@enactprotocol/mcp-server 2.2.0 → 2.2.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/mcp-server",
-  "version": "2.2.0",
+  "version": "2.2.2",
   "description": "MCP protocol server for Enact tool integration",
   "type": "module",
   "main": "./dist/index.js",
@@ -15,7 +15,8 @@
     }
   },
   "scripts": {
-    "build": "tsc --build",
+    "build": "bun build src/index.ts --outfile dist/index.js --target node --format esm --minify",
+    "build:types": "tsc --build",
     "clean": "rm -rf dist",
     "test": "bun test",
     "typecheck": "tsc --noEmit",
@@ -23,9 +24,9 @@
     "dev:http": "bun run src/index.ts --http"
   },
   "dependencies": {
-    "@enactprotocol/api": "2.2.0",
-    "@enactprotocol/execution": "2.2.0",
-    "@enactprotocol/shared": "2.2.0",
+    "@enactprotocol/api": "2.2.2",
+    "@enactprotocol/execution": "2.2.2",
+    "@enactprotocol/shared": "2.2.2",
     "@modelcontextprotocol/sdk": "^1.10.0"
   },
   "devDependencies": {

package/src/index.ts

@@ -13,6 +13,7 @@
  * @see https://modelcontextprotocol.io/specification/2025-03-26/basic/transports
  */
 
+import { spawn } from "node:child_process";
 import { randomUUID } from "node:crypto";
 import { mkdirSync, rmSync, unlinkSync, writeFileSync } from "node:fs";
 import { type IncomingMessage, type ServerResponse, createServer } from "node:http";
@@ -23,6 +24,7 @@ import {
   getToolInfo,
   getToolVersion,
   searchTools,
+  verifyAllAttestations,
 } from "@enactprotocol/api";
 import { DaggerExecutionProvider } from "@enactprotocol/execution";
 import {
@@ -33,7 +35,10 @@ import {
   getActiveToolset,
   getCacheDir,
   getMcpToolInfo,
+  getMinimumAttestations,
   getToolCachePath,
+  getTrustPolicy,
+  isIdentityTrusted,
   listMcpTools,
   loadConfig,
   loadManifestFromDir,
@@ -111,23 +116,31 @@ async function extractBundle(bundleData: ArrayBuffer, destPath: string): Promise
 
   mkdirSync(destPath, { recursive: true });
 
-  const proc = Bun.spawn(["tar", "-xzf", tempFile, "-C", destPath], {
-    stdout: "pipe",
-    stderr: "pipe",
-  });
+  await new Promise<void>((resolve, reject) => {
+    const proc = spawn("tar", ["-xzf", tempFile, "-C", destPath], {
+      stdio: ["ignore", "pipe", "pipe"],
+    });
+
+    let stderr = "";
+    proc.stderr?.on("data", (data) => {
+      stderr += data.toString();
+    });
 
-  const exitCode = await proc.exited;
+    proc.on("error", reject);
+    proc.on("close", (code) => {
+      if (code !== 0) {
+        reject(new Error(`Failed to extract bundle: ${stderr}`));
+      } else {
+        resolve();
+      }
+    });
+  });
 
   try {
     unlinkSync(tempFile);
   } catch {
     // Ignore cleanup errors
   }
-
-  if (exitCode !== 0) {
-    const stderr = await new Response(proc.stderr).text();
-    throw new Error(`Failed to extract bundle: ${stderr}`);
-  }
 }
 
 /**
@@ -327,6 +340,10 @@ async function handleMetaTool(
         const toolInfo = getMcpToolInfo(toolNameArg);
         let manifest: ToolManifest;
         let cachePath: string;
+        let bundleHash: string | undefined;
+        let toolVersion: string | undefined;
+
+        const apiClient = getApiClient();
 
         if (toolInfo) {
           // Tool is installed, use cached version
@@ -339,10 +356,19 @@ async function handleMetaTool(
           }
           manifest = loaded.manifest;
           cachePath = toolInfo.cachePath;
+          toolVersion = toolInfo.version;
+
+          // Get bundle hash for installed tool from registry
+          try {
+            const versionInfo = await getToolVersion(apiClient, toolNameArg, toolVersion);
+            bundleHash = versionInfo.bundle.hash;
+          } catch {
+            // Continue without hash - will skip verification
+          }
         } else {
           // Tool not installed - fetch and install temporarily
-          const apiClient = getApiClient();
           const info = await getToolInfo(apiClient, toolNameArg);
+          toolVersion = info.latestVersion;
 
           // Download bundle
           const bundleResult = await downloadBundle(apiClient, {
@@ -350,6 +376,7 @@ async function handleMetaTool(
             version: info.latestVersion,
             verify: true,
           });
+          bundleHash = bundleResult.hash;
 
