Download the PHP package jelte-ten-holt/in-other-agents without Composer
On this page you can find all versions of the php package jelte-ten-holt/in-other-agents. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download jelte-ten-holt/in-other-agents
More information about jelte-ten-holt/in-other-agents
Files in jelte-ten-holt/in-other-agents
Package in-other-agents
Short Description MCP (Streamable HTTP) scaffolding for Laravel apps — AgentTool base class, bearer + OAuth 2.1 (Passport) auth with RFC 7591 Dynamic Client Registration, tool registry, audit log subscriber.
License MIT
Informations about the package in-other-agents
in-other-agents
MCP (Streamable HTTP) scaffolding for Laravel apps. Provides:
AgentToolabstract base — the single point of coupling toopgginc/laravel-mcp-serverAuthenticateAgentmiddleware — bearer and OAuth 2.1 (Passport) token check, request stamping for log correlation- OAuth discovery + RFC 7591 Dynamic Client Registration so Co-work / web MCP clients can self-onboard
ToolRegistry— resolves the consumer'sconfig('agents.tools')listAgentLogSubscriber— audit logging of tool invocations and DCR registrations to a Monolog channel- Service provider wiring the
/mcproute, OAuth routes, middleware, and log subscriber
This package ships zero tools of its own. Consumers register everything via config/agents.php.
Install
Laravel package discovery picks up the service provider automatically.
Publish the config (optional — defaults work out of the box):
Set the bearer token in .env:
An empty token fails closed — the /mcp endpoint rejects everything until a token is set.
Defining a tool
Create a class that extends InOtherAgents\AgentTool:
Register it in config/agents.php:
Then POST to /mcp with Authorization: Bearer <token> and a standard MCP JSON-RPC envelope.
Audit log
Every tool invocation dispatches InOtherAgents\Events\ToolInvoked (success) or ToolInvocationFailed (throw). The bundled AgentLogSubscriber writes them to the configured Monolog channel (AGENT_LOG_CHANNEL, defaults to stack). Bearer tokens are hashed before logging — never the raw value.
Errors thrown as InvalidArgumentException are translated to JSON-RPC INVALID_PARAMS so the calling agent sees the actual message. Other throwables propagate as the framework's INTERNAL_ERROR.
OAuth (since 0.2.0)
Bearer remains the default. To unlock OAuth for Co-work / web MCP clients:
composer require laravel/passportphp artisan passport:install(generates encryption keys + initial clients)-
Configure the
apiguard inconfig/auth.php: - In
.env:
What you get:
POST /oauth/register— RFC 7591 Dynamic Client Registration. Co-work posts here on first connect when the connector form is left with blank OAuth fields. Open by default; setAGENT_DCR_INITIAL_ACCESS_TOKENto gate it.GET /.well-known/oauth-authorization-server— RFC 8414 discovery doc.GET /.well-known/oauth-protected-resource— RFC 9728 doc. Advertised inWWW-Authenticateon every 401 from/mcp.- RFC 8707
resourceparameter enforcement on every Passport route (off by default — flipAGENT_OAUTH_REQUIRE_RESOURCE=trueonce every known client sends it). - Scope-gated access (
agentbase,agent.adminelevated). Static bearer holders are admin by construction; that path is untouched.
End-to-end OAuth flow is verified via the consumer app's Passport setup; the package's test suite covers the metadata endpoints, resource enforcement, and the bearer path.
Versioning
Semantic Versioning. Pre-1.0, the surface may shift between minor versions while consumers iterate.
All versions of in-other-agents with dependencies
laravel/framework Version ^12.0 || ^13.0
opgginc/laravel-mcp-server Version ^2.0