Skip to content

feat(mcp): add Tool Registry Service for agent tool credentials #208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
betterclever wants to merge 4 commits into
base: eng-95/component-sdk-tool-mode
Choose a base branch
from
Open

feat(mcp): add Tool Registry Service for agent tool credentials #208

betterclever wants to merge 4 commits into from
+648 −1

Conversation

@betterclever
Copy link
Contributor

@betterclever betterclever commented Jan 15, 2026

Summary

Redis-backed registry for storing tool metadata and credentials during workflow runs. This bridges the gap between Temporal workflows (where credentials are resolved) and the MCP gateway (where agents call tools).

Stacked PR

This PR is stacked on top of #207 (ENG-95: Component SDK Tool Mode)

Please merge #207 first, then rebase this PR.

Changes

New: `backend/src/mcp/` module

ToolRegistryService:

  • `registerComponentTool()` - Register a ShipSec component as a tool with encrypted credentials
  • `registerRemoteMcp()` - Register a remote HTTP MCP server
  • `registerLocalMcp()` - Register a local stdio MCP (Docker container)
  • `getToolsForRun()` - Get all tools for a workflow run
  • `getTool()` / `getToolByName()` - Get specific tool
  • `getToolCredentials()` - Decrypt and return credentials
  • `areAllToolsReady()` - Check if all required tools are ready
  • `cleanupRun()` - Clean up tools and return container IDs

Redis Key Pattern

```
mcp:run:{runId}:tools (Hash, TTL 1hr)
```

Security

  • Credentials encrypted using existing `SecretsEncryptionService`

Tests

  • 8 tests covering all service methods

Note

Temporal activities (`registerToolActivity`, `waitForToolsActivity`, etc.) will be added in a follow-up as they reside in the worker package.

Linear Issue

Closes ENG-96

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 15, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3f8251468d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

backend/src/mcp/tool-registry.service.ts Outdated
Comment on lines 292 to 284
try {
const encryptionMaterial = JSON.parse(tool.encryptedCredentials);
const decrypted = await this.encryption.decrypt(encryptionMaterial);
return JSON.parse(decrypted);
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Handle non-JSON auth tokens in getToolCredentials

registerRemoteMcp encrypts a raw authToken string, but getToolCredentials always JSON.parses the decrypted payload. When the tool is a remote MCP (auth token is a plain string, not JSON), JSON.parse(decrypted) throws and the method returns null, so any consumer trying to fetch credentials for remote MCPs will never receive the token. This breaks authenticated remote MCP calls whenever authToken is not JSON-encoded.

Useful? React with 👍 / 👎.

@betterclever betterclever force-pushed the eng-95/component-sdk-tool-mode branch from 7e4d294 to e49f0c8 Compare January 19, 2026 12:04
@betterclever betterclever force-pushed the eng-96/tool-registry branch 3 times, most recently from b69e898 to 15d7d28 Compare January 19, 2026 12:31
@betterclever betterclever mentioned this pull request Jan 19, 2026
Open
@betterclever betterclever force-pushed the eng-95/component-sdk-tool-mode branch from 4f4cee6 to f09bb4d Compare January 19, 2026 13:00
@betterclever betterclever force-pushed the eng-95/component-sdk-tool-mode branch 3 times, most recently from f3da236 to 0660362 Compare January 20, 2026 11:46
@betterclever betterclever force-pushed the eng-96/tool-registry branch 2 times, most recently from d7263bb to 908d508 Compare January 20, 2026 12:24
@betterclever
feat(mcp): add Tool Registry Service for agent tool credentials
83a2a9b 
ENG-96

- Create ToolRegistryService with Redis-backed storage
- Implement registerComponentTool, registerRemoteMcp, registerLocalMcp
- Implement getToolsForRun, getTool, getToolByName, getToolCredentials
- Implement areAllToolsReady for agent readiness check
- Implement cleanupRun for workflow completion cleanup
- Encrypt credentials using existing SecretsEncryptionService
- Redis key pattern: mcp:run:{runId}:tools (Hash, TTL 1hr)
- Add McpModule to app imports
- Add comprehensive tests (8 tests passing)

Note: Temporal activities (registerToolActivity, waitForToolsActivity, etc.)
will be added in a follow-up as they reside in the worker package.

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
refactor(mcp): resolve lint and type errors in tool registry
1fcd5eb 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix(tool-registry): handle non-JSON auth tokens in getToolCredentials
abc2e1e 
- Update registerRemoteMcp to store authToken as JSON object for consistency
- Add fallback in getToolCredentials to handle legacy raw string tokens
- Add test case for remote MCP credentials

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
refactor(mcp): resolve lint spacing issues in tool registry
f82a05d 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@betterclever