feat(connectors): generic MCP connector + schema-typed action outputs (#263)

* feat(connectors): generic MCP connector + schema-typed action outputs

Add a generic MCP connector that spawns any stdio MCP server, discovers
its tools via tools/list, and exposes them as first-class connector
actions. Tool inputSchema/outputSchema flow through to the workflow
editor so arg fields and {{steps.x.field}} autocomplete stay
schema-driven — same shape as static connectors.

Also:
- GitHub actions now declare outputSchemas; createIssue / closeIssue /
  commentOnIssue return their API payloads as structuredOutput so
  downstream steps can reference html_url, number, state, etc.
- Template resolver walks arbitrary dotted paths; object/array leaves
  JSON-stringify.
- Deleting a condition node cascades the if/else subtree up to the join
  point instead of leaving two dangling parallel paths.
- MCP icon reuses the ModelContextProtocol mark in both the connector
  badge and the workflow icon picker.

* fix: export json-schema-utils subpath, update connector-form-panels mocks

Two CI regressions from the previous commit:

- Vite respects the package.json `exports` field for subpath resolution,
  so `@vornrun/shared/json-schema-utils` needed an entry next to the
  other subpaths. Without it, every server test that imported the
  scheduler (transitively: mcp.ts) failed module resolution.
- connector-form-panels.test.tsx mocked `window.api.listConnectors`/
  `listConnections` but not the new `listConnectionActions`; the form
  also now uses a textarea-based VariableAutocomplete for arg fields, so
  the element query needed to target `textarea`.

* test: cover MCP connector, schema utils, walk-path resolver, condition cascade

CI's diff-cover gate requires 80% on changed lines. New tests:

- json-schema-utils: 100%
- mcp-connector: tool→action mapping, structuredContent unwrap, MCP error
  surfacing, type coercion (number/bool/object), empty-string drop
- mcp-clients: spawn config from filters, decrypted secretEnv merge,
  cache reuse, transport-onclose drops the entry, stopClient/stopAllClients
- template-vars: walk nested paths, JSON-stringify object/array leaves,
  schema-derived buildStepGroups keys
- workflow-helpers removeNode: condition cascade-delete + terminal case
- ConnectorIcon: MCP brand-mark renders with both paths

Patch coverage now 85% (above the 80% gate).

* fix: address Copilot review comments

- McpToolsPanel: guard discoveredTools cast with Array.isArray so a
  malformed filters payload can't crash .map at render.
- InvokeToolDialog: key on tool.name so switching tools remounts with a
  fresh args stub + cleared result instead of leaking previous state.
- WorkflowEditor prefetch: catch per-connection rejections so a single
  dead connection doesn't blank the autocomplete for healthy ones.
- mcp.ts describe(): comment now points at connection:listActions, the
  endpoint the workflow editor actually consumes.

* fix: address second batch of Copilot review comments

- mcp-clients: build the child-process env from getSafeEnv() instead of
  process.env so the same secret allowlist that protects gh / agent
  detection / tailscale child invocations also covers MCP servers. GH /
  NPM / API tokens never reach an arbitrary MCP server now.
- workflow-execution: arrays were sneaking into structuredOutput via
  `typeof === 'object'`; that breaks buildStepOutputsMap which spreads
  the value into a string-keyed map. Restrict to plain objects only.
- CallConnectorActionNodeForm: render select fields with SelectPicker so
  enum-backed args (declared via JSON-Schema enum) keep their dropdown.
  text / textarea still flow through VariableAutocomplete.

* chore: fix CardHeader formatting (broken on main, surfaced after rebase)

* test: align card-context-menu test with #264 menu pruning

#264 dropped Expand / Rename / Close from the ⋯ context menu since
those moved to first-class header buttons. The test still asserted
their presence; updating it to check for the actually-present entries.

* fix: avoid stale action list on connection switch

Connection-change effect now clears `actions` immediately and ignores a
late response via a cancellation flag, so switching connections never
flashes the previous connection's actions or fires onChange against a
stale set.

* fix: serialize concurrent MCP startups + preserve empty strings on string fields

Two valid Copilot review concerns:

- mcp-clients getOrStartClient: two concurrent callers hitting a cache
  miss could both spawn separate child processes before the first call
  ran clients.set(). Cache the in-flight Promise per connectionId so
  parallel calls share the same startup.
- mcp coerceMcpArgs: dropping every empty string is too aggressive.
  Empty for a string field is a legitimate value the user may want to
  send; empty for a required non-string is something the MCP server's
  own validator should reject explicitly. Only drop empty for
  optional non-string types now.

