add mcp for web

[dinhlongviolin1]

Describe Your Changes

• Added MCP core base extension
• Added MCP web extension (uses MCP TS SDK)

Fixes Issues

Self Checklist

• Added relevant comments, esp in complex areas
• Updated docs (for bug fixes / features)
• Created issues for follow-up changes or refactoring needed

---

Important

Add MCP extension for web, enabling tool management and server communication using MCP TypeScript SDK.

• Behavior:
  • Adds MCPExtension to extension.ts and index.ts for managing tools and server communication.
  • Implements MCPExtensionWeb in mcp-web/index.ts using MCP TypeScript SDK for web platform.
  • Adds MCPWebModule to types.ts and updates WEB_EXTENSIONS in index.ts for dynamic loading.
  • Updates PlatformFeatures in const.ts to enable MCP servers.
  • Implements WebMCPService in mcp/web.ts for web platform, handling tool calls and server management.
• Models and Interfaces:
  • Adds MCPTool, MCPToolCallResult, and MCPServerInfo to mcpEntity.ts.
  • Defines MCPInterface in mcpInterface.ts for MCP operations.
  • Updates types/index.ts to export MCP types.
• Testing:
  • Adds mcp.test.ts for testing MCPExtension functionalities.
• Misc:
  • Updates package.json to include @modelcontextprotocol/sdk dependency.
  • Adds JanMCPOAuthProvider in oauth-provider.ts for OAuth integration.
  • Updates Makefile and mise.toml to include MCP build steps.

^{This description was created by for 651ac30. You can customize this summary. It will automatically update as commits are pushed.}

[ellipsis-dev]

Caution

Changes requested ❌

Reviewed everything up to 7a78c56 in 2 minutes and 8 seconds. Click for details.

• Reviewed 1398 lines of code in 23 files
• Skipped 0 files when reviewing.
• Skipped posting 8 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. extensions-web/src/mcp-web/index.ts:127

• Draft comment:
  Consider adding inline documentation to explain the token update listener logic and its error handling, as this helps future maintainers.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

2. extensions-web/src/mcp-web/index.ts:227

• Draft comment:
  Consider using a more robust error detection mechanism rather than checking if error messages include 'session' or 'connection'.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 30% vs. threshold = 50% The comment points out a legitimate code quality concern - string matching error messages is fragile and could break if error message formats change. However, without knowing the MCP SDK's error handling capabilities or what other error detection mechanisms are available, the comment isn't specific enough about what should be done instead. The current approach, while not ideal, does provide basic error recovery functionality. I may be too harsh on the comment - even if it doesn't provide a specific solution, raising awareness about fragile error handling could be valuable. The code could potentially be improved if the team investigates proper error types or codes from the SDK. While the concern is valid, the comment doesn't provide actionable guidance. Without specific knowledge of better alternatives available in the MCP SDK, the comment may just create uncertainty without a clear path forward. The comment should be deleted because it raises a concern without providing specific, actionable guidance on how to improve the code. The current implementation, while not perfect, is functional.

3. extensions-web/src/mcp-web/index.ts:148

• Draft comment:
  Consider mapping the 'server' value from the tool response rather than hardcoding 'Jan MCP Server', if dynamic server info is available.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% 1. The code is mapping from MCP SDK's tool format to a local format. 2. We don't have visibility into the MCP SDK's tool response schema to know if 'server' is available. 3. The hardcoded value is used consistently (also in getConnectedServers()). 4. Without knowing the MCP SDK's schema, this suggestion is speculative. 5. The current implementation seems intentional given the consistent use of the hardcoded value. I don't have evidence that the MCP SDK's tool response includes a server field. The suggestion is speculative without knowing the SDK's schema. The comment violates the rule about not making speculative suggestions. We need strong evidence that the change is correct. Delete the comment because it makes a speculative suggestion without evidence that tool.server exists in the SDK's response format.

