@agentvault/agentvault 0.17.2 → 0.17.4

package/dist/http-handlers.d.ts

@@ -39,4 +39,11 @@ export declare function handleStatusRequest(channel: SecureChannel): HandlerResu
  * Handle GET /targets — return available delivery destinations.
  */
 export declare function handleTargetsRequest(channel: SecureChannel): HandlerResult;
+/**
+ * Handle GET /mcp-config — return MCP connection config for this agent.
+ *
+ * Returns JSON suitable for adding to Claude Code, Cursor, or other MCP host
+ * configuration files.
+ */
+export declare function handleMcpConfigRequest(agentName: string, port: number, mcpSkillCount: number): HandlerResult;
 //# sourceMappingURL=http-handlers.d.ts.map

package/dist/http-handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http-handlers.d.ts","sourceRoot":"","sources":["../src/http-handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGlD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CAqExB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CAmCxB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAUzE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAW1E"}
+{"version":3,"file":"http-handlers.d.ts","sourceRoot":"","sources":["../src/http-handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGlD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CAqExB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CAmCxB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAUzE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAW1E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,MAAM,GACpB,aAAa,CAkBf"}

package/dist/index.js

@@ -46538,6 +46538,7 @@ var http_handlers_exports = {};
 __export(http_handlers_exports, {
   handleActionRequest: () => handleActionRequest,
   handleDecisionRequest: () => handleDecisionRequest,
+  handleMcpConfigRequest: () => handleMcpConfigRequest,
   handleSendRequest: () => handleSendRequest,
   handleStatusRequest: () => handleStatusRequest,
   handleTargetsRequest: () => handleTargetsRequest
@@ -46679,12 +46680,90 @@ function handleTargetsRequest(channel) {
     }
   };
 }
+function handleMcpConfigRequest(agentName, port, mcpSkillCount) {
+  return {
+    status: 200,
+    body: {
+      mcpServers: {
+        [`agentvault-${agentName}`]: {
+          url: `http://127.0.0.1:${port}/mcp`
+        }
+      },
+      _meta: {
+        agent: agentName,
+        skills_count: mcpSkillCount,
+        transport: "streamable-http",
+        auth: "none (localhost)",
+        instructions: "Add the mcpServers block to your MCP configuration file (e.g., .mcp.json or mcp_config.json)"
+      }
+    }
+  };
+}
 var init_http_handlers = __esm({
   "src/http-handlers.ts"() {
     "use strict";
   }
 });
 
