@enactprotocol/shared 1.2.3 → 1.2.4

package/dist/api/enact-api.d.ts

@@ -2,7 +2,11 @@ import { EnactToolDefinition, ToolUsage, ToolSearchQuery, CLITokenCreate, OAuthT
 export declare class EnactApiClient {
     baseUrl: string;
     supabaseUrl: string;
-    constructor(baseUrl?: string, supabaseUrl?: string);
+    constructor(baseUrl: string, supabaseUrl: string);
+    /**
+     * Create API client with config-based URLs
+     */
+    static create(baseUrl?: string, supabaseUrl?: string): Promise<EnactApiClient>;
     private makeRequest;
     /**
      * Get all tools (public, no auth required)
@@ -115,6 +119,7 @@ export declare class EnactApiClient {
         errors: string[];
     };
 }
+export declare function createDefaultApiClient(): Promise<EnactApiClient>;
 export declare const enactApi: EnactApiClient;
 export declare class EnactApiError extends Error {
     statusCode?: number | undefined;

package/dist/api/enact-api.js

@@ -1,8 +1,17 @@
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 export class EnactApiClient {
-    constructor(baseUrl = "https://enact.tools", supabaseUrl = "https://xjnhhxwxovjifdxdwzih.supabase.co") {
+    constructor(baseUrl, supabaseUrl) {
         this.baseUrl = baseUrl.replace(/\/$/, ""); // Remove trailing slash
         this.supabaseUrl = supabaseUrl.replace(/\/$/, "");
     }
+    /**
+     * Create API client with config-based URLs
+     */
+    static async create(baseUrl, supabaseUrl) {
+        const frontendUrl = baseUrl || await getFrontendUrl();
+        const apiUrl = supabaseUrl || await getApiUrl();
+        return new EnactApiClient(frontendUrl, apiUrl);
+    }
     // Helper method to make authenticated requests
     async makeRequest(endpoint, options = {}, token, tokenType = "jwt") {
         const url = endpoint.startsWith("http")
@@ -389,8 +398,12 @@ export class EnactApiClient {
         };
     }
 }
-// Export a default instance
-export const enactApi = new EnactApiClient();
+// Export a default instance factory
+export async function createDefaultApiClient() {
+    return await EnactApiClient.create();
+}
+// Keep backward compatibility with sync usage
+export const enactApi = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
 // Export error types for better error handling
 export class EnactApiError extends Error {
     constructor(message, statusCode, endpoint) {
@@ -402,5 +415,7 @@ export class EnactApiError extends Error {
 }
 // Helper function to create API client with custom configuration
 export function createEnactApiClient(baseUrl, supabaseUrl) {
-    return new EnactApiClient(baseUrl, supabaseUrl);
+    const defaultFrontend = "https://enact.tools";
+    const defaultApi = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+    return new EnactApiClient(baseUrl || defaultFrontend, supabaseUrl || defaultApi);
 }

package/dist/constants.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Shared constants for Enact CLI
+ */
+export declare const DEFAULT_FRONTEND_URL = "https://enact.tools";
+export declare const DEFAULT_API_URL = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+export declare const ENV_FRONTEND_URL = "ENACT_FRONTEND_URL";
+export declare const ENV_API_URL = "ENACT_API_URL";

package/dist/constants.js

@@ -0,0 +1,10 @@
+/**
+ * Shared constants for Enact CLI
+ */
+// Frontend URL - used for OAuth redirects, registry browsing, documentation links
+export const DEFAULT_FRONTEND_URL = "https://enact.tools";
+// Backend API URL - used for all API calls (search, publish, etc.)
+export const DEFAULT_API_URL = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+// Environment variable names for overriding defaults
+export const ENV_FRONTEND_URL = "ENACT_FRONTEND_URL";
+export const ENV_API_URL = "ENACT_API_URL";

package/dist/core/DaggerExecutionProvider.d.ts

@@ -145,10 +145,6 @@ export declare class DaggerExecutionProvider extends ExecutionProvider {
      * Graceful shutdown with proper async cleanup
      */
     private gracefulShutdown;
-    /**
-     * Enhanced force cleanup for synchronous exit handlers
-     */
-    private forceCleanup;
     /**
      * Get current engine status for debugging
      */

package/dist/core/DaggerExecutionProvider.js

@@ -935,43 +935,6 @@ export class DaggerExecutionProvider extends ExecutionProvider {
             process.exit(1);
         }
     }
-    /**
-     * Enhanced force cleanup for synchronous exit handlers
-     */
-    forceCleanup() {
-        if (this.isShuttingDown)
-            return;
-        try {
-            logger.info("🔄 Force cleaning up Dagger engines...");
-            const result = spawnSync("docker", [
-                "ps",
-                "--all",
-                "--filter",
-                "name=dagger-engine",
-                "--format",
-                "{{.Names}}",
-            ], {
-                encoding: "utf8",
-                timeout: 5000,
-            });
-            if (result.stdout) {
-                const names = result.stdout
-                    .trim()
-                    .split("\n")
-                    .filter((n) => n.trim());
-                if (names.length > 0) {
-                    logger.info(`Found ${names.length} engine containers, force removing...`);
-                    for (const name of names) {
-                        spawnSync("docker", ["rm", "-f", name.trim()], { timeout: 3000 });
-                    }
-                    logger.info("✅ Force cleanup completed");
-                }
-            }
-        }
-        catch (error) {
-            logger.debug("Force cleanup failed (this is usually fine):", error);
-        }
-    }
     /**
      * Get current engine status for debugging
      */