4. extensions-web/src/shared/auth.ts:89

• Draft comment:
  Verify that storing tokens in localStorage meets your security requirements; consider adding comments about trade-offs.
• Reason this comment was not posted:
  Confidence changes required: 40% <= threshold 50% None

5. web-app/src/routes/settings/mcp-servers.tsx:95

• Draft comment:
  The platform check (isPlatformTauri) to switch between desktop and web versions is clear; consider adding documentation for future modifications.
• Reason this comment was not posted:
  Confidence changes required: 30% <= threshold 50% None

6. web-app/src/services/mcp/web.ts:155

• Draft comment:
  Using Math.random() for cancellation tokens is acceptable for this use case, but if token uniqueness is critical, consider using a more robust UUID generator.
• Reason this comment was not posted:
  Confidence changes required: 40% <= threshold 50% None

7. web-app/src/services/mcp/web.ts:240

• Draft comment:
  Ensure that the mapping of MCP tool responses to OpenAI-compliant format handles all expected content types; consider adding unit tests for non-text responses.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

8. core/src/browser/extensions/mcp.test.ts:99

• Draft comment:
  There is no newline at the end of the file. Please add a trailing newline.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% Missing newlines at end of files are a common style issue that can cause problems with some tools and make diffs messier. However, this is a very minor issue that would likely be caught by linting or formatting tools. It's not a logic issue and doesn't affect functionality. The comment is technically correct, but is it important enough to warrant a PR comment? Most teams have automated tools to handle this. While true that automated tools often handle this, the comment is still pointing out a real issue that should be fixed according to common coding standards. Given the rules state not to comment on obvious or unimportant issues, and that this would likely be caught by automated tools, this comment should be deleted.

Workflow ID: wflow_kJMG3UzjdU2ysFcD

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[github-actions]

Barecheck - Code coverage report

Total: 29.01%

Your code coverage diff: -0.42% ▾

Uncovered files and lines

File	Lines
core/src/browser/extension.ts	94-95, 102-105, 114-116, 125-126, 128-143, 146-147, 181, 183-192
extensions-web/vite.config.ts	1, 3-19
extensions-web/src/index.ts	8-11, 26-31
extensions-web/src/jan-provider-web/api.ts	6-7, 75, 79-81, 83-88, 90-93, 95-97, 99-100, 102-109, 111-115, 117-132, 134-141, 143, 145-155, 157-160, 162-164, 166-167, 169-170, 172-173, 175-177, 179-180, 183, 185-188, 190-193, 195-203, 205-215, 217-220, 223, 225-234, 236
extensions-web/src/jan-provider-web/provider.ts	6, 16-17, 19-21, 23-24, 26, 28-33, 35-36, 38-39, 42-44, 46-48, 50-52, 54-71, 73-74, 77, 79-85, 87, 89-95, 97-99, 101-106, 108-109, 111-119, 121-125, 127-129, 133-136, 139-142, 144-156, 158, 160-161, 163, 166-168, 170-193, 195-200, 202-205, 208-211, 213-218, 220, 222-255, 258-262, 264-267, 270-271, 274-277, 279-281, 283-284, 286-290, 292-294, 296-298, 300-302, 304-306, 308, 310-313
extensions-web/src/mcp-web/index.ts	7-11, 16-19, 21, 24-35, 37-38, 40, 42, 44-49, 51-53, 56-64, 66-67, 69-72, 74-76, 79-82, 84-85, 88-101, 104, 106-111, 113-116, 118, 120-121, 123-133, 135-143, 145-150, 152-158, 160, 162-165, 167, 170-173, 175-179, 182-186, 188-191, 193-199, 201-206, 208-211, 213, 215-221, 223, 225-226, 228-237
extensions-web/src/mcp-web/oauth-provider.ts	9, 12-14, 16-18, 20-24, 26-28, 30-43, 45, 47, 49, 51, 53, 55, 57-60
extensions-web/src/shared/auth.ts	19-20, 22, 24-25, 27-29, 31-36, 38-50, 52-63, 65-69, 71-73, 75-77, 79-87, 89-91, 93, 96, 99-102, 104-106, 108-113, 115-120, 122-123, 125-129, 131, 134, 137-140, 142-144, 146-148, 150-153, 155, 157-160, 163-166, 169-170, 172-180, 182-187, 189-194, 196-203, 205-208, 210-215, 217-220
extensions-web/src/shared/index.ts	1-2
web-app/src/lib/platform/const.ts	6-7, 13, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48-49
web-app/src/routes/settings/mcp-servers.tsx	1-6, 12-26, 30-34, 37-38, 40-42, 45-62, 65, 67-72, 75-77, 79-80, 82-86, 89-91, 93-97, 99, 102-105, 107-109, 111-130, 132-147, 149-150, 153-162, 164-165, 167-175, 177-188, 190-194, 197-202, 204, 207-221, 223-225, 227, 230-231, 234-236, 238-240, 242-243, 245-246, 248-250, 252-256, 258-259, 261-264, 266-273, 275-280, 282-284, 286-289, 291-292, 294-298, 300-304, 306-307, 309-311, 313-317, 319-327, 329-331, 334-337, 340-347, 349-358, 360-397, 399-400, 402-404, 406-407, 409-429, 431-435, 437-445, 447-458, 460-462, 465-474, 476-477, 479-482, 484-501, 503-510, 512-531, 533, 535-549, 551-552, 554, 556, 558-565, 567-575, 577-585, 587-597, 599-601, 603-605, 607-609, 612-618, 621-626, 629-634, 636-638, 640
web-app/src/services/index.ts	189-192, 197-200
web-app/src/services/mcp/default.ts	11, 13, 17, 20-21, 24-25, 28-29, 32-37, 43-53, 56, 58, 61, 63, 66, 68
web-app/src/services/mcp/web.ts	19-22, 24-26, 28-30, 33-35, 38-40, 43-44, 49-58, 62-63, 66-69, 71-77, 80-83, 85-91, 95-100, 102-108, 110-111, 114-119, 121-135, 141, 143-153, 155-157, 159-162, 164-175, 178-180, 182-187, 189-195, 197-204, 206-215, 217-239, 242-247, 252-261, 265-274, 277-278

