            border-radius: 8px;
-            border: 1px solid #E1E2E3;
-            max-width: 400px;
-            width: 90%;
-            position: relative;
-            z-index: 1;
-        }
-
-        .logo {
-            width: 48px;
-            height: 48px;
-            margin: 0 auto 24px;
-            display: block;
-        }
-
-        .logo svg {
-            width: 100%;
-            height: 100%;
-        }
-
-        h1 {
-            font-size: 20px;
-            font-weight: 600;
-            color: #101010;
-            margin-bottom: 12px;
-            line-height: 1.2;
-        }
-
-        .subtitle {
-            color: #666;
-            font-size: 12px;
-            margin-top: 10px;
-            margin-bottom: 24px;
-            line-height: 1.5;
-        }
-
-        .close-info {
-            font-size: 12px;
-            color: #999;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            gap: 8px;
-        }
-
-        .spinner {
-            width: 16px;
-            height: 16px;
-            border: 2px solid #E1E2E3;
-            border-top: 2px solid #333;
-            border-radius: 50%;
-            animation: spin 1s linear infinite;
-        }
-
-        @keyframes spin {
-            0% { transform: rotate(0deg); }
-            100% { transform: rotate(360deg); }
-        }
-
-        /* Dark mode styles */
-        @media (prefers-color-scheme: dark) {
-            body {
-                background-color: #101010;
-                background-image: url("data:image/svg+xml,%3Csvg width='1440' height='860' viewBox='0 0 1440 860' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0_14833_149362)'%3E%3Cpath d='M720.001 1003.14C1080.62 1003.14 1372.96 824.028 1372.96 603.083C1372.96 382.138 1080.62 203.026 720.001 203.026C359.384 203.026 67.046 382.138 67.046 603.083C67.046 824.028 359.384 1003.14 720.001 1003.14Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 978.04C910.334 978.04 1064.63 883.505 1064.63 766.891C1064.63 650.276 910.334 555.741 719.999 555.741C529.665 555.741 375.368 650.276 375.368 766.891C375.368 883.505 529.665 978.04 719.999 978.04Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M720 1020.95C1262.17 1020.95 1701.68 756.371 1701.68 430C1701.68 103.629 1262.17 -160.946 720 -160.946C177.834 -160.946 -261.678 103.629 -261.678 430C-261.678 756.371 177.834 1020.95 720 1020.95Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 323.658C910.334 323.658 1064.63 223.814 1064.63 100.649C1064.63 -22.5157 910.334 -122.36 719.999 -122.36C529.665 -122.36 375.368 -22.5157 375.368 100.649C375.368 223.814 529.665 323.658 719.999 323.658Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M720.001 706.676C1080.62 706.676 1372.96 517.507 1372.96 284.155C1372.96 50.8029 1080.62 -138.366 720.001 -138.366C359.384 -138.366 67.046 50.8029 67.046 284.155C67.046 517.507 359.384 706.676 720.001 706.676Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3Cpath d='M719.999 874.604C1180.69 874.604 1554.15 645.789 1554.15 363.531C1554.15 81.2725 1180.69 -147.543 719.999 -147.543C259.311 -147.543 -114.15 81.2725 -114.15 363.531C-114.15 645.789 259.311 874.604 719.999 874.604Z' stroke='%2346484A' stroke-width='1.5' stroke-miterlimit='10'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0_14833_149362'%3E%3Crect width='1440' height='860' fill='white'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E");
-            }
-
-            .card {
-                background-color: #141414;
-                border-color: #202020;
-            }
-
-            h1 {
-                color: #E1E2E3;
-            }
-
-            .subtitle {
-                color: #999;
-            }
-
-            .logo svg path {
-                fill: #E1E2E3;
-            }
-
-            .spinner {
-                border-color: #46484A;
-                border-top-color: #E1E2E3;
-            }
-        }
-    </style>
-</head>
-<body>
-    <div class="card">
-        <div class="logo">
-            <svg width="48" height="48" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-                <path d="M10.7134 7.30028H7.28759V10.7002H10.7134V7.30028Z" fill="#333"/>
-                <path d="M14.1391 2.81618V0.5H3.86131V2.81618C3.86131 3.41495 3.37266 3.89991 2.76935 3.89991H0.435547V14.1001H2.76935C3.37266 14.1001 3.86131 14.5851 3.86131 15.1838V17.5H14.1391V15.1838C14.1391 14.5851 14.6277 14.1001 15.231 14.1001H17.5648V3.89991H15.231C14.6277 3.89991 14.1391 3.41495 14.1391 2.81618ZM14.1391 13.0159C14.1391 13.6147 13.6504 14.0996 13.0471 14.0996H4.95375C4.35043 14.0996 3.86179 13.6147 3.86179 13.0159V4.98363C3.86179 4.38486 4.35043 3.89991 4.95375 3.89991H13.0471C13.6504 3.89991 14.1391 4.38486 14.1391 4.98363V13.0159Z" fill="#333"/>
-            </svg>
-        </div>
-        <h3>Authorization Successful</h3>
-        <p class="subtitle">You have successfully connected your MCP server.</p>
-        <div class="close-info">
-            <span>You can now close this window.</span>
-        </div>
-    </div>
-</body>
-</html>
-"""

