2024-12-17 13:12:57 -05:00
|
|
|
import { z } from 'zod';
|
2025-06-19 07:01:50 -07:00
|
|
|
import { TokenExchangeMethodEnum } from './types/agents';
|
2025-06-23 12:39:27 -04:00
|
|
|
import { extractEnvVariable } from './utils';
|
2024-12-17 13:12:57 -05:00
|
|
|
|
|
|
|
|
const BaseOptionsSchema = z.object({
|
|
|
|
|
iconPath: z.string().optional(),
|
2025-03-06 11:02:43 -06:00
|
|
|
timeout: z.number().optional(),
|
2025-03-19 06:47:02 +01:00
|
|
|
initTimeout: z.number().optional(),
|
2025-05-08 12:12:36 -04:00
|
|
|
/** Controls visibility in chat dropdown menu (MCPSelect) */
|
|
|
|
|
chatMenu: z.boolean().optional(),
|
2025-06-10 22:20:41 -04:00
|
|
|
/**
|
2025-06-06 23:29:17 +02:00
|
|
|
* Controls server instruction behavior:
|
|
|
|
|
* - undefined/not set: No instructions included (default)
|
|
|
|
|
* - true: Use server-provided instructions
|
|
|
|
|
* - string: Use custom instructions (overrides server-provided)
|
|
|
|
|
*/
|
|
|
|
|
serverInstructions: z.union([z.boolean(), z.string()]).optional(),
|
🪐 feat: MCP OAuth 2.0 Discovery Support (#7924)
* chore: Update @modelcontextprotocol/sdk to version 1.12.3 in package.json and package-lock.json
- Bump version of @modelcontextprotocol/sdk to 1.12.3 to incorporate recent updates.
- Update dependencies for ajv and cross-spawn to their latest versions.
- Add ajv as a new dependency in the sdk module.
- Include json-schema-traverse as a new dependency in the sdk module.
* feat: @librechat/auth
* feat: Add crypto module exports to auth package
- Introduced a new crypto module by creating index.ts in the crypto directory.
- Updated the main index.ts of the auth package to export from the new crypto module.
* feat: Update package dependencies and build scripts for auth package
- Added @librechat/auth as a dependency in package.json and package-lock.json.
- Updated build scripts to include the auth package in both frontend and bun build processes.
- Removed unused mongoose and openid-client dependencies from package-lock.json for cleaner dependency management.
* refactor: Migrate crypto utility functions to @librechat/auth
- Replaced local crypto utility imports with the new @librechat/auth package across multiple files.
- Removed the obsolete crypto.js file and its exports.
- Updated relevant services and models to utilize the new encryption and decryption methods from @librechat/auth.
* feat: Enhance OAuth token handling and update dependencies in auth package
* chore: Remove Token model and TokenService due to restructuring of OAuth handling
- Deleted the Token.js model and TokenService.js, which were responsible for managing OAuth tokens.
- This change is part of a broader refactor to streamline OAuth token management and improve code organization.
* refactor: imports from '@librechat/auth' to '@librechat/api' and add OAuth token handling functionality
* refactor: Simplify logger usage in MCP and FlowStateManager classes
* chore: fix imports
* feat: Add OAuth configuration schema to MCP with token exchange method support
* feat: FIRST PASS Implement MCP OAuth flow with token management and error handling
- Added a new route for handling OAuth callbacks and token retrieval.
- Integrated OAuth token storage and retrieval mechanisms.
- Enhanced MCP connection to support automatic OAuth flow initiation on 401 errors.
- Implemented dynamic client registration and metadata discovery for OAuth.
- Updated MCPManager to manage OAuth tokens and handle authentication requirements.
- Introduced comprehensive logging for OAuth processes and error handling.
* refactor: Update MCPConnection and MCPManager to utilize new URL handling
- Added a `url` property to MCPConnection for better URL management.
- Refactored MCPManager to use the new `url` property instead of a deprecated method for OAuth handling.
- Changed logging from info to debug level for flow manager and token methods initialization.
