fix: MCP tool discovery pipeline, agentTool migration, and e2e reorganization #276
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Fix BACKEND_URL default from localhost:3000 to localhost:3211 - Add /api/v1 prefix to internal MCP API calls - Add mode: 'tool' to aws-mcp-group test configuration - Fix duplicate Outputs section in CloudFormation YAML The MCP group was failing because: 1. Worker was calling wrong backend port/path 2. Test wasn't marking aws-mcp-group as a tool provider Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Add register-group-server endpoint for MCP group runtime to fetch server configuration during workflow execution. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
…ation Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
… tools Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019c4208-d8d5-71f6-8874-506f0b67f197 Co-authored-by: Amp <amp@ampcode.com>
- Add sessionIdGenerator: () => randomUUID() for both named-server and single-server transports (SDK 1.26.0+ rejects stateless transport reuse) - Empty built-in named-servers.json to prevent proxy from ignoring MCP_COMMAND env var when image has hardcoded server configs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
…dshake
Replace raw fetch()-based tool discovery with MCP SDK Client that performs
proper initialize handshake before tools/list. AWS MCP servers reject bare
tools/list without initialization, causing silent 0-tool discovery.
Changes:
- Worker: discoverToolsWithRetry uses SDK Client + StreamableHTTPClientTransport
- Worker: MCP group runtime uses command: [] and MCP_NAMED_SERVERS='{}' env
- Backend: gateway discoverToolsFromEndpoint uses SDK Client
- Backend: add register-mcp-server endpoint with pre-discovered tools
- Backend: add tools-ready polling endpoint for workflow coordination
- SDK: add exposedToAgent field, RegisterMcpServerInput DTO
- Security components: add providerKind and exposedToAgent metadata
- Fix default backend port from 3000 to 3211 in mcp-library-utils
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Move prepareAndRegisterToolActivity for MCP groups from before to after runComponentWithRetry. Previously, the parent group was marked "ready" in Redis before child server discovery, causing the agent's areAllToolsReadyActivity check to pass too early. The agent would start with only 2 tools instead of 47. Now the sequence is: 1. MCP group executes (starts containers, discovers tools, registers children) 2. Parent registers as "ready" in Redis 3. Agent's polling detects all tools ready 4. Agent starts with complete tool set Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
…tion New mock.agent component that connects to the MCP gateway, lists all available tools, and returns them as output. Provides a fast, deterministic way to verify the full tool pipeline without an LLM. - worker/src/components/dev/mock-agent.ts: inline component - worker/src/components/dev/__tests__/mock-agent.test.ts: unit tests - e2e-tests/mock-agent-tool-discovery.test.ts: e2e test (47 tools) - Register component in worker/src/components/index.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Replace all agentTool references with the new toolProvider API: - agentTool.enabled → !!toolProvider - agentTool.toolName → toolProvider.name - agentTool.toolDescription → toolProvider.description - Update Swagger API schema in components controller - Fix stale test name in tool-helpers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
1. Rewrite stdio-proxy to stateless JSON-RPC (docker/mcp-stdio-proxy): Bypass MCP SDK Server class which only accepts one initialize per lifetime. Handle JSON-RPC directly in Express routes so unlimited HTTP clients (worker discovery + gateway tool calls) can share one stdio server. Return 202 for notifications, 405 for GET/DELETE. 2. Persistent MCP client pool in gateway (mcp-gateway.service.ts): Cache one Client per endpoint URL. Reuse for both discovery and tool calls. Evict on error. Close all on run cleanup. 3. Fix tool name registration (mcp.activity.ts): Use getToolMetadata(component).name (e.g. abuseipdb_check) instead of node ID (e.g. abuseipdb) when registering component tools. 4. Fix secret resolution for tool calls (workflows/index.ts): Pass inputOverrides: request.credentials to _runComponentActivity in executeToolCallSignal so resolveSecretInputOverrides can resolve secret names to actual values during agent tool calls. Also: fix mock-agent AWS test args (snake_case), update e2e test to handle createLightweightSummary array truncation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
…docs - Introduce core/, pipeline/, cloud/ directories with shared e2e-harness.ts - Rename .env.eng-104 -> .env.e2e, RUN_GUARDDUTY_E2E -> RUN_CLOUD_E2E - Add test:e2e:core, test:e2e:pipeline, test:e2e:cloud scripts - Remove 10 redundant session-generated docs - Remove dead shipsec-mcp-server pm2 config and package.json scripts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Move analytics.test.ts (from main's analytics dashboard PR) into the core/ tier and refactor to use shared e2e-harness helpers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Prevent accidental commit of context dump files that may contain secrets. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c25f26e26a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
67
to
69
| return allServers | ||
| .map((s) => McpServerSchema.parse(s)) | ||
| .filter((s) => enabledServerIds.includes(s.id)); |
There was a problem hiding this comment.