letta/services/mcp_manager.py

@@ -7,6 +7,7 @@ from typing import Any, Dict, List, Optional, Tuple, Union
 
 from fastapi import HTTPException
 from sqlalchemy import null
+from starlette.requests import Request
 
 import letta.constants as constants
 from letta.functions.mcp_client.types import MCPServerType, MCPTool, SSEServerConfig, StdioServerConfig, StreamableHTTPServerConfig
@@ -66,7 +67,12 @@ class MCPManager:
 
     @enforce_types
     async def execute_mcp_server_tool(
-        self, mcp_server_name: str, tool_name: str, tool_args: Optional[Dict[str, Any]], actor: PydanticUser
+        self,
+        mcp_server_name: str,
+        tool_name: str,
+        tool_args: Optional[Dict[str, Any]],
+        environment_variables: Dict[str, str],
+        actor: PydanticUser,
     ) -> Tuple[str, bool]:
         """Call a specific tool from a specific MCP server."""
         from letta.settings import tool_settings
@@ -75,7 +81,7 @@ class MCPManager:
             # read from DB
             mcp_server_id = await self.get_mcp_server_id_by_name(mcp_server_name, actor=actor)
             mcp_config = await self.get_mcp_server_by_id_async(mcp_server_id, actor=actor)
-            server_config = mcp_config.to_config()
+            server_config = mcp_config.to_config(environment_variables)
         else:
             # read from config file
             mcp_config = self.read_mcp_config()
@@ -581,3 +587,115 @@ class MCPManager:
                 logger.info(f"Cleaned up {len(expired_sessions)} expired OAuth sessions")
 