           // Extract to cache
           cachePath = getToolCachePath(toolNameArg, info.latestVersion);
@@ -369,6 +396,79 @@ async function handleMetaTool(
           manifest = loaded.manifest;
         }
 
+        // Verify attestations before execution
+        let verificationStatus = "⚠️ UNVERIFIED";
+
+        if (bundleHash && toolVersion) {
+          try {
+            const verified = await verifyAllAttestations(
+              apiClient,
+              toolNameArg,
+              toolVersion,
+              bundleHash
+            );
+
+            if (verified.length > 0) {
+              const auditorList = verified.map((v) => v.providerIdentity).join(", ");
+              verificationStatus = `✅ VERIFIED by: ${auditorList}`;
+            } else {
+              verificationStatus = "⚠️ UNVERIFIED - No valid attestations found";
+            }
+          } catch (verifyErr) {
+            verificationStatus = `⚠️ UNVERIFIED - Verification failed: ${verifyErr instanceof Error ? verifyErr.message : "Unknown error"}`;
+          }
+        } else {
+          verificationStatus = "⚠️ UNVERIFIED - Could not determine bundle hash";
+        }
+
+        // Enforce trust policy
+        const trustPolicy = getTrustPolicy();
+        const minimumAttestations = getMinimumAttestations();
+
+        // Count verified attestations from trusted auditors
+        let verifiedCount = 0;
+        if (bundleHash && toolVersion) {
+          try {
+            const verified = await verifyAllAttestations(
+              apiClient,
+              toolNameArg,
+              toolVersion,
+              bundleHash
+            );
+            verifiedCount = verified.filter((v) => isIdentityTrusted(v.providerIdentity)).length;
+          } catch {
+            // Already handled above in verificationStatus
+          }
+        }
+
+        // Check if trust requirements are met
+        if (verifiedCount < minimumAttestations) {
+          if (trustPolicy === "require_attestation") {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `Trust policy violation: Tool requires ${minimumAttestations} attestation(s) from trusted auditors, but only ${verifiedCount} found.\n\nConfigured trust policy: ${trustPolicy}\nTo run unverified tools, update your ~/.enact/config.yaml trust policy to 'allow' or 'prompt'.`,
+                },
+              ],
+              isError: true,
+            };
+          }
+          if (trustPolicy === "prompt") {
+            // In MCP context, we can't prompt interactively, so we block with a clear message
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `Trust policy violation: Tool requires ${minimumAttestations} attestation(s) from trusted auditors, but only ${verifiedCount} found.\n\nConfigured trust policy: ${trustPolicy}\nMCP server cannot prompt interactively. To run unverified tools via MCP, update your ~/.enact/config.yaml trust policy to 'allow'.`,
+                },
+              ],
+              isError: true,
+            };
+          }
+          // policy === 'allow' - continue execution with warning
+        }
+
         // Validate and apply defaults
         const inputsWithDefaults = manifest.inputSchema
           ? applyDefaults(toolArgs, manifest.inputSchema)
@@ -396,11 +496,12 @@ async function handleMetaTool(
         );
 
         if (result.success) {
+          const output = result.output?.stdout || "Tool executed successfully (no output)";
           return {
             content: [
               {
                 type: "text",
-                text: result.output?.stdout || "Tool executed successfully (no output)",
+                text: `[${verificationStatus}]\n\n${output}`,
               },
             ],
           };
@@ -409,7 +510,7 @@ async function handleMetaTool(
           content: [
             {
               type: "text",
-              text: `Tool execution failed: ${result.error?.message || "Unknown error"}\n\n${result.output?.stderr || ""}`,
+              text: `[${verificationStatus}]\n\nTool execution failed: ${result.error?.message || "Unknown error"}\n\n${result.output?.stderr || ""}`,
             },
           ],
           isError: true,

