npm - @businessmaps/bifrost - Versions diffs - 0.0.1 → 0.1.2 - Mend

@businessmaps/bifrost 0.0.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -5,7 +5,9 @@
 MCP server that lets AI tools call functions running in your browser.
-The daemon sits between any MCP client and your browser tab. It speaks JSON-RPC over stdio on one side and WebSocket on the other. Your browser app connects, registers tools, and the AI can call them. No dependencies, just Node 18+.
+The daemon sits between any MCP client and your browser tab. It speaks JSON-RPC over stdio on one side and WebSocket on the other. Your browser app connects, registers tools, and the AI can call them.
+**Requirements:** Node.js 18+ · [`ws`](https://github.com/websockets/ws) (installed automatically)
 ## Install
@@ -13,18 +15,14 @@ The daemon sits between any MCP client and your browser tab. It speaks JSON-RPC
 npm i -g @businessmaps/bifrost
 ```
-or without npm
-```bash
-curl -fsSL https://raw.githubusercontent.com/Business-Maps/mcp/main/install.sh | sh
-```
 Then register it with your MCP client. For example:
 ```bash
-claude mcp add --transport stdio bifrost -- bifrost
+claude mcp add --transport stdio bifrost -- bifrost --no-auth
 ```
+> **Note:** The `--no-auth` flag is currently recommended because there is an unresolved issue with token authentication when MCP clients launch the daemon. Without it the client has no way to read the token printed to stderr.
 The MCP client starts the daemon automatically.
 ## Usage
@@ -71,21 +69,28 @@ There's a working [live demo](https://business-maps.github.io/mcp/demo/) with fi
 ## Auth
-The daemon generates a token on startup and prints it to stderr. Pass it to the client — the token is sent via the `Sec-WebSocket-Protocol` header during the WebSocket handshake. Auth is always enabled.
+The daemon generates a token on startup and prints it to stderr. Pass it to the client — the token is sent via the `Sec-WebSocket-Protocol` header during the WebSocket handshake. Skip with `--no-auth` during local dev.
 ## Multiple tabs
 Each tab registers its own tools. Calls route to whoever owns the tool. Disconnecting a tab removes its tools.
-## Configuration
+## Options
-The daemon reads its port from the `PORT` environment variable (default: `3099`).
+```
+--port <port>     WebSocket port        (default: 3099)
+--timeout <secs>  Tool call timeout     (default: 120)
+--no-auth         Disable token auth    (dev only)
+--help, -h        Show this message
+--version, -v     Show version
+```
 ## Dev
 ```bash
 git clone https://github.com/Business-Maps/mcp.git && cd mcp
-npm test  # no install needed, no deps
+npm install
+npm test
 ```
 [Architecture](docs/architecture.md) · [Client API](docs/client-api.md) · [Contributing](CONTRIBUTING.md)

package/bin/bifrost CHANGED Viewed

@@ -4,9 +4,158 @@ import { createInterface } from "readline";
 import { randomBytes } from "crypto";
 import { fileURLToPath } from "url";
 import { dirname, join } from "path";
+import { readFileSync } from "fs";
 const __dirname = dirname(fileURLToPath(import.meta.url));
+// ---------------------------------------------------------------------------
+// ANSI helpers
+// ---------------------------------------------------------------------------
+const c = process.stderr.isTTY ? {
+  r: "\x1b[0m",       // reset
+  red: "\x1b[31m",
+  RED: "\x1b[91m",    // bright red
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  white: "\x1b[97m",
+  black: "\x1b[30m",
+  bgRed: "\x1b[41m",
+  gray: "\x1b[90m",
+} : { r:"",red:"",RED:"",dim:"",bold:"",white:"",black:"",bgRed:"",gray:"" };
+function log(msg) { process.stderr.write(msg + "\n"); }
+// ---------------------------------------------------------------------------
+// ASCII globe — red sphere with black lat/long grid
+// ---------------------------------------------------------------------------
+function renderGlobe() {
+  const R = 9;
