cellstate_core/

web_mcp.rs

//! WebMCP - Browser-native agent tool discovery primitives.
//!
//! Defines the core types for the Web Model Context Protocol (WebMCP),
//! which enables browser-side AI agents to discover and execute tools
//! exposed by web applications via the `navigator.modelContext` API.
//!
//! ## Architecture
//!
//! These are pure data types (no behavior) following the cellstate-core pattern.
//! The API crate adds behavior (WebMcpConnector), the SDK wraps it in
//! headless state machines, and the app dogfoods it via the SDK.
//!
//! ## Relationship to MCP
//!
//! Standard MCP operates server-to-agent (tools exposed by an MCP server).
//! WebMCP operates browser-to-agent: web pages expose tools via
//! `navigator.modelContext.registerTool()` that any connected agent
//! (browser sidebar, desktop app, or programmatic client) can discover
//! and execute. This module provides the type vocabulary for both sides.
//!
//! ## Discovery Flow
//!
//! ```text
//! ┌────────────────────────────────────────────────────┐
//! │                WebMCP Discovery Lifecycle           │
//! │                                                    │
//! │  Page Load → Detect → Schema Parse → Ready         │
//! │     ↑                                  │           │
//! │     │          Execute ← Approve ← ─ ─┘           │
//! │     │             │                                │
//! │     └─── Context Update ←──┘                       │
//! └────────────────────────────────────────────────────┘
//! ```

use serde::{Deserialize, Serialize};
use std::collections::HashMap;

// ============================================================================
// TOOL SCHEMA (mirrors navigator.modelContext.registerTool shape)
// ============================================================================

/// A tool exposed by a web page via WebMCP.
///
/// Maps directly to the `navigator.modelContext.registerTool()` call.
/// The agent discovers these tools upon navigating to a page.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpTool {
    /// Unique tool name within the page context.
    pub name: String,
    /// Human-readable description of what the tool does.
    pub description: String,
    /// JSON Schema describing the input parameters.
    pub input_schema: WebMcpInputSchema,
    /// Origin URL where this tool was discovered.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub origin: Option<String>,
    /// Security annotations for this tool.
    #[serde(default)]
    pub annotations: WebMcpToolAnnotations,
}

/// JSON Schema for tool input parameters.
///
/// Simplified representation of JSON Schema sufficient for WebMCP tool
/// input validation. Maps to the `inputSchema` field in registerTool.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpInputSchema {
    /// Always "object" for tool inputs.
    #[serde(rename = "type")]
    pub schema_type: String,
    /// Property definitions keyed by parameter name.
    #[serde(default)]
    pub properties: HashMap<String, WebMcpPropertySchema>,
    /// Required parameter names.
    #[serde(default)]
    pub required: Vec<String>,
}

/// Schema for a single property within a tool's input.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpPropertySchema {
    /// JSON Schema type (string, number, boolean, object, array).
    #[serde(rename = "type")]
    pub prop_type: String,
    /// Human-readable description of this parameter.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub description: Option<String>,
    /// Default value (if any).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub default: Option<serde_json::Value>,
    /// Allowed values (enum constraint).
    #[serde(rename = "enum", skip_serializing_if = "Option::is_none")]
    pub enum_values: Option<Vec<serde_json::Value>>,
}

/// Security and behavioral annotations for a WebMCP tool.
///
/// Agents use these to decide whether to auto-execute or prompt for
/// user approval (aligns with CELLSTATE's intent/autonomy system).
#[derive(Debug, Clone, PartialEq, Default, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpToolAnnotations {
    /// Whether this tool is read-only (safe to auto-execute).
    #[serde(default)]
    pub read_only: bool,
    /// Whether this tool mutates external state.
    #[serde(default)]
    pub destructive: bool,
    /// Required OAuth scopes for execution.
    #[serde(default)]
    pub required_scopes: Vec<String>,
    /// Maximum cost in tokens this tool typically consumes.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub estimated_cost: Option<u64>,
}

// ============================================================================
// CONTEXT PROVIDER (mirrors navigator.modelContext.provideContext)
// ============================================================================

