@aiwerk/mcp-bridge 2.8.44 → 2.9.0

package/dist/src/catalog-client.js

@@ -1,45 +1,121 @@
 /**
- * CatalogClient — REST client for the AIWerk MCP Catalog API.
+ * CatalogClient — REST client for the AIWerk MCP catalog at bridge.aiwerk.ch.
  *
- * Default endpoint: https://catalog.aiwerk.ch
- * Supports local file caching with offline fallback.
+ * Restored 2026-05-03 after maintenance mode ended. Endpoint moved from the
+ * historical catalog.aiwerk.ch to bridge.aiwerk.ch/api/recipes/<name>/download.
+ * Every fetched recipe is Ed25519-verified against the bundled AIWerk public
+ * key before it is cached or returned. Unsigned or tampered recipes are
+ * refused.
  */
 import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, statSync } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
-// ── Error ────────────────────────────────────────────────────────────────────
+import { createPublicKey, verify } from "node:crypto";
+// ── Public key (Ed25519, AIWerk catalog signer) ──────────────────────────────
+//
+// The hosted bridge signs every recipe with the matching private key kept in
+// pass under aiwerk/mcp-catalog-private-key. The public key is baked into
+// the standalone bundle so a fresh install does not need to fetch it.
+const AIWERK_CATALOG_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAkHESasC8Mbf2+pGe+bhKRQkgOBSPcqGj0ZWGop4TS6k=
+-----END PUBLIC KEY-----
+`;
+const SIGNED_FIELDS = [
+    "id",
+    "name",
+    "description",
+    "transports",
+    "auth",
+    "install",
+    "metadata",
+    "skill",
+    "localOnly",
+];
+// ── Errors ───────────────────────────────────────────────────────────────────
 export class CatalogError extends Error {
     constructor(message) {
         super(message);
         this.name = "CatalogError";
     }
 }
+export class CatalogSignatureError extends CatalogError {
+    constructor(message) {
+        super(message);
+        this.name = "CatalogSignatureError";
+    }
+}
 // ── Helpers ──────────────────────────────────────────────────────────────────
 const TIMEOUT_MS = 5_000;
+const DEFAULT_BASE_URL = "https://bridge.aiwerk.ch";
 const noop = {
     info: () => { },
     warn: () => { },
     error: () => { },
     debug: () => { },
 };
-// ── CatalogClient ────────────────────────────────────────────────────────────
+function stableStringify(value) {
+    if (value === null || value === undefined)
+        return JSON.stringify(value);
+    if (typeof value !== "object")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map((v) => stableStringify(v)).join(",") + "]";
+    }
+    const sorted = Object.keys(value).sort();
+    const entries = sorted.map((k) => JSON.stringify(k) + ":" + stableStringify(value[k]));
+    return "{" + entries.join(",") + "}";
+}
+function canonicalSignedPayload(recipe) {
+    const subset = {};
+    for (const field of SIGNED_FIELDS) {
+        if (field in recipe) {
+            subset[field] = recipe[field];
+        }
+    }
+    return stableStringify(subset);
+}
 /**
- * CatalogClient — REST client for the AIWerk MCP Catalog API.
- *
- * NOTE: File I/O operations (readCache, writeCache, etc.) are intentionally
- * synchronous. This is acceptable for CLI tools and bridge startup, but
- * should be converted to async if used in hot paths (e.g., per-request).
+ * Verify the Ed25519 signature on a recipe against the bundled AIWerk public
+ * key. Throws CatalogSignatureError on any failure (missing signature, wrong
+ * algorithm, tampered payload, key mismatch).
+ */
+export function verifyRecipeSignature(recipe) {
+    const sig = recipe.signature;
+    if (!sig) {
+        throw new CatalogSignatureError("recipe has no signature");
+    }
+    if (sig.algorithm !== "ed25519") {
+        throw new CatalogSignatureError(`unsupported signature algorithm: ${sig.algorithm}`);
+    }
+    if (typeof sig.value !== "string" || sig.value.length === 0) {
+        throw new CatalogSignatureError("recipe signature value is empty");
+    }
+    const publicKey = createPublicKey(AIWERK_CATALOG_PUBLIC_KEY_PEM);
+    const payload = Buffer.from(canonicalSignedPayload(recipe), "utf-8");
+    const signatureBytes = Buffer.from(sig.value, "base64");
+    const ok = verify(null, payload, publicKey, signatureBytes);
+    if (!ok) {
+        throw new CatalogSignatureError("recipe signature does not match");
+    }
+}
+/**
+ * REST client for the AIWerk MCP catalog. File I/O is intentionally
+ * synchronous — fine for CLI tools and bridge startup. Signature verification
+ * runs on every fetch (including cache reads) so a tampered cache cannot
+ * silently slip through.
  */
 export class CatalogClient {
     baseUrl;
     cacheDir;
     logger;
     staleMs;
+    skipSignatureVerify;
     constructor(opts) {
-        this.baseUrl = (opts?.baseUrl ?? "https://catalog.aiwerk.ch").replace(/\/+$/, "");
+        this.baseUrl = (opts?.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
         this.cacheDir = opts?.cacheDir ?? join(homedir(), ".mcp-bridge", "recipes");
         this.logger = opts?.logger ?? noop;
         this.staleMs = (opts?.staleDays ?? 7) * 24 * 60 * 60 * 1000;
