@lightcone-ai/daemon 0.13.0 → 0.14.0

package/mcp-servers/mysql/core.js

@@ -0,0 +1,270 @@
+import { createHash } from 'crypto';
+
+export const DEFAULT_LIMIT = 200;
+export const MAX_LIMIT = 1000;
+
+const READ_QUERY_PREFIX = /^(SELECT|SHOW|DESCRIBE|DESC|EXPLAIN|WITH)\b/i;
+const REQUIRED_DB_KEYS = ['DB_HOST', 'DB_PORT', 'DB_USER', 'DB_PASSWORD', 'DB_NAME'];
+
+function trimTrailingSemicolons(sql) {
+  return sql.replace(/;+\s*$/u, '');
+}
+
+export function normalizeSql(rawSql) {
+  if (typeof rawSql !== 'string') return '';
+  const trimmed = rawSql.trim();
+  if (!trimmed) return '';
+  return trimTrailingSemicolons(trimmed);
+}
+
+export function normalizeLimit(limit) {
+  const numeric = Number(limit);
+  if (!Number.isFinite(numeric) || numeric <= 0) return DEFAULT_LIMIT;
+  return Math.min(Math.trunc(numeric), MAX_LIMIT);
+}
+
+export function isReadQuery(sql) {
+  return READ_QUERY_PREFIX.test(sql);
+}
+
+export function hasLimitClause(sql) {
+  return /\bLIMIT\b/i.test(sql);
+}
+
+export function prepareSql(sql, limit) {
+  const normalizedSql = normalizeSql(sql);
+  if (!normalizedSql) throw new Error('sql must be a non-empty string');
+
+  const effectiveLimit = normalizeLimit(limit);
+  if (!isReadQuery(normalizedSql) || hasLimitClause(normalizedSql)) {
+    return {
+      sql: normalizedSql,
+      limit: effectiveLimit,
+      limitParams: [],
+      limitInjected: false,
+    };
+  }
+
+  return {
+    sql: `${normalizedSql} LIMIT ?`,
+    limit: effectiveLimit,
+    limitParams: [effectiveLimit],
+    limitInjected: true,
+  };
+}
+
+function readRequiredKey(envVars, key) {
+  const raw = envVars?.[key];
+  if (raw == null || String(raw).trim() === '') return null;
+  return String(raw).trim();
+}
+
+export function parseDbConfig(envVars) {
+  const missing = [];
+  const values = {};
+  for (const key of REQUIRED_DB_KEYS) {
+    const value = readRequiredKey(envVars, key);
+    if (value == null) {
+      missing.push(key);
+      continue;
+    }
+    values[key] = value;
+  }
+  if (missing.length > 0) {
+    throw new Error(`credential payload missing required DB fields: ${missing.join(', ')}`);
+  }
+
+  const port = Number(values.DB_PORT);
+  if (!Number.isFinite(port) || port <= 0) {
+    throw new Error('credential payload has invalid DB_PORT');
+  }
+
+  return {
+    host: values.DB_HOST,
+    port,
+    user: values.DB_USER,
+    password: values.DB_PASSWORD,
+    database: values.DB_NAME,
+    waitForConnections: true,
+    connectionLimit: 3,
+    queueLimit: 0,
+  };
+}
+
+function fingerprintDbConfig(dbConfig) {
+  return createHash('sha256')
+    .update(JSON.stringify([
+      dbConfig.host,
+      dbConfig.port,
+      dbConfig.user,
+      dbConfig.password,
+      dbConfig.database,
+    ]))
+    .digest('hex');
+}
+
+export function createDataSourcePoolRegistry({ createPool, logger = () => {} } = {}) {
+  if (typeof createPool !== 'function') {
+    throw new Error('createPool function is required');
+  }
+
+  const pools = new Map();
+
+  return {
+    getOrCreate(dataSourceId, dbConfig) {
+      const id = String(dataSourceId ?? '').trim();
+      if (!id) throw new Error('data_source_id must be a non-empty string');
+      const nextFingerprint = fingerprintDbConfig(dbConfig);
+      const existing = pools.get(id);
+
+      if (existing && existing.fingerprint === nextFingerprint) {
+        return existing.pool;
+      }
+
+      if (existing) {
+        Promise.resolve(existing.pool.end())
+          .catch((error) => logger(`[mysql-mcp] failed to close previous pool for data_source_id=${id}: ${error.message}`));
