// Step-by-step guide for creating new internal MCP server integrations in Dust that connect to remote platforms (Jira, HubSpot, Salesforce, etc.). Use when adding a new MCP server, implementing a platform integration, or connecting Dust to a new external service.
Add a new audit log event in `front`. Use when instrumenting a new user or system action for WorkOS audit logging, including schema creation, `AuditAction` updates, and the correct emit call after the mutation path.
Step-by-step guide for adding support for a new LLM in Dust. Use when adding a new model, or updating a previous one.
Implement a new built-in webhook source provider in `front`. Use when adding a webhook provider such as Linear, GitHub, or Fathom, including provider research, OAuth prerequisites, provider-specific types and client code, preset registration, UI components, and end-to-end testing.
Write and refactor React forms using react-hook-form with Zod validation. Use when creating new form components, converting existing forms to react-hook-form, or implementing form validation patterns.
Writes React components without unnecessary useEffect. Use when creating/reviewing React components, refactoring effects, or when code uses useEffect to transform data or handle events.
Create, migrate, or query Elasticsearch indices in `front`. Use when adding a new front Elasticsearch index, changing mappings or settings, wiring indexing logic, or exposing Elasticsearch-backed analytics/search endpoints.
| name | dust-mcp-server |
| description | Step-by-step guide for creating new internal MCP server integrations in Dust that connect to remote platforms (Jira, HubSpot, Salesforce, etc.). Use when adding a new MCP server, implementing a platform integration, or connecting Dust to a new external service. |
This runbook provides step-by-step instructions for creating new internal MCP server integrations in Dust that connect to remote platforms (e.g., Jira, HubSpot, Salesforce, etc.).
front/lib/api/actions/servers/{provider}/
āāā metadata.ts # Tool metadata and server info using createToolsRecord
āāā tools/index.ts # Tool handlers with exhaustive Record type
āāā index.ts # Server creation and tool registration
āāā client.ts # API client (optional)
āāā helpers.ts # Helper functions (optional)
front/lib/actions/mcp_internal_actions/constants.ts - Add server config with metadata: YOUR_SERVERfront/lib/actions/mcp_internal_actions/servers/index.ts - Import and register in switch statementfront/lib/api/oauth/providers/{provider}.tscore/src/oauth/providers/{provider}.rsauthorization field must reference the OAuth providerAVAILABLE_INTERNAL_MCP_SERVER_NAMES arraynever_ask, low, medium, high)Result typeswithAuth patternIf the remote platform requires OAuth authentication:
core/src/oauth/providers/ as {provider}.rsfront/lib/api/oauth/providers/{provider}.tsIf the OAuth provider does not exist, implement it first in core and front:
core/src/oauth/providers/{provider}.rscore/src/oauth/providers/mod.rsfront/lib/api/oauth/providers/{provider}.ts for the front-end OAuth setupSee existing providers like hubspot.rs or jira.rs for reference implementations.
