Merge pull request #66 from dgenio/feat/mcp-driver

feat: add built-in MCPDriver with stdio and Streamable HTTP transports

Author: dgenio

CHANGELOG.md

@@ -8,9 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- Built-in `MCPDriver` with stdio and Streamable HTTP transports, tool auto-discovery, normalized MCP result handling, and optional dependency guardrails.
 - Declared weaver-spec v0.1.0 compatibility in README: invariants I-01 (firewall), I-02 (authorization + audit), and I-06 (scoped tokens) are satisfied.
 - Added placeholder `conformance_stub` CI job that will activate once the weaver-spec conformance suite ships (dgenio/weaver-spec#4).
-
 ## [0.4.0] - 2026-03-14
 
 ### Added

docs/integrations.md

@@ -2,34 +2,94 @@
 
 ## MCP (Model Context Protocol)
 
-To integrate with an MCP server, implement a custom driver that wraps the MCP client:
+The built-in `MCPDriver` supports both local stdio servers and remote Streamable HTTP servers.
+
+Install the optional dependency first:
+
+```bash
+pip install "weaver-kernel[mcp]"
+```
+
+### Stdio transport
 
 ```python
-from agent_kernel.drivers.base import Driver, ExecutionContext
-from agent_kernel.models import RawResult
+import asyncio
 
-class MCPDriver:
-    def __init__(self, mcp_client, driver_id: str = "mcp"):
-        self._client = mcp_client
-        self._driver_id = driver_id
+from agent_kernel import CapabilityRegistry, Kernel, StaticRouter
+from agent_kernel.drivers.mcp import MCPDriver
+
+
+async def main() -> None:
+    registry = CapabilityRegistry()
+    router = StaticRouter(fallback=[])
+    kernel = Kernel(registry=registry, router=router)
+
+    # Connect to a local MCP server process.
+    driver = MCPDriver.from_stdio(
+        command="python",
+        args=["-m", "my_mcp_server"],
+        server_name="local-tools",
+    )
+    kernel.register_driver(driver)
+
+    # Discover tools and register them as capabilities.
+    capabilities = await driver.discover(namespace="local")
+    registry.register_many(capabilities)
+
+    # Route each discovered capability to this MCP driver.
+    for capability in capabilities:
+        router.add_route(capability.capability_id, [driver.driver_id])
 
-    @property
-    def driver_id(self) -> str:
-        return self._driver_id
 
-    async def execute(self, ctx: ExecutionContext) -> RawResult:
-        operation = ctx.args.get("operation", ctx.capability_id)
-        result = await self._client.call_tool(operation, ctx.args)
-        return RawResult(capability_id=ctx.capability_id, data=result)
+asyncio.run(main())
 ```
 
-Then register it:
+### Streamable HTTP transport
 
 ```python
-kernel.register_driver(MCPDriver(mcp_client))
-router.add_route("mcp.my_tool", ["mcp"])
+import asyncio
+
+from agent_kernel import CapabilityRegistry, Kernel, StaticRouter
+from agent_kernel.drivers.mcp import MCPDriver
+
+
+async def main() -> None:
+    registry = CapabilityRegistry()
+    router = StaticRouter(fallback=[])
+    kernel = Kernel(registry=registry, router=router)
+
+    # Connect to a remote Streamable HTTP MCP server.
+    # Note: max_retries > 0 creates at-least-once delivery semantics for
+    # tools/call — if a connection drops after the server processes the
+    # request but before the response arrives, the call will be repeated.
+    # Ensure target tools are idempotent, or set max_retries=0 for
+    # WRITE/DESTRUCTIVE capabilities.
+    driver = MCPDriver.from_http(
+        url="https://example.com/mcp",
+        server_name="remote-tools",
+        max_retries=1,
+    )
+    kernel.register_driver(driver)
+
+    # Discover tools and register them as capabilities.
+    capabilities = await driver.discover(namespace="remote")
+    registry.register_many(capabilities)
+
+    # Route each discovered capability to this MCP driver.
+    for capability in capabilities:
+        router.add_route(capability.capability_id, [driver.driver_id])
+
+
+asyncio.run(main())
 ```
 
+### Notes
+
+- `discover()` converts `tools/list` results into `Capability` objects.
+- `execute()` calls `tools/call` and normalizes MCP content blocks for the firewall.
+- MCP `isError` responses raise `DriverError` with the server-provided detail.
+- If `mcp` is not installed, factory methods raise a helpful `ImportError`.
+
 ## HTTPDriver
 