+  const lines = [];
+  for (let y = -R; y <= R; y++) {
+    let row = "";
+    const rSlice = Math.sqrt(R * R - y * y);
+    for (let x = -R * 2; x <= R * 2; x++) {
+      const nx = x / 2;
+      if (nx * nx + y * y > R * R) {
+        row += " ";
+        continue;
+      }
+      // spherical coords for grid
+      const z = Math.sqrt(Math.max(0, R * R - nx * nx - y * y));
+      const theta = Math.atan2(y, nx);
+      const phi = Math.acos(z / R);
+      const lat = Math.abs(y);
+      const lonAngle = Math.atan2(nx, z);
+      // grid lines: latitudes every ~3 units, longitudes every ~30 degrees
+      const isLat = lat % 3 < 0.8;
+      const lonDeg = ((lonAngle * 180 / Math.PI) + 360) % 360;
+      const isLon = lonDeg % 30 < 6;
+      // equator
+      const isEquator = Math.abs(y) < 1;
+      if (isEquator || isLat || isLon) {
+        row += `${c.black}${c.bgRed}+${c.r}`;
+      } else {
+        row += `${c.RED}.${c.r}`;
+      }
+    }
+    lines.push(row);
+  }
+  return lines;
+}
+// ---------------------------------------------------------------------------
+// Startup banner
+// ---------------------------------------------------------------------------
+function printBanner(version) {
+  log("");
+  const globe = renderGlobe();
+  const bannerLines = [
+    "",
+    "",
+    "",
+    `${c.bold}${c.RED}  ██████╗ ██╗███████╗██████╗  ██████╗ ███████╗████████╗${c.r}`,
+    `${c.bold}${c.RED}  ██╔══██╗██║██╔════╝██╔══██╗██╔═══██╗██╔════╝╚══██╔══╝${c.r}`,
+    `${c.bold}${c.RED}  ██████╔╝██║█████╗  ██████╔╝██║   ██║███████╗   ██║   ${c.r}`,
+    `${c.bold}${c.RED}  ██╔══██╗██║██╔══╝  ██╔══██╗██║   ██║╚════██║   ██║   ${c.r}`,
+    `${c.bold}${c.RED}  ██████╔╝██║██║     ██║  ██║╚██████╔╝███████║   ██║   ${c.r}`,
+    `${c.bold}${c.RED}  ╚═════╝ ╚═╝╚═╝     ╚═╝  ╚═╝ ╚═════╝ ╚══════╝   ╚═╝   ${c.r}`,
+    "",
+    `${c.dim}${c.red}  ---------------------------------------- v${version} --${c.r}`,
+    "",
+    "",
+    "",
+    "",
+    "",
+    "",
+    "",
+    "",
+    "",
+  ];
+  const globeW = globe.length;
+  const bannerW = bannerLines.length;
+  const rows = Math.max(globeW, bannerW);
+  for (let i = 0; i < rows; i++) {
+    const gLine = i < globe.length ? globe[i] : "";
+    const bLine = i < bannerLines.length ? bannerLines[i] : "";
+    log(`  ${gLine}  ${bLine}`);
+  }
+}
+// ---------------------------------------------------------------------------
+// Styled help
+// ---------------------------------------------------------------------------
+function printHelp() {
+  log("");
+  log(`  ${c.bold}${c.RED}BIFROST${c.r} ${c.dim}${c.red}----------------------${c.r}`);
+  log("");
+  log(`  ${c.dim}MCP browser bridge daemon${c.r}`);
+  log("");
+  log(`  ${c.white}${c.bold}USAGE${c.r}`);
+  log(`    ${c.gray}$${c.r} bifrost ${c.dim}[options]${c.r}`);
+  log("");
+  log(`  ${c.white}${c.bold}OPTIONS${c.r}`);
+  log(`    ${c.RED}--port${c.r} ${c.dim}<port>${c.r}       WebSocket port        ${c.gray}(default: 3099)${c.r}`);
+  log(`    ${c.RED}--timeout${c.r} ${c.dim}<secs>${c.r}    Tool call timeout     ${c.gray}(default: 120)${c.r}`);
+  log(`    ${c.RED}--no-auth${c.r}            Disable token auth    ${c.gray}(dev only)${c.r}`);
+  log(`    ${c.RED}--help${c.r}, ${c.RED}-h${c.r}           Show this message`);
+  log(`    ${c.RED}--version${c.r}, ${c.RED}-v${c.r}        Show version`);
+  log("");
+  log(`  ${c.dim}${c.red}----------------------------------------------------${c.r}`);
+  log("");
+}
+// ---------------------------------------------------------------------------
+// CLI argument parsing
+// ---------------------------------------------------------------------------
+const args = process.argv.slice(2);
+function flag(name) { return args.includes(name); }
+function option(name, fallback) {
+  const idx = args.indexOf(name);
+  return idx !== -1 && idx + 1 < args.length ? args[idx + 1] : fallback;
+}
+let VERSION = "0.0.1";
