ai-agent 0.88.0

Idiomatic agent sdk inspired by the claude code source leak
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279

// Source: ~/claudecode/openclaudecode/src/tools/McpAuthTool/McpAuthTool.ts
use crate::error::AgentError;
use crate::services::mcp::auth::{McpOAuthResult, McpOAuthStatus, perform_mcp_oauth_flow};
use crate::services::mcp::client::clear_mcp_auth_cache;
use crate::types::*;

pub const MCP_AUTH_TOOL_NAME: &str = "mcp_authenticate";

pub const DESCRIPTION: &str =
    "Authenticate an MCP server that requires OAuth. Returns an authorization URL for the user to complete the flow.";

/// McpAuthTool - pseudo-tool for MCP servers that need authentication.
///
/// In TypeScript, createMcpAuthTool creates a pseudo-tool for an MCP server
/// that is installed but not authenticated. When called, it starts the OAuth
/// flow and returns the authorization URL.
///
/// The Rust version dispatches through `perform_mcp_oauth_flow()` which uses
/// a globally-registered callback. SDK users call `register_mcp_oauth_callback()`
/// to wire this up.
pub struct McpAuthTool;

impl McpAuthTool {
    pub fn new() -> Self {
        Self
    }

    pub fn name(&self) -> &str {
        MCP_AUTH_TOOL_NAME
    }

    pub fn description(&self) -> &str {
        DESCRIPTION
    }

    pub fn user_facing_name(&self, input: Option<&serde_json::Value>) -> String {
        if let Some(server) = input.and_then(|i| i["server"].as_str()) {
            format!("{} - authenticate (MCP)", server)
        } else {
            "Authenticate MCP Server".to_string()
        }
    }

    pub fn get_tool_use_summary(&self, input: Option<&serde_json::Value>) -> Option<String> {
        input.and_then(|inp| inp["server"].as_str().map(String::from))
    }

    pub fn render_tool_result_message(
        &self,
        content: &serde_json::Value,
    ) -> Option<String> {
        content["content"].as_str().map(|s| s.to_string())
    }

    pub fn input_schema(&self) -> ToolInputSchema {
        ToolInputSchema {
            schema_type: "object".to_string(),
            properties: serde_json::json!({
                "server": {
                    "type": "string",
                    "description": "The MCP server name to authenticate"
                },
                "transport": {
                    "type": "string",
                    "description": "The transport type (sse, http, stdio, claudeai-proxy)"
                }
            }),
            required: Some(vec!["server".to_string()]),
        }
    }

    pub async fn execute(
        &self,
        input: serde_json::Value,
        _context: &ToolContext,
    ) -> Result<ToolResult, AgentError> {
        let server = input["server"]
            .as_str()
            .ok_or_else(|| AgentError::Tool("Missing server parameter".to_string()))?;

        // Handle claude.ai proxy connectors — not programmatically authable
        if input["transport"].as_str() == Some("claudeai-proxy") {
            return Ok(ToolResult {
                result_type: "text".to_string(),
                tool_use_id: "".to_string(),
                content: format!(
                    "This is a claude.ai MCP connector. Ask the user to run /mcp and select \"{}\" to authenticate.",
                    server
                ),
                is_error: None,
                was_persisted: None,
            });
        }

        // OAuth flow only supports SSE and HTTP transports
        let transport = input["transport"].as_str().unwrap_or("stdio");
        if !(transport == "sse" || transport == "http") {
            return Ok(ToolResult {
                result_type: "text".to_string(),
                tool_use_id: "".to_string(),
                content: format!(
                    "Server \"{}\" uses {} transport which does not support OAuth from this tool. \
                     Ask the user to run /mcp and authenticate manually.",
                    server, transport
                ),
                is_error: None,
                was_persisted: None,
            });
        }

        // Build config JSON for the callback
        let config = input.get("config").cloned().unwrap_or(serde_json::json!({
            "type": transport,
            "url": input["url"].as_str().map(String::from),
        }));