package/dist/core/EnactCore.d.ts

@@ -34,6 +34,10 @@ export declare class EnactCore {
     private executionProvider;
     private options;
     constructor(options?: EnactCoreOptions);
+    /**
+     * Create EnactCore with config-based URLs
+     */
+    static create(options?: EnactCoreOptions): Promise<EnactCore>;
     /**
      * Set authentication token for API operations
      */

package/dist/core/EnactCore.js

@@ -6,11 +6,12 @@ import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
 import logger from "../exec/logger.js";
 import yaml from "yaml";
 import { CryptoUtils, SecurityConfigManager, SigningService } from "@enactprotocol/security";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 export class EnactCore {
     constructor(options = {}) {
         this.options = {
-            apiUrl: "https://enact.tools",
-            supabaseUrl: "https://xjnhhxwxovjifdxdwzih.supabase.co",
+            apiUrl: "https://enact.tools", // Default, will be overridden by factory
+            supabaseUrl: "https://xjnhhxwxovjifdxdwzih.supabase.co", // Default, will be overridden by factory
             executionProvider: "dagger",
             defaultTimeout: "30s",
             ...options,
@@ -19,6 +20,18 @@ export class EnactCore {
         // Initialize the appropriate execution provider
         this.executionProvider = this.createExecutionProvider();
     }
+    /**
+     * Create EnactCore with config-based URLs
+     */
+    static async create(options = {}) {
+        const frontendUrl = options.apiUrl || await getFrontendUrl();
+        const apiUrl = options.supabaseUrl || await getApiUrl();
+        return new EnactCore({
+            ...options,
+            apiUrl: frontendUrl,
+            supabaseUrl: apiUrl,
+        });
+    }
     /**
      * Set authentication token for API operations
      */

package/dist/lib/enact-direct.d.ts

@@ -14,6 +14,15 @@ export declare class EnactDirect {
         authToken?: string;
         defaultTimeout?: string;
     });
+    /**
+     * Create EnactDirect with config-based URLs
+     */
+    static create(options?: {
+        apiUrl?: string;
+        supabaseUrl?: string;
+        authToken?: string;
+        defaultTimeout?: string;
+    }): Promise<EnactDirect>;
     /**
      * Execute a tool by name with inputs
      *

package/dist/lib/enact-direct.js

@@ -1,5 +1,6 @@
 // src/lib/enact-direct.ts - Library interface for direct usage by MCP servers
 import { EnactCore, } from "../core/EnactCore";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 /**
  * Direct Enact Library Interface
  *
@@ -8,16 +9,27 @@ import { EnactCore, } from "../core/EnactCore";
  */
 export class EnactDirect {
     constructor(options = {}) {
+        // We need to handle async config loading in a factory method
         this.core = new EnactCore({
-            apiUrl: options.apiUrl || process.env.ENACT_API_URL || "https://enact.tools",
-            supabaseUrl: options.supabaseUrl ||
-                process.env.ENACT_SUPABASE_URL ||
-                "https://xjnhhxwxovjifdxdwzih.supabase.co",
+            apiUrl: options.apiUrl || process.env.ENACT_FRONTEND_URL || "https://enact.tools",
+            supabaseUrl: options.supabaseUrl || process.env.ENACT_API_URL || "https://xjnhhxwxovjifdxdwzih.supabase.co",
             executionProvider: "direct",
             authToken: options.authToken || process.env.ENACT_AUTH_TOKEN,
             defaultTimeout: options.defaultTimeout || "30s",
         });
     }
+    /**
+     * Create EnactDirect with config-based URLs
+     */
+    static async create(options = {}) {
+        const frontendUrl = options.apiUrl || process.env.ENACT_FRONTEND_URL || await getFrontendUrl();
+        const apiUrl = options.supabaseUrl || process.env.ENACT_API_URL || await getApiUrl();
+        return new EnactDirect({
+            ...options,
+            apiUrl: frontendUrl,
+            supabaseUrl: apiUrl,
+        });
+    }
     /**
      * Execute a tool by name with inputs
      *

package/dist/services/McpCoreService.d.ts

@@ -6,6 +6,14 @@ export declare class McpCoreService {
         supabaseUrl?: string;
         authToken?: string;
     });
+    /**
+     * Create McpCoreService with config-based URLs
+     */
+    static create(options?: {
+        apiUrl?: string;
+        supabaseUrl?: string;
+        authToken?: string;
+    }): Promise<McpCoreService>;
     /**
      * Set authentication token
      */

package/dist/services/McpCoreService.js

@@ -1,5 +1,6 @@
 // src/services/McpCoreService.ts - Direct core integration for MCP server
 import { EnactCore } from "../core/EnactCore";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 export class McpCoreService {
     constructor(options) {
         this.core = new EnactCore({
@@ -8,6 +9,18 @@ export class McpCoreService {
             authToken: options?.authToken,
         });
     }
+    /**
+     * Create McpCoreService with config-based URLs
+     */
+    static async create(options) {
+        const frontendUrl = options?.apiUrl || await getFrontendUrl();
+        const apiUrl = options?.supabaseUrl || await getApiUrl();
+        return new McpCoreService({
+            ...options,
+            apiUrl: frontendUrl,
+            supabaseUrl: apiUrl,
+        });
+    }
     /**
      * Set authentication token
      */