             return len(expired_sessions)
+
+    @enforce_types
+    async def handle_oauth_flow(
+        self,
+        request: Union[SSEServerConfig, StdioServerConfig, StreamableHTTPServerConfig],
+        actor: PydanticUser,
+        http_request: Optional[Request] = None,
+    ):
+        """
+        Handle OAuth flow for MCP server connection and yield SSE events.
+
+        Args:
+            request: The server configuration
+            actor: The user making the request
+            http_request: The HTTP request object
+
+        Yields:
+            SSE events during OAuth flow
+
+        Returns:
+            Tuple of (temp_client, connect_task) after yielding events
+        """
+        import asyncio
+
+        from letta.services.mcp.oauth_utils import create_oauth_provider, oauth_stream_event
+        from letta.services.mcp.types import OauthStreamEvent
+
+        # OAuth required, yield state to client to prepare to handle authorization URL
+        yield oauth_stream_event(OauthStreamEvent.OAUTH_REQUIRED, message="OAuth authentication required")
+
+        # Create OAuth session to persist the state of the OAuth flow
+        session_create = MCPOAuthSessionCreate(
+            server_url=request.server_url,
+            server_name=request.server_name,
+            user_id=actor.id,
+            organization_id=actor.organization_id,
+        )
+        oauth_session = await self.create_oauth_session(session_create, actor)
+        session_id = oauth_session.id
+
+        # TODO: @jnjpng make this check more robust and remove direct os.getenv
+        # Check if request is from web frontend to determine redirect URI
+        is_web_request = (
+            http_request
+            and http_request.headers
+            and http_request.headers.get("user-agent", "") == "Next.js Middleware"
+            and http_request.headers.__contains__("x-organization-id")
+        )
+
+        logo_uri = None
+        NEXT_PUBLIC_CURRENT_HOST = os.getenv("NEXT_PUBLIC_CURRENT_HOST")
+        LETTA_AGENTS_ENDPOINT = os.getenv("LETTA_AGENTS_ENDPOINT")
+
+        if is_web_request and NEXT_PUBLIC_CURRENT_HOST:
+            redirect_uri = f"{NEXT_PUBLIC_CURRENT_HOST}/oauth/callback/{session_id}"
+            logo_uri = f"{NEXT_PUBLIC_CURRENT_HOST}/seo/favicon.svg"
+        elif LETTA_AGENTS_ENDPOINT:
+            # API and SDK usage should call core server directly
+            redirect_uri = f"{LETTA_AGENTS_ENDPOINT}/v1/tools/mcp/oauth/callback/{session_id}"
+        else:
+            logger.error(
+                f"No redirect URI found for request and base urls: {http_request.headers if http_request else 'No headers'} {NEXT_PUBLIC_CURRENT_HOST} {LETTA_AGENTS_ENDPOINT}"
+            )
+            raise HTTPException(status_code=400, detail="No redirect URI found")
+
+        # Create OAuth provider for the instance of the stream connection
+        oauth_provider = await create_oauth_provider(session_id, request.server_url, redirect_uri, self, actor, logo_uri=logo_uri)
+
+        # Get authorization URL by triggering OAuth flow
+        temp_client = None
+        connect_task = None
+        try:
+            temp_client = await self.get_mcp_client(request, actor, oauth_provider)
+
+            # Run connect_to_server in background to avoid blocking
+            # This will trigger the OAuth flow and the redirect_handler will save the authorization URL to database
+            connect_task = asyncio.create_task(temp_client.connect_to_server())
+
+            # Give the OAuth flow time to trigger and save the URL
+            await asyncio.sleep(1.0)
+
+            # Fetch the authorization URL from database and yield state to client to proceed with handling authorization URL
+            auth_session = await self.get_oauth_session_by_id(session_id, actor)
+            if auth_session and auth_session.authorization_url:
+                yield oauth_stream_event(OauthStreamEvent.AUTHORIZATION_URL, url=auth_session.authorization_url, session_id=session_id)
+
+            # Wait for user authorization (with timeout), client should render loading state until user completes the flow and /mcp/oauth/callback/{session_id} is hit
+            yield oauth_stream_event(OauthStreamEvent.WAITING_FOR_AUTH, message="Waiting for user authorization...")
+
+            # Callback handler will poll for authorization code and state and update the OAuth session
+            await connect_task
+
+            tools = await temp_client.list_tools(serialize=True)
+            yield oauth_stream_event(OauthStreamEvent.SUCCESS, tools=tools)
+
+        except Exception as e:
+            logger.error(f"Error triggering OAuth flow: {e}")
+            yield oauth_stream_event(OauthStreamEvent.ERROR, message=f"Failed to trigger OAuth: {str(e)}")
+            raise e
+        finally:
+            # Clean up resources
+            if connect_task and not connect_task.done():
+                connect_task.cancel()
+                try:
+                    await connect_task
+                except asyncio.CancelledError:
+                    pass
+            if temp_client:
+                try:
+                    await temp_client.cleanup()
+                except Exception as cleanup_error:
+                    logger.warning(f"Error during temp MCP client cleanup: {cleanup_error}")

