Route workspace-mcp through API Gateway to bypass SCP Lambda URL block

agentclaw/app/agent_claw_main/main.py

@@ -24,7 +24,7 @@ import botocore.awsrequest
 import boto3
 from urllib.parse import urlparse as _urlparse
 
-WORKSPACE_MCP_URL = 'https://25hugrzw4uwtueeg77jsmft6lq0wunmd.lambda-url.us-east-1.on.aws/mcp'
+WORKSPACE_MCP_URL = 'https://sptejrymri.execute-api.us-east-1.amazonaws.com/workspace/mcp'
 OAUTH_START_URL = (
     os.environ.get('OAUTH_START_URL')
     or 'https://sptejrymri.execute-api.us-east-1.amazonaws.com/oauth/start'
@@ -286,7 +286,7 @@ async def main(payload: dict, context):
                   manage_service, schedule_reminder, list_reminders, cancel_reminder]
 
     workspace_mcp_client = MCPClient(
-        lambda: streamablehttp_client(WORKSPACE_MCP_URL, timeout=20, auth=_SigV4HttpxAuth(actor_id=actor_id))
+        lambda: streamablehttp_client(WORKSPACE_MCP_URL, timeout=20)
     )
     workspace_tools = []
     google_email = user_profile.get('google_email', '')

cdk/lib/agent-claw-stack.ts

@@ -276,6 +276,15 @@ export class AgentClawStack extends cdk.Stack {
       ),
     });
 
+    // workspace-mcp proxy route — no auth (SCP blocks Lambda Function URLs)
+    httpApi.addRoutes({
+      path: '/workspace/{proxy+}',
+      methods: [apigatewayv2.HttpMethod.ANY],
+      integration: new apigatewayv2integrations.HttpLambdaIntegration(
+        'WorkspaceMcpIntegration', workspaceMcpFn
+      ),
+    });
+
     // Set OAUTH_REDIRECT_URI now that we have the API URL
     const oauthRedirectUri = `${httpApi.url}oauth/callback`;
     oauthHandlerFn.addEnvironment('OAUTH_REDIRECT_URI', oauthRedirectUri);