fetchEnabledServers now filters only by selected ID and no longer enforces enabled === true, so a server that was disabled in MCP settings can still be started and registered when mcp.custom executes. This is a behavioral regression from the previous implementation and can re-expose tools administrators explicitly turned off.
Useful? React with 👍 / 👎.
pm2.config.cjs
Outdated
| TEMPORAL_NAMESPACE: `shipsec-dev-${instanceNum}`, | ||
| TEMPORAL_TASK_QUEUE: `shipsec-dev-${instanceNum}`, | ||
| // DEBUG: Skip container cleanup for MCP debugging | ||
| SKIP_CONTAINER_CLEANUP: process.env.SKIP_CONTAINER_CLEANUP || 'true', |
There was a problem hiding this comment.
Setting SKIP_CONTAINER_CLEANUP to 'true' by default means PM2 worker runs will always bypass cleanupLocalMcpActivity (which returns early when this env var is true), so MCP containers and volumes accumulate across runs. In local/E2E environments this can quickly cause stale state and Docker resource exhaustion that breaks subsequent experiments.
Useful? React with 👍 / 👎.
- Add `s.enabled` check to `fetchEnabledServers` filter so disabled MCP servers are not started/registered (P1) - Change SKIP_CONTAINER_CLEANUP default from 'true' to 'false' to prevent Docker container accumulation (P2) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
betterclever
force-pushed
the
fix/mcp-tool-discovery-pipeline
branch
from
8888a7e to
8766162
Compare
registerLocalMcpActivity and registerRemoteMcpActivity were calling removed register-local/register-remote backend endpoints. Remapped both to the unified register-mcp-server endpoint. Also includes server.id in template hash computation and adds Swagger response typing for GET /mcp-groups/templates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
betterclever
force-pushed
the
fix/mcp-tool-discovery-pipeline
branch
from
8766162 to
035f3d9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates three major improvements to the tool calling pipeline, MCP architecture, and test organization:
agentToolto newtoolProviderAPIMCP Tool Discovery Pipeline Fixes
Bugs Fixed:
Clientwithinitialize()instead of raw fetchprepareAndRegisterToolActivityusesgetToolMetadata(component).namefortoolName(not nodeId)executeToolCallSignalpassesinputOverrides: request.credentialsto resolve secrets at execution timeKey Files:
mcp-gateway.service.ts,mcp-group-runtime.ts,mcp.activity.ts,tool-helpers.ts,workflows/index.tsagentTool → toolProvider Migration
All security components (AbuseIPDB, VirusTotal, AWS MCP, etc.) migrated from legacy
agentToolinterface to unifiedtoolProviderpattern. Frontend and backend serialization updated to match.Mock Agent Diagnostic Component
worker/src/components/dev/mock-agent.ts- Connects to MCP gateway, discovers tools, and optionally calls each tool with test arguments. Validates the full pipeline without a real AI agent.E2E test (
pipeline/mock-agent-tool-discovery.test.ts) asserts tool discovery and execution end-to-end.E2E Test Reorganization
RUN_E2E=trueRUN_E2E=true+ API keysRUN_CLOUD_E2E=trueScripts:
test:e2e:core,test:e2e:pipeline,test:e2e:cloudCleanups
mcp:*npm scripts, stale pm2 MCP server config.env.eng-104→.env.e2e.contextto.gitignoreTest plan
bun run typecheckpassesbun test- 560 pass, 113 skip, 0 failtest:e2e:corewith local servicestest:e2e:pipelinewith API keys configured🤖 Generated with Claude Code