@enactprotocol/shared 1.2.13 → 2.0.1

package/dist/security/verification-enforcer.d.ts

@@ -1,53 +0,0 @@
-import type { EnactTool, ExecutionResult } from "../types";
-export interface SecurityPolicy {
-    allowSkipVerification: boolean;
-    allowUnsigned: boolean;
-    requireInteractiveConfirmation: boolean;
-    defaultVerificationPolicy: "permissive" | "enterprise" | "paranoid";
-}
-export interface VerificationEnforcementOptions {
-    skipVerification?: boolean;
-    verifyPolicy?: "permissive" | "enterprise" | "paranoid";
-    force?: boolean;
-    allowUnsigned?: boolean;
-    isLocalFile?: boolean;
-    interactive?: boolean;
-}
-export interface VerificationEnforcementResult {
-    allowed: boolean;
-    reason: string;
-    verificationResult?: {
-        isValid: boolean;
-        message: string;
-        validSignatures: number;
-        totalSignatures: number;
-        verifiedSigners: Array<{
-            signer: string;
-            role?: string;
-            keyId: string;
-        }>;
-        errors: string[];
-    };
-    error?: {
-        message: string;
-        code: string;
-        details?: any;
-    };
-}
-/**
- * Enforce mandatory signature verification for tool execution
- * This is the central function that should be called before ANY tool execution
- */
-/**
- * Get security policy based on execution context
- */
-export declare function getSecurityPolicy(options: VerificationEnforcementOptions): SecurityPolicy;
-export declare function enforceSignatureVerification(tool: EnactTool, options?: VerificationEnforcementOptions): Promise<VerificationEnforcementResult>;
-/**
- * Create an execution result for verification failure
- */
-export declare function createVerificationFailureResult(tool: EnactTool, verificationResult: VerificationEnforcementResult, executionId: string): ExecutionResult;
-/**
- * Log security audit information for tool execution
- */
-export declare function logSecurityAudit(tool: EnactTool, verificationResult: VerificationEnforcementResult, executionAllowed: boolean, options: VerificationEnforcementOptions): void;