/// Page context metadata exposed via WebMCP.
///
/// Maps to `navigator.modelContext.provideContext()`. Provides the agent
/// with structured information about the current page state without
/// requiring visual inference (screenshots).
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpContext {
    /// URL of the page providing context.
    pub url: String,
    /// Human-readable page title.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub title: Option<String>,
    /// Structured page state (application-specific).
    #[serde(default)]
    pub state: HashMap<String, serde_json::Value>,
    /// List of available user actions on the page.
    #[serde(default)]
    pub available_actions: Vec<String>,
    /// Current user identity context (if authenticated).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_context: Option<WebMcpUserContext>,
}

/// User identity context within a WebMCP session.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpUserContext {
    /// Opaque user identifier.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub user_id: Option<String>,
    /// Display name.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub display_name: Option<String>,
    /// Granted OAuth scopes.
    #[serde(default)]
    pub scopes: Vec<String>,
}

// ============================================================================
// DISCOVERY STATE (lifecycle of tool discovery on a page)
// ============================================================================

/// State of the WebMCP discovery lifecycle for a single page.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum WebMcpDiscoveryPhase {
    /// Agent has navigated to a URL but hasn't queried for tools yet.
    Detecting,
    /// Tools have been detected, schemas are being parsed.
    Parsing,
    /// Discovery complete, tools are ready for execution.
    Ready,
    /// Discovery failed (page doesn't support WebMCP or schema error).
    Failed,
    /// Tools were available but have been unregistered by the page.
    Revoked,
}

/// Complete discovery state for a single page.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpDiscoveryState {
    /// URL being discovered.
    pub url: String,
    /// Current phase of discovery.
    pub phase: WebMcpDiscoveryPhase,
    /// Discovered tools (populated when phase == Ready).
    #[serde(default)]
    pub tools: Vec<WebMcpTool>,
    /// Page context (if provided).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub context: Option<WebMcpContext>,
    /// Error message (if phase == Failed).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub error: Option<String>,
}

// ============================================================================
// EXECUTION (tool call and result)
// ============================================================================

/// A request to execute a WebMCP tool.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpToolCall {
    /// Name of the tool to execute.
    pub tool_name: String,
    /// Input arguments (must conform to the tool's input_schema).
    #[serde(default)]
    pub arguments: serde_json::Value,
    /// Origin URL where the tool was discovered.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub origin: Option<String>,
    /// Request ID for correlation.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub request_id: Option<String>,
}

/// Result of a WebMCP tool execution.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpToolResult {
    /// Whether execution succeeded.
    pub success: bool,
    /// Return value from the tool's executor function.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub result: Option<serde_json::Value>,
    /// Error message (if success == false).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub error: Option<String>,
    /// Request ID echoed back for correlation.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub request_id: Option<String>,
}

// ============================================================================
// SECURITY POLICY (OAuth 2.1 + multi-tenant)
// ============================================================================

/// Security policy governing WebMCP tool access.
///
/// Aligns with CELLSTATE's intent system: the security policy determines
/// which tools an agent can auto-execute vs. which require approval,
/// mapping to the AutonomyLevel and DelegationBoundary primitives.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpSecurityPolicy {
    /// Allowed origin patterns (e.g., "https://*.example.com").
    #[serde(default)]
    pub allowed_origins: Vec<String>,
    /// OAuth 2.1 scopes required for tool execution.
    #[serde(default)]
    pub required_scopes: Vec<String>,
    /// Maximum token budget per tool execution.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub max_tokens_per_call: Option<u64>,
    /// Whether to enforce audit logging for all tool calls.
    #[serde(default)]
    pub audit_logging: bool,
    /// Sandbox mode for tool execution.
    #[serde(default)]
    pub sandbox_mode: WebMcpSandboxMode,
}

/// Sandbox execution mode for WebMCP tools.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Default, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum WebMcpSandboxMode {
    /// Tools execute in the page's context (default for read-only tools).
    #[default]
    PageContext,
    /// Tools execute in an isolated iframe sandbox.
    Isolated,
    /// Tools execute server-side via CELLSTATE's sandbox infrastructure.
    ServerSide,
}

// ============================================================================
// MANIFEST (declarative HTML form fallback)
// ============================================================================