+try {
+  const pkg = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf8"));
+  VERSION = pkg.version || VERSION;
+} catch {}
+if (flag("--help") || flag("-h")) {
+  printHelp();
+  process.exit(0);
+}
+if (flag("--version") || flag("-v")) {
+  log(`${c.bold}${c.RED}bifrost${c.r} ${c.dim}${VERSION}${c.r}`);
+  process.exit(0);
+}
 const { MiniWebSocketServer } = await import(
   new URL(`file://${join(__dirname, "..", "lib", "websocket.js")}`)
 ).catch(() =>
@@ -16,20 +165,26 @@ const { MiniWebSocketServer } = await import(
 // ---------------------------------------------------------------------------
 // Config
 // ---------------------------------------------------------------------------
-const PORT = parseInt(process.env.PORT || "3099", 10);
-const TIMEOUT_MS = 120_000;
+const PORT = parseInt(option("--port", process.env.PORT || "3099"), 10);
+const TIMEOUT_MS = parseInt(option("--timeout", "120"), 10) * 1000;
+const NO_AUTH = flag("--no-auth");
 const MAX_MESSAGE_SIZE = 1 * 1024 * 1024; // 1MB
 const MAX_PENDING_CALLS = 100;
 const MAX_CALLS_PER_MIN = 120;
 const HEARTBEAT_INTERVAL = 30_000;
 const HEARTBEAT_TIMEOUT = 10_000;
-const ALLOWED_ORIGINS = new Set([
-  "http://localhost",
-  "http://127.0.0.1",
-]);
+function isLocalOrigin(origin) {
+  if (!origin) return true;
+  try {
+    const url = new URL(origin);
+    return url.hostname === "localhost" || url.hostname === "127.0.0.1";
+  } catch {
+    return false;
+  }
+}
-const AUTH_TOKEN = randomBytes(32).toString("base64url");
+const AUTH_TOKEN = NO_AUTH ? null : randomBytes(32).toString("base64url");
 // ---------------------------------------------------------------------------
 // State
@@ -47,6 +202,10 @@ const rateMap = new Map();
 // ---------------------------------------------------------------------------
 function now() { return Date.now(); }
+function timestamp() {
+  return new Date().toLocaleTimeString("en-US", { hour12: false });
+}
 function rateLimit(key) {
   const bucket = rateMap.get(key) || { count: 0, ts: now() };
   if (now() - bucket.ts > 60_000) {
@@ -170,23 +329,46 @@ function handleMcp(msg) {
 // WebSocket server
 // ---------------------------------------------------------------------------
 const wss = new MiniWebSocketServer({ port: PORT }, () => {
-  console.error(`Secure MCP bridge running on ws://localhost:${PORT}`);
-  console.error(`Auth token (use as header): ${AUTH_TOKEN}`);
+  printBanner(VERSION);
+  log(`  ${c.dim}${c.red}────────────────────────────────────────────────────${c.r}`);
+  log("");
+  log(`  ${c.gray}PORT${c.r}      ${c.white}${PORT}${c.r}`);
+  log(`  ${c.gray}TIMEOUT${c.r}   ${c.white}${TIMEOUT_MS / 1000}s${c.r}`);
+  log(`  ${c.gray}AUTH${c.r}      ${AUTH_TOKEN ? `${c.RED}ENABLED${c.r}` : `${c.dim}DISABLED${c.r}`}`);
+  log("");
+  // These lines must remain parseable by tests
+  log(`  Secure MCP bridge running on ws://localhost:${PORT}`);
+  if (AUTH_TOKEN) {
+    // Token value stays raw (no ANSI) so test regex can capture it
+    log(`  Auth token (use as header): ${AUTH_TOKEN}`);
+  } else {
+    log(`  ${c.dim}Auth disabled (--no-auth)${c.r}`);
+  }
+  log("");
+  log(`  ${c.dim}${c.red}────────────────────────────────────────────────────${c.r}`);
+  log(`  ${c.gray}Waiting for connections...${c.r}`);
+  log("");
 });
 wss.on("connection", (ws, req) => {
-  // 🔐 Origin check
-  const origin = req.headers.origin;
-  if (origin && !ALLOWED_ORIGINS.has(origin)) {
-    ws.close();
+  // Origin check — allow any localhost origin (any port)
+  if (!isLocalOrigin(req.headers.origin)) {
+    ws.terminate();
     return;
   }
-  // 🔐 Header-based auth
-  const token = req.headers["sec-websocket-protocol"];
-  if (token !== AUTH_TOKEN) {
-    ws.close();
-    return;
+  // Auth check (unless --no-auth) — supports both query param and subprotocol header
+  if (AUTH_TOKEN) {
+    const url = new URL(req.url, `http://${req.headers.host || "localhost"}`);