package/dist/utils/config.d.ts

@@ -1,6 +1,10 @@
 export interface EnactConfig {
     defaultUrl?: string;
     history?: string[];
+    urls?: {
+        frontend?: string;
+        api?: string;
+    };
 }
 /**
  * Ensure config directory and file exist
@@ -30,3 +34,78 @@ export declare function setDefaultUrl(url: string): Promise<void>;
  * Get the default publish URL
  */
 export declare function getDefaultUrl(): Promise<string | undefined>;
+export interface TrustedKeyMeta {
+    name: string;
+    description?: string;
+    addedAt: string;
+    source: "default" | "user" | "organization";
+    keyFile: string;
+}
+export interface TrustedKey {
+    id: string;
+    name: string;
+    publicKey: string;
+    description?: string;
+    addedAt: string;
+    source: "default" | "user" | "organization";
+    keyFile: string;
+}
+/**
+ * Get the frontend URL with fallbacks
+ */
+export declare function getFrontendUrl(): Promise<string>;
+/**
+ * Get the API URL with fallbacks
+ */
+export declare function getApiUrl(): Promise<string>;
+/**
+ * Set the frontend URL in config
+ */
+export declare function setFrontendUrl(url: string): Promise<void>;
+/**
+ * Set the API URL in config
+ */
+export declare function setApiUrl(url: string): Promise<void>;
+/**
+ * Reset URLs to defaults
+ */
+export declare function resetUrls(): Promise<void>;
+/**
+ * Get current URL configuration
+ */
+export declare function getUrlConfig(): Promise<{
+    frontend: {
+        value: string;
+        source: string;
+    };
+    api: {
+        value: string;
+        source: string;
+    };
+}>;
+/**
+ * Read all trusted keys from directory
+ */
+export declare function getTrustedKeys(): Promise<TrustedKey[]>;
+/**
+ * Add a trusted key
+ */
+export declare function addTrustedKey(keyData: {
+    id: string;
+    name: string;
+    publicKey: string;
+    description?: string;
+    source?: "user" | "organization";
+}): Promise<void>;
+/**
+ * Remove a trusted key
+ */
+export declare function removeTrustedKey(keyId: string): Promise<void>;
+/**
+ * Get a specific trusted key
+ */
+export declare function getTrustedKey(keyId: string): Promise<TrustedKey | null>;
+/**
+ * Check if a public key is trusted
+ */
+export declare function isKeyTrusted(publicKey: string): Promise<boolean>;

