feat(mcp): added support for mcp servers (#1296)

* update infra and remove railway

* feat(mcp): add mcp support

* consolidate mcp utils

* UI improvements, more MCP stuff

* cleanup placeholders

* reran migrations

* general improvements

* fix server side mcp exec

* more improvements, fixed search in environment settings tab

* persist subblock values for mcp block

* style fixes

* udpdate all text-primary to text-muted-foreground for visibility in dark mode

* Revert "update infra and remove railway"

This reverts commit dbf2b15.

* make MCP servers workspace-scoped

* cleanup & remove unused dep

* consolidated utils, DRY

* added tests

* better error messages, confirmed that permissions works correctly

* additional improvements

* remove extraneous comments

* reran migrations

* lint

* style changes

* fix: prevent config mutation in MCP client URL retry logic

Fixed an issue where the MCP client was mutating the shared configuration
object's URL during retry attempts. This could cause configuration corruption
if the same config object was reused elsewhere.

* resolve PR comments

* ack PR comments

Author: waleedlatif1

apps/sim/app/(auth)/reset-password/page.tsx

@@ -101,7 +101,7 @@ function ResetPasswordContent() {
           </CardContent>
           <CardFooter>
             <p className='w-full text-center text-gray-500 text-sm'>
-              <Link href='/login' className='text-primary hover:underline'>
+              <Link href='/login' className='text-muted-foreground hover:underline'>
                 Back to login
               </Link>
             </p>

apps/sim/app/api/__test-utils__/setup.ts

@@ -3,7 +3,6 @@
  */
 import { afterEach, beforeEach, vi } from 'vitest'
 
-// Mock Next.js implementations
 vi.mock('next/headers', () => ({
   cookies: () => ({
     get: vi.fn().mockReturnValue({ value: 'test-session-token' }),
@@ -13,7 +12,6 @@ vi.mock('next/headers', () => ({
   }),
 }))
 
-// Mock auth utilities
 vi.mock('@/lib/auth/session', () => ({
   getSession: vi.fn().mockResolvedValue({
     user: {
@@ -24,13 +22,10 @@ vi.mock('@/lib/auth/session', () => ({
   }),
 }))
 
-// Configure Vitest environment
 beforeEach(() => {
-  // Clear all mocks before each test
   vi.clearAllMocks()
 })
 
 afterEach(() => {
-  // Ensure all mocks are restored after each test
   vi.restoreAllMocks()
 })

apps/sim/app/api/__test-utils__/utils.ts

@@ -944,35 +944,29 @@ export interface TestSetupOptions {
 export function setupComprehensiveTestMocks(options: TestSetupOptions = {}) {
   const { auth = { authenticated: true }, database = {}, storage, authApi, features = {} } = options
 
-  // Setup basic infrastructure mocks
   setupCommonApiMocks()
   mockUuid()
   mockCryptoUuid()
 
-  // Setup authentication
   const authMocks = mockAuth(auth.user)
   if (auth.authenticated) {
     authMocks.setAuthenticated(auth.user)
   } else {
     authMocks.setUnauthenticated()
   }
 
-  // Setup database
   const dbMocks = createMockDatabase(database)
 
-  // Setup storage if needed
   let storageMocks
   if (storage) {
     storageMocks = createStorageProviderMocks(storage)
   }
 
-  // Setup auth API if needed
   let authApiMocks
   if (authApi) {
     authApiMocks = createAuthApiMocks(authApi)
   }
 
-  // Setup feature-specific mocks
   const featureMocks: any = {}
   if (features.workflowUtils) {
     featureMocks.workflowUtils = mockWorkflowUtils()
@@ -1008,12 +1002,10 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
 
   let selectCallCount = 0
 
-  // Helper to create error
   const createDbError = (operation: string, message?: string) => {
     return new Error(message || `Database ${operation} error`)
   }
 
-  // Create chainable select mock
   const createSelectChain = () => ({
     from: vi.fn().mockReturnThis(),
     leftJoin: vi.fn().mockReturnThis(),
@@ -1038,7 +1030,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     }),
   })
 
-  // Create insert chain
   const createInsertChain = () => ({
     values: vi.fn().mockImplementation(() => ({
       returning: vi.fn().mockImplementation(() => {
@@ -1056,7 +1047,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     })),
   })
 
-  // Create update chain
   const createUpdateChain = () => ({
     set: vi.fn().mockImplementation(() => ({
       where: vi.fn().mockImplementation(() => {
@@ -1068,7 +1058,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     })),
   })
 