/// WebMCP manifest for declarative (non-JS) tool exposure.
///
/// Used as an HTML form fallback when JavaScript execution is restricted.
/// Pages can include `<meta name="webmcp-manifest" content="URL">` to
/// declare their tools via a static JSON manifest.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpManifest {
    /// Schema version.
    pub version: String,
    /// Application name.
    pub name: String,
    /// Application description.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub description: Option<String>,
    /// Tools exposed by this application.
    #[serde(default)]
    pub tools: Vec<WebMcpTool>,
    /// Security policy for tool access.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub security: Option<WebMcpSecurityPolicy>,
}

// ============================================================================
// CAPABILITY DECLARATION (bidirectional: what the agent CAN do)
// ============================================================================

/// Capabilities an agent advertises to a WebMCP-enabled page.
///
/// This is the bidirectional aspect: not just what tools the page
/// exposes, but what the connecting agent is capable of providing
/// back to the page (e.g., memory recall, context assembly, search).
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct WebMcpAgentCapabilities {
    /// Agent identifier.
    pub agent_id: String,
    /// CELLSTATE tools the agent can expose back to the page.
    #[serde(default)]
    pub provided_tools: Vec<String>,
    /// Memory operations the agent supports.
    #[serde(default)]
    pub memory_capabilities: Vec<WebMcpMemoryCapability>,
    /// Model routing capabilities.
    #[serde(default)]
    pub model_routing: Vec<String>,
}

/// Memory capabilities an agent can provide to a WebMCP page.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum WebMcpMemoryCapability {
    /// Agent can recall past interactions.
    Recall,
    /// Agent can store new artifacts.
    Store,
    /// Agent can search across trajectories.
    Search,
    /// Agent can assemble context packages.
    ContextAssembly,
    /// Agent can provide summarization.
    Summarize,
    /// Agent can ingest multimodal content.
    Ingest,
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::collections::HashMap;

    #[test]
    fn web_mcp_tool_serde_roundtrip() {
        let tool = WebMcpTool {
            name: "search".into(),
            description: "Search the web".into(),
            input_schema: WebMcpInputSchema {
                schema_type: "object".into(),
                properties: HashMap::from([(
                    "query".into(),
                    WebMcpPropertySchema {
                        prop_type: "string".into(),
                        description: Some("Search query".into()),
                        default: None,
                        enum_values: None,
                    },
                )]),
                required: vec!["query".into()],
            },
            origin: None,
            annotations: WebMcpToolAnnotations::default(),
        };
        let json = serde_json::to_string(&tool).unwrap();
        let d: WebMcpTool = serde_json::from_str(&json).unwrap();
        assert_eq!(tool.name, d.name);
        assert_eq!(d.input_schema.required, vec!["query"]);
    }

    #[test]
    fn web_mcp_tool_annotations_default_is_safe() {
        let ann = WebMcpToolAnnotations::default();
        assert!(!ann.read_only);
        assert!(!ann.destructive);
        assert!(ann.required_scopes.is_empty());
        assert!(ann.estimated_cost.is_none());
    }

    #[test]
    fn web_mcp_discovery_phase_serde_roundtrip() {
        let phases = vec![
            WebMcpDiscoveryPhase::Detecting,
            WebMcpDiscoveryPhase::Parsing,
            WebMcpDiscoveryPhase::Ready,
            WebMcpDiscoveryPhase::Failed,
            WebMcpDiscoveryPhase::Revoked,
        ];
        for phase in phases {
            let json = serde_json::to_string(&phase).unwrap();
            let d: WebMcpDiscoveryPhase = serde_json::from_str(&json).unwrap();
            assert_eq!(phase, d);
        }
    }

    #[test]
    fn web_mcp_sandbox_mode_default_is_page_context() {
        assert_eq!(WebMcpSandboxMode::default(), WebMcpSandboxMode::PageContext);
    }

    #[test]
    fn web_mcp_sandbox_mode_serde_roundtrip() {
        let modes = vec![
            WebMcpSandboxMode::PageContext,
            WebMcpSandboxMode::Isolated,
            WebMcpSandboxMode::ServerSide,
        ];
        for mode in modes {
            let json = serde_json::to_string(&mode).unwrap();
            let d: WebMcpSandboxMode = serde_json::from_str(&json).unwrap();
            assert_eq!(mode, d);
        }
    }