package/dist/utils/config.js

@@ -6,6 +6,7 @@ import { mkdir, readFile, writeFile } from "fs/promises";
 // Define config paths
 const CONFIG_DIR = join(homedir(), ".enact");
 const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+const TRUSTED_KEYS_DIR = join(CONFIG_DIR, "trusted-keys");
 /**
  * Ensure config directory and file exist
  */
@@ -14,7 +15,14 @@ export async function ensureConfig() {
         await mkdir(CONFIG_DIR, { recursive: true });
     }
     if (!existsSync(CONFIG_FILE)) {
-        await writeFile(CONFIG_FILE, JSON.stringify({ history: [] }, null, 2));
+        const defaultConfig = {
+            history: [],
+            urls: {
+                frontend: DEFAULT_FRONTEND_URL,
+                api: DEFAULT_API_URL,
+            },
+        };
+        await writeFile(CONFIG_FILE, JSON.stringify(defaultConfig, null, 2));
     }
 }
 /**
@@ -24,11 +32,26 @@ export async function readConfig() {
     await ensureConfig();
     try {
         const data = await readFile(CONFIG_FILE, "utf8");
-        return JSON.parse(data);
+        const config = JSON.parse(data);
+        // Migrate old configs that don't have URLs section
+        if (!config.urls) {
+            config.urls = {
+                frontend: DEFAULT_FRONTEND_URL,
+                api: DEFAULT_API_URL,
+            };
+            await writeConfig(config);
+        }
+        return config;
     }
     catch (error) {
         console.error("Failed to read config:", error.message);
-        return { history: [] };
+        return {
+            history: [],
+            urls: {
+                frontend: DEFAULT_FRONTEND_URL,
+                api: DEFAULT_API_URL,
+            },
+        };
     }
 }
 /**
@@ -76,3 +99,244 @@ export async function getDefaultUrl() {
     const config = await readConfig();
     return config.defaultUrl;
 }
+// Default URLs
+const DEFAULT_FRONTEND_URL = "https://enact.tools";
+const DEFAULT_API_URL = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+// Default trusted public key (Enact Protocol official key)
+const DEFAULT_ENACT_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8VyE3jGm5yT2mKnPx1dQF7q8Z2Kv
+7mX9YnE2mK8vF3tY9pL6xH2dF8sK3mN7wQ5vT2gR8sL4xN6pM9uE3wF2Qw==
+-----END PUBLIC KEY-----`;
+/**
+ * Get the frontend URL with fallbacks
+ */
+export async function getFrontendUrl() {
+    // 1. Environment variable override
+    if (process.env.ENACT_FRONTEND_URL) {
+        return process.env.ENACT_FRONTEND_URL;
+    }
+    // 2. Config file setting
+    const config = await readConfig();
+    if (config.urls?.frontend) {
+        return config.urls.frontend;
+    }
+    // 3. Default
+    return DEFAULT_FRONTEND_URL;
+}
+/**
+ * Get the API URL with fallbacks
+ */
+export async function getApiUrl() {
+    // 1. Environment variable override
+    if (process.env.ENACT_API_URL) {
+        return process.env.ENACT_API_URL;
+    }
+    // 2. Config file setting
+    const config = await readConfig();
+    if (config.urls?.api) {
+        return config.urls.api;
+    }
+    // 3. Default
+    return DEFAULT_API_URL;
+}
+/**
+ * Set the frontend URL in config
+ */
+export async function setFrontendUrl(url) {
+    const config = await readConfig();
+    if (!config.urls) {
+        config.urls = {};
+    }
+    config.urls.frontend = url;
+    await writeConfig(config);
+}
+/**
+ * Set the API URL in config
+ */
+export async function setApiUrl(url) {
+    const config = await readConfig();
+    if (!config.urls) {
+        config.urls = {};
+    }
+    config.urls.api = url;
+    await writeConfig(config);
+}
+/**
+ * Reset URLs to defaults
+ */
+export async function resetUrls() {
+    const config = await readConfig();
+    if (config.urls) {
+        delete config.urls.frontend;
+        delete config.urls.api;
+    }
+    await writeConfig(config);
+}
+/**
+ * Get current URL configuration
+ */
+export async function getUrlConfig() {
+    const config = await readConfig();
+    // Determine frontend URL source
+    let frontendValue = DEFAULT_FRONTEND_URL;
+    let frontendSource = "default";
+    if (config.urls?.frontend) {
+        frontendValue = config.urls.frontend;
+        frontendSource = "config";
+    }
+    if (process.env.ENACT_FRONTEND_URL) {
+        frontendValue = process.env.ENACT_FRONTEND_URL;
+        frontendSource = "environment";
+    }
+    // Determine API URL source
+    let apiValue = DEFAULT_API_URL;
+    let apiSource = "default";
+    if (config.urls?.api) {
+        apiValue = config.urls.api;
+        apiSource = "config";
+    }
+    if (process.env.ENACT_API_URL) {
+        apiValue = process.env.ENACT_API_URL;
+        apiSource = "environment";
+    }
+    return {
+        frontend: { value: frontendValue, source: frontendSource },
+        api: { value: apiValue, source: apiSource },
+    };
+}
+/**
+ * Ensure trusted keys directory exists with default key
+ */
+async function ensureTrustedKeysDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        await mkdir(CONFIG_DIR, { recursive: true });
+    }
+    if (!existsSync(TRUSTED_KEYS_DIR)) {
+        await mkdir(TRUSTED_KEYS_DIR, { recursive: true });
+    }
+    // Create default Enact Protocol key if it doesn't exist
+    const defaultKeyFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.pem");
+    const defaultMetaFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.meta");
+    if (!existsSync(defaultKeyFile)) {
+        await writeFile(defaultKeyFile, DEFAULT_ENACT_PUBLIC_KEY);
+    }
+    if (!existsSync(defaultMetaFile)) {
+        const defaultMeta = {
+            name: "Enact Protocol Official",
+            description: "Official Enact Protocol signing key for verified tools",
+            addedAt: new Date().toISOString(),
+            source: "default",
+            keyFile: "enact-protocol-official.pem"
+        };
+        await writeFile(defaultMetaFile, JSON.stringify(defaultMeta, null, 2));
+    }
+}
+/**
+ * Read all trusted keys from directory
+ */
+export async function getTrustedKeys() {
+    await ensureTrustedKeysDir();
+    const keys = [];
+    try {
+        const { readdir } = await import('fs/promises');
+        const files = await readdir(TRUSTED_KEYS_DIR);
+        // Get all .pem files
+        const pemFiles = files.filter(f => f.endsWith('.pem'));
+        for (const pemFile of pemFiles) {
+            try {
+                const keyId = pemFile.replace('.pem', '');
+                const keyPath = join(TRUSTED_KEYS_DIR, pemFile);
+                const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+                // Read the public key
+                const publicKey = await readFile(keyPath, 'utf8');
+                // Read metadata if it exists
+                let meta = {
+                    name: keyId,
+                    addedAt: new Date().toISOString(),
+                    source: "user",
+                    keyFile: pemFile
+                };
+                if (existsSync(metaPath)) {
+                    try {
+                        const metaData = await readFile(metaPath, 'utf8');
+                        meta = { ...meta, ...JSON.parse(metaData) };
+                    }
+                    catch {
+                        // Use defaults if meta file is corrupted
+                    }
+                }
+                keys.push({
+                    id: keyId,
+                    name: meta.name,
+                    publicKey: publicKey.trim(),
+                    description: meta.description,
+                    addedAt: meta.addedAt,
+                    source: meta.source,
+                    keyFile: pemFile
+                });
+            }
+            catch (error) {
+                console.warn(`Warning: Could not read key file ${pemFile}:`, error);
+            }
+        }
+    }
+    catch (error) {
+        console.error("Failed to read trusted keys directory:", error);
+    }
+    return keys;
+}
+/**
+ * Add a trusted key
+ */
+export async function addTrustedKey(keyData) {
+    await ensureTrustedKeysDir();
+    const keyFile = `${keyData.id}.pem`;
+    const metaFile = `${keyData.id}.meta`;
+    const keyPath = join(TRUSTED_KEYS_DIR, keyFile);
+    const metaPath = join(TRUSTED_KEYS_DIR, metaFile);
+    // Check if key already exists
+    if (existsSync(keyPath)) {
+        throw new Error(`Key with ID '${keyData.id}' already exists`);
+    }
+    // Write the public key file
+    await writeFile(keyPath, keyData.publicKey);
+    // Write the metadata file
+    const meta = {
+        name: keyData.name,
+        description: keyData.description,
+        addedAt: new Date().toISOString(),
+        source: keyData.source || "user",
+        keyFile
+    };
+    await writeFile(metaPath, JSON.stringify(meta, null, 2));
+}
+/**
+ * Remove a trusted key
+ */
+export async function removeTrustedKey(keyId) {
+    const keyPath = join(TRUSTED_KEYS_DIR, `${keyId}.pem`);
+    const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+    if (!existsSync(keyPath)) {
+        throw new Error(`Trusted key '${keyId}' not found`);
+    }
+    // Remove both files
+    const { unlink } = await import('fs/promises');
+    await unlink(keyPath);
+    if (existsSync(metaPath)) {
+        await unlink(metaPath);
+    }
+}
+/**
+ * Get a specific trusted key
+ */
+export async function getTrustedKey(keyId) {
+    const keys = await getTrustedKeys();
+    return keys.find(k => k.id === keyId) || null;
+}
+/**
+ * Check if a public key is trusted
+ */
+export async function isKeyTrusted(publicKey) {
+    const keys = await getTrustedKeys();
+    return keys.some(k => k.publicKey.trim() === publicKey.trim());
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/shared",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Shared utilities and core functionality for Enact Protocol",
   "type": "module",
   "main": "./dist/index.js",