+        this.skipSignatureVerify = opts?.skipSignatureVerify ?? false;
     }
     // ── Private helpers ──────────────────────────────────────────────────────
     async fetchJson(path) {
@@ -95,11 +171,23 @@ export class CatalogClient {
             return true;
         }
     }
+    verifyOrThrow(recipe, name) {
+        if (this.skipSignatureVerify)
+            return;
+        try {
+            verifyRecipeSignature(recipe);
+        }
+        catch (err) {
+            const reason = err instanceof Error ? err.message : String(err);
+            throw new CatalogSignatureError(`Recipe "${name}" failed signature verification: ${reason}`);
+        }
+    }
     // ── Public API ───────────────────────────────────────────────────────────
     /** Search for recipes by keyword. */
     async search(query) {
         const encoded = encodeURIComponent(query);
-        return this.fetchJson(`/api/search?q=${encoded}`);
+        const result = await this.fetchJson(`/api/search?q=${encoded}`);
+        return Array.isArray(result) ? result : (result.results ?? []);
     }
     /** List recipes with optional filtering. */
     async list(opts) {
@@ -110,75 +198,54 @@ export class CatalogClient {
             params.set("category", opts.category);
         if (opts?.sort)
             params.set("sort", opts.sort);
-        if (opts?.hostedSafe)
-            params.set("hostedSafe", "true");
         const qs = params.toString();
         return this.fetchJson(`/api/recipes${qs ? `?${qs}` : ""}`);
     }
-    /** Download a recipe from the catalog and cache it locally. */
+    /**
+     * Download a recipe from the catalog, verify its signature, and cache it
+     * locally. Throws CatalogSignatureError if the recipe is unsigned or
+     * tampered — nothing is written to the cache in that case.
+     */
     async download(name) {
         const recipe = await this.fetchJson(`/api/recipes/${encodeURIComponent(name)}/download`);
+        this.verifyOrThrow(recipe, name);
         this.writeCache(name, recipe);
         return recipe;
     }
     /**
-     * Resolve a recipe — returns cached if available, otherwise fetches from catalog.
-     * Falls back to cache when the catalog is unreachable (offline mode).
+     * Resolve a recipe by name. Returns the cached copy if fresh; otherwise
+     * fetches from the catalog. Falls back to a stale cache if the network is
+     * unreachable. Signature is verified on both fresh and cached paths so a
+     * tampered cache cannot slip through.
      */
     async resolve(name) {
         const cached = this.readCache(name);
-        if (cached && !this.isCacheStale(name))
+        if (cached && !this.isCacheStale(name)) {
+            this.verifyOrThrow(cached, name);
             return cached;
+        }
         try {
             const recipe = await this.fetchJson(`/api/recipes/${encodeURIComponent(name)}/download`);
+            this.verifyOrThrow(recipe, name);
             this.writeCache(name, recipe);
             return recipe;
         }
         catch (err) {
+            if (err instanceof CatalogSignatureError)
+                throw err;
             if (err instanceof CatalogError && err.message.startsWith("Recipe not found:")) {
                 throw err;
             }
             if (cached) {
+                // Stale cache fallback: still verify the signature so an offline user
+                // does not run a tampered local copy.
+                this.verifyOrThrow(cached, name);
                 this.logger.warn(`Catalog unreachable for "${name}", using cached version`);
                 return cached;
             }
             throw new CatalogError(`Cannot resolve recipe "${name}": catalog unreachable and no local cache`);
         }
     }
-    /**
-     * Bootstrap by downloading the top N most popular recipes.
-     * Skips already-cached recipes unless they are stale.
-     */
-    async bootstrap(limit = 15, hostedSafe = false) {
-        const { results } = await this.list({ limit, sort: "popular", hostedSafe });
-        const names = [];
-        const toDownload = [];
-        for (const entry of results) {
-            const name = entry.name;
-            if (!this.isCacheStale(name)) {
-                names.push(name);
-                continue;
-            }
-            toDownload.push(name);
-        }
-        const BATCH_SIZE = 5;
-        for (let i = 0; i < toDownload.length; i += BATCH_SIZE) {
-            const batch = toDownload.slice(i, i + BATCH_SIZE);
-            const results = await Promise.allSettled(batch.map(async (name) => {
-                await this.download(name);
-                return name;
-            }));
-            for (const r of results) {
-                if (r.status === "fulfilled") {
-                    names.push(r.value);
-                }
-                else {
-                    this.logger.warn(`Failed to download recipe: ${r.reason}`);
-                }
-            }
-        }
-        return names;
-    }
     /** Synchronously read a recipe from local cache. Returns null if not cached. */
     getCached(name) {
         return this.readCache(name);

