feat(mcp): add Tool Registry Service for agent tool credentials #208
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3f8251468d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
292
to
284
| try { | ||
| const encryptionMaterial = JSON.parse(tool.encryptedCredentials); | ||
| const decrypted = await this.encryption.decrypt(encryptionMaterial); | ||
| return JSON.parse(decrypted); |
There was a problem hiding this comment.
registerRemoteMcp encrypts a raw authToken string, but getToolCredentials always JSON.parses the decrypted payload. When the tool is a remote MCP (auth token is a plain string, not JSON), JSON.parse(decrypted) throws and the method returns null, so any consumer trying to fetch credentials for remote MCPs will never receive the token. This breaks authenticated remote MCP calls whenever authToken is not JSON-encoded.
Useful? React with 👍 / 👎.
betterclever
force-pushed
the
eng-95/component-sdk-tool-mode
branch
from
7e4d294 to
e49f0c8
Compare
betterclever
force-pushed
the
eng-96/tool-registry
branch
3 times, most recently
from
b69e898 to
15d7d28
Compare
betterclever
force-pushed
the
eng-95/component-sdk-tool-mode
branch
from
4f4cee6 to
f09bb4d
Compare
betterclever
force-pushed
the
eng-96/tool-registry
branch
from
15d7d28 to
3670de1
Compare
betterclever
force-pushed
the
eng-95/component-sdk-tool-mode
branch
3 times, most recently
from
f3da236 to
0660362
Compare
betterclever
force-pushed
the
eng-96/tool-registry
branch
2 times, most recently
from
d7263bb to
908d508
Compare
ENG-96
- Create ToolRegistryService with Redis-backed storage
- Implement registerComponentTool, registerRemoteMcp, registerLocalMcp
- Implement getToolsForRun, getTool, getToolByName, getToolCredentials
- Implement areAllToolsReady for agent readiness check
- Implement cleanupRun for workflow completion cleanup
- Encrypt credentials using existing SecretsEncryptionService
- Redis key pattern: mcp:run:{runId}:tools (Hash, TTL 1hr)
- Add McpModule to app imports
- Add comprehensive tests (8 tests passing)
Note: Temporal activities (registerToolActivity, waitForToolsActivity, etc.)
will be added in a follow-up as they reside in the worker package.
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
- Update registerRemoteMcp to store authToken as JSON object for consistency - Add fallback in getToolCredentials to handle legacy raw string tokens - Add test case for remote MCP credentials Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
betterclever
force-pushed
the
eng-96/tool-registry
branch
from
908d508 to
f82a05d
Compare
Signed-off-by: betterclever <[email protected]>
- Add port mapping support to DockerRunner - Refactor mcp-server component to use dynamic runner config and exposed ports - Fix trace event mapping in E2E tests - Add container cleanup to mcp-tool-mode E2E test - Ensure local MCP registration uses actual containerId and endpoint - Fix workflow definition validation by adding node positions in test Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
… MCP proxying - Replace deprecated SSEClientTransport with StreamableHTTPClientTransport - Fix lint errors (trailing whitespace in constructor and emitProgress) - Gateway currently executes components inline (to be refactored to Temporal) Signed-off-by: betterclever <[email protected]>
- Add executeToolCallSignal and toolCallCompletedSignal for MCP tool calls - Add getToolCallResult query for polling tool execution results - Refactor callComponentTool to signal workflow instead of inline execution - Add queryWorkflow method to TemporalService - Tool calls now execute on worker with full Docker/secrets/storage support Signed-off-by: betterclever <[email protected]>
…ation - Refactor component tool execution to run on Temporal workers via signals/queries - Implement validation for workflow run access and organization ownership - Add comprehensive telemetry: log tool execution (STARTED, COMPLETED, FAILED) to trace repository - implement robust external MCP proxying with 30s timeouts and exponential backoff retries - Add support for tool filtering via allowedTools header - Add E2E test for MCP gateway tool discovery and execution Signed-off-by: Antigravity <[email protected]> Signed-off-by: betterclever <[email protected]>
- Extract X-Run-Id and X-Allowed-Tools headers in McpGatewayController - Pass organizationId and allowedTools to McpGatewayService - Add basic protocol version validation - Fix type casting for MCP transport request handling Signed-off-by: betterclever <[email protected]>
…eway - Add McpAuthService to manage short-lived, run-bounded session tokens - Implement McpAuthGuard for RFC 6750 (Bearer) compliance and AuthInfo injection - Refactor McpGatewayController to use native MCP AuthInfo instead of internal AuthContext - Add internal endpoint /internal/mcp/generate-token for session token issuance - Update E2E tests to validate the complete secure handshake and tool execution flow - Fix type safety issues in MCP transport integration Signed-off-by: Antigravity <[email protected]> Signed-off-by: betterclever <[email protected]>