+// src/mcp-proxy-helpers.ts
+var mcp_proxy_helpers_exports = {};
+__export(mcp_proxy_helpers_exports, {
+  createMcpProxyRequest: () => createMcpProxyRequest
+});
+import { Readable } from "node:stream";
+async function createMcpProxyRequest(mcpServer, payload) {
+  const bodyStr = JSON.stringify(payload);
+  const req = Object.assign(new Readable({ read() {
+  } }), {
+    method: "POST",
+    url: "/mcp",
+    headers: {
+      "content-type": "application/json",
+      "content-length": String(Buffer.byteLength(bodyStr)),
+      // Use localhost to bypass SPT validation (WS already authenticated)
+      host: "localhost"
+    },
+    socket: { remoteAddress: "127.0.0.1" }
+  });
+  req.push(bodyStr);
+  req.push(null);
+  let responseStatus = 200;
+  let responseBody = "";
+  const chunks = [];
+  const res = {
+    writeHead: (status) => {
+      responseStatus = status;
+    },
+    write: (chunk) => {
+      chunks.push(typeof chunk === "string" ? chunk : chunk.toString());
+      return true;
+    },
+    end: (data) => {
+      if (data) chunks.push(typeof data === "string" ? data : data.toString());
+      responseBody = chunks.join("");
+    },
+    setHeader: () => {
+    },
+    getHeader: () => void 0,
+    statusCode: 200,
+    headersSent: false
+  };
+  await mcpServer.handleRequest(req, res);
+  if (responseBody) {
+    try {
+      return JSON.parse(responseBody);
+    } catch {
+      return { jsonrpc: "2.0", error: { code: -32603, message: responseBody } };
+    }
+  }
+  return null;
+}
+var init_mcp_proxy_helpers = __esm({
+  "src/mcp-proxy-helpers.ts"() {
+    "use strict";
+  }
+});
+
 // src/workspace-handlers.ts
 var workspace_handlers_exports = {};
 __export(workspace_handlers_exports, {
@@ -46900,6 +46979,7 @@ var init_channel = __esm({
       _stopped = false;
       _persisted = null;
       _httpServer = null;
+      _mcpServer = null;
       _pollFallbackTimer = null;
       _heartbeatTimer = null;
       _heartbeatCallback = null;
@@ -46980,6 +47060,12 @@ var init_channel = __esm({
       get telemetry() {
         return this._telemetryReporter;
       }
+      /**
+       * Check if a skill is in shadow mode. Returns the shadow config if active, undefined otherwise.
+       */
+      getShadowConfig(skillName) {
+        return this._persisted?.shadowSkills?.[skillName];
+      }
       async start() {
         this._stopped = false;
         await libsodium_wrappers_default.ready;
@@ -47945,9 +48031,28 @@ var init_channel = __esm({
             const result = handlers.handleTargetsRequest(this);
             res.writeHead(result.status, { "Content-Type": "application/json" });
             res.end(JSON.stringify(result.body));
+          } else if (req.url === "/mcp" && (req.method === "POST" || req.method === "GET" || req.method === "DELETE")) {
+            if (!this._mcpServer) {
+              res.writeHead(503, { "Content-Type": "application/json" });
+              res.end(JSON.stringify({ ok: false, error: "MCP server not initialized" }));
+              return;
+            }
+            this._mcpServer.handleRequest(req, res).catch((err) => {
+              console.error("[MCP] Request handling error:", err);
+              if (!res.headersSent) {
+                res.writeHead(500, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ ok: false, error: "Internal MCP error" }));
+              }
+            });
+          } else if (req.method === "GET" && req.url === "/mcp-config") {
+            const agentName = this.config.agentName ?? "agent";
+            const mcpSkillCount = this._mcpServer?.skillCount ?? 0;
+            const result = handlers.handleMcpConfigRequest(agentName, port, mcpSkillCount);
+            res.writeHead(result.status, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(result.body));
           } else {
             res.writeHead(404, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ ok: false, error: "Not found. Use POST /send, POST /decision, POST /action, GET /status, or GET /targets" }));
+            res.end(JSON.stringify({ ok: false, error: "Not found. Use POST /send, POST /decision, POST /action, GET /status, GET /targets, or /mcp" }));
           }
         });
         this._httpServer.listen(port, "127.0.0.1", () => {
@@ -47960,6 +48065,17 @@ var init_channel = __esm({
           this._httpServer = null;
         }
       }
+      /**
+       * Attach an MCP server instance to this channel.
+       * The MCP server will be served at /mcp on the local HTTP server.
+       */
+      setMcpServer(mcpServer) {
+        this._mcpServer = mcpServer;
+      }
+      /** The attached MCP server, if any. */
+      get mcpServer() {
+        return this._mcpServer;
+      }
       // --- Topic management ---
       /**
        * Create a new topic within the conversation group.
@@ -48554,6 +48670,33 @@ var init_channel = __esm({
               await this._fetchScanRules();
               return;
             }
+            if (data.event === "mcp_request") {
+              const requestId = data.data?.request_id;
+              const mcpPayload = data.data?.mcp_payload;
+              if (requestId && mcpPayload && this._mcpServer) {
+                try {
+                  const { createMcpProxyRequest: createMcpProxyRequest2 } = await Promise.resolve().then(() => (init_mcp_proxy_helpers(), mcp_proxy_helpers_exports));
+                  const mcpResponse = await createMcpProxyRequest2(this._mcpServer, mcpPayload);
+                  ws.send(JSON.stringify({
+                    event: "mcp_response",
+                    data: { request_id: requestId, mcp_payload: mcpResponse }
+                  }));
+                } catch (err) {
+                  ws.send(JSON.stringify({
+                    event: "mcp_response",
+                    data: {
+                      request_id: requestId,
+                      mcp_payload: {
+                        jsonrpc: "2.0",
+                        id: mcpPayload?.id ?? null,
+                        error: { code: -32603, message: String(err) }
+                      }
+                    }
+                  }));
+                }
+              }
+              return;
+            }
             if (data.event === "hub_identity_sync") {
               if (this._persisted && data.data?.hub_id) {
                 const changed = this._persisted.hubId !== data.data.hub_id || this._persisted.agentRole !== (data.data.agent_role ?? "peer");
@@ -48590,6 +48733,46 @@ var init_channel = __esm({
               }
               this.emit("hub_identity_role_changed", data.data);
             }
+            if (data.event === "shadow_config_sync") {
+              if (this._persisted && data.data?.skills) {
+                this._persisted.shadowSkills = data.data.skills;
+                this._persistState();
+                console.log(`[SecureChannel] Shadow config synced: ${Object.keys(data.data.skills).length} skill(s)`);
+              }
+            }
+            if (data.event === "shadow_session_created") {
+              if (this._persisted && data.data?.skill_name) {
+                if (!this._persisted.shadowSkills) this._persisted.shadowSkills = {};
+                this._persisted.shadowSkills[data.data.skill_name] = {
+                  sessionId: data.data.session_id,
+                  autonomyLevel: data.data.autonomy_level,
+                  decisionClass: data.data.decision_class
+                };
+                this._persistState();
+                console.log(`[SecureChannel] Shadow session created for skill: ${data.data.skill_name}`);
+              }
+              this.emit("shadow_session_created", data.data);
+            }
+            if (data.event === "shadow_session_graduated") {
+              if (this._persisted?.shadowSkills && data.data?.skill_name) {
+                if (data.data.autonomy_level === "autonomous") {
+                  delete this._persisted.shadowSkills[data.data.skill_name];
+                } else {
+                  const entry = this._persisted.shadowSkills[data.data.skill_name];
+                  if (entry) entry.autonomyLevel = data.data.autonomy_level;
+                }
+                this._persistState();
+                console.log(`[SecureChannel] Shadow session graduated: ${data.data.skill_name} \u2192 ${data.data.autonomy_level}`);
+              }
+              this.emit("shadow_session_graduated", data.data);
+            }
+            if (data.event === "shadow_session_deleted") {
+              if (this._persisted?.shadowSkills && data.data?.skill_name) {
+                delete this._persisted.shadowSkills[data.data.skill_name];
+                this._persistState();
+              }
+              this.emit("shadow_session_deleted", data.data);
+            }
             if (data.event === "hub_identity_removed") {
               if (this._persisted) {
                 delete this._persisted.hubAddress;
@@ -50824,20 +51007,6 @@ var init_fetch_interceptor = __esm({
   }
 });
 
