feat: list and call tools from external MCPs

[qstearns]

Implements runtime tool listing and calling for external MCP servers. Proxy tools (tools:externalmcp:<slug>:proxy) are "unfolded" at runtime to expose the actual tools from the external MCP server.

Key changes:

• unfoldExternalMCPTools() in MCP RPC handlers - expands proxy tools to actual tools via ListToolsFromProxy()
• handleExternalMCPToolCall() - routes tool calls to external MCP servers via session API
• doExternalMCP() in gateway proxy - handles tool execution with OAuth token passthrough
• GetToolCallPlanByURN() updated to handle ToolKindExternalMCP
• conv.ToBaseTool() returns error for proxy tools (must be unfolded first)
• RAG search and agents updated to unfold proxy tools before processing

Tool naming convention: External MCP tools are named as <slug>:<toolname> (e.g., notion:search, github:list_repos).

Summary

• external-mcp/5/list-and-call: URN kind and design types - Add ToolKindExternalMCP
• external-mcp/5/list-and-call: implementation using generated types - Core unfolding and calling logic
• external-mcp/5/list-and-call: instances, toolsets, and tests - Integration with instances API and test updates

🤖 Generated with Claude Code

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4bd3ffd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
gram	Ready	Preview, Comment	Dec 17, 2025 7:40pm
gram-docs-redirect	Ready	Preview, Comment	Dec 17, 2025 7:40pm
gram-landing-redirect	Ready	Preview, Comment	Dec 17, 2025 7:40pm

[ryan-timothy-albert]

So checking my understanding here. It seems like we actually only unfold an external tool in mcp context. So right now these tools wouldn't be visible/useable in the playground. Correct?

[chase-crumbaugh]

I draw the line at five return params lol
Wrap that baby in a struct

[qstearns]

yeah that baby belongs in a struct. ✅

[chase-crumbaugh]

Im surprised the Plan for this isn't the same as HTTP

[qstearns]

I think that there are some differences for sure:

for instance, the way you want to map input configuration to source configuration is way less complex for external MCP in that you don't have to worry about all the Header vs Body vs Param configuration options of open API + formatting options Open API supports. Also no notion of something like request method

[chase-crumbaugh]

Do we need the FULL toolset? DescribeToolset is somewhat expensive

[chase-crumbaugh]

Does wellKnown get spammed or am i misremembering

[qstearns]

https://app.datadoghq.com/logs?query=service%3Agram-server%20%40url.original%3A%2F.well-known%2F%2A&agg_m=count&agg_m_source=base&agg_q=%40url.original&agg_t=count&clustering_pattern_field_path=message&cols=host%2Cservice&flat_group_bys=true&messageDisplay=inline&refresh_mode=sliding&sort_m=count&sort_t=count&storage=hot&stream_sort=desc&top_n=10&top_o=top&viz=timeseries&x_missing=true&from_ts=1765906267874&to_ts=1765992667874&live=true

well-known gets traffic but not a ton. All of it is from Polar. Even so I refactored to short-circuit before describe toolset in order to ensure that if there is a latency spike that we're going to avoid it

[chase-crumbaugh]

Yes lets definitely do that. Alternatively you can add a query that just retrieves the information needed for oauth instead of loading the entire toolet

[qstearns]

I have a ticket draft for this which I can tag you on for discussion. I don't think it's a matter of just storing it on the toolset. It interfaces with other OAuth concepts in pretty complicated ways, so I was hoping to peel off the actual abstraction work into a separately reviewed PR

[chase-crumbaugh]

I already thought all this oauth stuff needed to be factored out of this method even before this addition. Let's figure out a way to encapsulate the oauth logic elsewhere. At the very least make a ticket with a link to this method saying to refactor

[qstearns]

Have a ticket drafted for this. I need to wrap my head around the implications of Walker's recent changes if I'm going to have any hope of making a refactor here a net improvement

[chase-crumbaugh]

Is that refactor coming in a later pr

[qstearns]

The version implemented here uses the tool name format. I'll follow up with another PR alongside support for instances.

[qstearns]

Left a few responses. Addressed some of the feedback here but also would prefer to keep some of this work scoped to linear tickets. Stuff like refactoring our oauth logic I think is just gonna require a slightly more holistic view of the system than what I want to bite off as the scope of this PR

[qstearns]

https://app.datadoghq.com/logs?query=service%3Agram-server%20%40url.original%3A%2F.well-known%2F%2A&agg_m=count&agg_m_source=base&agg_q=%40url.original&agg_t=count&clustering_pattern_field_path=message&cols=host%2Cservice&flat_group_bys=true&messageDisplay=inline&refresh_mode=sliding&sort_m=count&sort_t=count&storage=hot&stream_sort=desc&top_n=10&top_o=top&viz=timeseries&x_missing=true&from_ts=1765906267874&to_ts=1765992667874&live=true

well-known gets traffic but not a ton. All of it is from Polar. Even so I refactored to short-circuit before describe toolset in order to ensure that if there is a latency spike that we're going to avoid it

[qstearns]

I have a ticket draft for this which I can tag you on for discussion. I don't think it's a matter of just storing it on the toolset. It interfaces with other OAuth concepts in pretty complicated ways, so I was hoping to peel off the actual abstraction work into a separately reviewed PR

[qstearns]

Have a ticket drafted for this. I need to wrap my head around the implications of Walker's recent changes if I'm going to have any hope of making a refactor here a net improvement

[qstearns]

The version implemented here uses the tool name format. I'll follow up with another PR alongside support for instances.

[qstearns]

I think that there are some differences for sure:

for instance, the way you want to map input configuration to source configuration is way less complex for external MCP in that you don't have to worry about all the Header vs Body vs Param configuration options of open API + formatting options Open API supports. Also no notion of something like request method