+    const queryToken = url.searchParams.get("token");
+    const headerToken = req.headers["sec-websocket-protocol"];
+    if (queryToken !== AUTH_TOKEN && headerToken !== AUTH_TOKEN) {
+      ws.terminate();
+      return;
+    }
   }
   const connId = `conn_${++connectionIdCounter}`;
@@ -198,6 +380,7 @@ wss.on("connection", (ws, req) => {
   };
   connections.set(connId, conn);
+  log(`  ${c.gray}${timestamp()}${c.r} ${c.RED}+${c.r} ${c.white}${connId}${c.r} ${c.dim}connected${c.r}`);
   // heartbeat
   const interval = setInterval(() => {
@@ -227,6 +410,8 @@ wss.on("connection", (ws, req) => {
         conn.tools.set(tool.name, tool);
       }
+      log(`  ${c.gray}${timestamp()}${c.r} ${c.RED}*${c.r} ${c.white}${connId}${c.r} ${c.dim}registered${c.r} ${c.RED}${conn.tools.size}${c.r} ${c.dim}tools${c.r}`);
       sendMcp({
         jsonrpc: "2.0",
         method: "notifications/tools/list_changed",
@@ -267,10 +452,11 @@ wss.on("connection", (ws, req) => {
     }
     connections.delete(connId);
+    log(`  ${c.gray}${timestamp()}${c.r} ${c.dim}-${c.r} ${c.dim}${connId} disconnected${c.r}`);
     sendMcp({
       jsonrpc: "2.0",
       method: "notifications/tools/list_changed",
     });
   });
-});
+});

package/lib/websocket.js CHANGED Viewed

@@ -1,274 +1,63 @@
 // ============================================================================
-// Hardened Minimal WebSocket server (RFC 6455 compliant core)
-// Zero dependencies
+// WebSocket server — thin wrapper around 'ws' for API compatibility
 // ============================================================================
 import { createServer } from "http";
-import { createHash } from "crypto";
 import { EventEmitter } from "events";
-const GUID = "258EAFA5-E914-47DA-95CA-5AB5DC65C97B";
-const MAX_PAYLOAD_SIZE = 100 * 1024 * 1024; // 100MB
-const MAX_BUFFER_SIZE = 200 * 1024 * 1024;  // 200MB total buffered
+import { WebSocketServer, WebSocket } from "ws";
 // ---------------------------------------------------------------------------
-// MiniWebSocket
+// MiniWebSocket — wraps a ws.WebSocket with the same API the daemon expects
 // ---------------------------------------------------------------------------
 export class MiniWebSocket extends EventEmitter {
-  constructor(socket) {
+  constructor(ws) {
     super();
-    this.socket = socket;
+    this._ws = ws;
     this.readyState = 1;
-    this._buffer = Buffer.alloc(0);
-    // fragmentation state
-    this._fragType = null;
-    this._fragBuffer = [];
-    socket.on("data", (c) => this._onData(c));
-    socket.on("close", () => this._handleClose());
-    socket.on("end", () => this._handleClose());
-    socket.on("error", (err) => {
-      this._handleClose();
-      this.emit("error", err);
+    ws.on("message", (data) => {
+      const text = typeof data === "string" ? data : data.toString();
+      this.emit("message", text);
     });
-  }
-  // -------------------------------------------------------------------------
-  // Public API
-  // -------------------------------------------------------------------------
-  send(data) {
-    if (this.readyState !== 1) return;
-    const payload = Buffer.isBuffer(data)
-      ? data
-      : Buffer.from(String(data));
-    this._writeFrame(0x1, payload);
-  }
-  close(code = 1000) {
-    if (this.readyState !== 1) return;
-    this.readyState = 2;
-    const buf = Buffer.alloc(2);
-    buf.writeUInt16BE(code, 0);
-    this._writeFrame(0x8, buf);
-    this.socket.end();
-  }
-  // -------------------------------------------------------------------------
-  // Core frame processing
-  // -------------------------------------------------------------------------
-  _onData(chunk) {
-    this._buffer = Buffer.concat([this._buffer, chunk]);
-    if (this._buffer.length > MAX_BUFFER_SIZE) {
-      this._fail(1009, "buffer overflow");
-      return;
-    }
-    while (true) {