letta/services/sandbox_config_manager.py

@@ -6,11 +6,12 @@ from letta.orm.errors import NoResultFound
 from letta.orm.sandbox_config import SandboxConfig as SandboxConfigModel
 from letta.orm.sandbox_config import SandboxEnvironmentVariable as SandboxEnvVarModel
 from letta.otel.tracing import trace_method
+from letta.schemas.enums import SandboxType
 from letta.schemas.environment_variables import SandboxEnvironmentVariable as PydanticEnvVar
 from letta.schemas.environment_variables import SandboxEnvironmentVariableCreate, SandboxEnvironmentVariableUpdate
 from letta.schemas.sandbox_config import LocalSandboxConfig
 from letta.schemas.sandbox_config import SandboxConfig as PydanticSandboxConfig
-from letta.schemas.sandbox_config import SandboxConfigCreate, SandboxConfigUpdate, SandboxType
+from letta.schemas.sandbox_config import SandboxConfigCreate, SandboxConfigUpdate
 from letta.schemas.user import User as PydanticUser
 from letta.server.db import db_registry
 from letta.utils import enforce_types, printd
@@ -493,10 +494,7 @@ class SandboxConfigManager:
         self, sandbox_config_id: str, actor: PydanticUser, after: Optional[str] = None, limit: Optional[int] = 50
     ) -> Dict[str, str]:
         env_vars = await self.list_sandbox_env_vars_async(sandbox_config_id, actor, after, limit)
-        result = {}
-        for env_var in env_vars:
-            result[env_var.key] = env_var.value
-        return result
+        return {env_var.key: env_var.value for env_var in env_vars}
 
     @enforce_types
     @trace_method

letta/services/tool_executor/builtin_tool_executor.py

@@ -105,13 +105,7 @@ class LettaBuiltinToolExecutor(ToolExecutor):
         return out
 
     @trace_method
-    async def web_search(
-        self,
-        agent_state: "AgentState",
-        tasks: List[SearchTask],
-        limit: int = 3,
-        return_raw: bool = False,
-    ) -> str:
+    async def web_search(self, agent_state: "AgentState", tasks: List[SearchTask], limit: int = 1, return_raw: bool = True) -> str:
         """
         Search the web with a list of query/question pairs and extract passages that answer the corresponding questions.
 
@@ -138,10 +132,10 @@ class LettaBuiltinToolExecutor(ToolExecutor):
                  Each result includes ranked snippets with their source URLs and relevance scores,
                  corresponding to each search task.
         """
-        # TODO: Temporary, maybe deprecate this field?
-        if return_raw:
-            logger.warning("WARNING! return_raw was set to True, we default to False always. Deprecate this field.")
-        return_raw = False
+        # # TODO: Temporary, maybe deprecate this field?
+        # if return_raw:
+        #     logger.warning("WARNING! return_raw was set to True, we default to False always. Deprecate this field.")
+        # return_raw = False
         try:
             from firecrawl import AsyncFirecrawlApp
         except ImportError:
@@ -175,13 +169,14 @@ class LettaBuiltinToolExecutor(ToolExecutor):
         # Initialize Firecrawl client
         app = AsyncFirecrawlApp(api_key=firecrawl_api_key)
 
-        # Process all search tasks in parallel
-        search_task_coroutines = [
-            self._process_single_search_task(app, task, limit, return_raw, api_key_source, agent_state) for task in search_tasks
-        ]
-
-        # Execute all searches concurrently
-        search_results = await asyncio.gather(*search_task_coroutines, return_exceptions=True)
+        # Process all search tasks serially
+        search_results = []
+        for task in search_tasks:
+            try:
+                result = await self._process_single_search_task(app, task, limit, return_raw, api_key_source, agent_state)
+                search_results.append(result)
+            except Exception as e:
+                search_results.append(e)
 
         # Build final response as a mapping of query -> result
         final_results = {}