feat(mcp): expose synthetic authenticate tool for needs_auth MCPs#27725
Open
msvechla wants to merge 1 commit into
Open
feat(mcp): expose synthetic authenticate tool for needs_auth MCPs#27725msvechla wants to merge 1 commit into
msvechla wants to merge 1 commit into
Conversation
For every configured MCP whose status is needs_auth, MCP.tools() now
exposes a synthetic <name>__authenticate tool to the agent. The tool's
execute calls MCP.authenticate(name) (opens the browser, awaits the
callback, rebuilds the transport on success).
This closes the gap where the agent had no way to discover or recover
unauthenticated MCPs from inside a conversation. After the synthetic
tool returns connected, the real MCP tools are live in the same session
because MCP.authenticate ends in createAndStore() which registers the
new transport into s.clients immediately.
The synthetic tool returns the canonical MCP { content: [...] } result
shape so downstream consumers reading result.content don't crash.
A synthetic is registered only when ALL of:
- mcp.type === "remote"
- mcp.oauth !== false
- s.status[name].status === "needs_auth"
Connected, failed, disabled, and OAuth-disabled MCPs are unaffected.
Closes anomalyco#27724
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #27724
Type of change
What does this PR do?
For every configured MCP whose status is
needs_auth,MCP.tools()now exposes a synthetic<name>__authenticatetool to the agent. The tool'sexecutecallsMCP.authenticate(name)(opens the browser, awaits the callback, rebuilds the transport on success).This closes the gap where the agent had no way to discover or recover unauthenticated MCPs from inside a conversation. After the synthetic tool returns
connected, the real MCP tools are live in the same session —MCP.authenticateends increateAndStore()which registers the new transport intos.clientsimmediately, so no restart is required.The synthetic tool returns the canonical MCP
{ content: [...] }result shape so downstream consumers readingresult.contentdon't crash.Filtering
A synthetic is registered only when ALL of:
mcp.type === "remote"mcp.oauth !== falses.status[name].status === "needs_auth"Connected, failed, disabled, and OAuth-disabled MCPs are unaffected.
How did you verify your code works?
bun run typecheckclean (passes pre-push hook).bun test test/mcp/lifecycle.test.ts— 21/21 pass.<name>__authenticate, browser opened, OAuth completed, the agent then immediately called the MCP's real tools in the same session.devbefore applying the patch.Screenshots / recordings
Checklist