-// src/openclaw-entry.ts
-var isUsingManagedRoutes;
-var init_openclaw_entry = __esm({
-  "src/openclaw-entry.ts"() {
-    "use strict";
-    init_account_config();
-    init_fetch_interceptor();
-    init_http_handlers();
-    init_openclaw_compat();
-    init_types();
-    isUsingManagedRoutes = false;
-  }
-});
-
 // ../../node_modules/zod/v3/helpers/util.js
 var util, objectUtil, ZodParsedType, getParsedType;
 var init_util = __esm({
@@ -74906,7 +75075,7 @@ var init_mcp = __esm({
 // ../../node_modules/@hono/node-server/dist/index.mjs
 import { Http2ServerRequest as Http2ServerRequest2 } from "http2";
 import { Http2ServerRequest } from "http2";
-import { Readable } from "stream";
+import { Readable as Readable2 } from "stream";
 import crypto2 from "crypto";
 async function readWithoutBlocking(readPromise) {
   return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(void 0))]);
@@ -75023,7 +75192,7 @@ var init_dist2 = __esm({
           init.body = new ReadableStream({
             async pull(controller) {
               try {
-                reader ||= Readable.toWeb(incoming).getReader();
+                reader ||= Readable2.toWeb(incoming).getReader();
                 const { done, value } = await reader.read();
                 if (done) {
                   controller.close();
@@ -75036,7 +75205,7 @@ var init_dist2 = __esm({
             }
           });
         } else {
-          init.body = Readable.toWeb(incoming);
+          init.body = Readable2.toWeb(incoming);
         }
       }
       return new Request2(url2, init);
@@ -76232,23 +76401,29 @@ var init_mcp_server2 = __esm({
        * Each request gets a fresh stateless transport; after the response is
        * flushed the transport + underlying protocol connection are torn down
        * so the single McpServer instance is ready for the next caller.
+       *
+       * Local requests from 127.0.0.1/::1 bypass SPT validation (owner access).
        */
       async handleRequest(req, res) {
         if (!this.initialized) {
           this.initialize();
         }
-        const authHeader = req.headers.authorization;
-        if (!authHeader?.startsWith("Bearer ")) {
-          res.writeHead(401, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: "Missing or invalid Authorization header" }));
-          return;
-        }
-        const token = authHeader.slice(7);
-        const valid = await this.validateSpt(token);
-        if (!valid) {
-          res.writeHead(403, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: "Invalid or expired SPT token" }));
-          return;
+        const remote = req.socket?.remoteAddress;
+        const isLocal = remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
+        if (!isLocal) {
+          const authHeader = req.headers.authorization;
+          if (!authHeader?.startsWith("Bearer ")) {
+            res.writeHead(401, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Missing or invalid Authorization header" }));
+            return;
+          }
+          const token = authHeader.slice(7);
+          const valid = await this.validateSpt(token);
+          if (!valid) {
+            res.writeHead(403, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Invalid or expired SPT token" }));
+            return;
+          }
         }
         const transport = new StreamableHTTPServerTransport({
           sessionIdGenerator: void 0
@@ -76332,44 +76507,6 @@ var init_mcp_server2 = __esm({
   }
 });
 
