Improve MCP functionality (#4709)

* Improve MCP functionality

* apply ANSI strip path

* attempt ARM build

* improve dockerfile IO build time and migrate to ARM build

* fix comment

* add ability to disable MCP cooldown feature

* update devbuild name

* move chromium arm build patch to CDN

Author: timothycarambat

.github/workflows/dev-build.yaml

@@ -1,12 +1,12 @@
-name: AnythingLLM Development Docker image (amd64)
+name: AnythingLLM Development Docker image (arm64)
 
 concurrency:
   group: build-${{ github.ref }}
   cancel-in-progress: true
 
 on:
   push:
-    branches: ['4686-feat-migrate-react-router-to-use-createbrowserrouter'] # put your current branch to create a build. Core team only.
+    branches: ['mcp-improvements'] # put your current branch to create a build. Core team only.
     paths-ignore:
       - '**.md'
       - 'cloud-deployments/*'
@@ -21,9 +21,9 @@ on:
       - 'extras/**/*' # Extra is just for news and other local content.
 
 jobs:
-  push_multi_platform_to_registries:
-    name: Push Docker multi-platform image to multiple registries
-    runs-on: ubuntu-latest
+  push_dev_build_to_dockerhub:
+    name: Push development build image to Docker Hub
+    runs-on: ubuntu-22.04-arm
     permissions:
       packages: write
       contents: read
@@ -78,8 +78,8 @@ jobs:
           push: true
           sbom: true
           provenance: mode=max
-          platforms: linux/amd64
-          # platforms: linux/amd64,linux/arm64
+          # platforms: linux/amd64
+          platforms: linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
@@ -88,37 +88,37 @@ jobs:
       # For Docker scout there are some intermediary reported CVEs which exists outside
       # of execution content or are unreachable by an attacker but exist in image.
       # We create VEX files for these so they don't show in scout summary. 
-      - name: Collect known and verified CVE exceptions
-        id: cve-list
-        run: |
-          # Collect CVEs from filenames in vex folder
-          CVE_NAMES=""
-          for file in ./docker/vex/*.vex.json; do
-            [ -e "$file" ] || continue
-            filename=$(basename "$file")
-            stripped_filename=${filename%.vex.json}
-            CVE_NAMES+=" $stripped_filename"
-          done
-          echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
-        shell: bash
+      # - name: Collect known and verified CVE exceptions
+      #   id: cve-list
+      #   run: |
+      #     # Collect CVEs from filenames in vex folder
+      #     CVE_NAMES=""
+      #     for file in ./docker/vex/*.vex.json; do
+      #       [ -e "$file" ] || continue
+      #       filename=$(basename "$file")
+      #       stripped_filename=${filename%.vex.json}
+      #       CVE_NAMES+=" $stripped_filename"
+      #     done
+      #     echo "CVE_EXCEPTIONS=$CVE_NAMES" >> $GITHUB_OUTPUT
+      #   shell: bash
 
       # About VEX attestations https://docs.docker.com/scout/explore/exceptions/
       # Justifications https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#status-justifications
       # Fixed to use v1.15.1 of scout-cli as v1.16.0 install script is broken
       # https://github.com/docker/scout-cli
-      - name: Add VEX attestations
-        env:
-          CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
-        run: |
-          echo $CVE_EXCEPTIONS
-          curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
-          for cve in $CVE_EXCEPTIONS; do
-            for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
-              echo "Attaching VEX exception $cve to $tag"
-              docker scout attestation add \
-              --file "./docker/vex/$cve.vex.json" \
-              --predicate-type https://openvex.dev/ns/v0.2.0 \
-              $tag
-            done
-          done
-        shell: bash
+      # - name: Add VEX attestations
+      #   env:
+      #     CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
+      #   run: |
+      #     echo $CVE_EXCEPTIONS
+      #     curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+      #     for cve in $CVE_EXCEPTIONS; do
+      #       for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
+      #         echo "Attaching VEX exception $cve to $tag"
+      #         docker scout attestation add \
+      #         --file "./docker/vex/$cve.vex.json" \
+      #         --predicate-type https://openvex.dev/ns/v0.2.0 \
+      #         $tag
+      #       done
+      #     done
+      #   shell: bash

docker/.env.example

@@ -400,4 +400,9 @@ GID='1000'
 
 # Disable Swagger API documentation endpoint.
 # Set to "true" to disable the /api/docs endpoint (recommended for production deployments).
-# DISABLE_SWAGGER_DOCS="true"
+# DISABLE_SWAGGER_DOCS="true"
+
+# Disable MCP cooldown timer for agent calls
+# this can lead to infinite recursive calls of the same function
+# for some model/provider combinations
+# MCP_NO_COOLDOWN="true

docker/Dockerfile

@@ -58,7 +58,7 @@ WORKDIR /app
 # so web-scraping would be broken in arm docker containers unless we patch it
 # by manually installing a compatible chromedriver.
 RUN echo "Need to patch Puppeteer x Chromium support for ARM86 - installing dep!" && \
-    curl https://playwright.azureedge.net/builds/chromium/1088/chromium-linux-arm64.zip -o chrome-linux.zip && \
+    curl -fSL https://webassets.anythingllm.com/chromium-1088-linux-arm64.zip -o chrome-linux.zip && \
     unzip chrome-linux.zip && \
     rm -rf chrome-linux.zip
 
