0nmcp 1.6.0 → 1.7.0

package/cli.js

@@ -13,6 +13,7 @@
  *   npx 0nmcp list         List connected services
  *   npx 0nmcp migrate      Migrate from ~/.0nmcp to ~/.0n
  *   npx 0nmcp engine       Engine commands (import, verify, platforms, export, open)
+ *   npx 0nmcp app          Application commands (run, build, inspect, validate, list)
  * 
  * ═══════════════════════════════════════════════════════════════════════════
  */
@@ -87,6 +88,14 @@ ${c.bright}Engine commands:${c.reset}
   ${c.cyan}npx 0nmcp engine export${c.reset}           Export .0n bundle (AI Brain)
   ${c.cyan}npx 0nmcp engine open <bundle>${c.reset}    Open/inspect a .0n bundle
 
+${c.bright}Application commands:${c.reset}
+
+  ${c.cyan}npx 0nmcp app run <file>${c.reset}          Start application server
+  ${c.cyan}npx 0nmcp app build${c.reset}               Build application bundle
+  ${c.cyan}npx 0nmcp app inspect <file>${c.reset}      Show application metadata
+  ${c.cyan}npx 0nmcp app validate <file>${c.reset}     Validate application structure
+  ${c.cyan}npx 0nmcp app list${c.reset}                List installed applications
+
 ${c.bright}Serve options:${c.reset}
 
   ${c.cyan}npx 0nmcp serve --port 3000 --host 0.0.0.0${c.reset}
@@ -217,6 +226,13 @@ ${c.bright}Links:${c.reset}
     }
   }
 
+  // App
+  if (command === 'app') {
+    console.log(BANNER);
+    await handleApp(args.slice(1));
+    return;
+  }
+
   // Engine
   if (command === 'engine') {
     console.log(BANNER);
@@ -256,6 +272,7 @@ function initDotOn() {
     path.join(DOT_ON_DIR, 'snapshots'),
     path.join(DOT_ON_DIR, 'history'),
     path.join(DOT_ON_DIR, 'cache'),
+    path.join(DOT_ON_DIR, 'apps'),
   ];
 
   console.log(`${c.bright}Initializing ~/.0n directory...${c.reset}\n`);
@@ -677,4 +694,223 @@ async function handleEngine(args) {
   process.exit(1);
 }
 