package/src/api/enact-api.ts

@@ -5,19 +5,32 @@ import {
 	CLITokenCreate,
 	OAuthTokenExchange,
 } from "./types";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 
 export class EnactApiClient {
 	baseUrl: string;
 	supabaseUrl: string;
 
 	constructor(
-		baseUrl: string = "https://enact.tools",
-		supabaseUrl: string = "https://xjnhhxwxovjifdxdwzih.supabase.co",
+		baseUrl: string,
+		supabaseUrl: string,
 	) {
 		this.baseUrl = baseUrl.replace(/\/$/, ""); // Remove trailing slash
 		this.supabaseUrl = supabaseUrl.replace(/\/$/, "");
 	}
 
+	/**
+	 * Create API client with config-based URLs
+	 */
+	static async create(
+		baseUrl?: string,
+		supabaseUrl?: string,
+	): Promise<EnactApiClient> {
+		const frontendUrl = baseUrl || await getFrontendUrl();
+		const apiUrl = supabaseUrl || await getApiUrl();
+		return new EnactApiClient(frontendUrl, apiUrl);
+	}
+
 	// Helper method to make authenticated requests
 	private async makeRequest<T>(
 		endpoint: string,
@@ -545,8 +558,13 @@ export class EnactApiClient {
 	}
 }
 
-// Export a default instance
-export const enactApi = new EnactApiClient();
+// Export a default instance factory
+export async function createDefaultApiClient(): Promise<EnactApiClient> {
+	return await EnactApiClient.create();
+}
+
+// Keep backward compatibility with sync usage
+export const enactApi = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
 
 // Export error types for better error handling
 export class EnactApiError extends Error {
@@ -565,5 +583,7 @@ export function createEnactApiClient(
 	baseUrl?: string,
 	supabaseUrl?: string,
 ): EnactApiClient {
-	return new EnactApiClient(baseUrl, supabaseUrl);
+	const defaultFrontend = "https://enact.tools";
+	const defaultApi = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+	return new EnactApiClient(baseUrl || defaultFrontend, supabaseUrl || defaultApi);
 }

package/src/core/DaggerExecutionProvider.ts

@@ -12,6 +12,7 @@ import fs from "fs/promises";
 import path from "path";
 import crypto from "crypto";
 import { spawn, spawnSync } from "child_process";
+import { exit } from "process";
 
 export interface DaggerExecutionOptions {
 	baseImage?: string; // Default container image
@@ -457,7 +458,8 @@ export class DaggerExecutionProvider extends ExecutionProvider {
 						logger.debug(`Waiting ${waitTime}ms before retry...`);
 						await new Promise((resolve) => setTimeout(resolve, waitTime));
 					}
-				}
+				} 
+
 			}
 
 			// All retries failed
@@ -623,6 +625,7 @@ export class DaggerExecutionProvider extends ExecutionProvider {
 			throw error;
 		} finally {
 			this.abortController = null;
+
 		}
 	}
 
@@ -1240,50 +1243,7 @@ export class DaggerExecutionProvider extends ExecutionProvider {
 		}
 	}
 
-	/**
-	 * Enhanced force cleanup for synchronous exit handlers
-	 */
-	private forceCleanup(): void {
-		if (this.isShuttingDown) return;
-
-		try {
-			logger.info("🔄 Force cleaning up Dagger engines...");
-
-			const result = spawnSync(
-				"docker",
-				[
-					"ps",
-					"--all",
-					"--filter",
-					"name=dagger-engine",
-					"--format",
-					"{{.Names}}",
-				],
-				{
-					encoding: "utf8",
-					timeout: 5000,
-				},
-			);
-
-			if (result.stdout) {
-				const names = result.stdout
-					.trim()
-					.split("\n")
-					.filter((n: string) => n.trim());
-				if (names.length > 0) {
-					logger.info(
-						`Found ${names.length} engine containers, force removing...`,
-					);
-					for (const name of names) {
-						spawnSync("docker", ["rm", "-f", name.trim()], { timeout: 3000 });
-					}
-					logger.info("✅ Force cleanup completed");
-				}
-			}
-		} catch (error) {
-			logger.debug("Force cleanup failed (this is usually fine):", error);
-		}
-	}
+	
 