    #[test]
    fn web_mcp_memory_capability_serde_roundtrip() {
        let caps = vec![
            WebMcpMemoryCapability::Recall,
            WebMcpMemoryCapability::Store,
            WebMcpMemoryCapability::Search,
            WebMcpMemoryCapability::ContextAssembly,
            WebMcpMemoryCapability::Summarize,
            WebMcpMemoryCapability::Ingest,
        ];
        for cap in caps {
            let json = serde_json::to_string(&cap).unwrap();
            let d: WebMcpMemoryCapability = serde_json::from_str(&json).unwrap();
            assert_eq!(cap, d);
        }
    }

    #[test]
    fn web_mcp_security_policy_defaults() {
        let policy: WebMcpSecurityPolicy = serde_json::from_str("{}").unwrap();
        assert!(policy.allowed_origins.is_empty());
        assert!(!policy.audit_logging);
        assert_eq!(policy.sandbox_mode, WebMcpSandboxMode::PageContext);
    }

    #[test]
    fn web_mcp_manifest_serde_roundtrip() {
        let manifest = WebMcpManifest {
            version: "1.0.0".into(),
            name: "test-server".into(),
            description: Some("A test MCP server".into()),
            tools: vec![],
            security: Some(WebMcpSecurityPolicy {
                allowed_origins: vec!["https://example.com".into()],
                required_scopes: vec![],
                max_tokens_per_call: Some(1000),
                audit_logging: true,
                sandbox_mode: WebMcpSandboxMode::Isolated,
            }),
        };
        let json = serde_json::to_string(&manifest).unwrap();
        let d: WebMcpManifest = serde_json::from_str(&json).unwrap();
        assert_eq!(manifest.name, d.name);
        assert_eq!(manifest.version, d.version);
        assert!(d.security.is_some());
    }

    #[test]
    fn web_mcp_tool_call_serde_roundtrip() {
        let call = WebMcpToolCall {
            tool_name: "search".into(),
            arguments: serde_json::json!({"query": "test"}),
            origin: Some("https://example.com".into()),
            request_id: Some("req-123".into()),
        };
        let json = serde_json::to_string(&call).unwrap();
        let d: WebMcpToolCall = serde_json::from_str(&json).unwrap();
        assert_eq!(call.tool_name, d.tool_name);
    }

    #[test]
    fn web_mcp_tool_result_success() {
        let result = WebMcpToolResult {
            success: true,
            result: Some(serde_json::json!({"data": [1, 2, 3]})),
            error: None,
            request_id: Some("req-123".into()),
        };
        let json = serde_json::to_string(&result).unwrap();
        let d: WebMcpToolResult = serde_json::from_str(&json).unwrap();
        assert!(d.success);
        assert!(d.error.is_none());
    }

    #[test]
    fn web_mcp_tool_result_failure() {
        let result = WebMcpToolResult {
            success: false,
            result: None,
            error: Some("tool not found".into()),
            request_id: None,
        };
        assert!(!result.success);
        assert!(result.error.is_some());
    }

    #[test]
    fn web_mcp_agent_capabilities_serde_roundtrip() {
        let caps = WebMcpAgentCapabilities {
            agent_id: "agent-1".into(),
            provided_tools: vec!["recall".into(), "search".into()],
            memory_capabilities: vec![
                WebMcpMemoryCapability::Recall,
                WebMcpMemoryCapability::Store,
            ],
            model_routing: vec!["openai".into()],
        };
        let json = serde_json::to_string(&caps).unwrap();
        let d: WebMcpAgentCapabilities = serde_json::from_str(&json).unwrap();
        assert_eq!(caps.agent_id, d.agent_id);
        assert_eq!(d.memory_capabilities.len(), 2);
    }

    #[test]
    fn web_mcp_context_serde_roundtrip() {
        let ctx = WebMcpContext {
            url: "https://example.com/dashboard".into(),
            title: Some("Dashboard".into()),
            state: HashMap::from([("page".into(), serde_json::json!("home"))]),
            available_actions: vec!["click_button".into()],
            user_context: Some(WebMcpUserContext {
                user_id: Some("user-1".into()),
                display_name: Some("Test User".into()),
                scopes: vec!["read".into()],
            }),
        };
        let json = serde_json::to_string(&ctx).unwrap();
        let d: WebMcpContext = serde_json::from_str(&json).unwrap();
        assert_eq!(ctx.url, d.url);
        assert!(d.user_context.is_some());
    }
}