+async function handleApp(args) {
+  const sub = args[0];
+
+  if (!sub || sub === 'help') {
+    console.log(`${c.bright}Application Engine — Build & Run .0n Applications${c.reset}\n`);
+    console.log(`  ${c.cyan}run <file>${c.reset}        Start application server`);
+    console.log(`  ${c.cyan}build${c.reset}             Build application bundle`);
+    console.log(`  ${c.cyan}inspect <file>${c.reset}    Show application metadata`);
+    console.log(`  ${c.cyan}validate <file>${c.reset}   Validate application structure`);
+    console.log(`  ${c.cyan}list${c.reset}              List installed applications\n`);
+    return;
+  }
+
+  if (sub === 'run') {
+    const appFile = args[1];
+    if (!appFile) {
+      console.log(`${c.red}Usage: npx 0nmcp app run <file.0n> [--port 3000] [--passphrase <pw>]${c.reset}`);
+      process.exit(1);
+    }
+
+    const port = Number(getFlag(args, '--port', 3000));
+    let passphrase = getFlag(args, '--passphrase', null);
+
+    if (!passphrase) {
+      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      const ask = (q) => new Promise(resolve => rl.question(q, resolve));
+      passphrase = await ask('Application passphrase: ');
+      rl.close();
+    }
+
+    if (!passphrase) {
+      console.log(`${c.red}Passphrase required.${c.reset}`);
+      process.exit(1);
+    }
+
+    try {
+      const { openApplication } = await import('./engine/app-builder.js');
+      const { Application } = await import('./engine/application.js');
+      const { ApplicationServer } = await import('./engine/app-server.js');
+
+      const bundle = openApplication(appFile, passphrase);
+      const application = new Application(bundle, { passphrase });
+      const server = new ApplicationServer(application);
+
+      await server.start({ port });
+
+      // Keep alive
+      process.on('SIGINT', async () => {
+        console.log(`\n${c.yellow}Shutting down...${c.reset}`);
+        await server.stop();
+        process.exit(0);
+      });
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'build') {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    const ask = (q) => new Promise(resolve => rl.question(q, resolve));
+
+    try {
+      const appName = await ask('Application name: ') || '0n Application';
+      const passphrase = await ask('Bundle passphrase: ');
+      if (!passphrase) {
+        console.log(`${c.red}Passphrase required.${c.reset}`);
+        rl.close();
+        process.exit(1);
+      }
+      rl.close();
+
+      const { createApplication } = await import('./engine/app-builder.js');
+
+      // Load local connections
+      const connectionsDir = path.join(DOT_ON_DIR, 'connections');
+      const connections = {};
+      if (fs.existsSync(connectionsDir)) {
+        const files = fs.readdirSync(connectionsDir).filter(f => f.endsWith('.0n') || f.endsWith('.0n.json'));
+        for (const file of files) {
+          try {
+            const data = JSON.parse(fs.readFileSync(path.join(connectionsDir, file), 'utf8'));
+            if (data.$0n?.sealed) continue;
+            connections[data.service] = {
+              credentials: data.auth?.credentials || {},
+              name: data.$0n?.name || data.service,
+              authType: data.auth?.type || 'api_key',
+              environment: data.environment || 'production',
+            };
+          } catch { /* skip */ }
+        }
+      }
+
+      // Load local workflows
+      const { loadLocalWorkflows } = await import('./engine/index.js');
+      const workflows = loadLocalWorkflows();
+
+      console.log(`\n${c.bright}Building application...${c.reset}\n`);
+
+      const result = createApplication({
+        name: appName,
+        passphrase,
+        connections,
+        workflows,
+      });
+
+      console.log(`${c.green}${c.bright}Application built!${c.reset}\n`);
+      console.log(`  Path:        ${result.path}`);
+      console.log(`  Connections: ${result.manifest.connection_count}`);
+      console.log(`  Workflows:   ${result.manifest.workflow_count}`);
+      console.log(`\n${c.bright}Run with:${c.reset} ${c.cyan}npx 0nmcp app run ${result.path}${c.reset}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'inspect') {
+    const appFile = args[1];
+    if (!appFile) {
+      console.log(`${c.red}Usage: npx 0nmcp app inspect <file.0n>${c.reset}`);
+      process.exit(1);
+    }
+
+    try {
+      const { inspectApplication } = await import('./engine/app-builder.js');
+      const info = inspectApplication(appFile);
+
+      console.log(`${c.bright}Application: ${info.name}${c.reset}\n`);
+      console.log(`  Version:     ${info.version}`);
+      console.log(`  Author:      ${info.author || '—'}`);
+      console.log(`  Created:     ${info.created}`);
+      if (info.description) console.log(`  Description: ${info.description}`);
+      console.log(`\n  Connections: ${info.connections.map(c2 => c2.service).join(', ') || 'none'}`);
+      console.log(`  Workflows:   ${info.workflows.join(', ') || 'none'}`);
+      console.log(`  Operations:  ${info.operations.join(', ') || 'none'}`);
+      console.log(`  Endpoints:   ${info.endpoints.join(', ') || 'none'}`);
+      console.log(`  Automations: ${info.automations.join(', ') || 'none'}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'validate') {
+    const appFile = args[1];
+    if (!appFile) {
+      console.log(`${c.red}Usage: npx 0nmcp app validate <file.0n>${c.reset}`);
+      process.exit(1);
+    }
+
+    try {
+      const { validateApplication } = await import('./engine/app-builder.js');
+      const data = JSON.parse(fs.readFileSync(appFile, 'utf8'));
+      const result = validateApplication(data);
+
+      if (result.valid) {
+        console.log(`${c.green}${c.bright}Application is valid!${c.reset}`);
+      } else {
+        console.log(`${c.red}${c.bright}Validation failed:${c.reset}\n`);
+        for (const err of result.errors) {
+          console.log(`  ${c.red}●${c.reset} ${err}`);
+        }
+      }
+
+      if (result.warnings?.length > 0) {
+        console.log(`\n${c.yellow}Warnings:${c.reset}`);
+        for (const w of result.warnings) {
+          console.log(`  ${c.yellow}○${c.reset} ${w}`);
+        }
+      }
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'list') {
+    const appsDir = path.join(DOT_ON_DIR, 'apps');
+    if (!fs.existsSync(appsDir)) {
+      console.log(`${c.yellow}No applications installed.${c.reset}`);
+      return;
+    }
+
+    const files = fs.readdirSync(appsDir).filter(f => f.endsWith('.0n') || f.endsWith('.0n.json'));
+    if (files.length === 0) {
+      console.log(`${c.yellow}No applications installed.${c.reset}`);
+      return;
+    }
+
+    console.log(`${c.bright}Installed Applications:${c.reset}\n`);
+
+    for (const file of files) {
+      try {
+        const data = JSON.parse(fs.readFileSync(path.join(appsDir, file), 'utf8'));
+        if (data.$0n?.type !== 'application') continue;
+
+        const wfCount = Object.keys(data.workflows || {}).length;
+        const epCount = Object.keys(data.endpoints || {}).length;
+        console.log(`  ${c.green}●${c.reset} ${c.bright}${data.$0n.name || file}${c.reset} v${data.$0n.version || '1.0.0'}`);
+        console.log(`    ${wfCount} workflows, ${epCount} endpoints`);
+        console.log(`    ${file}`);
+        console.log('');
+      } catch {
+        console.log(`  ${c.red}●${c.reset} ${file} (error reading)`);
+      }
+    }
+    return;
+  }
+
+  console.log(`${c.red}Unknown app command: ${sub}${c.reset}`);
+  console.log(`Run ${c.cyan}npx 0nmcp app help${c.reset} for usage`);
+  process.exit(1);
+}
+
 main().catch(console.error);

