Fixes to MCP Client with authentication

[cmsparks]

Agents changes:

• Explicitly pass in the OAuthProvider (and require it to be an AgentsOAuthClientProvider)
• Fix error where client initialization fails if a server returns "Method not found" for capabilities it claimed to support. This is more common in the case of resource templates because there is no explicit resource template capability. Now we warn on servers not advertising their capabilities correctly instead of hard failing. (See MCP Client x Agents Implementation #125)

Demo fixes:

• Fix problem in the demo where unauthenticated servers wouldn't cause the capabilities list to be refreshed
• Fix broken demo due to this.name not being set. Now the callback URL doesn't need to be passed into the MCPClientManager (See MCP Client x Agents Implementation #125)

I double checked that the DurableObjectOAuthClientProvider still works on the free tier. The SQLite storage backend still supports using the key value storage API, so free users shouldn't have issues here.

[changeset-bot]

🦋 Changeset detected

Latest commit: 14ba5ca

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
agents	Patch
hono-agents	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[threepointone]

this looks good, tentatively approving, just a couple of questions before landing

[threepointone]

should we pass this here, or in the constructor? what benefit to either approach?

[cmsparks]

I decided to pass it into the connect method because a transport is intended to be fully owned by a client connection (i.e. two MCP clients can't use the same transport). Because the authProvider is part of the transport options, it would also have to be owned by one client (so each client can have a unique redirect URL, oauth client information, tokens, etc).

I think we'd require some intermediate auth provider creation function if we were to pass it into the constructor.

edit: realized my initial comment was wrong

[threepointone]

what does this do? should it be running more often?

[cmsparks]

It just refreshes the agent's state for the tools, prompts, and resources which get sent to the client. It should be sufficient to just update these upon adding a new server or authenticating to a server.

In the future we should trigger this function if the server sent a notification that the tools/prompts/resources list changed, but I haven't added a nice way to hook into those notifications in the MCPClientManager yet.