Before starting implementation, research the platform API:
Document the operations you want to expose:
metadata.tsCreate front/lib/api/actions/servers/{provider}/metadata.ts:
import type { JSONSchema7 as JSONSchema } from "json-schema";
import { z } from "zod";
import { zodToJsonSchema } from "zod-to-json-schema";
import type { ServerMetadata } from "@app/lib/actions/mcp_internal_actions/tool_definition";
import { createToolsRecord } from "@app/lib/actions/mcp_internal_actions/tool_definition";
export const YOUR_PROVIDER_TOOLS_METADATA = createToolsRecord({
list_items: {
description: "List all items accessible to the user.",
schema: {
pageToken: z.string().optional().describe("Page token for pagination."),
maxResults: z.number().optional().describe("Maximum results to return."),
},
stake: "never_ask",
displayLabels: {
running: "Listing Items",
done: "List items",
},
},
get_item: {
description: "Get a single item by ID.",
schema: {
itemId: z.string().describe("The ID of the item to retrieve."),
},
stake: "never_ask",
displayLabels: {
running: "Retrieving item",
done: "Retrieve item",
},
},
create_item: {
description: "Create a new item.",
schema: {
name: z.string().describe("Name of the item."),
description: z.string().optional().describe("Description of the item."),
},
stake: "low",
displayLabels: {
running: "Creating item",
done: "Create item",
},
},
});
export const YOUR_PROVIDER_SERVER = {
serverInfo: {
name: "your_provider",
version: "1.0.0",
description: "Short description of what this integration does.",
authorization: {
provider: "your_provider",
supported_use_cases: ["personal_actions", "platform_actions"],
},
icon: "YourProviderLogo",
documentationUrl: "https://docs.dust.tt/docs/your-provider",
instructions: null,
},
tools: Object.values(YOUR_PROVIDER_TOOLS_METADATA).map((t) => ({
name: t.name,
description: t.description,
inputSchema: zodToJsonSchema(z.object(t.schema)) as JSONSchema,
displayLabels: t.displayLabels,
})),
tools_stakes: Object.fromEntries(
Object.values(YOUR_PROVIDER_TOOLS_METADATA).map((t) => [t.name, t.stake])
),
} as const satisfies ServerMetadata;
Key points:
createToolsRecord automatically adds the name property from the object keystake values map to review/approval expectationstools/index.tsCreate front/lib/api/actions/servers/{provider}/tools/index.ts:
import { MCPError } from "@app/lib/actions/mcp_errors";
import type { ToolHandlers } from "@app/lib/actions/mcp_internal_actions/tool_definition";
import { buildTools } from "@app/lib/actions/mcp_internal_actions/tool_definition";
import { YOUR_PROVIDER_TOOLS_METADATA } from "@app/lib/api/actions/servers/your_provider/metadata";
import { Err, Ok } from "@app/types/shared/result";
const handlers: ToolHandlers<typeof YOUR_PROVIDER_TOOLS_METADATA> = {
list_items: async ({ pageToken, maxResults }, { authInfo }) => {
const token = authInfo?.token;
if (!token) {
return new Err(new MCPError("No access token provided"));
}
try {
const items = [];
return new Ok([
{ type: "text" as const, text: `Found ${items.length} items` },
{ type: "text" as const, text: JSON.stringify({ items }, null, 2) },
]);
} catch (e) {
return new Err(new MCPError("Failed to list items"));
}
},
get_item: async ({ itemId }, { authInfo }) => {
const token = authInfo?.token;
if (!token) {
return new Err(new MCPError("No access token provided"));
}
try {
const item = {};
return new Ok([
{ type: "text" as const, text: `Retrieved item ${itemId}` },
{ type: "text" as const, text: JSON.stringify(item, null, 2) },
]);
} catch (e) {
return new Err(new MCPError("Failed to get item"));
}
},
create_item: async ({ name, description }, { authInfo }) => {
const token = authInfo?.token;
if (!token) {
return new Err(new MCPError("No access token provided"));
}
try {
const item = {};
return new Ok([
{ type: "text" as const, text: `Created item "${name}"` },
{ type: "text" as const, text: JSON.stringify(item, null, 2) },
]);
} catch (e) {
return new Err(new MCPError("Failed to create item"));
}
},
};
export const TOOLS = buildTools(YOUR_PROVIDER_TOOLS_METADATA, handlers);
Key points:
ToolHandlers<T> enforces exhaustive implementationbuildTools combines metadata and handlers into ToolDefinition[]extra.authInfo?.tokenindex.tsCreate front/lib/api/actions/servers/{provider}/index.ts:
import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { makeInternalMCPServer } from "@app/lib/actions/mcp_internal_actions/utils";
import { registerTool } from "@app/lib/actions/mcp_internal_actions/wrappers";
import type { AgentLoopContextType } from "@app/lib/actions/types";
import { TOOLS } from "@app/lib/api/actions/servers/your_provider/tools";
import type { Authenticator } from "@app/lib/auth";
function createServer(
auth: Authenticator,
agentLoopContext?: AgentLoopContextType
): McpServer {
const server = makeInternalMCPServer("your_provider");
for (const tool of TOOLS) {
registerTool(auth, agentLoopContext, server, tool, {
monitoringName: "your_provider",
});
}
return server;
}
export default createServer;
constants.tsEdit front/lib/actions/mcp_internal_actions/constants.ts:
YOUR_PROVIDER_SERVERAVAILABLE_INTERNAL_MCP_SERVER_NAMESINTERNAL_MCP_SERVERSExample:
your_provider: {
id: 99,
availability: "manual",
allowMultipleInstances: true,
isRestricted: undefined,
isPreview: false,
tools_arguments_requiring_approval: undefined,
tools_retry_policies: undefined,
timeoutMs: undefined,
metadata: YOUR_PROVIDER_SERVER,
},
Important properties:
id: unique stable ID, never change after deploymentavailability: manual, auto, or auto_hidden_builderallowMultipleInstances: true for OAuth-based integrationsisRestricted: feature-flag or plan gating function, if neededisPreview: true for beta or preview integrationsservers/index.tsEdit front/lib/actions/mcp_internal_actions/servers/index.ts:
case "your_provider":
return yourProviderServer(auth, agentLoopContext);
client.ts and helpers.tsUse extra files when the integration grows beyond a few simple calls.
client.tsCreate a client when you need multiple API endpoints, response validation, auth header management, or retry logic.
helpers.tsCreate helpers for:
withAuth wrappersExample withAuth pattern:
import { MCPError } from "@app/lib/actions/mcp_errors";
import type {
ToolHandlerExtra,
ToolHandlerResult,
} from "@app/lib/actions/mcp_internal_actions/tool_definition";
import { Err } from "@app/types/shared/result";
export async function withAuth<T>(
{ authInfo }: ToolHandlerExtra,
action: (token: string) => Promise<ToolHandlerResult>
): Promise<ToolHandlerResult> {
const token = authInfo?.token;
if (!token) {
return new Err(new MCPError("No access token provided"));
}
try {
return await action(token);
} catch (e) {
return new Err(new MCPError("Operation failed"));
}
}
Use client.ts / helpers.ts based on complexity:
tools/index.tshelpers.tsclient.tsIf handlers need access to Authenticator directly, create tools through a function instead of a
constant.
See front/lib/api/actions/servers/github/tools/index.ts for a full example.
Use an existing similar icon temporarily, then request the final icon from design/Sparkle and
update the icon field once available.
Gate preview or limited-access servers through isRestricted in the server config, using feature
flags or plan checks as needed.
Always convert API responses into focused, markdown-formatted output. Avoid returning raw
JSON.stringify(apiResponse) with everything the upstream API sent.
Do:
Do not:
Wrap failures in meaningful MCPErrors rather than exposing raw upstream errors.
never_ask: read-only operationslow: low-impact writesmedium: important writeshigh: destructive or high-impact actions.describe() to schema fieldsSchema descriptions help the model supply the right parameters.
Validate every external response to catch API drift and unexpected payloads early.
Before marking implementation complete:
metadata.ts exists and uses createToolsRecordtools/index.ts exists and uses ToolHandlers<typeof METADATA>index.ts default-exports the server factoryAVAILABLE_INTERNAL_MCP_SERVER_NAMESINTERNAL_MCP_SERVERSservers/index.tsnpx tsgo --noEmit passesnpm run format:changed passes from the repo rootavailabilityisRestrictedAVAILABLE_INTERNAL_MCP_SERVER_NAMEScore and fronttools_stakes contains the tool namesauthInfo.token is propagatedAVAILABLE_INTERNAL_MCP_SERVER_NAMESnpx tsgo --noEmitfront/lib/api/actions/servers/github/front/lib/api/actions/servers/snowflake/front/lib/api/actions/servers/google_calendar/front/lib/api/actions/servers/agent_sidekick_context/front/lib/api/actions/servers/agent_sidekick_agent_state/front/lib/api/actions/servers/front/lib/actions/mcp_internal_actions/servers/core/src/oauth/providers/