package/connections.js

@@ -18,6 +18,7 @@ const SNAPSHOTS_DIR = join(DOT_ON, "snapshots");
 const HISTORY_DIR = join(DOT_ON, "history");
 const CACHE_DIR = join(DOT_ON, "cache");
 const PLUGINS_DIR = join(DOT_ON, "plugins");
+const APPS_DIR = join(DOT_ON, "apps");
 const CONFIG_FILE = join(DOT_ON, "config.json");
 
 // Legacy path for migration
@@ -28,7 +29,7 @@ const LEGACY_FILE = join(LEGACY_DIR, "connections.json");
  * Initialize the ~/.0n/ directory structure.
  */
 export function initDotOn() {
-  const dirs = [DOT_ON, CONNECTIONS_DIR, WORKFLOWS_DIR, SNAPSHOTS_DIR, HISTORY_DIR, CACHE_DIR, PLUGINS_DIR];
+  const dirs = [DOT_ON, CONNECTIONS_DIR, WORKFLOWS_DIR, SNAPSHOTS_DIR, HISTORY_DIR, CACHE_DIR, PLUGINS_DIR, APPS_DIR];
   for (const dir of dirs) {
     if (!existsSync(dir)) {
       mkdirSync(dir, { recursive: true });
@@ -331,3 +332,4 @@ export const CONNECTIONS_PATH = CONNECTIONS_DIR;
 export const HISTORY_PATH = HISTORY_DIR;
 export const WORKFLOWS_PATH = WORKFLOWS_DIR;
 export const SNAPSHOTS_PATH = SNAPSHOTS_DIR;
+export const APPS_PATH = APPS_DIR;