package/dist/src/config.d.ts

@@ -1,5 +1,4 @@
 import { BridgeConfig, Logger, McpServerConfig } from "./types.js";
-import type { CatalogRecipe } from "./catalog-client.js";
 /**
  * Load ~/.openclaw/.env as a fallback env source.
  *
@@ -25,43 +24,11 @@ export interface LoadConfigOptions {
  * 4. Validate required fields
  */
 export declare function loadConfig(options?: LoadConfigOptions): BridgeConfig;
-/**
- * Warn about deprecated bundled recipes.
- * In v2.8.0, bundled servers/ recipes are deprecated in favor of catalog.
- * They will be removed in v3.0.0.
- */
-export declare function warnDeprecatedBundledRecipes(logger: Logger): void;
 /** Get the default config directory path. */
 export declare function getConfigDir(configPath?: string): string;
 /** Initialize the config directory with template files. */
 export declare function initConfigDir(logger: Logger): void;
-/**
- * Bootstrap the local recipe cache from the catalog.
- * Downloads top N popular recipes if cache is empty or force=true.
- * Returns array of recipe names now cached. Never throws on network errors.
- */
-export declare function bootstrapCatalog(options?: {
-    logger?: Logger;
-    cacheDir?: string;
-    catalogUrl?: string;
-    limit?: number;
-    force?: boolean;
-    requireCleanAudit?: boolean;
-    catalog?: boolean;
-}): Promise<string[]>;
-/**
- * Merge cached catalog recipes into a BridgeConfig.
- * Only adds recipes whose required env vars are all present in process.env.
- * Never overwrites manually configured servers.
- *
- * IMPORTANT: Must be called AFTER loadConfig() / dotenv, since env var
- * checks rely on process.env being fully populated.
- */
-export declare function mergeRecipesIntoConfig(config: BridgeConfig, options?: {
-    cacheDir?: string;
-    logger?: Logger;
-}): BridgeConfig;
-/** Convert a catalog recipe JSON to McpServerConfig, or null if unsupported. */
+import type { CatalogRecipe } from "./catalog-client.js";
 export declare function recipeToServerConfig(recipe: CatalogRecipe): McpServerConfig | null;
-/** Collect all env var names required by a recipe. */
+/** Collect all env var names required by a recipe (auth.envVars + ${VAR} refs). */
 export declare function collectRequiredEnvVars(recipe: CatalogRecipe): string[];