- Improved comments for clarity on existing tokens and OAuth event listener setup.
* refactor: Improve connection timeout error messages in MCPConnection and MCPManager and use initTimeout for connection
- Updated the connection timeout error messages to include the duration of the timeout.
- Introduced a configurable `connectTimeout` variable in both MCPConnection and MCPManager for better flexibility.
* chore: cleanup MCP OAuth Token exchange handling; fix: erroneous use of flowsCache and remove verbose logs
* refactor: Update MCPManager and MCPTokenStorage to use TokenMethods for token management
- Removed direct token storage handling in MCPManager and replaced it with TokenMethods for better abstraction.
- Refactored MCPTokenStorage methods to accept parameters for token operations, enhancing flexibility and readability.
- Improved logging messages related to token persistence and retrieval processes.
* refactor: Update MCP OAuth handling to use static methods and improve flow management
- Refactored MCPOAuthHandler to utilize static methods for initiating and completing OAuth flows, enhancing clarity and reducing instance dependencies.
- Updated MCPManager to pass flowManager explicitly to OAuth handling methods, improving flexibility in flow state management.
- Enhanced comments and logging for better understanding of OAuth processes and flow state retrieval.
* refactor: Integrate token methods into createMCPTool for enhanced token management
* refactor: Change logging from info to debug level in MCPOAuthHandler for improved log management
* chore: clean up logging
* feat: first pass, auth URL from MCP OAuth flow
* chore: Improve logging format for OAuth authentication URL display
* chore: cleanup mcp manager comments
* feat: add connection reconnection logic in MCPManager
* refactor: reorganize token storage handling in MCP
- Moved token storage logic from MCPManager to a new MCPTokenStorage class for better separation of concerns.
- Updated imports to reflect the new token storage structure.
- Enhanced methods for storing, retrieving, updating, and deleting OAuth tokens, improving overall token management.
* chore: update comment for SYSTEM_USER_ID in MCPManager for clarity
* feat: implement refresh token functionality in MCP
- Added refresh token handling in MCPManager to support token renewal for both app-level and user-specific connections.
- Introduced a refreshTokens function to facilitate token refresh logic.
- Enhanced MCPTokenStorage to manage client information and refresh token processes.
- Updated logging for better traceability during token operations.
* chore: cleanup @librechat/auth
* feat: implement MCP server initialization in a separate service
- Added a new service to handle the initialization of MCP servers, improving code organization and readability.
- Refactored the server startup logic to utilize the new initializeMCP function.
- Removed redundant MCP initialization code from the main server file.
* fix: don't log auth url for user connections
* feat: enhance OAuth flow with success and error handling components
- Updated OAuth callback routes to redirect to new success and error pages instead of sending status messages.
- Introduced `OAuthSuccess` and `OAuthError` components to provide user feedback during authentication.
- Added localization support for success and error messages in the translation files.
- Implemented countdown functionality in the success component for a better user experience.