 The built-in `HTTPDriver` supports GET, POST, PUT, DELETE:

pyproject.toml

@@ -38,8 +38,9 @@ dev = [
     "ruff>=0.4",
     "mypy>=1.10",
     "httpx>=0.27",
+    "mcp>=1.6",
 ]
-mcp = ["mcp>=1.0"]
+mcp = ["mcp>=1.6"]
 otel = ["opentelemetry-api>=1.20"]
 
 [tool.hatch.build.targets.wheel]

src/agent_kernel/__init__.py

@@ -37,6 +37,7 @@
 
 from .drivers.base import Driver, ExecutionContext
 from .drivers.http import HTTPDriver
+from .drivers.mcp import MCPDriver
 from .drivers.memory import InMemoryDriver, make_billing_driver
 from .enums import SafetyClass, SensitivityTag
 from .errors import (
@@ -129,6 +130,7 @@
     "ExecutionContext",
     "InMemoryDriver",
     "HTTPDriver",
+    "MCPDriver",
     "make_billing_driver",
     # firewall
     "Firewall",

src/agent_kernel/drivers/__init__.py

@@ -2,6 +2,7 @@
 
 from .base import Driver, ExecutionContext
 from .http import HTTPDriver
+from .mcp import MCPDriver
 from .memory import InMemoryDriver
 
-__all__ = ["Driver", "ExecutionContext", "HTTPDriver", "InMemoryDriver"]
+__all__ = ["Driver", "ExecutionContext", "HTTPDriver", "MCPDriver", "InMemoryDriver"]