package/dist/security/verification-enforcer.js

@@ -1,204 +0,0 @@
-// src/security/verification-enforcer.ts - Mandatory signature verification enforcement
-import { verifyTool, VERIFICATION_POLICIES, } from "./sign";
-import logger from "../exec/logger";
-/**
- * Enforce mandatory signature verification for tool execution
- * This is the central function that should be called before ANY tool execution
- */
-/**
- * Get security policy based on execution context
- */
-export function getSecurityPolicy(options) {
-    // Local files have different security policies
-    if (options.isLocalFile) {
-        return {
-            allowSkipVerification: true,
-            allowUnsigned: true,
-            requireInteractiveConfirmation: false,
-            defaultVerificationPolicy: "permissive",
-        };
-    }
-    // Production/registry tools have strict policies
-    return {
-        allowSkipVerification: false,
-        allowUnsigned: false,
-        requireInteractiveConfirmation: !!options.interactive,
-        defaultVerificationPolicy: options.verifyPolicy || "permissive",
-    };
-}
-export async function enforceSignatureVerification(tool, options = {}) {
-    const toolName = tool.name || "unknown";
-    // Apply centralized security policy based on context
-    const securityPolicy = getSecurityPolicy(options);
-    // Check if verification is explicitly skipped
-    if (options.skipVerification && securityPolicy.allowSkipVerification) {
-        logger.warn(`🚨 SECURITY WARNING: Signature verification skipped for tool: ${toolName}`);
-        logger.warn(`   This bypasses security measures and is NOT recommended for production use!`);
-        return {
-            allowed: true,
-            reason: `Verification skipped by request for tool: ${toolName}`,
-            verificationResult: {
-                isValid: false,
-                message: "Verification skipped",
-                validSignatures: 0,
-                totalSignatures: 0,
-                verifiedSigners: [],
-                errors: ["Signature verification was explicitly skipped"],
-            },
-        };
-    }
-    // Check if tool has any signatures
-    const hasSignatures = !!(tool.signatures && Object.keys(tool.signatures).length > 0) ||
-        !!tool.signature;
-    if (!hasSignatures) {
-        logger.warn(`⚠️  Tool has no signatures: ${toolName}`);
-        // Only allow unsigned tools if policy permits (for development/testing)
-        if (options.allowUnsigned || securityPolicy.allowUnsigned) {
-            logger.warn(`   Allowing unsigned tool execution due to allowUnsigned flag (DEV/TEST ONLY)`);
-            return {
-                allowed: true,
-                reason: `Unsigned tool allowed by explicit permission: ${toolName}`,
-                verificationResult: {
-                    isValid: false,
-                    message: "No signatures found, but execution allowed",
-                    validSignatures: 0,
-                    totalSignatures: 0,
-                    verifiedSigners: [],
-                    errors: [
-                        "Tool has no signatures but execution was explicitly allowed",
-                    ],
-                },
-            };
-        }
-        // Reject unsigned tools by default
-        return {
-            allowed: false,
-            reason: `Tool has no signatures and unsigned execution is not permitted: ${toolName}`,
-            error: {
-                message: `Tool "${toolName}" has no cryptographic signatures. For security, only signed tools can be executed.`,
-                code: "NO_SIGNATURES_FOUND",
-                details: {
-                    toolName,
-                    hasSignature: !!tool.signature,
-                    hasSignatures: !!tool.signatures,
-                    signatureCount: tool.signatures
-                        ? Object.keys(tool.signatures).length
-                        : 0,
-                },
-            },
-        };
-    }
-    // Perform signature verification
-    try {
-        logger.info(`🔐 Verifying signatures for tool: ${toolName}`);
-        // Determine verification policy
-        const policyKey = (options.verifyPolicy || "permissive").toUpperCase();
-        const policy = VERIFICATION_POLICIES[policyKey] || VERIFICATION_POLICIES.PERMISSIVE;
-        logger.info(`   Using verification policy: ${policyKey.toLowerCase()}`);
-        if (policy.minimumSignatures) {
-            logger.info(`   Minimum signatures required: ${policy.minimumSignatures}`);
-        }
-        if (policy.requireRoles) {
-            logger.info(`   Required roles: ${policy.requireRoles.join(", ")}`);
-        }
-        // Verify the tool
-        const verificationResult = await verifyTool(tool, policy);
-        if (verificationResult.isValid) {
-            logger.info(`✅ Signature verification passed for tool: ${toolName}`);
-            logger.info(`   Valid signatures: ${verificationResult.validSignatures}/${verificationResult.totalSignatures}`);
-            if (verificationResult.verifiedSigners.length > 0) {
-                logger.info(`   Verified signers: ${verificationResult.verifiedSigners
-                    .map((s) => `${s.signer}${s.role ? ` (${s.role})` : ""}`)
-                    .join(", ")}`);
-            }
-            return {
-                allowed: true,
-                reason: `Tool signature verification passed: ${verificationResult.message}`,
-                verificationResult,
-            };
-        }
-        else {
-            logger.error(`❌ Signature verification failed for tool: ${toolName}`);
-            logger.error(`   Policy: ${policyKey.toLowerCase()}`);
-            logger.error(`   Valid signatures: ${verificationResult.validSignatures}/${verificationResult.totalSignatures}`);
-            if (verificationResult.errors.length > 0) {
-                logger.error(`   Errors:`);
-                verificationResult.errors.forEach((error) => logger.error(`     - ${error}`));
-            }
-            return {
-                allowed: false,
-                reason: `Tool signature verification failed: ${verificationResult.message}`,
-                verificationResult,
-                error: {
-                    message: `Tool "${toolName}" failed signature verification. ${verificationResult.message}`,
-                    code: "SIGNATURE_VERIFICATION_FAILED",
-                    details: {
-                        toolName,
-                        policy: policyKey.toLowerCase(),
-                        validSignatures: verificationResult.validSignatures,
-                        totalSignatures: verificationResult.totalSignatures,
-                        errors: verificationResult.errors,
-                        verifiedSigners: verificationResult.verifiedSigners,
-                    },
-                },
-            };
-        }
-    }
-    catch (error) {
-        const errorMessage = error instanceof Error ? error.message : "Unknown verification error";
-        logger.error(`💥 Signature verification error for tool: ${toolName} - ${errorMessage}`);
-        return {
-            allowed: false,
-            reason: `Signature verification error: ${errorMessage}`,
-            error: {
-                message: `Signature verification failed due to error: ${errorMessage}`,
-                code: "VERIFICATION_ERROR",
-                details: { toolName, originalError: error },
-            },
-        };
-    }
-}
-/**
- * Create an execution result for verification failure
- */
-export function createVerificationFailureResult(tool, verificationResult, executionId) {
-    return {
-        success: false,
-        error: verificationResult.error || {
-            message: verificationResult.reason,
-            code: "VERIFICATION_FAILED",
-        },
-        metadata: {
-            executionId,
-            toolName: tool.name || "unknown",
-            version: tool.version,
-            executedAt: new Date().toISOString(),
-            environment: "direct",
-            command: tool.command,
-        },
-    };
-}
-/**
- * Log security audit information for tool execution
- */
-export function logSecurityAudit(tool, verificationResult, executionAllowed, options) {
-    const auditLog = {
-        timestamp: new Date().toISOString(),
-        tool: tool.name || "unknown",
-        version: tool.version,
-        command: tool.command,
-        executionAllowed,
-        verificationSkipped: options.skipVerification || false,
-        verificationPolicy: options.verifyPolicy || "permissive",
-        verificationResult: verificationResult.verificationResult
-            ? {
-                isValid: verificationResult.verificationResult.isValid,
-                validSignatures: verificationResult.verificationResult.validSignatures,
-                totalSignatures: verificationResult.verificationResult.totalSignatures,
-                verifiedSigners: verificationResult.verificationResult.verifiedSigners,
-            }
-            : null,
-        errors: verificationResult.error ? [verificationResult.error.message] : [],
-    };
-    logger.info(`🔍 Security Audit Log:`, auditLog);
-}