-  // Create delete chain
   const createDeleteChain = () => ({
     where: vi.fn().mockImplementation(() => {
       if (deleteOptions.throwError) {
@@ -1078,7 +1067,6 @@ export function createMockDatabase(options: MockDatabaseOptions = {}) {
     }),
   })
 
-  // Create transaction mock
   const createTransactionMock = () => {
     return vi.fn().mockImplementation(async (callback: any) => {
       if (transactionOptions.throwError) {
@@ -1200,7 +1188,6 @@ export function setupKnowledgeMocks(
     mocks.generateEmbedding = vi.fn().mockResolvedValue([0.1, 0.2, 0.3])
   }
 
-  // Mock the knowledge utilities
   vi.doMock('@/app/api/knowledge/utils', () => mocks)
 
   return mocks
@@ -1218,35 +1205,30 @@ export function setupFileApiMocks(
 ) {
   const { authenticated = true, storageProvider = 's3', cloudEnabled = true } = options
 
-  // Setup basic mocks
   setupCommonApiMocks()
   mockUuid()
   mockCryptoUuid()
 
-  // Setup auth
   const authMocks = mockAuth()
   if (authenticated) {
     authMocks.setAuthenticated()
   } else {
     authMocks.setUnauthenticated()
   }
 
-  // Setup file system mocks
   mockFileSystem({
     writeFileSuccess: true,
     readFileContent: 'test content',
     existsResult: true,
   })
 
-  // Setup storage provider mocks (this will mock @/lib/uploads)
   let storageMocks
   if (storageProvider) {
     storageMocks = createStorageProviderMocks({
       provider: storageProvider,
       isCloudEnabled: cloudEnabled,
     })
   } else {
-    // If no storage provider specified, just mock the base functions
     vi.doMock('@/lib/uploads', () => ({
       getStorageProvider: vi.fn().mockReturnValue('local'),
       isUsingCloudStorage: vi.fn().mockReturnValue(cloudEnabled),

apps/sim/app/api/auth/oauth/connections/route.ts

@@ -3,6 +3,7 @@ import { jwtDecode } from 'jwt-decode'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user } from '@/db/schema'
 
@@ -18,7 +19,7 @@ interface GoogleIdToken {
  * Get all OAuth connections for the current user
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/credentials/route.ts

@@ -6,6 +6,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import type { OAuthService } from '@/lib/oauth/oauth'
 import { parseProvider } from '@/lib/oauth/oauth'
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account, user, workflow } from '@/db/schema'
 
@@ -23,7 +24,7 @@ interface GoogleIdToken {
  * Get credentials for a specific provider
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get query params

apps/sim/app/api/auth/oauth/disconnect/route.ts

@@ -2,6 +2,7 @@ import { and, eq, like, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
 
@@ -13,7 +14,7 @@ const logger = createLogger('OAuthDisconnectAPI')
  * Disconnect an OAuth provider for the current user
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/microsoft/file/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFileAPI')
  * Get a single file from Microsoft OneDrive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
   try {
     // Get the session
     const session = await getSession()

apps/sim/app/api/auth/oauth/microsoft/files/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('MicrosoftFilesAPI')
  * Get Excel files from Microsoft OneDrive
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Generate a short request ID for correlation
+  const requestId = generateRequestId()
 
   try {
     // Get the session

apps/sim/app/api/auth/oauth/token/route.ts

@@ -2,6 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { getCredential, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
@@ -14,7 +15,7 @@ const logger = createLogger('OAuthTokenAPI')
  * and workflow-based authentication (for server-side requests)
  */
 export async function POST(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   logger.info(`[${requestId}] OAuth token API POST request received`)
 
@@ -59,7 +60,7 @@ export async function POST(request: NextRequest) {
  * Get the access token for a specific credential
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8) // Short request ID for correlation
+  const requestId = generateRequestId()
 
   try {
     // Get the credential ID from the query params

apps/sim/app/api/auth/oauth/wealthbox/item/route.ts

@@ -2,6 +2,7 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { generateRequestId } from '@/lib/utils'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account } from '@/db/schema'
@@ -14,7 +15,7 @@ const logger = createLogger('WealthboxItemAPI')
  * Get a single item (note, contact, task) from Wealthbox
  */
 export async function GET(request: NextRequest) {
-  const requestId = crypto.randomUUID().slice(0, 8)
+  const requestId = generateRequestId()
 
   try {
     // Get the session