Author: jcanizalez

packages/server/src/connectors/github.ts

@@ -13,6 +13,40 @@ import { resolveGhPath, GhNotFoundError, getGhEnv } from './gh-cli'
 
 const execFileAsync = promisify(execFile)
 
+// JSON Schema subsets of the GitHub REST responses we pass through as
+// `ActionResult.output`. Only keys that are useful to reference from
+// downstream workflow steps are listed — the raw body still contains
+// everything, the schema just drives the variable-autocomplete UI and
+// documents the stable fields.
+const GITHUB_ISSUE_SCHEMA: Record<string, unknown> = {
+  type: 'object',
+  properties: {
+    id: { type: 'number', description: 'Numeric id of the issue' },
+    number: { type: 'number', description: 'Issue number within the repo' },
+    html_url: { type: 'string', description: 'Issue URL to show in UIs' },
+    url: { type: 'string', description: 'GitHub REST API URL for the issue' },
+    title: { type: 'string' },
+    body: { type: 'string' },
+    state: { type: 'string', description: 'open or closed' },
+    labels: { type: 'array' },
+    assignees: { type: 'array' },
+    created_at: { type: 'string' },
+    updated_at: { type: 'string' },
+    closed_at: { type: 'string' }
+  }
+}
+
+const GITHUB_COMMENT_SCHEMA: Record<string, unknown> = {
+  type: 'object',
+  properties: {
+    id: { type: 'number' },
+    html_url: { type: 'string', description: 'Link to the comment' },
+    body: { type: 'string' },
+    created_at: { type: 'string' },
+    updated_at: { type: 'string' }
+  }
+}
+
 const TRANSIENT_CODES = new Set(['ETIMEDOUT', 'ENETDOWN', 'ENETUNREACH', 'ECONNRESET'])
 
 function isTransientErr(err: unknown): boolean {
@@ -317,16 +351,18 @@ export const githubConnector: VornConnector = {
       case 'closeIssue': {
         const { number: issueNumber } = args
         if (!issueNumber) return { success: false, error: 'number is required' }
-        await ghApi(`repos/${owner}/${repo}/issues/${issueNumber}`, 'PATCH', { state: 'closed' })
-        return { success: true }
+        const result = await ghApi(`repos/${owner}/${repo}/issues/${issueNumber}`, 'PATCH', {
+          state: 'closed'
+        })
+        return { success: true, output: result as Record<string, unknown> }
       }
       case 'commentOnIssue': {
         const { number: num, body: comment } = args
         if (!num || !comment) return { success: false, error: 'number and body are required' }
-        await ghApi(`repos/${owner}/${repo}/issues/${num}/comments`, 'POST', {
+        const result = await ghApi(`repos/${owner}/${repo}/issues/${num}/comments`, 'POST', {
           body: String(comment)
         })
-        return { success: true }
+        return { success: true, output: result as Record<string, unknown> }
       }
       case 'syncTasks': {
         // This is handled by the sync engine at a higher level.
@@ -401,7 +437,8 @@ export const githubConnector: VornConnector = {
             },
             { key: 'body', label: 'Body', type: 'textarea', supportsTemplates: true },
             { key: 'labels', label: 'Labels', type: 'text', placeholder: 'bug,enhancement' }
-          ]
+          ],
+          outputSchema: GITHUB_ISSUE_SCHEMA
         },
         {
           type: 'closeIssue',
@@ -416,7 +453,8 @@ export const githubConnector: VornConnector = {
               placeholder: '{{connectorItem.externalId}}',
               supportsTemplates: true
             }
-          ]
+          ],
+          outputSchema: GITHUB_ISSUE_SCHEMA
         },
         {
           type: 'commentOnIssue',
@@ -438,7 +476,8 @@ export const githubConnector: VornConnector = {
               required: true,
               supportsTemplates: true
             }
-          ]
+          ],
+          outputSchema: GITHUB_COMMENT_SCHEMA
         }
       ],
       defaultWorkflows: [

packages/server/src/connectors/index.ts

@@ -1,6 +1,9 @@
 export { connectorRegistry } from './registry'
 export { githubConnector, detectRepoSlug } from './github'
 export { linearConnector } from './linear'
+export { mcpConnector, invokeMcpTool, discoverTools, mcpConnectionActions } from './mcp'
+export type { McpDiscoveredTool } from './mcp'
+export { stopClient as stopMcpClient, stopAllClients as stopAllMcpClients } from './mcp-clients'
 export {
   setDecryptedCreds,
   clearDecryptedCreds,