 	/**
 	 * Get current engine status for debugging

package/src/core/EnactCore.ts

@@ -18,6 +18,7 @@ import yaml from "yaml";
 import fs from "fs";
 import path from "path";
 import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 
 export interface EnactCoreOptions {
 	apiUrl?: string;
@@ -60,21 +61,35 @@ export class EnactCore {
 
 	constructor(options: EnactCoreOptions = {}) {
 		this.options = {
-			apiUrl: "https://enact.tools",
-			supabaseUrl: "https://xjnhhxwxovjifdxdwzih.supabase.co",
+			apiUrl: "https://enact.tools", // Default, will be overridden by factory
+			supabaseUrl: "https://xjnhhxwxovjifdxdwzih.supabase.co", // Default, will be overridden by factory
 			executionProvider: "dagger",
 			defaultTimeout: "30s",
 			...options,
 		};
 
 		this.apiClient = new EnactApiClient(
-			this.options.apiUrl,
-			this.options.supabaseUrl,
+			this.options.apiUrl!,
+			this.options.supabaseUrl!,
 		);
 
 		// Initialize the appropriate execution provider
 		this.executionProvider = this.createExecutionProvider();
 	}
+
+	/**
+	 * Create EnactCore with config-based URLs
+	 */
+	static async create(options: EnactCoreOptions = {}): Promise<EnactCore> {
+		const frontendUrl = options.apiUrl || await getFrontendUrl();
+		const apiUrl = options.supabaseUrl || await getApiUrl();
+		
+		return new EnactCore({
+			...options,
+			apiUrl: frontendUrl,
+			supabaseUrl: apiUrl,
+		});
+	}
 	/**
 	 * Set authentication token for API operations
 	 */

package/src/index.ts

@@ -3,6 +3,8 @@ export { EnactCore } from './core/EnactCore';
 export { DirectExecutionProvider } from './core/DirectExecutionProvider';
 export { DaggerExecutionProvider } from './core/DaggerExecutionProvider';
 
+// Constants - now handled in config utils
+
 // Types and utilities
 export type { EnactTool } from './types';
 export type { EnactToolDefinition } from './api/types';

package/src/lib/enact-direct.ts

@@ -5,6 +5,7 @@ import {
 	type ToolExecuteOptions,
 } from "../core/EnactCore";
 import type { EnactTool, ExecutionResult } from "../types";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 
 /**
  * Direct Enact Library Interface
@@ -23,19 +24,35 @@ export class EnactDirect {
 			defaultTimeout?: string;
 		} = {},
 	) {
+		// We need to handle async config loading in a factory method
 		this.core = new EnactCore({
-			apiUrl:
-				options.apiUrl || process.env.ENACT_API_URL || "https://enact.tools",
-			supabaseUrl:
-				options.supabaseUrl ||
-				process.env.ENACT_SUPABASE_URL ||
-				"https://xjnhhxwxovjifdxdwzih.supabase.co",
+			apiUrl: options.apiUrl || process.env.ENACT_FRONTEND_URL || "https://enact.tools",
+			supabaseUrl: options.supabaseUrl || process.env.ENACT_API_URL || "https://xjnhhxwxovjifdxdwzih.supabase.co",
 			executionProvider: "direct",
 			authToken: options.authToken || process.env.ENACT_AUTH_TOKEN,
 			defaultTimeout: options.defaultTimeout || "30s",
 		});
 	}
 
+	/**
+	 * Create EnactDirect with config-based URLs
+	 */
+	static async create(options: {
+		apiUrl?: string;
+		supabaseUrl?: string;
+		authToken?: string;
+		defaultTimeout?: string;
+	} = {}): Promise<EnactDirect> {
+		const frontendUrl = options.apiUrl || process.env.ENACT_FRONTEND_URL || await getFrontendUrl();
+		const apiUrl = options.supabaseUrl || process.env.ENACT_API_URL || await getApiUrl();
+		
+		return new EnactDirect({
+			...options,
+			apiUrl: frontendUrl,
+			supabaseUrl: apiUrl,
+		});
+	}
+
 	/**
 	 * Execute a tool by name with inputs
 	 *

package/src/services/McpCoreService.ts

@@ -2,6 +2,7 @@
 import { EnactCore } from "../core/EnactCore";
 import type { EnactTool, ExecutionResult } from "../types";
 import type { ToolSearchOptions, ToolExecuteOptions } from "../core/EnactCore";
+import { getFrontendUrl, getApiUrl } from "../utils/config";
 
 export class McpCoreService {
 	private core: EnactCore;
@@ -13,12 +14,29 @@ export class McpCoreService {
 	}) {
 		this.core = new EnactCore({
 			apiUrl: options?.apiUrl || "https://enact.tools",
-			supabaseUrl:
-				options?.supabaseUrl || "https://xjnhhxwxovjifdxdwzih.supabase.co",
+			supabaseUrl: options?.supabaseUrl || "https://xjnhhxwxovjifdxdwzih.supabase.co",
 			authToken: options?.authToken,
 		});
 	}
 
+	/**
+	 * Create McpCoreService with config-based URLs
+	 */
+	static async create(options?: {
+		apiUrl?: string;
+		supabaseUrl?: string;
+		authToken?: string;
+	}): Promise<McpCoreService> {
+		const frontendUrl = options?.apiUrl || await getFrontendUrl();
+		const apiUrl = options?.supabaseUrl || await getApiUrl();
+		
+		return new McpCoreService({
+			...options,
+			apiUrl: frontendUrl,
+			supabaseUrl: apiUrl,
+		});
+	}
+
 	/**
 	 * Set authentication token
 	 */

package/src/utils/config.ts

@@ -7,11 +7,16 @@ import { mkdir, readFile, writeFile } from "fs/promises";
 // Define config paths
 const CONFIG_DIR = join(homedir(), ".enact");
 const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+const TRUSTED_KEYS_DIR = join(CONFIG_DIR, "trusted-keys");
 