package/dist/services/McpCoreService.d.ts

@@ -1,98 +0,0 @@
-import type { EnactTool, ExecutionResult } from "../types";
-export declare class McpCoreService {
-    private core;
-    constructor(options?: {
-        apiUrl?: string;
-        supabaseUrl?: string;
-        authToken?: string;
-    });
-    /**
-     * Create McpCoreService with config-based URLs
-     */
-    static create(options?: {
-        apiUrl?: string;
-        supabaseUrl?: string;
-        authToken?: string;
-    }): Promise<McpCoreService>;
-    /**
-     * Set authentication token
-     */
-    setAuthToken(token: string): void;
-    /**
-     * Search for tools
-     */
-    searchTools(query: string, options?: {
-        limit?: number;
-        tags?: string[];
-        author?: string;
-    }): Promise<EnactTool[]>;
-    /**
-     * Get a specific tool by name
-     */
-    getToolInfo(name: string): Promise<EnactTool | null>;
-    /**
-     * Execute a tool by name
-     */
-    executeToolByName(name: string, inputs?: Record<string, any>, options?: {
-        timeout?: string;
-        force?: boolean;
-        dryRun?: boolean;
-    }): Promise<ExecutionResult>;
-    /**
-     * Execute a tool from raw YAML definition
-     */
-    executeRawTool(toolYaml: string, inputs?: Record<string, any>, options?: {
-        timeout?: string;
-        force?: boolean;
-        dryRun?: boolean;
-    }): Promise<ExecutionResult>;
-    /**
-     * Check if a tool exists
-     */
-    toolExists(name: string): Promise<boolean>;
-    /**
-     * Get tools by tags
-     */
-    getToolsByTags(tags: string[], limit?: number): Promise<EnactTool[]>;
-    /**
-     * Get tools by author
-     */
-    getToolsByAuthor(author: string, limit?: number): Promise<EnactTool[]>;
-    /**
-     * Get all tools with filters
-     */
-    getTools(options?: {
-        limit?: number;
-        offset?: number;
-        tags?: string[];
-        author?: string;
-    }): Promise<EnactTool[]>;
-    /**
-     * Get authentication status
-     */
-    getAuthStatus(): Promise<{
-        authenticated: boolean;
-        user?: string;
-        server?: string;
-    }>;
-    /**
-     * Check if service is available (always true for core service)
-     */
-    isAvailable(): Promise<boolean>;
-    /**
-     * Get service path info (not applicable for core service)
-     */
-    getPathInfo(): Promise<{
-        detectedPath: string | null;
-        isAvailable: boolean;
-        version?: string;
-    }>;
-    /**
-     * Publish a tool (requires authentication)
-     */
-    publishTool(tool: EnactTool): Promise<{
-        success: boolean;
-        message: string;
-    }>;
-}
-export declare const mcpCoreService: McpCoreService;