-// src/mcp-handlers.ts
-function createMcpHandler(mcpServer, basePath = "/mcp") {
-  return (req, res, next) => {
-    const url2 = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
-    const pathname = url2.pathname;
-    if (!pathname.startsWith(basePath)) {
-      if (next) next();
-      return;
-    }
-    if (!mcpServer) {
-      res.writeHead(503, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ error: "MCP server not initialized" }));
-      return;
-    }
-    mcpServer.handleRequest(req, res).catch((err) => {
-      console.error("[MCP] Request handling error:", err);
-      if (!res.headersSent) {
-        res.writeHead(500, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "Internal MCP error" }));
-      }
-    });
-  };
-}
-function getMcpStatus(mcpServer) {
-  if (!mcpServer) {
-    return { mcp_enabled: false, mcp_skills_count: 0 };
-  }
-  return {
-    mcp_enabled: true,
-    mcp_skills_count: mcpServer.skillCount
-  };
-}
-var init_mcp_handlers = __esm({
-  "src/mcp-handlers.ts"() {
-    "use strict";
-  }
-});
-
 // src/skill-manifest.ts
 import { readFileSync, existsSync, readdirSync } from "node:fs";
 import { resolve as resolve2, join as join4 } from "node:path";
@@ -76537,6 +76674,60 @@ var init_skill_manifest = __esm({
   }
 });
 
+// src/openclaw-entry.ts
+var isUsingManagedRoutes;
+var init_openclaw_entry = __esm({
+  "src/openclaw-entry.ts"() {
+    "use strict";
+    init_account_config();
+    init_fetch_interceptor();
+    init_http_handlers();
+    init_openclaw_compat();
+    init_types();
+    init_mcp_server2();
+    init_skill_manifest();
+    isUsingManagedRoutes = false;
+  }
+});
+
+// src/mcp-handlers.ts
+function createMcpHandler(mcpServer, basePath = "/mcp") {
+  return (req, res, next) => {
+    const url2 = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    const pathname = url2.pathname;
+    if (!pathname.startsWith(basePath)) {
+      if (next) next();
+      return;
+    }
+    if (!mcpServer) {
+      res.writeHead(503, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "MCP server not initialized" }));
+      return;
+    }
+    mcpServer.handleRequest(req, res).catch((err) => {
+      console.error("[MCP] Request handling error:", err);
+      if (!res.headersSent) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Internal MCP error" }));
+      }
+    });
+  };
+}
+function getMcpStatus(mcpServer) {
+  if (!mcpServer) {
+    return { mcp_enabled: false, mcp_skills_count: 0 };
+  }
+  return {
+    mcp_enabled: true,
+    mcp_skills_count: mcpServer.skillCount
+  };
+}
+var init_mcp_handlers = __esm({
+  "src/mcp-handlers.ts"() {
+    "use strict";
+  }
+});
+
 // src/skill-invoker.ts
 async function invokeSkill(opts, handler) {
   const start = Date.now();