Skip to content

feat(mcp): implement MCP Gateway for internal and external tools #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
betterclever merged 49 commits into from
Jan 30, 2026
Merged

feat(mcp): implement MCP Gateway for internal and external tools #213

betterclever merged 49 commits into from
Jan 30, 2026

Conversation

@betterclever
Copy link
Contributor

@betterclever betterclever commented Jan 19, 2026

Summary

  • MCP Gateway API: Implemented a new /mcp API with GET /tools and POST /tools/call endpoints.
  • Internal Translation: The gateway translates Model Context Protocol (MCP) JSON-RPC requests into internal component registry and credential store calls.
  • Dynamic Tool Listing: Tools are dynamically retrieved from the Tool Registry (ENG-96), filtering for tools registered during a specific workflow run.
  • Tool Execution: Implemented direct component execution within the gateway service (MVP approach) to allow agents to invoke platform tools.

Stacked on: #212 (ENG-97)

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 19, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1a188c2285

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

backend/src/mcp/mcp-gateway.service.ts Outdated
Comment on lines 88 to 90
const result = await component.execute(
{ inputs: mergedInputs as any, params: {} as any },
{
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Parse tool inputs/params before executing components

The MCP gateway calls component.execute with inputs: mergedInputs and params: {} directly, which bypasses the component’s Zod parsing/defaults and drops any workflow node parameters. That means tool calls will silently ignore required params or coercions (e.g., ports, endpoints, defaults), causing components to misbehave or throw at runtime. Consider fetching the node config for the run and running component.inputs.parse / component.parameters.parse before invoking execute.

Useful? React with 👍 / 👎.

worker/src/components/core/mcp-server.ts Outdated
Comment on lines 69 to 73
async execute() {
// The Docker runner handles execution.
// At runtime, the workflow engine will resolve the dynamic endpoint.
return {
endpoint: 'http://localhost:8080', // Placeholder
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Actually run docker runner in MCP server component

The new core.mcp.server component’s execute only returns a hardcoded endpoint and never calls runComponentWithRunner. In this codebase, docker components are executed only when the component itself invokes the runner (the activity doesn’t auto-run it), so this component will never start the MCP server container and will always return the placeholder URL.

Useful? React with 👍 / 👎.

@betterclever betterclever mentioned this pull request Jan 19, 2026
Closed
@betterclever betterclever force-pushed the eng-98/mcp-gateway branch 2 times, most recently from fc4c1eb to 9ed839a Compare January 19, 2026 13:14
@betterclever betterclever changed the base branch from main to eng-97/workflow-tool-mode January 20, 2026 15:04
@betterclever betterclever force-pushed the eng-98/mcp-gateway branch 2 times, most recently from b32f6c6 to f5e332d Compare January 21, 2026 18:07
@betterclever
feat(mcp): implement MCP Gateway with tool listing and execution
b0113e5 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
refactor(mcp-gateway): use StreamableHTTPClientTransport for external…
737896c 
… MCP proxying

- Replace deprecated SSEClientTransport with StreamableHTTPClientTransport
- Fix lint errors (trailing whitespace in constructor and emitProgress)
- Gateway currently executes components inline (to be refactored to Temporal)

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(mcp-gateway): implement signal-based tool execution via Temporal
bf20f01 
- Add executeToolCallSignal and toolCallCompletedSignal for MCP tool calls
- Add getToolCallResult query for polling tool execution results
- Refactor callComponentTool to signal workflow instead of inline execution
- Add queryWorkflow method to TemporalService
- Tool calls now execute on worker with full Docker/secrets/storage support

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(mcp): complete MCP Gateway implementation with security and isol…
d748ef8 
…ation

- Refactor component tool execution to run on Temporal workers via signals/queries
- Implement validation for workflow run access and organization ownership
- Add comprehensive telemetry: log tool execution (STARTED, COMPLETED, FAILED) to trace repository
- implement robust external MCP proxying with 30s timeouts and exponential backoff retries
- Add support for tool filtering via allowedTools header
- Add E2E test for MCP gateway tool discovery and execution

Signed-off-by: Antigravity <antigravity@google.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(mcp-gateway): wire up controller with headers and session support
6eaeab1 
- Extract X-Run-Id and X-Allowed-Tools headers in McpGatewayController
- Pass organizationId and allowedTools to McpGatewayService
- Add basic protocol version validation
- Fix type casting for MCP transport request handling

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(mcp): implement secure session-scoped authentication for MCP Gat…
facae02 
…eway

- Add McpAuthService to manage short-lived, run-bounded session tokens
- Implement McpAuthGuard for RFC 6750 (Bearer) compliance and AuthInfo injection
- Refactor McpGatewayController to use native MCP AuthInfo instead of internal AuthContext
- Add internal endpoint /internal/mcp/generate-token for session token issuance
- Update E2E tests to validate the complete secure handshake and tool execution flow
- Fix type safety issues in MCP transport integration