        // Start the OAuth flow — the callback reports the auth URL via on_auth_url
        let server_name = server.to_string();
        let auth_url_tx: std::sync::Arc<parking_lot::Mutex<Option<String>>> = std::sync::Arc::new(parking_lot::Mutex::new(None));
        let auth_url_clone = auth_url_tx.clone();

        let on_auth_url: Option<std::sync::Arc<dyn Fn(String) + Send + Sync>> = Some(
            std::sync::Arc::new(move |url: String| {
                let mut guard = auth_url_clone.lock();
                *guard = Some(url);
            }) as std::sync::Arc<dyn Fn(String) + Send + Sync>,
        );

        match perform_mcp_oauth_flow(server_name.clone(), config.clone(), on_auth_url).await {
            Ok(McpOAuthResult { status, message, auth_url }) => {
                // Clear the auth cache so the server reconnects with fresh tokens
                clear_mcp_auth_cache();

                let url = auth_url.or_else(|| auth_url_tx.lock().take());

                if status == McpOAuthStatus::Authenticated {
                    return Ok(ToolResult {
                        result_type: "text".to_string(),
                        tool_use_id: "".to_string(),
                        content: format!(
                            "Authentication completed silently for {}. The server's tools should now be available.",
                            server
                        ),
                        is_error: None,
                        was_persisted: None,
                    });
                }

                if let Some(auth_url) = url {
                    return Ok(ToolResult {
                        result_type: "text".to_string(),
                        tool_use_id: "".to_string(),
                        content: format!(
                            "Ask the user to open this URL in their browser to authorize the {} MCP server:\n\n{}\n\nOnce they complete the flow, the server's tools will become available automatically.",
                            server, auth_url
                        ),
                        is_error: None,
                        was_persisted: None,
                    });
                }

                Ok(ToolResult {
                    result_type: "text".to_string(),
                    tool_use_id: "".to_string(),
                    content: message,
                    is_error: Some(status == McpOAuthStatus::Error),
                    was_persisted: None,
                })
            }
            Err(e) => Ok(ToolResult {
                result_type: "text".to_string(),
                tool_use_id: "".to_string(),
                content: format!(
                    "Failed to start OAuth flow for {}: {}. Ask the user to run /mcp and authenticate manually.",
                    server, e
                ),
                is_error: Some(true),
                was_persisted: None,
            }),
        }
    }
}

impl Default for McpAuthTool {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_mcp_auth_tool_name() {
        let tool = McpAuthTool::new();
        assert_eq!(tool.name(), MCP_AUTH_TOOL_NAME);
    }

    #[test]
    fn test_mcp_auth_tool_description() {
        let tool = McpAuthTool::new();
        assert_eq!(tool.description(), DESCRIPTION);
    }

    #[test]
    fn test_mcp_auth_tool_user_facing_name_with_server() {
        let tool = McpAuthTool::new();
        let name = tool.user_facing_name(Some(&serde_json::json!({"server": "myServer"})));
        assert_eq!(name, "myServer - authenticate (MCP)");
    }

    #[test]
    fn test_mcp_auth_tool_user_facing_name_without_server() {
        let tool = McpAuthTool::new();
        let name = tool.user_facing_name(None);
        assert_eq!(name, "Authenticate MCP Server");
    }

    #[test]
    fn test_mcp_auth_tool_input_schema_has_server() {
        let tool = McpAuthTool::new();
        let schema = tool.input_schema();
        assert_eq!(schema.schema_type, "object");
        assert!(schema.properties["server"].is_object());
        assert!(schema.required.as_ref().unwrap().contains(&"server".to_string()));
    }

    #[tokio::test]
    async fn test_mcp_auth_tool_missing_server() {
        let tool = McpAuthTool::new();
        let result = tool.execute(serde_json::json!({}), &ToolContext::default()).await;
        assert!(result.is_err());
    }

    #[tokio::test]
    async fn test_mcp_auth_tool_returns_unsupported_message() {
        let tool = McpAuthTool::new();
        let result = tool
            .execute(
                serde_json::json!({"server": "testServer", "transport": "stdio"}),
                &ToolContext::default(),
            )
            .await;
        assert!(result.is_ok());
        let r = result.unwrap();
        assert!(r.content.contains("stdio"));
        assert!(r.content.contains("testServer"));
    }

    #[tokio::test]
    async fn test_mcp_auth_tool_claudeai_unsupported() {
        let tool = McpAuthTool::new();
        let result = tool
            .execute(
                serde_json::json!({"server": "testServer", "transport": "claudeai-proxy"}),
                &ToolContext::default(),
            )
            .await;
        assert!(result.is_ok());
        let r = result.unwrap();
        assert!(r.content.contains("claude.ai"));
    }

    #[tokio::test]
    async fn test_mcp_auth_tool_sse_no_callback() {
        let tool = McpAuthTool::new();
        let result = tool
            .execute(
                serde_json::json!({"server": "testServer", "transport": "sse"}),
                &ToolContext::default(),
            )
            .await;
        // Returns error because no OAuth callback is registered
        assert!(result.is_ok());
        let r = result.unwrap();
        assert!(r.content.contains("Failed to start OAuth"));
    }
}