package/dist/src/config.js

@@ -3,7 +3,6 @@ import { join, extname } from "path";
 import { homedir } from "os";
 import { resolveEnvVars } from "./transport-base.js";
 import { randomBytes } from "crypto";
-import { CatalogClient } from "./catalog-client.js";
 const DEFAULT_CONFIG_DIR = join(homedir(), ".mcp-bridge");
 const DEFAULT_CONFIG_FILE = "config.json";
 const DEFAULT_ENV_FILE = ".env";
@@ -154,18 +153,6 @@ export function loadConfig(options = {}) {
     }
     return config;
 }
-/**
- * Warn about deprecated bundled recipes.
- * In v2.8.0, bundled servers/ recipes are deprecated in favor of catalog.
- * They will be removed in v3.0.0.
- */
-export function warnDeprecatedBundledRecipes(logger) {
-    const catalogClient = new CatalogClient({ logger });
-    const cached = catalogClient.listCached();
-    if (cached.length === 0) {
-        logger.info('[mcp-bridge] Tip: Run bootstrapCatalog() to fetch recipes from catalog.aiwerk.ch (replaces bundled servers/)');
-    }
-}
 /** Get the default config directory path. */
 export function getConfigDir(configPath) {
     if (!configPath)
@@ -218,120 +205,7 @@ export function initConfigDir(logger) {
     }
     logger.info(`Config directory ready: ${dir}`);
 }
-// ── Catalog bootstrap ─────────────────────────────────────────────────────────
-const noopLogger = {
-    info: () => { },
-    warn: () => { },
-    error: () => { },
-    debug: () => { },
-};
-/**
- * Extract the depAudit value from a catalog recipe's metadata.verification field.
- * Returns null if not present.
- */
-function getDepAudit(recipe) {
-    const meta = recipe.metadata;
-    const verification = meta?.verification;
-    const depAudit = verification?.depAudit;
-    return typeof depAudit === "string" ? depAudit : null;
-}
-/**
- * Bootstrap the local recipe cache from the catalog.
- * Downloads top N popular recipes if cache is empty or force=true.
- * Returns array of recipe names now cached. Never throws on network errors.
- */
-export async function bootstrapCatalog(options) {
-    // If catalog is explicitly disabled, skip fetching
-    if (options?.catalog === false) {
-        const logger = options?.logger ?? noopLogger;
-        logger.info("[mcp-bridge] Catalog discovery disabled (catalog: false), skipping bootstrap");
-        return [];
-    }
-    const logger = options?.logger ?? noopLogger;
-    const cacheDir = options?.cacheDir ?? join(homedir(), ".mcp-bridge", "recipes");
-    const requireCleanAudit = options?.requireCleanAudit ?? false;
-    const client = new CatalogClient({
-        baseUrl: options?.catalogUrl,
-        cacheDir,
-        logger,
-    });
-    // Check if cache already has recipes
-    if (!options?.force) {
-        const cached = client.listCached();
-        if (cached.length > 0) {
-            logger.debug(`Recipe cache already has ${cached.length} recipes, skipping bootstrap`);
-            return cached;
-        }
-    }
-    try {
-        return await client.bootstrap(options?.limit ?? 15, requireCleanAudit);
-    }
-    catch (err) {
-        logger.warn(`Catalog unreachable during bootstrap: ${err instanceof Error ? err.message : err}`);
-        return [];
-    }
-}
-/**
- * Merge cached catalog recipes into a BridgeConfig.
- * Only adds recipes whose required env vars are all present in process.env.
- * Never overwrites manually configured servers.
- *
- * IMPORTANT: Must be called AFTER loadConfig() / dotenv, since env var
- * checks rely on process.env being fully populated.
- */
-export function mergeRecipesIntoConfig(config, options) {
-    const logger = options?.logger ?? noopLogger;
-    // autoMerge defaults to false (opt-in) — only merge when explicitly enabled