package/engine/app-builder.js

@@ -0,0 +1,318 @@
+// ============================================================
+// 0nMCP -Engine: Application Builder
+// ============================================================
+// Creates, opens, inspects, and validates .0n application
+// bundles ($0n.type: "application"). Analogous to bundler.js
+// but for the full Application Engine format.
+//
+// Patent Pending: US Provisional Patent Application #63/968,814
+// ============================================================
+
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join, basename } from "path";
+import { createHash } from "crypto";
+import { homedir } from "os";
+import { sealPortable, unsealPortable } from "./cipher-portable.js";
+import { validateOperations } from "./operations.js";
+
+const APPS_DIR = join(homedir(), ".0n", "apps");
+
+/**
+ * Compute SHA-256 checksum of a string.
+ */
+function sha256(data) {
+  return createHash("sha256").update(data).digest("hex");
+}
+
+/**
+ * Create a .0n application bundle.
+ *
+ * @param {object} options
+ * @param {string} options.name -Application name
+ * @param {string} options.passphrase -Encryption passphrase
+ * @param {Record<string, object>} [options.connections] -{ service: { credentials, authType?, ... } }
+ * @param {Record<string, object>} [options.operations] -Operation definitions
+ * @param {Record<string, object>} [options.workflows] -Workflow definitions
+ * @param {Record<string, object>} [options.endpoints] -Endpoint definitions
+ * @param {Record<string, object>} [options.automations] -Automation definitions
+ * @param {object} [options.environment] -{ variables, secrets, settings, feature_flags }
+ * @param {string} [options.output] -Output file path
+ * @param {string} [options.description]
+ * @param {string} [options.author]
+ * @param {string} [options.version]
+ * @returns {{ bundle: object, path: string, manifest: object }}
+ */
+export function createApplication(options) {
+  const {
+    name = "0n Application",
+    passphrase,
+    connections = {},
+    operations = {},
+    workflows = {},
+    endpoints = {},
+    automations = {},
+    environment = {},
+    output,
+    description = "",
+    author = "",
+    version = "1.0.0",
+  } = options;
+
+  if (!passphrase) {
+    throw new Error("Passphrase is required to create an application bundle.");
+  }
+
+  const now = new Date().toISOString();
+
+  // Seal connections
+  const bundleConnections = [];
+  for (const [service, conn] of Object.entries(connections)) {
+    const credJson = JSON.stringify(conn.credentials || conn);
+    const { sealed } = sealPortable(credJson, passphrase);
+
+    bundleConnections.push({
+      service,
+      name: conn.name || service,
+      environment: conn.environment || "production",
+      auth_type: conn.authType || conn.auth_type || "api_key",
+      credential_keys: Object.keys(conn.credentials || conn),
+      sealed: true,
+      vault: {
+        data: sealed,
+        algorithm: "aes-256-gcm",
+        kdf: "pbkdf2-sha512-100k",
+        portable: true,
+      },
+    });
+  }
+
+  // Seal environment secrets
+  const bundleEnvironment = {
+    variables: environment.variables || {},
+    secrets: {},
+    settings: environment.settings || {},
+    feature_flags: environment.feature_flags || {},
+  };
+
+  if (environment.secrets) {
+    for (const [key, val] of Object.entries(environment.secrets)) {
+      const { sealed } = sealPortable(String(val), passphrase);
+      bundleEnvironment.secrets[key] = sealed;
+    }
+  }
+
+  // Build manifest
+  const manifest = {
+    bundle_version: "1.0.0",
+    generator: "0nmcp-engine/1.7.0",
+    type: "application",
+    connection_count: bundleConnections.length,
+    workflow_count: Object.keys(workflows).length,
+    operation_count: Object.keys(operations).length,
+    endpoint_count: Object.keys(endpoints).length,
+    automation_count: Object.keys(automations).length,
+    services: bundleConnections.map(c => c.service),
+    encryption: {
+      method: "portable",
+      algorithm: "aes-256-gcm",
+      kdf: "pbkdf2-sha512-100k",
+    },
+  };
+
+  // Assemble bundle
+  const bundle = {
+    $0n: {
+      type: "application",
+      version,
+      name,
+      description,
+      author,
+      created: now,
+      updated: now,
+    },
+    connections: bundleConnections,
+    environment: bundleEnvironment,
+    operations,
+    workflows,
+    endpoints,
+    automations,
+    platforms: {},
+    includes: [],
+    manifest,
+  };
+
+  // Compute checksums
+  manifest.checksums = {
+    connections: `sha256:${sha256(JSON.stringify(bundleConnections))}`,
+    operations: `sha256:${sha256(JSON.stringify(operations))}`,
+    workflows: `sha256:${sha256(JSON.stringify(workflows))}`,
+    endpoints: `sha256:${sha256(JSON.stringify(endpoints))}`,
+    automations: `sha256:${sha256(JSON.stringify(automations))}`,
+  };
+
+  // Write to file
+  if (!existsSync(APPS_DIR)) mkdirSync(APPS_DIR, { recursive: true });
+  const ts = now.replace(/[:.]/g, "-").slice(0, 19);
+  const safeName = name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/-+$/, "");
+  const outPath = output || join(APPS_DIR, `${safeName}-${ts}.0n`);
+  const outDir = join(outPath, "..");