Signed-off-by: Antigravity <antigravity@google.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(mcp): fix component tool parameter propagation and harden logic-…
f1752c2 
…script harness

- Ensure component 'parameters' are passed through tool registration and execution signals
- Correctly map agent 'arguments' to component 'inputs' in runComponentActivity
- Fix race condition in logic-script harness by ensuring output directory exists before write
- Update E2E gateway test to reflect correct registration and execution pattern
- Clean up debug logs and resolve linting errors across gateway and worker

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
docs: add ENG-132 tool mode orchestration implementation plan
335e021 
Detailed plan for enabling graph-based tool→agent binding:
- Phase 1: Compiler tracks tool→agent edges
- Phase 2: Runtime passes connectedToolNodeIds to agent
- Phase 3: Agent queries MCP Gateway for tools
- Phase 4: Gateway filters tools by nodeIds
- Phase 5: E2E tests

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(dsl): add connectedToolNodeIds metadata and agent tools port
be5bbb9 
Phase 1 of ENG-132:
- Added connectedToolNodeIds to WorkflowNodeMetadata (backend/worker)
- Added tools input port to AI agent component
- Included connectedToolNodeIds in RunComponentActivityInput metadata

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(compiler): track tool->agent edges and handle virtual tools port
ad44d61 
Phase 2 of ENG-132:
- Modified compiler to collect connectedToolNodeIds from graph edges
- Updated validator to allow multiple edges to 'tools' port
- Virtualized 'tools' output port for nodes in tool mode
- Updated DTO schemas to support tool mode metadata
- Added unit test to verify tool->agent binding

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(temporal): pass connectedToolNodeIds to agent execution context
d84712d 
Phase 3 of ENG-132:
- Updated shipsecWorkflowRun to extract connectedToolNodeIds from node metadata
- Included connectedToolNodeIds in activity metadata for agent discovery
- Synchronized worker types for workflow execution

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(gateway): implement nodeId-based tool scoping and session API
09c19cb 
Phase 4 of ENG-132:
- Added nodeIds filter to ToolRegistryService.getToolsForRun
- Updated McpGatewayService to support tool scoping by nodeId
- Included allowedNodeIds in session token and metadata
- Updated InternalMcpController to allow scoped token generation

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(worker): propagate tool binding metadata to component context
5b3eea8 
Phase 3 of ENG-132:
- Updated ExecutionContextMetadata to include connectedToolNodeIds and organizationId
- Modified runComponentActivity to inject metadata into the execution context
- Ensured organizationId is available for agent tool discovery

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(agent): implement gateway-based tool discovery and execution
e6075bf 
Phase 5 of ENG-132:
- Added McpGatewayClient support to AI agent component
- Implemented runtime tool discovery via MCP Gateway
- Scoped tool discovery using connectedToolNodeIds
- Integrated discovered tools with agent reasoning loop
- Added session token generation helper

Linear-issue: ENG-132
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix(mcp): implement multi-agent tool scoping and gateway-based discovery
668b797 
- Add ApiKeysModule import to McpModule to fix DI issues
- Cache gateway servers/transports by runId + allowedNodeIds for agent isolation
- Implement buildMcpToolSchema to convert JSON Schema to Zod format
- Fix MCP tool content handling (extract text from array results)
- Add proper imports for StreamableHTTPClientTransport and Client

Tests now pass:
- Agent can run with no tools
- Multiple agents have isolated tool sets based on graph connections

This enables workflow graphs to connect tool-mode nodes directly to agents,
with the agent automatically discovering and using only its connected tools.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix(agent): ensure tool execution returns string values
f794995 
- Explicitly type tool execution to return Promise<string>
- Add comprehensive fallback conversions for tool result content
- Handle all formats: arrays, strings, objects, primitives
- Update test to use more reliable httpbin.org endpoint

Tool discovery is working correctly (tests 1 & 3 pass).
Test 2 fails due to tool execution issues, not discovery.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
chore(logging): implement structured file-based debug logging
cdd5f8d 
- Create DebugLogger utility for structured JSON logging to /tmp/shipsec-debug/
- Separate heartbeat logs to dedicated file (not printed to console)
- Add view-debug-logs.ts script for easy log viewing/filtering
- Convert agent gateway functions to use DebugLogger
- Remove verbose console heartbeat logs (15-second polling logs)
- Add getRecentLogs, getLogsByContext, getLogsByLevel utilities

Benefits:
- Cleaner console output (no heartbeat spam)
- All debug context centralized in one place
- Easy filtering by context, level, or search terms
- Structured JSON format for programmatic access

Debug logs now available at: /tmp/shipsec-debug/worker.log
Usage: bun scripts/view-debug-logs.ts [filter] [line-count]

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
docs: add comprehensive ENG-132 implementation summary
56ea42c 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(logging): add detailed tool execution debug logging
7a87122 
- Log tool invocation arguments to debug-logger
- Log MCP result type and content before conversion
- Log final tool execution result with preview
- Log errors with stack traces for debugging