…script harness - Ensure component 'parameters' are passed through tool registration and execution signals - Correctly map agent 'arguments' to component 'inputs' in runComponentActivity - Fix race condition in logic-script harness by ensuring output directory exists before write - Update E2E gateway test to reflect correct registration and execution pattern - Clean up debug logs and resolve linting errors across gateway and worker Signed-off-by: betterclever <[email protected]>
Detailed plan for enabling graph-based tool→agent binding: - Phase 1: Compiler tracks tool→agent edges - Phase 2: Runtime passes connectedToolNodeIds to agent - Phase 3: Agent queries MCP Gateway for tools - Phase 4: Gateway filters tools by nodeIds - Phase 5: E2E tests Linear-issue: ENG-132 Signed-off-by: betterclever <[email protected]>
Phase 1 of ENG-132: - Added connectedToolNodeIds to WorkflowNodeMetadata (backend/worker) - Added tools input port to AI agent component - Included connectedToolNodeIds in RunComponentActivityInput metadata Linear-issue: ENG-132 Signed-off-by: betterclever <[email protected]>
Phase 2 of ENG-132: - Modified compiler to collect connectedToolNodeIds from graph edges - Updated validator to allow multiple edges to 'tools' port - Virtualized 'tools' output port for nodes in tool mode - Updated DTO schemas to support tool mode metadata - Added unit test to verify tool->agent binding Linear-issue: ENG-132 Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Adds the new OpenCode agent component with configurable 'providerConfig'. Refactors common gateway token logic into a shared 'utils.ts' used by both AI Agent and OpenCode. Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
- Add zai-coding-plan to LLMProviderSchema with apiKey and modelId support - Fix OpenCode component to use proper model format (provider/modelId) - Configure Z.AI provider with apiKey in provider.options - Fix MCP server config to use type: "remote" instead of transport: "http" - Remove unused env var API key handling in favor of provider config Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
- Use sh -c with properly quoted prompt string to handle multi-word prompts - Escape single quotes in prompt to prevent shell injection - Add current-state.md documenting investigation and findings - Add opencode E2E test Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
…er script - Remove --quiet flag (doesn't exist in opencode 1.1.34), use --log-level ERROR - Use wrapper script approach to handle prompt file reading inside container - Set entrypoint to /bin/sh to override default opencode entrypoint - Fix test assertions to check outputSummary.report instead of output.report - Update current-state.md with resolution details E2E tests now passing: 2 pass, 0 fail Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
…ided
When a custom systemPrompt is provided, the task was not being included
because the {{TASK}} placeholder only exists in the default template.
Now the task is always appended to ensure OpenCode receives the full prompt.
Co-Authored-By: Claude <[email protected]>
Signed-off-by: betterclever <[email protected]>
- Add optional baseUrl and headers properties to zai-coding-plan provider - Add zai-coding-plan to ModelProvider type in ai-agent.ts - This fixes TypeScript build errors when using the new provider Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
… d.ts files - Remove emitDeclarationOnly: true from worker/tsconfig.json - This allows TypeScript to emit both .js and .d.ts files - Fixes backend typecheck errors when importing from @shipsec/studio-worker/workflows - The worker still uses source files directly via bun, so .js files don't interfere Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
- Rename unused 'error' to '_error' in catch block to satisfy ESLint - Apply code formatting from linter to opencode.ts Co-Authored-By: Claude <[email protected]> Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
Signed-off-by: betterclever <[email protected]>
feat: MCP AWS servers and proxy (ENG-103) Consolidating the work in 1 PR from the stack
…nt-ui feat: tool mode UI + agent orchestration (ENG-101/102) Consolidating the work in one PR
feat: OpenCode agent component (ENG-100) Consolidating the work in final PR
feat: implement tool-mode orchestration (ENG-132) Consolidating
feat(mcp): implement MCP Gateway for internal and external tools Consolidating
feat(dsl): implement workflow tool mode handling and MCP server node
betterclever
merged commit 7d7836b
into
eng-95/component-sdk-tool-mode
1 of 2 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Redis-backed registry for storing tool metadata and credentials during workflow runs. This bridges the gap between Temporal workflows (where credentials are resolved) and the MCP gateway (where agents call tools).
Stacked PR
Changes
New: `backend/src/mcp/` module
ToolRegistryService:
Redis Key Pattern
```
mcp:run:{runId}:tools (Hash, TTL 1hr)
```
Security
Tests
Note
Temporal activities (`registerToolActivity`, `waitForToolsActivity`, etc.) will be added in a follow-up as they reside in the worker package.
Linear Issue
Closes ENG-96