package/dist/services/McpCoreService.js

@@ -1,124 +0,0 @@
-// src/services/McpCoreService.ts - Direct core integration for MCP server
-import { EnactCore } from "../core/EnactCore";
-import { getFrontendUrl, getApiUrl } from "../utils/config";
-export class McpCoreService {
-    constructor(options) {
-        this.core = new EnactCore({
-            apiUrl: options?.apiUrl || "https://enact.tools",
-            supabaseUrl: options?.supabaseUrl || "https://xjnhhxwxovjifdxdwzih.supabase.co",
-            authToken: options?.authToken,
-        });
-    }
-    /**
-     * Create McpCoreService with config-based URLs
-     */
-    static async create(options) {
-        const frontendUrl = options?.apiUrl || await getFrontendUrl();
-        const apiUrl = options?.supabaseUrl || await getApiUrl();
-        return new McpCoreService({
-            ...options,
-            apiUrl: frontendUrl,
-            supabaseUrl: apiUrl,
-        });
-    }
-    /**
-     * Set authentication token
-     */
-    setAuthToken(token) {
-        this.core.setAuthToken(token);
-    }
-    /**
-     * Search for tools
-     */
-    async searchTools(query, options) {
-        const searchOptions = {
-            query,
-            limit: options?.limit,
-            tags: options?.tags,
-            author: options?.author,
-        };
-        return await this.core.searchTools(searchOptions);
-    }
-    /**
-     * Get a specific tool by name
-     */
-    async getToolInfo(name) {
-        return await this.core.getToolByName(name);
-    }
-    /**
-     * Execute a tool by name
-     */
-    async executeToolByName(name, inputs = {}, options) {
-        const executeOptions = {
-            timeout: options?.timeout,
-            force: options?.force,
-            dryRun: options?.dryRun,
-        };
-        return await this.core.executeToolByName(name, inputs, executeOptions);
-    }
-    /**
-     * Execute a tool from raw YAML definition
-     */
-    async executeRawTool(toolYaml, inputs = {}, options) {
-        const executeOptions = {
-            timeout: options?.timeout,
-            force: options?.force,
-            dryRun: options?.dryRun,
-        };
-        return await this.core.executeRawTool(toolYaml, inputs, executeOptions);
-    }
-    /**
-     * Check if a tool exists
-     */
-    async toolExists(name) {
-        return await this.core.toolExists(name);
-    }
-    /**
-     * Get tools by tags
-     */
-    async getToolsByTags(tags, limit = 20) {
-        return await this.core.getToolsByTags(tags, limit);
-    }
-    /**
-     * Get tools by author
-     */
-    async getToolsByAuthor(author, limit = 20) {
-        return await this.core.getToolsByAuthor(author, limit);
-    }
-    /**
-     * Get all tools with filters
-     */
-    async getTools(options) {
-        return await this.core.getTools(options);
-    }
-    /**
-     * Get authentication status
-     */
-    async getAuthStatus() {
-        return await this.core.getAuthStatus();
-    }
-    /**
-     * Check if service is available (always true for core service)
-     */
-    async isAvailable() {
-        return true;
-    }
-    /**
-     * Get service path info (not applicable for core service)
-     */
-    async getPathInfo() {
-        return {
-            detectedPath: "core-library",
-            isAvailable: true,
-            version: "2.0.0-core",
-        };
-    }
-    /**
-     * Publish a tool (requires authentication)
-     */
-    async publishTool(tool) {
-        return await this.core.publishTool(tool);
-    }
-}
-// Create and export singleton instance
-export const mcpCoreService = new McpCoreService();