-    if (config.autoMerge !== true) {
-        logger.debug("[mcp-bridge] Auto-merge disabled (autoMerge is not true), skipping recipe merge");
-        return config;
-    }
-    const cacheDir = options?.cacheDir ?? join(homedir(), ".mcp-bridge", "recipes");
-    const client = new CatalogClient({ cacheDir, logger });
-    const names = client.listCached();
-    if (names.length === 0)
-        return config;
-    const servers = { ...config.servers };
-    const requireCleanAudit = config.security?.requireCleanAudit ?? false;
-    for (const name of names) {
-        // Never overwrite manually configured servers
-        if (servers[name])
-            continue;
-        const recipe = client.getCached(name);
-        if (!recipe)
-            continue;
-        // Check depAudit security policy
-        const depAudit = getDepAudit(recipe);
-        const auditOk = depAudit === null || depAudit === "clean" || depAudit === "not-applicable";
-        if (!auditOk) {
-            if (requireCleanAudit) {
-                logger.warn(`⚠️ Skipping server "${name}": has known security advisories (depAudit: ${depAudit}). Set security.requireCleanAudit=false to allow.`);
-                continue;
-            }
-            else {
-                logger.info(`ℹ️ Server "${name}" has known advisories (depAudit: ${depAudit}). Set security.requireCleanAudit=true to block.`);
-            }
-        }
-        const converted = recipeToServerConfig(recipe);
-        if (!converted) {
-            logger.debug(`Skipping recipe "${name}": unsupported format`);
-            continue;
-        }
-        // Check that all required env vars are available
-        const requiredVars = collectRequiredEnvVars(recipe);
-        const missing = requiredVars.filter((v) => !process.env[v]);
-        if (missing.length > 0) {
-            logger.debug(`Skipping recipe "${name}": missing env vars: ${missing.join(", ")}`);
-            continue;
-        }
-        servers[name] = converted;
-        logger.debug(`Added catalog recipe "${name}" to config`);
-    }
-    return { ...config, servers };
-}
-/** Convert a catalog recipe JSON to McpServerConfig, or null if unsupported. */
 export function recipeToServerConfig(recipe) {
-    // v2 recipe: has transports array
     if (Array.isArray(recipe.transports) && recipe.transports.length > 0) {
         const t = recipe.transports[0];
         if (t.type === "stdio") {
@@ -353,7 +227,6 @@ export function recipeToServerConfig(recipe) {
         }
         return null;
     }
-    // v1 recipe: has transport string
     if (recipe.transport === "stdio") {
         return {
             transport: "stdio",
@@ -373,15 +246,13 @@ export function recipeToServerConfig(recipe) {
     }
     return null;
 }
-/** Collect all env var names required by a recipe. */
+/** Collect all env var names required by a recipe (auth.envVars + ${VAR} refs). */
 export function collectRequiredEnvVars(recipe) {
     const vars = new Set();
-    // From auth.envVars
     if (Array.isArray(recipe.auth?.envVars)) {
         for (const v of recipe.auth.envVars)
             vars.add(v);
     }
-    // From env object: extract ${VAR} references
     const envObj = Array.isArray(recipe.transports)
         ? recipe.transports[0]?.env
         : recipe.env;
@@ -394,10 +265,8 @@ export function collectRequiredEnvVars(recipe) {
             }
         }
     }
-    // If auth is explicitly required but no env vars were found,
-    // return a placeholder to prevent auto-registration without credentials
     if (recipe.auth?.required === true && vars.size === 0) {
         vars.add("__AUTH_REQUIRED__");
     }
-    return [...vars];
+    return Array.from(vars);
 }