Root cause identified in Test 2: MCP protocol timeout on external endpoint
The tool is called successfully, gateway discovery works,
but the MCP callTool() times out waiting for the HTTP endpoint response.
This is NOT a tool discovery or integration issue - it's endpoint latency.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
committed the changes.
b3f5409 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
refactor: rework ai agent mcp tools
73f2212 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
test: align ai agent tests with schemas
0cecd0c 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
betterclever and others added 27 commits January 24, 2026 19:54
@betterclever
fix: stabilize mcp tool discovery
04f1e47 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix: align mcp tool schemas and agent logging
5ab0116 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
chore: remove ai agent debug logs
6ffe6e0 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
chore: remove eng-132 interim docs
1ecde88 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
chore: fix lint and remove unused checks
d3f56bf 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
test: stabilize mcp internal and ai agent tests
341440f 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(worker): add OpenCode agent component
a03de01 
Adds the new OpenCode agent component with configurable 'providerConfig'. Refactors common gateway token logic into a shared 'utils.ts' used by both AI Agent and OpenCode.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: implement contract-based tool ports and mcp agent tools port
874955f 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: enhance Tool Mode UI and fix metadata propagation
0832d06 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: implement tool schema and expose parameters for agent tools
5ba3dd3 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: refresh tool mode config panel
3d48e1d 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
feat: add zai-coding-plan provider support to OpenCode component
d45c055 
- Add zai-coding-plan to LLMProviderSchema with apiKey and modelId support
- Fix OpenCode component to use proper model format (provider/modelId)
- Configure Z.AI provider with apiKey in provider.options
- Fix MCP server config to use type: "remote" instead of transport: "http"
- Remove unused env var API key handling in favor of provider config

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
fix: attempt to fix opencode docker command argument handling
1472932 
- Use sh -c with properly quoted prompt string to handle multi-word prompts
- Escape single quotes in prompt to prevent shell injection
- Add current-state.md documenting investigation and findings
- Add opencode E2E test

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
fix(opencode): fix E2E tests by removing --quiet flag and using wrapp…
201bcb7 
…er script

- Remove --quiet flag (doesn't exist in opencode 1.1.34), use --log-level ERROR
- Use wrapper script approach to handle prompt file reading inside container
- Set entrypoint to /bin/sh to override default opencode entrypoint
- Fix test assertions to check outputSummary.report instead of output.report
- Update current-state.md with resolution details

E2E tests now passing: 2 pass, 0 fail

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
fix(opencode): always append task to prompt when systemPrompt is prov…
3c4441b 
…ided

When a custom systemPrompt is provided, the task was not being included
because the {{TASK}} placeholder only exists in the default template.

Now the task is always appended to ensure OpenCode receives the full prompt.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
fix: add baseUrl and headers to zai-coding-plan provider schema
ca3d47f 
- Add optional baseUrl and headers properties to zai-coding-plan provider
- Add zai-coding-plan to ModelProvider type in ai-agent.ts
- This fixes TypeScript build errors when using the new provider

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
fix: remove emitDeclarationOnly from worker tsconfig to properly emit…
2d1a8d6 
… d.ts files

- Remove emitDeclarationOnly: true from worker/tsconfig.json
- This allows TypeScript to emit both .js and .d.ts files
- Fixes backend typecheck errors when importing from @shipsec/studio-worker/workflows
- The worker still uses source files directly via bun, so .js files don't interfere

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever @claude
lint: fix unused caught error variable in ConfigPanel
aead2e2 
- Rename unused 'error' to '_error' in catch block to satisfy ESLint
- Apply code formatting from linter to opencode.ts

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: add stdio MCP proxy and cleanup
0b16a59 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: add AWS MCP server components
55844de 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: add stdio mcp proxy and aws mcp components
80b764c 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
chore: drop ai notes
4781b6e 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat: finalize mcp servers and ui
532d841 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
Merge pull request #239 from ShipSecAI/eng-103/aws-investigation-tools
1342d82 
feat: MCP AWS servers and proxy (ENG-103)

Consolidating the work in 1 PR from the stack
@betterclever
Merge pull request #237 from ShipSecAI/eng-101/frontend-tool-mode-age…
33dccb0 
…nt-ui

feat: tool mode UI + agent orchestration (ENG-101/102)

Consolidating the work in one PR
@betterclever
Merge pull request #236 from ShipSecAI/eng-100/opencode-agent-component
561512b 
feat: OpenCode agent component (ENG-100)

Consolidating the work in final PR
@betterclever
Merge pull request #230 from ShipSecAI/eng-132/tool-mode-orchestration
75fcbfa 
feat: implement tool-mode orchestration (ENG-132)

Consolidating
@betterclever betterclever merged commit a0d6b86 into eng-97/workflow-tool-mode Jan 30, 2026
1 of 2 checks passed
@betterclever betterclever mentioned this pull request Jan 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@betterclever