+  if (!existsSync(outDir)) mkdirSync(outDir, { recursive: true });
+
+  writeFileSync(outPath, JSON.stringify(bundle, null, 2));
+
+  return { bundle, path: outPath, manifest };
+}
+
+/**
+ * Open a .0n application bundle and return parsed data.
+ *
+ * @param {string} bundlePath -Path to .0n application file
+ * @param {string} passphrase -Decryption passphrase
+ * @returns {object} Parsed and decrypted bundle
+ */
+export function openApplication(bundlePath, passphrase) {
+  const raw = readFileSync(bundlePath, "utf-8");
+  const bundle = JSON.parse(raw);
+
+  if (!bundle.$0n || bundle.$0n.type !== "application") {
+    throw new Error(`Not a .0n application file. Type: ${bundle.$0n?.type || "unknown"}`);
+  }
+
+  // Verify connections can be decrypted
+  for (const conn of bundle.connections || []) {
+    if (conn.sealed && conn.vault?.data) {
+      try {
+        unsealPortable(conn.vault.data, passphrase);
+      } catch {
+        throw new Error(`Failed to decrypt connection "${conn.service}" -wrong passphrase.`);
+      }
+    }
+  }
+
+  return bundle;
+}
+
+/**
+ * Inspect an application bundle without passphrase.
+ *
+ * @param {string} bundlePath
+ * @returns {object} Application metadata
+ */
+export function inspectApplication(bundlePath) {
+  const raw = readFileSync(bundlePath, "utf-8");
+  const bundle = JSON.parse(raw);
+
+  if (!bundle.$0n || bundle.$0n.type !== "application") {
+    throw new Error(`Not a .0n application file. Type: ${bundle.$0n?.type || "unknown"}`);
+  }
+
+  return {
+    name: bundle.$0n.name,
+    version: bundle.$0n.version,
+    description: bundle.$0n.description,
+    author: bundle.$0n.author,
+    created: bundle.$0n.created,
+    updated: bundle.$0n.updated,
+    connections: (bundle.connections || []).map(c => ({
+      service: c.service,
+      name: c.name,
+      sealed: c.sealed,
+      credential_keys: c.credential_keys,
+    })),
+    workflows: Object.keys(bundle.workflows || {}),
+    operations: Object.keys(bundle.operations || {}),
+    endpoints: Object.keys(bundle.endpoints || {}),
+    automations: Object.keys(bundle.automations || {}),
+    environment: {
+      variables: Object.keys(bundle.environment?.variables || {}),
+      secrets: Object.keys(bundle.environment?.secrets || {}),
+      settings: bundle.environment?.settings || {},
+      feature_flags: bundle.environment?.feature_flags || {},
+    },
+    manifest: bundle.manifest,
+  };
+}
+
+/**
+ * Validate an application bundle's cross-references.
+ * Ensures endpoints reference valid workflows, workflows reference valid operations, etc.
+ *
+ * @param {object} bundle -Parsed application bundle
+ * @returns {{ valid: boolean, errors: string[], warnings: string[] }}
+ */
+export function validateApplication(bundle) {
+  const errors = [];
+  const warnings = [];
+
+  if (!bundle.$0n || bundle.$0n.type !== "application") {
+    return { valid: false, errors: ["Not a valid .0n application bundle."], warnings };
+  }
+
+  const workflows = bundle.workflows || {};
+  const operations = bundle.operations || {};
+  const endpoints = bundle.endpoints || {};
+  const automations = bundle.automations || {};
+
+  // Validate operations
+  if (Object.keys(operations).length > 0) {
+    const opValidation = validateOperations(operations);
+    errors.push(...opValidation.errors);
+  }
+
+  // Validate endpoints → workflows
+  for (const [route, ep] of Object.entries(endpoints)) {
+    if (ep.handler) continue; // Built-in handler (e.g., "health")
+
+    if (ep.workflow && !workflows[ep.workflow]) {
+      errors.push(`Endpoint "${route}" references unknown workflow: "${ep.workflow}"`);
+    }
+  }
+
+  // Validate automations → workflows
+  for (const [id, auto] of Object.entries(automations)) {
+    if (auto.workflow && !workflows[auto.workflow]) {
+      errors.push(`Automation "${id}" references unknown workflow: "${auto.workflow}"`);
+    }
+
+    if (auto.type === "schedule" && auto.config?.cron) {
+      // Validate cron expression (import synchronously -already loaded)
+      try {
+        const parts = auto.config.cron.trim().split(/\s+/);
+        if (parts.length !== 5) {
+          errors.push(`Automation "${id}" has invalid cron: must have 5 fields`);
+        }
+      } catch (err) {
+        errors.push(`Automation "${id}" has invalid cron: ${err.message}`);
+      }
+    }
+  }
+
+  // Validate workflow steps → operations
+  for (const [wfId, wf] of Object.entries(workflows)) {
+    if (!wf.steps || !Array.isArray(wf.steps)) {
+      errors.push(`Workflow "${wfId}" has no steps array`);
+      continue;
+    }
+
+    for (const step of wf.steps) {
+      if (step.operation && !operations[step.operation]) {
+        errors.push(`Workflow "${wfId}" step "${step.id}" references unknown operation: "${step.operation}"`);
+      }
+    }
+  }
+
+  // Warnings for unused operations
+  const usedOps = new Set();
+  for (const wf of Object.values(workflows)) {
+    for (const step of wf.steps || []) {
+      if (step.operation) usedOps.add(step.operation);
+    }
+  }
+  for (const opId of Object.keys(operations)) {
+    if (!usedOps.has(opId)) {
+      warnings.push(`Operation "${opId}" is defined but never referenced by any workflow`);
+    }
+  }
+
+  return { valid: errors.length === 0, errors, warnings };
+}