src/agent_kernel/drivers/mcp.py

@@ -0,0 +1,236 @@
+"""MCP driver: execute capabilities against Model Context Protocol servers."""
+
+from __future__ import annotations
+
+from collections.abc import Awaitable, Callable
+from typing import Any
+
+from ..enums import SafetyClass
+from ..errors import DriverError
+from ..models import Capability, ImplementationRef, RawResult
+from .base import ExecutionContext
+from .mcp_support import (
+    SessionFactory,
+    ToolSpec,
+    build_http_session_factory,
+    build_stdio_session_factory,
+    call_tool,
+    extract_tool_specs,
+    normalize_call_result,
+)
+
+# Lazy import of McpError — only available when the mcp optional dep is installed.
+# If mcp is absent, factory methods raise ImportError before any session is created,
+# so _McpError will never be None on a live driver instance.
+try:
+    from mcp.shared.exceptions import McpError as _McpError
+except ImportError:  # pragma: no cover
+    _McpError = None  # type: ignore[assignment,misc]
+
+
+def _infer_safety_class(spec: ToolSpec) -> SafetyClass:
+    """Infer a SafetyClass from MCP ToolAnnotations hints.
+
+    Uses a conservative default of READ when annotations are absent.
+    The caller's safety_class_map takes precedence over the inferred value.
+    """
+    if spec.destructive_hint:
+        return SafetyClass.DESTRUCTIVE
+    if spec.read_only_hint:
+        return SafetyClass.READ
+    return SafetyClass.READ
+
+
+class MCPDriver:
+    """A driver that invokes capabilities via MCP tools/call."""
+
+    def __init__(
+        self,
+        *,
+        driver_id: str,
+        session_factory: SessionFactory,
+        server_name: str,
+        transport: str,
+        max_http_retries: int = 1,
+    ) -> None:
+        self._driver_id = driver_id
+        self._session_factory = session_factory
+        self._server_name = server_name
+        self._transport = transport
+        self._max_http_retries = max(max_http_retries, 0)
+
+    @property
+    def driver_id(self) -> str:
+        """Unique identifier for this driver instance."""
+        return self._driver_id
+
+    @classmethod
+    def from_stdio(
+        cls,
+        command: str,
+        args: list[str] | None = None,
+        *,
+        server_name: str = "stdio",
+    ) -> MCPDriver:
+        """Create an MCP driver using stdio transport.
+
+        Raises:
+            ImportError: If the optional ``mcp`` dependency is not installed.
+        """
+        session_factory = build_stdio_session_factory(command=command, args=args or [])
+        return cls(
+            driver_id=f"mcp:{server_name}",
+            session_factory=session_factory,
+            server_name=server_name,
+            transport="stdio",
+            max_http_retries=0,
+        )
+
+    @classmethod
+    def from_http(
+        cls,
+        url: str,
+        *,
+        server_name: str = "http",
+        max_retries: int = 1,
+    ) -> MCPDriver:
+        """Create an MCP driver using Streamable HTTP transport.
+
+        Raises:
+            ImportError: If the optional ``mcp`` dependency is not installed.
+        """
+        session_factory = build_http_session_factory(url=url)
+        return cls(
+            driver_id=f"mcp:{server_name}",
+            session_factory=session_factory,
+            server_name=server_name,
+            transport="http",
+            max_http_retries=max_retries,
+        )
+
+    async def discover(
+        self,
+        *,
+        namespace: str | None = None,
+        safety_class_map: dict[str, SafetyClass] | None = None,
+    ) -> list[Capability]:
+        """Discover MCP tools across all pages and convert them to capabilities."""
+        tools = await self._run_with_retry(
+            operation_name="tools/list",
+            action=self._fetch_all_tools,
+        )
+
+        capabilities: list[Capability] = []
+        for spec in extract_tool_specs(tools):
+            capability_id = f"{namespace}.{spec.name}" if namespace else spec.name
+            inferred = _infer_safety_class(spec)
+            safety_class = (
+                safety_class_map.get(spec.name, inferred)
+                if safety_class_map is not None
+                else inferred
+            )
+            capabilities.append(
+                Capability(
+                    capability_id=capability_id,
+                    name=spec.name,
+                    description=spec.description,
+                    safety_class=safety_class,
+                    tags=["mcp", self._server_name],
+                    impl=ImplementationRef(
+                        driver_id=self._driver_id,
+                        operation=spec.name,
+                    ),
+                )
+            )
+        return capabilities
+
+    async def _fetch_all_tools(self, session: Any) -> list[Any]:
+        """Paginate tools/list to exhaustion and return a flat list of Tool objects."""
+        all_tools: list[Any] = []
+        cursor: str | None = None
+        while True:
+            result = await session.list_tools(cursor=cursor)
+            all_tools.extend(getattr(result, "tools", []) or [])
+            cursor = getattr(result, "nextCursor", None)
+            if not cursor:
+                break
+        return all_tools
+
+    async def execute(self, ctx: ExecutionContext) -> RawResult:
+        """Execute an MCP tool call for the given capability context."""
+        operation = str(ctx.args.get("operation", ctx.capability_id))
+        params = {k: v for k, v in ctx.args.items() if k != "operation"}
+
+        # Apply policy constraints as default arguments, without overriding explicit args.
+        # read_timeout_seconds is an SDK control parameter — applied to the session call
+        # directly rather than forwarded to the tool as an argument.
+        read_timeout_seconds_raw = ctx.constraints.get("read_timeout_seconds")
+        for key, value in ctx.constraints.items():
+            if key != "read_timeout_seconds":
+                params.setdefault(key, value)
+
+        read_timeout_seconds: float | None = (
+            float(read_timeout_seconds_raw) if read_timeout_seconds_raw is not None else None
+        )
+
+        result = await self._run_with_retry(
+            operation_name=f"tools/call:{operation}",
+            action=lambda session: call_tool(
+                session,
+                operation=operation,
+                params=params,
+                read_timeout_seconds=read_timeout_seconds,
+            ),
+        )
+
+        data = normalize_call_result(
+            result,
+            operation=operation,
+            driver_id=self._driver_id,
+        )
+        return RawResult(
+            capability_id=ctx.capability_id,
+            data=data,
+            metadata={
+                "driver_id": self._driver_id,
+                "transport": self._transport,
+                "operation": operation,
+            },
+        )
+
+    async def _run_with_retry(
+        self,
+        *,
+        operation_name: str,
+        action: Callable[[Any], Awaitable[Any]],
+    ) -> Any:
+        attempts = 1 + self._max_http_retries if self._transport == "http" else 1
+        last_exc: Exception | None = None
+
+        for _attempt in range(attempts):
+            try:
+                async with self._session_factory() as session:
+                    return await action(session)
+            except DriverError:
+                raise
+            except Exception as exc:
+                # McpError is a protocol-level rejection (tool not found, auth
+                # failure, invalid params) — the server processed and rejected the
+                # request. It is not retryable; surface it immediately as DriverError.
+                if _McpError is not None and isinstance(exc, _McpError):
+                    raise DriverError(
+                        f"MCPDriver '{self._driver_id}' received a protocol error "
+                        f"during {operation_name}: {exc}"
+                    ) from exc
+                # All other exceptions are session/transport failures (connection
+                # refused, EOF, timeout) and are retryable for HTTP transport.
+                # Note: HTTP retries create at-least-once delivery semantics for
+                # tools/call. Callers using WRITE/DESTRUCTIVE capabilities over HTTP
+                # should ensure the target tool is idempotent, or set max_retries=0.
+                last_exc = exc
+
+        reason = str(last_exc) if last_exc is not None else "unknown transport failure"
+        raise DriverError(
+            f"MCPDriver '{self._driver_id}' failed during {operation_name} over "
+            f"{self._transport}: {reason}"
+        ) from last_exc