* fix: refresh token handling for user connections, add missing URL and methods
- add standard enum for system user id and helper for determining app-lvel vs. user-level connections
* refactor: update token handling in MCPManager and MCPTokenStorage
* fix: improve error logging in OAuth authentication handler
* fix: concurrency issues for both login url emission and concurrency of oauth flows for shared flows (same user, same server, multiple calls for same server)
* fix: properly fail shared flows for concurrent server calls and prevent duplication of tokens
* chore: remove unused auth package directory from update configuration
* ci: fix mocks in samlStrategy tests
* ci: add mcpConfig to AppService test setup
* chore: remove obsolete MCP OAuth implementation documentation
* fix: update build script for API to use correct command
* chore: bump version of @librechat/api to 1.2.4
* fix: update abort signal handling in createMCPTool function
* fix: add optional clientInfo parameter to refreshTokensFunction metadata
* refactor: replace app.locals.availableTools with getCachedTools in multiple services and controllers for improved tool management
* fix: concurrent refresh token handling issue
* refactor: add signal parameter to getUserConnection method for improved abort handling
* chore: JSDoc typing for `loadEphemeralAgent`
* refactor: update isConnectionActive method to use destructured parameters for improved readability
* feat: implement caching for MCP tools to handle app-level disconnects for loading list of tools
* ci: fix agent test
2025-06-17 13:50:33 -04:00
|
|
|
/**
|
|
|
|
|
* OAuth configuration for SSE and Streamable HTTP transports
|
|
|
|
|
* - Optional: OAuth can be auto-discovered on 401 responses
|
|
|
|
|
* - Pre-configured values will skip discovery steps
|
|
|
|
|
*/
|
|
|
|
|
oauth: z
|
|
|
|
|
.object({
|
|
|
|
|
/** OAuth authorization endpoint (optional - can be auto-discovered) */
|
|
|
|
|
authorization_url: z.string().url().optional(),
|
|
|
|
|
/** OAuth token endpoint (optional - can be auto-discovered) */
|
|
|
|
|
token_url: z.string().url().optional(),
|
|
|
|
|
/** OAuth client ID (optional - can use dynamic registration) */
|
|
|
|
|
client_id: z.string().optional(),
|
|
|
|
|
/** OAuth client secret (optional - can use dynamic registration) */
|
|
|
|
|
client_secret: z.string().optional(),
|
|
|
|
|
/** OAuth scopes to request */
|
|
|
|
|
scope: z.string().optional(),
|
|
|
|
|
/** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
|
|
|
|
|
redirect_uri: z.string().url().optional(),
|
|
|
|
|
/** Token exchange method */
|
|
|
|
|
token_exchange_method: z.nativeEnum(TokenExchangeMethodEnum).optional(),
|
|
|
|
|
})
|
|
|
|
|
.optional(),
|
2025-06-19 18:27:55 -04:00
|
|
|
customUserVars: z
|
|
|
|
|
.record(
|
|
|
|
|
z.string(),
|
|
|
|
|
z.object({
|
|
|
|
|
title: z.string(),
|
|
|
|
|
description: z.string(),
|
|
|
|
|
}),
|
|
|
|
|
)
|
|
|
|
|
.optional(),
|
2024-12-17 13:12:57 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export const StdioOptionsSchema = BaseOptionsSchema.extend({
|
|
|
|
|
type: z.literal('stdio').optional(),
|
|
|
|
|
/**
|
|
|
|
|
* The executable to run to start the server.
|
|
|
|
|
*/
|
|
|
|
|
command: z.string(),
|
|
|
|
|
/**
|
|
|
|
|
* Command line arguments to pass to the executable.
|
|
|
|
|
*/
|
|
|
|
|
args: z.array(z.string()),
|
|
|
|
|
/**
|
|
|
|
|
* The environment to use when spawning the process.
|
|
|
|
|
*
|
|
|
|
|
* If not specified, the result of getDefaultEnvironment() will be used.
|
2025-03-01 07:51:12 -05:00
|
|
|
* Environment variables can be referenced using ${VAR_NAME} syntax.
|
2024-12-17 13:12:57 -05:00
|
|
|
*/
|
2025-03-01 07:51:12 -05:00
|
|
|
env: z
|
|
|
|
|
.record(z.string(), z.string())
|
|
|
|
|
.optional()
|
|
|
|
|
.transform((env) => {
|
|
|
|
|
if (!env) {
|
|
|
|
|
return env;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const processedEnv: Record<string, string> = {};
|
|
|
|
|
for (const [key, value] of Object.entries(env)) {
|
|
|
|
|
processedEnv[key] = extractEnvVariable(value);
|
|
|
|
|
}
|
|
|
|
|
return processedEnv;
|
|
|
|
|
}),
|
2024-12-17 13:12:57 -05:00
|
|
|
/**
|
|
|
|
|
* How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.
|
|
|
|
|
*
|
|
|
|
|
* @type {import('node:child_process').IOType | import('node:stream').Stream | number}
|
|
|
|
|
*
|
|
|
|
|
* The default is "inherit", meaning messages to stderr will be printed to the parent process's stderr.