 // Define config interface
 export interface EnactConfig {
 	defaultUrl?: string;
 	history?: string[];
+	urls?: {
+		frontend?: string;
+		api?: string;
+	};
 }
 
 /**
@@ -23,7 +28,14 @@ export async function ensureConfig(): Promise<void> {
 	}
 
 	if (!existsSync(CONFIG_FILE)) {
-		await writeFile(CONFIG_FILE, JSON.stringify({ history: [] }, null, 2));
+		const defaultConfig = {
+			history: [],
+			urls: {
+				frontend: DEFAULT_FRONTEND_URL,
+				api: DEFAULT_API_URL,
+			},
+		};
+		await writeFile(CONFIG_FILE, JSON.stringify(defaultConfig, null, 2));
 	}
 }
 
@@ -35,10 +47,27 @@ export async function readConfig(): Promise<EnactConfig> {
 
 	try {
 		const data = await readFile(CONFIG_FILE, "utf8");
-		return JSON.parse(data) as EnactConfig;
+		const config = JSON.parse(data) as EnactConfig;
+		
+		// Migrate old configs that don't have URLs section
+		if (!config.urls) {
+			config.urls = {
+				frontend: DEFAULT_FRONTEND_URL,
+				api: DEFAULT_API_URL,
+			};
+			await writeConfig(config);
+		}
+		
+		return config;
 	} catch (error) {
 		console.error("Failed to read config:", (error as Error).message);
-		return { history: [] };
+		return { 
+			history: [],
+			urls: {
+				frontend: DEFAULT_FRONTEND_URL,
+				api: DEFAULT_API_URL,
+			},
+		};
 	}
 }
 