package/dist/src/index.d.ts

@@ -18,7 +18,7 @@ export { ToolResolver } from "./tool-resolution.js";
 export type { ToolResolutionResult, ToolResolutionCandidate } from "./tool-resolution.js";
 export { convertJsonSchemaToTypeBox, createToolParameters, setTypeBoxLoader, setSchemaLogger } from "./schema-convert.js";
 export { initializeProtocol, fetchToolsList, PACKAGE_VERSION } from "./protocol.js";
-export { loadConfig, parseEnvFile, initConfigDir, getConfigDir, bootstrapCatalog, mergeRecipesIntoConfig, warnDeprecatedBundledRecipes } from "./config.js";
+export { loadConfig, parseEnvFile, initConfigDir, getConfigDir } from "./config.js";
 export type { Logger, McpServerConfig, McpClientConfig, HttpAuthConfig, RetryConfig, McpTool, McpRequest, McpCallRequest, McpResponse, JsonRpcMessage, McpTransport, McpServerConnection, BridgeConfig, RequestIdState, RequestIdGenerator, } from "./types.js";
 export { nextRequestId } from "./types.js";
 export { pickRegisteredToolName } from "./tool-naming.js";
@@ -26,7 +26,3 @@ export { StandaloneServer } from "./standalone-server.js";
 export { checkForUpdate, checkPluginUpdate, getUpdateNotice, runUpdate, resetNoticeFlag } from "./update-checker.js";
 export type { UpdateInfo, PluginUpdateInfo } from "./update-checker.js";
 export { filterServers, buildFilteredDescription } from "./smart-filter.js";
-export { CatalogClient, CatalogError } from "./catalog-client.js";
-export type { CatalogRecipe, CatalogSearchResult } from "./catalog-client.js";
-export { RecipeCache } from "./recipe-cache.js";
-export type { CachedRecipe } from "./recipe-cache.js";

package/dist/src/index.js

@@ -20,7 +20,7 @@ export { convertJsonSchemaToTypeBox, createToolParameters, setTypeBoxLoader, set
 // Protocol helpers
 export { initializeProtocol, fetchToolsList, PACKAGE_VERSION } from "./protocol.js";
 // Config
-export { loadConfig, parseEnvFile, initConfigDir, getConfigDir, bootstrapCatalog, mergeRecipesIntoConfig, warnDeprecatedBundledRecipes } from "./config.js";
+export { loadConfig, parseEnvFile, initConfigDir, getConfigDir } from "./config.js";
 export { nextRequestId } from "./types.js";
 // Tool naming
 export { pickRegisteredToolName } from "./tool-naming.js";
@@ -30,7 +30,3 @@ export { StandaloneServer } from "./standalone-server.js";
 export { checkForUpdate, checkPluginUpdate, getUpdateNotice, runUpdate, resetNoticeFlag } from "./update-checker.js";
 // Smart filter
 export { filterServers, buildFilteredDescription } from "./smart-filter.js";
-// Catalog client
-export { CatalogClient, CatalogError } from "./catalog-client.js";
-// Recipe cache
-export { RecipeCache } from "./recipe-cache.js";

package/dist/src/mcp-router.d.ts

@@ -75,42 +75,6 @@ export type RouterDispatchResponse = {
         callCount: number;
         lastCall: string;
     }>;
-} | {
-    action: "search";
-    query: string;
-    results: Array<{
-        id: string;
-        name: string;
-        description: string;
-        category?: string;
-        auth?: string;
-        origin?: string;
-        maturity?: string;
-        sideEffects?: string;
-        pricing?: string;
-        signed?: boolean;
-    }>;
-} | {
-    action: "catalog";
-    recipes: Array<{
-        id: string;
-        name: string;
-        description: string;
-        category?: string;
-        auth?: string;
-        origin?: string;
-        maturity?: string;
-        sideEffects?: string;
-        pricing?: string;
-        signed?: boolean;
-    }>;
-} | {
-    action: "install";
-    server: string;
-    installed: boolean;
-    message: string;
-    missingEnvVars?: string[];
-    credentialsUrl?: string;
 } | {
     action: "remove";
     server: string;
@@ -173,7 +137,6 @@ export declare class McpRouter {
     private readonly tokenManager;
     private readonly rateLimiter;
     private readonly requestIdState;
-    private readonly catalogClient;
     private intentRouter;
     private promotion;
     constructor(servers: Record<string, McpServerConfig>, clientConfig: McpClientConfig, logger: Logger, transportRefs?: Partial<RouterTransportRefs>);