packages/server/src/connectors/mcp-clients.ts

@@ -0,0 +1,146 @@
+/**
+ * In-memory cache of live MCP stdio clients, one per connection.
+ *
+ * Each MCP connection points at an external MCP server (npx …, node …, etc.).
+ * We spawn the child process lazily on first use and keep it alive for the
+ * lifetime of the server process, so tool invocations don't pay a startup
+ * cost per call. The map is keyed by `connectionId` so `connection:delete`
+ * can terminate the right process.
+ *
+ * Secret env values flow in via the usual decrypted-creds path: the server
+ * never sees the encrypted ciphertext, only the plaintext the main process
+ * pushes via `credentials:setDecrypted`.
+ */
+import { Client } from '@modelcontextprotocol/sdk/client/index.js'
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js'
+import type { SourceConnection } from '@vornrun/shared/types'
+import { getDecryptedCreds } from './decrypted-creds'
+import { getSafeEnv } from '../process-utils'
+import log from '../logger'
+
+interface LiveClient {
+  client: Client
+  transport: StdioClientTransport
+}
+
+const clients = new Map<string, LiveClient>()
+// In-flight startups, so two concurrent `getOrStartClient` calls for the
+// same connection share one spawn instead of racing two children.
+const pending = new Map<string, Promise<Client>>()
+
+function tryParseJson<T>(raw: unknown, guard: (v: unknown) => v is T, fallback: T): T {
+  if (typeof raw !== 'string' || raw === '') return fallback
+  try {
+    const parsed: unknown = JSON.parse(raw)
+    return guard(parsed) ? parsed : fallback
+  } catch {
+    return fallback
+  }
+}
+
+const isStringMap = (v: unknown): v is Record<string, unknown> =>
+  !!v && typeof v === 'object' && !Array.isArray(v)
+
+function parseJsonObject(raw: unknown): Record<string, string> {
+  const obj = tryParseJson<Record<string, unknown>>(raw, isStringMap, {})
+  const out: Record<string, string> = {}
+  for (const [k, v] of Object.entries(obj)) out[k] = String(v)
+  return out
+}
+
+function parseJsonArray(raw: unknown): string[] {
+  const arr = tryParseJson<unknown[]>(raw, (v): v is unknown[] => Array.isArray(v), [])
+  return arr.map((v) => String(v))
+}
+
+function buildSpawnConfig(conn: SourceConnection): {
+  command: string
+  args: string[]
+  env: Record<string, string>
+} {
+  const command = String(conn.filters.command ?? '').trim()
+  if (!command) throw new Error('MCP connection is missing a command')
+  const args = parseJsonArray(conn.filters.args)
+  const env = parseJsonObject(conn.filters.env)
+  // Decrypted secret env (pushed from main via safeStorage) overrides plain env.
+  const decrypted = getDecryptedCreds(conn.id) ?? {}
+  const secretEnv = parseJsonObject(decrypted.secretEnv)
+  return { command, args, env: { ...env, ...secretEnv } }
+}
+
+export async function getOrStartClient(conn: SourceConnection): Promise<Client> {
+  const existing = clients.get(conn.id)
+  if (existing) return existing.client
+  const inFlight = pending.get(conn.id)
+  if (inFlight) return inFlight
+
+  const startup = startClient(conn).finally(() => {
+    pending.delete(conn.id)
+  })
+  pending.set(conn.id, startup)
+  return startup
+}
+
+async function startClient(conn: SourceConnection): Promise<Client> {
+  const { command, args, env } = buildSpawnConfig(conn)
+  // Inherit PATH and friends from the parent via getSafeEnv() — same
+  // sanitization the rest of the server uses for child processes — so
+  // GH/Linear/NPM tokens etc. don't leak into arbitrary MCP servers
+  // the user adds. Explicit per-connection env still wins over the base.
+  const transport = new StdioClientTransport({
+    command,
+    args,
+    env: { ...getSafeEnv(), ...env }
+  })
+
+  const client = new Client({ name: 'vorn', version: '0.1.0' }, { capabilities: {} })
+
+  try {
+    await client.connect(transport)
+  } catch (err) {
+    // Transport already spawned the child; close it so we don't leak.
+    try {
+      await transport.close()
+    } catch {
+      /* ignore */
+    }
+    throw err
+  }
+
+  const live: LiveClient = { client, transport }
+  clients.set(conn.id, live)
+
+  // If the child exits, drop it from the cache so the next call respawns.
+  transport.onclose = () => {
+    const current = clients.get(conn.id)
+    if (current === live) {
+      clients.delete(conn.id)
+      log.info(`[mcp-clients] ${conn.id} transport closed, will respawn on next call`)
+    }
+  }
+  transport.onerror = (err) => {
+    log.warn(`[mcp-clients] ${conn.id} transport error: ${err}`)
+  }
+
+  return client
+}
+
+export async function stopClient(connectionId: string): Promise<void> {
+  const live = clients.get(connectionId)
+  if (!live) return
+  clients.delete(connectionId)
+  try {
+    await live.client.close()
+  } catch (err) {
+    log.warn(`[mcp-clients] ${connectionId} close failed: ${err}`)
+  }
+}
+
+export async function stopAllClients(): Promise<void> {
+  const ids = [...clients.keys()]
+  await Promise.allSettled(ids.map(stopClient))
+}
+
+export function hasClient(connectionId: string): boolean {
+  return clients.has(connectionId)
+}