@@ -95,3 +124,315 @@ export async function getDefaultUrl(): Promise<string | undefined> {
 	const config = await readConfig();
 	return config.defaultUrl;
 }
+
+// Default URLs
+const DEFAULT_FRONTEND_URL = "https://enact.tools";
+const DEFAULT_API_URL = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+
+// Default trusted public key (Enact Protocol official key)
+const DEFAULT_ENACT_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8VyE3jGm5yT2mKnPx1dQF7q8Z2Kv
+7mX9YnE2mK8vF3tY9pL6xH2dF8sK3mN7wQ5vT2gR8sL4xN6pM9uE3wF2Qw==
+-----END PUBLIC KEY-----`;
+
+// Trusted key metadata interface (for .meta files)
+export interface TrustedKeyMeta {
+	name: string;
+	description?: string;
+	addedAt: string;
+	source: "default" | "user" | "organization";
+	keyFile: string;
+}
+
+// Combined trusted key interface
+export interface TrustedKey {
+	id: string;
+	name: string;
+	publicKey: string;
+	description?: string;
+	addedAt: string;
+	source: "default" | "user" | "organization";
+	keyFile: string;
+}
+
+/**
+ * Get the frontend URL with fallbacks
+ */
+export async function getFrontendUrl(): Promise<string> {
+	// 1. Environment variable override
+	if (process.env.ENACT_FRONTEND_URL) {
+		return process.env.ENACT_FRONTEND_URL;
+	}
+	
+	// 2. Config file setting
+	const config = await readConfig();
+	if (config.urls?.frontend) {
+		return config.urls.frontend;
+	}
+	
+	// 3. Default
+	return DEFAULT_FRONTEND_URL;
+}
+
+/**
+ * Get the API URL with fallbacks
+ */
+export async function getApiUrl(): Promise<string> {
+	// 1. Environment variable override
+	if (process.env.ENACT_API_URL) {
+		return process.env.ENACT_API_URL;
+	}
+	
+	// 2. Config file setting
+	const config = await readConfig();
+	if (config.urls?.api) {
+		return config.urls.api;
+	}
+	
+	// 3. Default
+	return DEFAULT_API_URL;
+}
+
+/**
+ * Set the frontend URL in config
+ */
+export async function setFrontendUrl(url: string): Promise<void> {
+	const config = await readConfig();
+	if (!config.urls) {
+		config.urls = {};
+	}
+	config.urls.frontend = url;
+	await writeConfig(config);
+}
+
+/**
+ * Set the API URL in config
+ */
+export async function setApiUrl(url: string): Promise<void> {
+	const config = await readConfig();
+	if (!config.urls) {
+		config.urls = {};
+	}
+	config.urls.api = url;
+	await writeConfig(config);
+}
+
+/**
+ * Reset URLs to defaults
+ */
+export async function resetUrls(): Promise<void> {
+	const config = await readConfig();
+	if (config.urls) {
+		delete config.urls.frontend;
+		delete config.urls.api;
+	}
+	await writeConfig(config);
+}
+
+/**
+ * Get current URL configuration
+ */
+export async function getUrlConfig(): Promise<{
+	frontend: { value: string; source: string };
+	api: { value: string; source: string };
+}> {
+	const config = await readConfig();
+	
+	// Determine frontend URL source
+	let frontendValue = DEFAULT_FRONTEND_URL;
+	let frontendSource = "default";
+	
+	if (config.urls?.frontend) {
+		frontendValue = config.urls.frontend;
+		frontendSource = "config";
+	}
+	
+	if (process.env.ENACT_FRONTEND_URL) {
+		frontendValue = process.env.ENACT_FRONTEND_URL;
+		frontendSource = "environment";
+	}
+	
+	// Determine API URL source
+	let apiValue = DEFAULT_API_URL;
+	let apiSource = "default";
+	
+	if (config.urls?.api) {
+		apiValue = config.urls.api;
+		apiSource = "config";
+	}
+	
+	if (process.env.ENACT_API_URL) {
+		apiValue = process.env.ENACT_API_URL;
+		apiSource = "environment";
+	}
+	
+	return {
+		frontend: { value: frontendValue, source: frontendSource },
+		api: { value: apiValue, source: apiSource },
+	};
+}
+
+/**
+ * Ensure trusted keys directory exists with default key
+ */
+async function ensureTrustedKeysDir(): Promise<void> {
+	if (!existsSync(CONFIG_DIR)) {
+		await mkdir(CONFIG_DIR, { recursive: true });
+	}
+
+	if (!existsSync(TRUSTED_KEYS_DIR)) {
+		await mkdir(TRUSTED_KEYS_DIR, { recursive: true });
+	}
+
+	// Create default Enact Protocol key if it doesn't exist
+	const defaultKeyFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.pem");
+	const defaultMetaFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.meta");
+	
+	if (!existsSync(defaultKeyFile)) {
+		await writeFile(defaultKeyFile, DEFAULT_ENACT_PUBLIC_KEY);
+	}
+	
+	if (!existsSync(defaultMetaFile)) {
+		const defaultMeta: TrustedKeyMeta = {
+			name: "Enact Protocol Official",
+			description: "Official Enact Protocol signing key for verified tools",
+			addedAt: new Date().toISOString(),
+			source: "default",
+			keyFile: "enact-protocol-official.pem"
+		};
+		await writeFile(defaultMetaFile, JSON.stringify(defaultMeta, null, 2));
+	}
+}
+
+/**
+ * Read all trusted keys from directory
+ */
+export async function getTrustedKeys(): Promise<TrustedKey[]> {
+	await ensureTrustedKeysDir();
+	
+	const keys: TrustedKey[] = [];
+	
+	try {
+		const { readdir } = await import('fs/promises');
+		const files = await readdir(TRUSTED_KEYS_DIR);
+		
+		// Get all .pem files
+		const pemFiles = files.filter(f => f.endsWith('.pem'));
+		
+		for (const pemFile of pemFiles) {
+			try {
+				const keyId = pemFile.replace('.pem', '');
+				const keyPath = join(TRUSTED_KEYS_DIR, pemFile);
+				const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+				
+				// Read the public key
+				const publicKey = await readFile(keyPath, 'utf8');
+				
+				// Read metadata if it exists
+				let meta: TrustedKeyMeta = {
+					name: keyId,
+					addedAt: new Date().toISOString(),
+					source: "user",
+					keyFile: pemFile
+				};
+				
+				if (existsSync(metaPath)) {
+					try {
+						const metaData = await readFile(metaPath, 'utf8');
+						meta = { ...meta, ...JSON.parse(metaData) };
+					} catch {
+						// Use defaults if meta file is corrupted
+					}
+				}
+				
+				keys.push({
+					id: keyId,
+					name: meta.name,
+					publicKey: publicKey.trim(),
+					description: meta.description,
+					addedAt: meta.addedAt,
+					source: meta.source,
+					keyFile: pemFile
+				});
+			} catch (error) {
+				console.warn(`Warning: Could not read key file ${pemFile}:`, error);
+			}
+		}
+	} catch (error) {
+		console.error("Failed to read trusted keys directory:", error);
+	}
+	
+	return keys;
+}
+
+/**
+ * Add a trusted key
+ */
+export async function addTrustedKey(keyData: {
+	id: string;
+	name: string;
+	publicKey: string;
+	description?: string;
+	source?: "user" | "organization";
+}): Promise<void> {
+	await ensureTrustedKeysDir();
+	
+	const keyFile = `${keyData.id}.pem`;
+	const metaFile = `${keyData.id}.meta`;
+	const keyPath = join(TRUSTED_KEYS_DIR, keyFile);
+	const metaPath = join(TRUSTED_KEYS_DIR, metaFile);
+	
+	// Check if key already exists
+	if (existsSync(keyPath)) {
+		throw new Error(`Key with ID '${keyData.id}' already exists`);
+	}
+	
+	// Write the public key file
+	await writeFile(keyPath, keyData.publicKey);
+	
+	// Write the metadata file
+	const meta: TrustedKeyMeta = {
+		name: keyData.name,
+		description: keyData.description,
+		addedAt: new Date().toISOString(),
+		source: keyData.source || "user",
+		keyFile
+	};
+	await writeFile(metaPath, JSON.stringify(meta, null, 2));
+}
+
+/**
+ * Remove a trusted key
+ */
+export async function removeTrustedKey(keyId: string): Promise<void> {
+	const keyPath = join(TRUSTED_KEYS_DIR, `${keyId}.pem`);
+	const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+	
+	if (!existsSync(keyPath)) {
+		throw new Error(`Trusted key '${keyId}' not found`);
+	}
+	
+	// Remove both files
+	const { unlink } = await import('fs/promises');
+	await unlink(keyPath);
+	
+	if (existsSync(metaPath)) {
+		await unlink(metaPath);
+	}
+}
+
+/**
+ * Get a specific trusted key
+ */
+export async function getTrustedKey(keyId: string): Promise<TrustedKey | null> {
+	const keys = await getTrustedKeys();
+	return keys.find(k => k.id === keyId) || null;
+}
+
+/**
+ * Check if a public key is trusted
+ */
+export async function isKeyTrusted(publicKey: string): Promise<boolean> {
+	const keys = await getTrustedKeys();
+	return keys.some(k => k.publicKey.trim() === publicKey.trim());
+}