@@ -161,10 +161,6 @@ USER anythingllm
 FROM backend-build AS production-build
 WORKDIR /app
 COPY --chown=anythingllm:anythingllm --from=frontend-build /app/frontend/dist /app/server/public
-USER root
-RUN chown -R anythingllm:anythingllm /app/server && \
-    chown -R anythingllm:anythingllm /app/collector
-USER anythingllm
 
 # Setup the environment
 ENV NODE_ENV=production

server/.env.example

@@ -403,4 +403,9 @@ TTS_PROVIDER="native"
 
 # Disable Swagger API documentation endpoint.
 # Set to "true" to disable the /api/docs endpoint (recommended for production deployments).
-# DISABLE_SWAGGER_DOCS="true"
+# DISABLE_SWAGGER_DOCS="true"
+
+# Disable MCP cooldown timer for agent calls
+# this can lead to infinite recursive calls of the same function
+# for some model/provider combinations
+# MCP_NO_COOLDOWN="true

server/package.json

@@ -53,6 +53,7 @@
     "express": "^4.18.2",
     "extract-json-from-string": "^1.0.1",
     "fast-levenshtein": "^3.0.0",
+    "fix-path": "^4.0.0",
     "graphql": "^16.7.1",
     "ip": "^2.0.1",
     "joi": "^17.11.0",
@@ -74,6 +75,7 @@
     "posthog-node": "^3.1.1",
     "prisma": "5.3.1",
     "slugify": "^1.6.6",
+    "strip-ansi": "^7.1.2",
     "swagger-autogen": "^2.23.5",
     "swagger-ui-express": "^5.0.0",
     "truncate": "^3.0.0",
@@ -101,4 +103,4 @@
     "nodemon": "^2.0.22",
     "prettier": "^3.0.3"
   }
-}
+}

server/utils/MCP/hypervisor/index.js

@@ -193,8 +193,9 @@ class MCPHypervisor {
 
     this.log(`Pruning MCP server: ${name}`);
     const mcp = this.mcps[name];
+    if (!mcp.transport) return true;
     const childProcess = mcp.transport._process;
-    if (childProcess) childProcess.kill(1);
+    if (childProcess) childProcess.kill("SIGTERM");
     mcp.transport.close();
 
     delete this.mcps[name];
@@ -215,10 +216,11 @@ class MCPHypervisor {
     for (const name of Object.keys(this.mcps)) {
       if (!this.mcps[name]) continue;
       const mcp = this.mcps[name];
+      if (!mcp.transport) continue;
       const childProcess = mcp.transport._process;
       if (childProcess)
         this.log(`Killing MCP ${name} (PID: ${childProcess.pid})`, {
-          killed: childProcess.kill(1),
+          killed: childProcess.kill("SIGTERM"),
         });
 
       mcp.transport.close();
@@ -228,18 +230,51 @@ class MCPHypervisor {
     this.mcpLoadingResults = {};
   }
 
+  /**
+   * Load shell environment for desktop applications.
+   * MacOS and Linux don't inherit login shell environment. So this function
+   * fixes the PATH and accessible commands when running AnythingLLM outside of Docker during development on Mac/Linux and in-container (Linux).
+   * @returns {Promise<{[key: string]: string}>} - Environment variables from shell
+   */
+  async #loadShellEnvironment() {
+    try {
+      if (process.platform === "win32") return process.env;
+      const { default: fixPath } = await import("fix-path");
+      const { default: stripAnsi } = await import("strip-ansi");
+      fixPath();
+
+      // Due to node v20 requirement to have a minimum version of fix-path v5, we need to strip ANSI codes manually
+      // which was the only patch between v4 and v5. Here we just apply manually.
+      // https://github.com/sindresorhus/fix-path/issues/6
+      if (process.env.PATH) process.env.PATH = stripAnsi(process.env.PATH);
+      return process.env;
+    } catch (error) {
+      console.warn(
+        "Failed to load shell environment, using process.env:",
+        error.message
+      );
+      return process.env;
+    }
+  }
+
   /**
    * Build the MCP server environment variables - ensures proper PATH and NODE_PATH
    * inheritance across all platforms and deployment scenarios.
    * @param {Object} server - The server definition
-   * @returns {{env: { [key: string]: string } | {}}} - The environment variables
+   * @returns {Promise<{env: { [key: string]: string } | {}}}> - The environment variables
    */
-  #buildMCPServerENV(server) {
-    // Start with essential environment variables, inheriting from current process
-    // This ensures GUI applications on macOS/Linux get proper PATH inheritance
+  async #buildMCPServerENV(server) {
+    const shellEnv = await this.#loadShellEnvironment();
     let baseEnv = {
-      PATH: process.env.PATH || "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
-      NODE_PATH: process.env.NODE_PATH || "/usr/local/lib/node_modules",
+      PATH:
+        shellEnv.PATH ||
+        process.env.PATH ||
+        "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
+      NODE_PATH:
+        shellEnv.NODE_PATH ||
+        process.env.NODE_PATH ||
+        "/usr/local/lib/node_modules",
+      ...shellEnv, // Include all shell environment variables
     };
 