|
|
|
|
|
*/
|
|
|
|
|
stderr: z.any().optional(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export const WebSocketOptionsSchema = BaseOptionsSchema.extend({
|
|
|
|
|
type: z.literal('websocket').optional(),
|
|
|
|
|
url: z
|
|
|
|
|
.string()
|
2025-05-20 01:37:21 +02:00
|
|
|
.transform((val: string) => extractEnvVariable(val))
|
|
|
|
|
.pipe(z.string().url())
|
2024-12-17 13:12:57 -05:00
|
|
|
.refine(
|
2025-05-20 01:37:21 +02:00
|
|
|
(val: string) => {
|
2024-12-17 13:12:57 -05:00
|
|
|
const protocol = new URL(val).protocol;
|
|
|
|
|
return protocol === 'ws:' || protocol === 'wss:';
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
message: 'WebSocket URL must start with ws:// or wss://',
|
|
|
|
|
},
|
|
|
|
|
),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export const SSEOptionsSchema = BaseOptionsSchema.extend({
|
|
|
|
|
type: z.literal('sse').optional(),
|
2025-03-28 15:21:10 -04:00
|
|
|
headers: z.record(z.string(), z.string()).optional(),
|
2024-12-17 13:12:57 -05:00
|
|
|
url: z
|
|
|
|
|
.string()
|
2025-05-20 01:37:21 +02:00
|
|
|
.transform((val: string) => extractEnvVariable(val))
|
|
|
|
|
.pipe(z.string().url())
|
2024-12-17 13:12:57 -05:00
|
|
|
.refine(
|
2025-05-20 01:37:21 +02:00
|
|
|
(val: string) => {
|
2024-12-17 13:12:57 -05:00
|
|
|
const protocol = new URL(val).protocol;
|
|
|
|
|
return protocol !== 'ws:' && protocol !== 'wss:';
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
message: 'SSE URL must not start with ws:// or wss://',
|
|
|
|
|
},
|
|
|
|
|
),
|
|
|
|
|
});
|
|
|
|
|
|
2025-05-13 19:14:15 +02:00
|
|
|
export const StreamableHTTPOptionsSchema = BaseOptionsSchema.extend({
|
|
|
|
|
type: z.literal('streamable-http'),
|
|
|
|
|
headers: z.record(z.string(), z.string()).optional(),
|
2025-05-15 12:17:17 -04:00
|
|
|
url: z
|
|
|
|
|
.string()
|
2025-05-20 01:37:21 +02:00
|
|
|
.transform((val: string) => extractEnvVariable(val))
|
|
|
|
|
.pipe(z.string().url())
|
2025-05-15 12:17:17 -04:00
|
|
|
.refine(
|
2025-05-20 01:37:21 +02:00
|
|
|
(val: string) => {
|
2025-05-13 19:14:15 +02:00
|
|
|
const protocol = new URL(val).protocol;
|
|
|
|
|
return protocol !== 'ws:' && protocol !== 'wss:';
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
message: 'Streamable HTTP URL must not start with ws:// or wss://',
|
|
|
|
|
},
|
2025-05-15 12:17:17 -04:00
|
|
|
),
|
2025-05-13 19:14:15 +02:00
|
|
|
});
|
|
|
|
|
|
2024-12-17 13:12:57 -05:00
|
|
|
export const MCPOptionsSchema = z.union([
|
|
|
|
|
StdioOptionsSchema,
|
|
|
|
|
WebSocketOptionsSchema,
|
|
|
|
|
SSEOptionsSchema,
|
2025-05-13 19:14:15 +02:00
|
|
|
StreamableHTTPOptionsSchema,
|
2024-12-17 13:12:57 -05:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
export const MCPServersSchema = z.record(z.string(), MCPOptionsSchema);
|
2025-03-18 23:16:45 -04:00
|
|
|
|
|
|
|
|
export type MCPOptions = z.infer<typeof MCPOptionsSchema>;
|