package/tests/trust-policy.test.ts

@@ -0,0 +1,280 @@
+/**
+ * Tests for MCP server trust policy enforcement
+ *
+ * These tests verify that the enact_run handler properly enforces
+ * trust policies based on attestation verification.
+ */
+
+import { beforeEach, describe, expect, mock, test } from "bun:test";
+
+// Type for trust policy
+type TrustPolicy = "require_attestation" | "prompt" | "allow";
+
+// Mock the shared config functions
+const mockGetTrustPolicy = mock((): TrustPolicy => "require_attestation");
+const mockGetMinimumAttestations = mock(() => 1);
+const mockIsIdentityTrusted = mock((_identity: string) => false);
+
+// Mock the API functions
+const mockVerifyAllAttestations = mock(async () => []);
+
+describe("MCP Server Trust Policy Enforcement", () => {
+  beforeEach(() => {
+    // Reset mocks before each test
+    mockGetTrustPolicy.mockReset();
+    mockGetMinimumAttestations.mockReset();
+    mockIsIdentityTrusted.mockReset();
+    mockVerifyAllAttestations.mockReset();
+
+    // Set default mock implementations
+    mockGetTrustPolicy.mockImplementation((): TrustPolicy => "require_attestation");
+    mockGetMinimumAttestations.mockImplementation(() => 1);
+    mockIsIdentityTrusted.mockImplementation(() => false);
+    mockVerifyAllAttestations.mockImplementation(async () => []);
+  });
+
+  describe("Trust Policy Logic", () => {
+    test("should block execution when policy is 'require_attestation' and no attestations", () => {
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 0;
+
+      // Simulate the trust check logic from enact_run
+      const shouldBlock =
+        verifiedCount < minimumAttestations && trustPolicy === "require_attestation";
+
+      expect(shouldBlock).toBe(true);
+    });
+
+    test("should block execution when policy is 'prompt' and no attestations", () => {
+      mockGetTrustPolicy.mockImplementation((): TrustPolicy => "prompt");
+
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 0;
+
+      // Simulate the trust check logic from enact_run
+      const shouldBlock = verifiedCount < minimumAttestations && trustPolicy === "prompt";
+
+      expect(shouldBlock).toBe(true);
+    });
+
+    test("should allow execution when policy is 'allow' regardless of attestations", () => {
+      mockGetTrustPolicy.mockImplementation((): TrustPolicy => "allow");
+
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 0;
+
+      // Simulate the trust check logic from enact_run
+      const shouldBlock =
+        verifiedCount < minimumAttestations &&
+        (trustPolicy === "require_attestation" || trustPolicy === "prompt");
+
+      expect(shouldBlock).toBe(false);
+    });
+
+    test("should allow execution when attestations meet minimum requirement", () => {
+      mockIsIdentityTrusted.mockImplementation(() => true);
+
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 1; // Meets minimum
+
+      const shouldBlock =
+        verifiedCount < minimumAttestations &&
+        (trustPolicy === "require_attestation" || trustPolicy === "prompt");
+
+      expect(shouldBlock).toBe(false);
+    });
+
+    test("should require higher attestation count when minimum_attestations is increased", () => {
+      mockGetMinimumAttestations.mockImplementation(() => 3);
+
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 2; // Below new minimum of 3
+
+      const shouldBlock =
+        verifiedCount < minimumAttestations && trustPolicy === "require_attestation";
+
+      expect(shouldBlock).toBe(true);
+    });
+  });
+
+  describe("Identity Trust Filtering", () => {
+    test("should only count attestations from trusted identities", () => {
+      // Mock attestations with various identities
+      const attestations = [
+        { providerIdentity: "github:trusted-user" },
+        { providerIdentity: "github:untrusted-user" },
+        { providerIdentity: "google:trusted@company.com" },
+      ];
+
+      // Only trust specific identities
+      mockIsIdentityTrusted.mockImplementation((identity: string) => {
+        return identity === "github:trusted-user" || identity === "google:trusted@company.com";
+      });
+
+      const verifiedCount = attestations.filter((v) =>
+        mockIsIdentityTrusted(v.providerIdentity)
+      ).length;
+
+      expect(verifiedCount).toBe(2);
+    });
+
+    test("should return zero when no attestations are from trusted identities", () => {
+      const attestations = [
+        { providerIdentity: "github:unknown-user" },
+        { providerIdentity: "github:another-unknown" },
+      ];
+
+      mockIsIdentityTrusted.mockImplementation(() => false);
+
+      const verifiedCount = attestations.filter((v) =>
+        mockIsIdentityTrusted(v.providerIdentity)
+      ).length;
+
+      expect(verifiedCount).toBe(0);
+    });
+  });
+
+  describe("Error Message Generation", () => {
+    test("should generate correct error message for require_attestation policy", () => {
+      const trustPolicy = "require_attestation";
+      const minimumAttestations = 1;
+      const verifiedCount = 0;
+
+      const errorMessage = `Trust policy violation: Tool requires ${minimumAttestations} attestation(s) from trusted auditors, but only ${verifiedCount} found.\n\nConfigured trust policy: ${trustPolicy}\nTo run unverified tools, update your ~/.enact/config.yaml trust policy to 'allow' or 'prompt'.`;