     // Docker-specific environment setup
@@ -273,29 +308,57 @@ class MCPHypervisor {
    * @returns {MCPServerTypes | null} - The server type
    */
   #parseServerType(server) {
-    if (server.hasOwnProperty("command")) return "stdio";
-    if (server.hasOwnProperty("url")) return "http";
+    if (
+      server.type === "sse" ||
+      server.type === "streamable" ||
+      server.type === "http"
+    )
+      return "http";
+    if (Object.prototype.hasOwnProperty.call(server, "command")) return "stdio";
+    if (Object.prototype.hasOwnProperty.call(server, "url")) return "http";
     return "sse";
   }
 
   /**
    * Validate the server definition by type
    * - Will throw an error if the server definition is invalid
+   * @param {string} name - The name of the MCP server
    * @param {Object} server - The server definition
    * @param {MCPServerTypes} type - The server type
    * @returns {void}
    */
-  #validateServerDefinitionByType(server, type) {
+  #validateServerDefinitionByType(name, server, type) {
+    if (
+      server.type === "sse" ||
+      server.type === "streamable" ||
+      server.type === "http"
+    ) {
+      if (!server.url) {
+        throw new Error(
+          `MCP server "${name}": missing required "url" for ${server.type} transport`
+        );
+      }
+
+      try {
+        new URL(server.url);
+      } catch (error) {
+        throw new Error(`MCP server "${name}": invalid URL "${server.url}"`);
+      }
+      return;
+    }
+
     if (type === "stdio") {
-      if (server.hasOwnProperty("args") && !Array.isArray(server.args))
+      if (
+        Object.prototype.hasOwnProperty.call(server, "args") &&
+        !Array.isArray(server.args)
+      )
         throw new Error("MCP server args must be an array");
     }
 
     if (type === "http") {
       if (!["sse", "streamable"].includes(server?.type))
         throw new Error("MCP server type must have sse or streamable value.");
     }
-
     if (type === "sse") return;
     return;
   }
@@ -304,16 +367,16 @@ class MCPHypervisor {
    * Setup the server transport by type and server definition
    * @param {Object} server - The server definition
    * @param {MCPServerTypes} type - The server type
-   * @returns {StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport} - The server transport
+   * @returns {Promise<StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport>} - The server transport
    */
-  #setupServerTransport(server, type) {
+  async #setupServerTransport(server, type) {
     // if not stdio then it is http or sse
     if (type !== "stdio") return this.createHttpTransport(server);
 
     return new StdioClientTransport({
       command: server.command,
       args: server?.args ?? [],
-      ...this.#buildMCPServerENV(server),
+      ...(await this.#buildMCPServerENV(server)),
     });
   }
 
@@ -328,6 +391,7 @@ class MCPHypervisor {
     // If the server block has a type property then use that to determine the transport type
     switch (server.type) {
       case "streamable":
+      case "http":
         return new StreamableHTTPClientTransport(url, {
           requestInit: {
             headers: server.headers,
@@ -354,10 +418,10 @@ class MCPHypervisor {
     const serverType = this.#parseServerType(server);
     if (!serverType) throw new Error("MCP server command or url is required");
 
-    this.#validateServerDefinitionByType(server, serverType);
+    this.#validateServerDefinitionByType(name, server, serverType);
     this.log(`Attempting to start MCP server: ${name}`);
     const mcp = new Client({ name: name, version: "1.0.0" });
-    const transport = this.#setupServerTransport(server, serverType);
+    const transport = await this.#setupServerTransport(server, serverType);
 
     // Add connection event listeners
     transport.onclose = () => this.log(`${name} - Transport closed`);
@@ -369,10 +433,22 @@ class MCPHypervisor {
     // Connect and await the connection with a timeout
     this.mcps[name] = mcp;
     const connectionPromise = mcp.connect(transport);
+
+    let timeoutId;
     const timeoutPromise = new Promise((_, reject) => {
-      setTimeout(() => reject(new Error("Connection timeout")), 30_000); // 30 second timeout
+      timeoutId = setTimeout(
+        () => reject(new Error("Connection timeout")),
+        30_000
+      ); // 30 second timeout
     });
-    await Promise.race([connectionPromise, timeoutPromise]);
+
+    try {
+      await Promise.race([connectionPromise, timeoutPromise]);
+      if (timeoutId) clearTimeout(timeoutId);
+    } catch (error) {
+      if (timeoutId) clearTimeout(timeoutId);
+      throw error;
+    }
     return true;
   }