MCP compatibility for AI agents: server registry, JSON-RPC client, gateway, run-time tool catalog

Agents can now use Model Context Protocol servers. End to end: - SharedKernel seam IMcpGateway (ListToolsAsync / CallToolAsync) + McpToolDescriptor / McpToolResult, so the Assembler discovers and can invoke MCP tools without referencing Integrations' tables. - Integrations: McpServerConfig (org-scoped, owner-only; auth headers AES-GCM encrypted, never returned — only their names) + AddMcpServers migration. McpClient: a dependency-free Streamable-HTTP JSON-RPC 2.0 client (initialize → notifications/initialized → tools/list / tools/call), carrying the Mcp-Session-Id and parsing both application/json and text/event-stream replies. McpGateway resolves an org's servers, decrypts headers server-side, and is best-effort: an unreachable server is logged and skipped, never failing the run. CRUD + connectivity-test endpoints (create/test/delete owner-only via ManageApiKeys; list via ConfigureAgents to bind). - OrgBoard: Agent gains McpServerIds (uuid[]; migration backfills existing agents to empty) flowing through ConfigureAgent + AgentRunContext. - Assembler: AgentRunExecutor lists the agent's MCP tools (best-effort) and PromptAssembler renders a "# Tools (MCP)" catalog — labelled as data, never instructions — and records it in the run trace. - Client: SeatsPage gains an MCP servers card (add/test/delete, encrypted auth header) and a per-agent MCP server multi-select; api client gains del(). Note: discovery + the governed call gateway are in place now; the autonomous model-driven tool-call loop (model emits tool_calls → gated execution → feedback) needs a tool-calling model client and is the next increment — the stub model can't drive it. Verified: ArchitectureTests 8/8, IntegrationTests 53/53 (McpClientTests: JSON-RPC handshake/session, json + SSE; McpServerRegistryTests: owner-only, encrypted-header-never-returned, graceful test, Member 403; PromptAssemblerMcpTests: catalog + trace, omitted when empty), client build green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 19:25:43 +03:30
parent 0ac15c7308
commit c5e0e5cfe3
27 changed files with 1506 additions and 8 deletions
@@ -0,0 +1,78 @@
+using System.Text.Json;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using TeamUp.Modules.Integrations.Persistence;
+using TeamUp.Modules.Integrations.Security;
+using TeamUp.SharedKernel.Ai;
+
+namespace TeamUp.Modules.Integrations.Mcp;
+
+/// <summary>
+/// Resolves an org's MCP server configs, decrypts their headers server-side, and talks to them via
+/// <see cref="McpClient"/>. Discovery is best-effort: a server that fails to connect is logged and
+/// skipped so it never fails the agent run. The decrypted headers never leave the server.
+/// </summary>
+internal sealed class McpGateway(
+    IntegrationsDbContext db,
+    McpClient client,
+    ISecretProtector protector,
+    ILogger<McpGateway> logger) : IMcpGateway
+{
+    public async Task<IReadOnlyList<McpToolDescriptor>> ListToolsAsync(
+        Guid organizationId, IReadOnlyCollection<Guid> serverIds, CancellationToken cancellationToken = default)
+    {
+        if (serverIds.Count == 0)
+        {
+            return [];
+        }
+
+        var idSet = serverIds.ToHashSet();
+        var servers = await db.McpServers
+            .Where(s => s.OrganizationId == organizationId && s.Enabled && idSet.Contains(s.Id))
+            .ToListAsync(cancellationToken);
+
+        var tools = new List<McpToolDescriptor>();
+        foreach (var server in servers)
+        {
+            try
+            {
+                var discovered = await client.ListToolsAsync(server.Endpoint, DecryptHeaders(server.EncryptedHeaders), cancellationToken);
+                tools.AddRange(discovered.Select(t =>
+                    new McpToolDescriptor(server.Id, server.Name, t.Name, t.Description, t.InputSchemaJson)));
+            }
+            catch (Exception ex)
+            {
+                logger.LogWarning(ex, "MCP server {Server} ({Endpoint}) unreachable; skipping its tools.", server.Name, server.Endpoint);
+            }
+        }
+
+        return tools;
+    }
+
+    public async Task<McpToolResult> CallToolAsync(
+        Guid organizationId, Guid serverId, string toolName, string argumentsJson, CancellationToken cancellationToken = default)
+    {
+        var server = await db.McpServers.FirstOrDefaultAsync(
+            s => s.Id == serverId && s.OrganizationId == organizationId && s.Enabled, cancellationToken);
+        if (server is null)
+        {
+            return new McpToolResult(false, null, "MCP server not found or disabled.");
+        }
+
+        try
+        {
+            var (success, content, error) = await client.CallToolAsync(
+                server.Endpoint, DecryptHeaders(server.EncryptedHeaders), toolName, argumentsJson, cancellationToken);
+            return new McpToolResult(success, content, error);
+        }
+        catch (Exception ex)
+        {
+            return new McpToolResult(false, null, ex.Message);
+        }
+    }
+
+    private Dictionary<string, string>? DecryptHeaders(string? encrypted) =>
+        string.IsNullOrEmpty(encrypted)
+            ? null
+            : JsonSerializer.Deserialize<Dictionary<string, string>>(protector.Unprotect(encrypted));
+}