-      const frame = this._decodeFrame(this._buffer);
-      if (!frame) break;
-      if (frame.error) {
-        this._fail(frame.code || 1002, frame.error);
-        return;
-      }
-      this._buffer = this._buffer.subarray(frame.totalLength);
-      this._handleFrame(frame);
-    }
-  }
-  _handleFrame(f) {
-    const { opcode, payload, fin } = f;
-    // control frames
-    if (opcode === 0x8) {
-      // close
-      this.close();
-      return;
-    }
-    if (opcode === 0x9) {
-      // ping → pong
-      this._writeFrame(0xA, payload);
-      return;
-    }
-    if (opcode === 0xA) {
-      this.emit("pong");
-      return;
-    }
-    // fragmentation handling
-    if (opcode === 0x0) {
-      if (!this._fragType) return this._fail(1002, "unexpected continuation");
-      this._fragBuffer.push(payload);
-      if (fin) {
-        const full = Buffer.concat(this._fragBuffer);
-        this._emitMessage(this._fragType, full);
-        this._fragType = null;
-        this._fragBuffer = [];
-      }
-      return;
-    }
-    if (opcode === 0x1 || opcode === 0x2) {
-      if (this._fragType) return this._fail(1002, "nested fragments");
+    ws.on("close", () => {
+      if (this.readyState === 3) return;
+      this.readyState = 3;
+      this.emit("close");
+    });
-      if (!fin) {
-        this._fragType = opcode;
-        this._fragBuffer = [payload];
-        return;
+    ws.on("error", (err) => {
+      if (this.readyState !== 3) {
+        this.readyState = 3;
+        this.emit("close");
       }
+      this.emit("error", err);
+    });
-      this._emitMessage(opcode, payload);
-      return;
-    }
-    this._fail(1002, "invalid opcode");
-  }
-  _emitMessage(opcode, payload) {
-    if (opcode === 0x1) {
-      // text
-      try {
-        const text = new TextDecoder("utf-8", { fatal: true }).decode(payload);
-        this.emit("message", text);
-      } catch {
-        this._fail(1007, "invalid utf8");
-      }
-    } else {
-      // binary
-      this.emit("message", payload);
-    }
+    ws.on("pong", () => this.emit("pong"));
   }
-  // -------------------------------------------------------------------------
-  // Frame decode (STRICT)
-  // -------------------------------------------------------------------------
-  _decodeFrame(buf) {
-    if (buf.length < 2) return null;
-    const b0 = buf[0];
-    const b1 = buf[1];
-    const fin = (b0 & 0x80) !== 0;
-    const opcode = b0 & 0x0f;
-    const masked = (b1 & 0x80) !== 0;
-    let payloadLen = b1 & 0x7f;
-    // MUST be masked (client → server)
-    if (!masked) return { error: "unmasked frame", code: 1002 };
-    // opcode validation
-    const valid = [0x0, 0x1, 0x2, 0x8, 0x9, 0xA];
-    if (!valid.includes(opcode)) {
-      return { error: "invalid opcode", code: 1002 };
-    }
-    let offset = 2;
-    if (payloadLen === 126) {
-      if (buf.length < 4) return null;
-      payloadLen = buf.readUInt16BE(2);
-      offset = 4;
-    } else if (payloadLen === 127) {
-      if (buf.length < 10) return null;
-      const big = buf.readBigUInt64BE(2);
-      if (big > BigInt(MAX_PAYLOAD_SIZE)) {
-        return { error: "too large", code: 1009 };
-      }
-      payloadLen = Number(big);
-      offset = 10;
-    }
-    if (payloadLen > MAX_PAYLOAD_SIZE) {
-      return { error: "too large", code: 1009 };
-    }
-    // control frames rules
-    if (opcode >= 0x8) {
-      if (!fin) return { error: "fragmented control", code: 1002 };
-      if (payloadLen > 125) return { error: "control too large", code: 1002 };
-    }
-    const total = offset + 4 + payloadLen;
-    if (buf.length < total) return null;
-    const mask = buf.subarray(offset, offset + 4);
-    const payload = Buffer.alloc(payloadLen);
-    for (let i = 0; i < payloadLen; i++) {
-      payload[i] = buf[offset + 4 + i] ^ mask[i % 4];
-    }
+  get socket() { return this._ws._socket || null; }