[github-actions]

Preview URL: https://pr-484c4719cc19341aa6c49ba7211cf10d33f6cbcc-jan-server-web.menlo.ai

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed ebf66a2 in 1 minute and 27 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. extensions-web/vite.config.ts:17

• Draft comment:
  The default API URL changed from 'https://api-dev.jan.ai/jan/v1' to 'https://api-dev.jan.ai/v1'. Confirm that removing the '/jan' segment is intentional and update comments/docs if needed.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% The comment violates several rules: 1) It asks for confirmation of intention ("Confirm that...") 2) It's speculative about documentation updates 3) If this was an incorrect change, it would likely be caught in testing 4) We're told to assume changes are intentional by default 5) The comment doesn't indicate a clear required code change. The API URL change could potentially break integrations if not properly coordinated. Documentation updates might actually be important here. While documentation is important, our rules explicitly state not to make comments that ask for confirmation or documentation updates. We should trust that the author has handled this coordination. This comment should be deleted as it primarily asks for confirmation and documentation updates, which violates our commenting rules.

Workflow ID: wflow_cBxLeQ2rB5qJYjNg

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed fb2e214 in 1 minute and 24 seconds. Click for details.

• Reviewed 35 lines of code in 2 files
• Skipped 0 files when reviewing.
• Skipped posting 2 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. Makefile:42

• Draft comment:
  Added 'yarn build:core' before web app commands. Verify that rebuilding core here doesn't unnecessarily duplicate work; consider caching if core build is time‐intensive.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. mise.toml:85

• Draft comment:
  Changed web task dependencies from 'install' to 'build-core'. Confirm that this ordering supplies all necessary assets and doesn't affect incremental builds.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_6Py7cmO46Y3XKPUf

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Skipped PR review on 60e39fa because no changed files had a supported extension. If you think this was in error, please contact us and we'll fix it right away.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 651ac30 in 1 minute and 43 seconds. Click for details.

• Reviewed 258 lines of code in 3 files
• Skipped 0 files when reviewing.
• Skipped posting 5 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. extensions-web/src/mcp-web/index.ts:22

• Draft comment:
  Removed the tokenUpdateListener property in favor of using an OAuth provider. Ensure that no other parts of the system rely on the previous token update events.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to ensure that no other parts of the system rely on the previous token update events. This falls under the rule of not asking the author to ensure behavior is intended or to double-check things. Therefore, this comment should be removed.

2. extensions-web/src/mcp-web/index.ts:80

• Draft comment:
  The transport is now constructed with an authProvider. Verify that the underlying SDK populates transport.sessionId reliably after connection.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to verify the behavior of the SDK, which is against the rules. It doesn't provide a specific suggestion or point out a clear issue with the code.

3. extensions-web/src/mcp-web/index.ts:198

• Draft comment:
  The retry/reconnection logic upon tool call failures was removed. Confirm this simplification is acceptable and that token refresh by the OAuth provider covers expected session errors.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

4. extensions-web/src/mcp-web/oauth-provider.ts:30

• Draft comment:
  The tokens() method fetches the access token via JanAuthService every time. If performance is a concern, consider whether caching within the provider is needed, though the auth service already manages token caching.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

5. extensions-web/src/shared/auth.ts:55

• Draft comment:
  The custom 'jan-auth-token-updated' event dispatch has been removed. Confirm that removing these notifications does not impact other components that might rely on token update events.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

Workflow ID: wflow_BOaurRiX1mLdecKu

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}