package/dist/services/index.d.ts

@@ -1 +0,0 @@
-export * from './McpCoreService';

package/dist/services/index.js

@@ -1 +0,0 @@
-export * from './McpCoreService';

package/dist/utils/config.d.ts

@@ -1,111 +0,0 @@
-export interface EnactConfig {
-    defaultUrl?: string;
-    history?: string[];
-    urls?: {
-        frontend?: string;
-        api?: string;
-    };
-}
-/**
- * Ensure config directory and file exist
- */
-export declare function ensureConfig(): Promise<void>;
-/**
- * Read the config file
- */
-export declare function readConfig(): Promise<EnactConfig>;
-/**
- * Write to the config file
- */
-export declare function writeConfig(config: EnactConfig): Promise<void>;
-/**
- * Add a file to the publish history
- */
-export declare function addToHistory(filePath: string): Promise<void>;
-/**
- * Get the publish history
- */
-export declare function getHistory(): Promise<string[]>;
-/**
- * Set the default publish URL
- */
-export declare function setDefaultUrl(url: string): Promise<void>;
-/**
- * Get the default publish URL
- */
-export declare function getDefaultUrl(): Promise<string | undefined>;
-export interface TrustedKeyMeta {
-    name: string;
-    description?: string;
-    addedAt: string;
-    source: "default" | "user" | "organization";
-    keyFile: string;
-}
-export interface TrustedKey {
-    id: string;
-    name: string;
-    publicKey: string;
-    description?: string;
-    addedAt: string;
-    source: "default" | "user" | "organization";
-    keyFile: string;
-}
-/**
- * Get the frontend URL with fallbacks
- */
-export declare function getFrontendUrl(): Promise<string>;
-/**
- * Get the API URL with fallbacks
- */
-export declare function getApiUrl(): Promise<string>;
-/**
- * Set the frontend URL in config
- */
-export declare function setFrontendUrl(url: string): Promise<void>;
-/**
- * Set the API URL in config
- */
-export declare function setApiUrl(url: string): Promise<void>;
-/**
- * Reset URLs to defaults
- */
-export declare function resetUrls(): Promise<void>;
-/**
- * Get current URL configuration
- */
-export declare function getUrlConfig(): Promise<{
-    frontend: {
-        value: string;
-        source: string;
-    };
-    api: {
-        value: string;
-        source: string;
-    };
-}>;
-/**
- * Read all trusted keys from directory
- */
-export declare function getTrustedKeys(): Promise<TrustedKey[]>;
-/**
- * Add a trusted key
- */
-export declare function addTrustedKey(keyData: {
-    id: string;
-    name: string;
-    publicKey: string;
-    description?: string;
-    source?: "user" | "organization";
-}): Promise<void>;
-/**
- * Remove a trusted key
- */
-export declare function removeTrustedKey(keyId: string): Promise<void>;
-/**
- * Get a specific trusted key
- */
-export declare function getTrustedKey(keyId: string): Promise<TrustedKey | null>;
-/**
- * Check if a public key is trusted
- */
-export declare function isKeyTrusted(publicKey: string): Promise<boolean>;