+  get bufferedAmount() { return this._ws.bufferedAmount; }
-    return {
-      fin,
-      opcode,
-      payload,
-      totalLength: total,
-    };
+  send(data) {
+    if (this._ws.readyState !== WebSocket.OPEN) return;
+    this._ws.send(typeof data === "string" ? data : String(data));
   }
-  // -------------------------------------------------------------------------
-  // Frame encode
-  // -------------------------------------------------------------------------
-  _writeFrame(opcode, payload) {
-    if (this.readyState !== 1) return;
-    const len = payload.length;
-    let header;
-    if (len < 126) {
-      header = Buffer.alloc(2);
-      header[1] = len;
-    } else if (len < 65536) {
-      header = Buffer.alloc(4);
-      header[1] = 126;
-      header.writeUInt16BE(len, 2);
-    } else {
-      header = Buffer.alloc(10);
-      header[1] = 127;
-      header.writeBigUInt64BE(BigInt(len), 2);
-    }
-    header[0] = 0x80 | opcode;
-    const frame = Buffer.concat([header, payload]);
-    if (!this.socket.write(frame)) {
-      this.socket.once("drain", () => {});
+  close(code = 1000) {
+    if (this._ws.readyState === WebSocket.OPEN || this._ws.readyState === WebSocket.CONNECTING) {
+      this._ws.close(code);
     }
   }
-  _fail(code, reason) {
-    try {
-      const buf = Buffer.alloc(2);
-      buf.writeUInt16BE(code, 0);
-      this._writeFrame(0x8, buf);
-    } catch {}
-    this.socket.destroy();
-  }
-  _handleClose() {
-    if (this.readyState === 3) return;
-    this.readyState = 3;
-    this.emit("close");
+  terminate() {
+    this._ws.terminate();
   }
 }
 // ---------------------------------------------------------------------------
-// Server
+// MiniWebSocketServer — wraps ws.WebSocketServer, emits MiniWebSocket
 // ---------------------------------------------------------------------------
 export class MiniWebSocketServer extends EventEmitter {
   constructor({ port }, cb) {
@@ -279,51 +68,20 @@ export class MiniWebSocketServer extends EventEmitter {
       res.end("Upgrade required");
     });
-    this.server.on("upgrade", (req, socket, head) => {
-      // strict handshake validation
-      if (
-        req.headers["upgrade"]?.toLowerCase() !== "websocket" ||
-        !req.headers["connection"]?.toLowerCase().includes("upgrade") ||
-        req.headers["sec-websocket-version"] !== "13"
-      ) {
-        socket.destroy();
-        return;
-      }
-      const key = req.headers["sec-websocket-key"];
-      if (!key) {
-        socket.destroy();
-        return;
-      }
-      const accept = createHash("sha1")
-        .update(key + GUID)
-        .digest("base64");
-      // subprotocol (used for auth in your daemon)
-      const protocol = req.headers["sec-websocket-protocol"];
-      socket.setNoDelay(true);
-      socket.setTimeout(0);
-      socket.write(
-        "HTTP/1.1 101 Switching Protocols\r\n" +
-        "Upgrade: websocket\r\n" +
-        "Connection: Upgrade\r\n" +
-        `Sec-WebSocket-Accept: ${accept}\r\n` +
-        (protocol ? `Sec-WebSocket-Protocol: ${protocol}\r\n` : "") +
-        "\r\n"
-      );
-      if (head?.length) socket.unshift(head);
+    this._wss = new WebSocketServer({
+      server: this.server,
+      perMessageDeflate: false,
+    });
-      this.emit("connection", new MiniWebSocket(socket), req);
+    this._wss.on("connection", (ws, req) => {
+      this.emit("connection", new MiniWebSocket(ws), req);
     });
     this.server.listen(port, "127.0.0.1", cb);
   }
   close(cb) {
+    this._wss.close();
     this.server.close(cb);
   }
-}
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@businessmaps/bifrost",
-  "version": "0.0.1",
+  "version": "0.1.2",
   "description": "Bridge any browser web app to Claude Code via MCP",
   "type": "module",
   "bin": {
@@ -35,5 +35,8 @@
     "lib/",
     "LICENSE",
     "README.md"
-  ]
+  ],
+  "dependencies": {
+    "ws": "^8.20.0"
+  }
 }