+
+      expect(errorMessage).toContain("Trust policy violation");
+      expect(errorMessage).toContain("require_attestation");
+      expect(errorMessage).toContain("~/.enact/config.yaml");
+    });
+
+    test("should generate correct error message for prompt policy", () => {
+      const trustPolicy = "prompt";
+      const minimumAttestations = 1;
+      const verifiedCount = 0;
+
+      const errorMessage = `Trust policy violation: Tool requires ${minimumAttestations} attestation(s) from trusted auditors, but only ${verifiedCount} found.\n\nConfigured trust policy: ${trustPolicy}\nMCP server cannot prompt interactively. To run unverified tools via MCP, update your ~/.enact/config.yaml trust policy to 'allow'.`;
+
+      expect(errorMessage).toContain("Trust policy violation");
+      expect(errorMessage).toContain("prompt");
+      expect(errorMessage).toContain("cannot prompt interactively");
+    });
+  });
+
+  describe("Edge Cases", () => {
+    test("should handle minimum_attestations of 0 (always allow)", () => {
+      mockGetMinimumAttestations.mockImplementation(() => 0);
+
+      const trustPolicy = mockGetTrustPolicy();
+      const minimumAttestations = mockGetMinimumAttestations();
+      const verifiedCount = 0;
+
+      // 0 < 0 is false, so should not block
+      const shouldBlock =
+        verifiedCount < minimumAttestations && trustPolicy === "require_attestation";
+
+      expect(shouldBlock).toBe(false);
+    });
+
+    test("should handle empty attestation list", async () => {
+      mockVerifyAllAttestations.mockImplementation(async () => []);
+
+      const attestations = await mockVerifyAllAttestations();
+      const verifiedCount = attestations.filter((v: { providerIdentity: string }) =>
+        mockIsIdentityTrusted(v.providerIdentity)
+      ).length;
+
+      expect(verifiedCount).toBe(0);
+    });
+
+    test("should handle attestation verification errors gracefully", async () => {
+      mockVerifyAllAttestations.mockImplementation(async () => {
+        throw new Error("Network error");
+      });
+
+      let verifiedCount = 0;
+      try {
+        const attestations = await mockVerifyAllAttestations();
+        verifiedCount = attestations.length;
+      } catch {
+        // Error is caught, verifiedCount stays 0
+      }
+
+      expect(verifiedCount).toBe(0);
+    });
+  });
+});
+
+describe("Trust Policy Integration", () => {
+  test("complete flow: unverified tool with require_attestation policy should be blocked", () => {
+    // Setup: require_attestation policy, minimum 1 attestation, no trusted attestations
+    mockGetTrustPolicy.mockImplementation(() => "require_attestation");
+    mockGetMinimumAttestations.mockImplementation(() => 1);
+    mockIsIdentityTrusted.mockImplementation(() => false);
+
+    const attestations = [{ providerIdentity: "github:unknown" }];
+
+    const trustPolicy = mockGetTrustPolicy();
+    const minimumAttestations = mockGetMinimumAttestations();
+    const verifiedCount = attestations.filter((v) =>
+      mockIsIdentityTrusted(v.providerIdentity)
+    ).length;
+
+    expect(verifiedCount).toBe(0);
+    expect(verifiedCount < minimumAttestations).toBe(true);
+    expect(trustPolicy).toBe("require_attestation");
+
+    // Should block
+    const shouldBlock =
+      verifiedCount < minimumAttestations &&
+      (trustPolicy === "require_attestation" || trustPolicy === "prompt");
+    expect(shouldBlock).toBe(true);
+  });
+
+  test("complete flow: verified tool with trusted attestation should be allowed", () => {
+    // Setup: require_attestation policy, minimum 1 attestation, one trusted attestation
+    mockGetTrustPolicy.mockImplementation(() => "require_attestation");
+    mockGetMinimumAttestations.mockImplementation(() => 1);
+    mockIsIdentityTrusted.mockImplementation(
+      (identity: string) => identity === "github:EnactProtocol"
+    );
+
+    const attestations = [{ providerIdentity: "github:EnactProtocol" }];
+
+    const trustPolicy = mockGetTrustPolicy();
+    const minimumAttestations = mockGetMinimumAttestations();
+    const verifiedCount = attestations.filter((v) =>
+      mockIsIdentityTrusted(v.providerIdentity)
+    ).length;
+
+    expect(verifiedCount).toBe(1);
+    expect(verifiedCount >= minimumAttestations).toBe(true);
+
+    // Should not block
+    const shouldBlock =
+      verifiedCount < minimumAttestations &&
+      (trustPolicy === "require_attestation" || trustPolicy === "prompt");
+    expect(shouldBlock).toBe(false);
+  });
+
+  test("complete flow: allow policy bypasses attestation check", () => {
+    // Setup: allow policy, no attestations
+    mockGetTrustPolicy.mockImplementation((): TrustPolicy => "allow");
+    mockGetMinimumAttestations.mockImplementation(() => 1);
+    mockIsIdentityTrusted.mockImplementation(() => false);
+
+    const trustPolicy = mockGetTrustPolicy();
+    const minimumAttestations = mockGetMinimumAttestations();
+    const verifiedCount = 0;
+
+    // Should not block because policy is 'allow'
+    const shouldBlock =
+      verifiedCount < minimumAttestations &&
+      (trustPolicy === "require_attestation" || trustPolicy === "prompt");
+    expect(shouldBlock).toBe(false);
+  });
+});