+      }
+
+      const pool = createPool(dbConfig);
+      pools.set(id, { fingerprint: nextFingerprint, pool });
+      return pool;
+    },
+
+    async closeAll() {
+      const closing = [];
+      for (const { pool } of pools.values()) {
+        closing.push(
+          Promise.resolve(pool.end()).catch((error) => {
+            logger(`[mysql-mcp] failed to close pool: ${error.message}`);
+          })
+        );
+      }
+      pools.clear();
+      await Promise.all(closing);
+    },
+
+    size() {
+      return pools.size;
+    },
+  };
+}
+
+function normalizeServerUrl(serverUrl) {
+  return String(serverUrl ?? '').trim().replace(/\/+$/u, '');
+}
+
+export function createCredentialBrokerClient({
+  fetchFn = globalThis.fetch,
+  serverUrl = '',
+  machineApiKey = '',
+  agentId = '',
+  workspaceId = '',
+  bundleId = '',
+} = {}) {
+  if (typeof fetchFn !== 'function') {
+    throw new Error('fetch function is required');
+  }
+
+  const normalizedServerUrl = normalizeServerUrl(serverUrl);
+  const normalizedMachineApiKey = String(machineApiKey ?? '').trim();
+  const normalizedAgentId = String(agentId ?? '').trim();
+  const normalizedWorkspaceId = String(workspaceId ?? '').trim();
+  const normalizedBundleId = String(bundleId ?? '').trim();
+
+  return async function fetchCredentialEnvVars(dataSourceId) {
+    const normalizedDataSourceId = String(dataSourceId ?? '').trim();
+    if (!normalizedDataSourceId) {
+      throw new Error('data_source_id is required');
+    }
+    if (!normalizedServerUrl || !normalizedMachineApiKey || !normalizedAgentId) {
+      throw new Error('mysql MCP missing SERVER_URL/MACHINE_API_KEY/AGENT_ID runtime context');
+    }
+
+    const response = await fetchFn(`${normalizedServerUrl}/governance/credential-broker`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${normalizedMachineApiKey}`,
+      },
+      body: JSON.stringify({
+        agent_id: normalizedAgentId,
+        workspace_id: normalizedWorkspaceId || null,
+        required_credentials: [normalizedDataSourceId],
+        bundle_id: normalizedBundleId || null,
+      }),
+    });
+
+    let payload = null;
+    try {
+      payload = await response.json();
+    } catch {
+      payload = null;
+    }
+
+    if (!response.ok) {
+      const reason = typeof payload?.error === 'string'
+        ? payload.error
+        : `status_${response.status}`;
+      throw new Error(`credential_broker_failed:${reason}`);
+    }
+
+    const envVars = payload?.env_vars;
+    if (!envVars || typeof envVars !== 'object' || Array.isArray(envVars)) {
+      throw new Error('credential_broker_invalid_response');
+    }
+    return envVars;
+  };
+}
+
+export async function executeSql({
+  dataSourceId,
+  sql,
+  params = [],
+  limit,
+  fetchCredentialEnvVars,
+  poolRegistry,
+} = {}) {
+  const normalizedDataSourceId = String(dataSourceId ?? '').trim();
+  if (!normalizedDataSourceId) {
+    throw new Error('data_source_id is required');
+  }
+  if (!Array.isArray(params)) {
+    throw new Error('params must be an array');
+  }
+  if (typeof fetchCredentialEnvVars !== 'function') {
+    throw new Error('fetchCredentialEnvVars function is required');
+  }
+  if (!poolRegistry || typeof poolRegistry.getOrCreate !== 'function') {
+    throw new Error('poolRegistry.getOrCreate is required');
+  }
+
+  const prepared = prepareSql(sql, limit);
+  const credentialEnv = await fetchCredentialEnvVars(normalizedDataSourceId);
+  const dbConfig = parseDbConfig(credentialEnv);
+  const pool = poolRegistry.getOrCreate(normalizedDataSourceId, dbConfig);
+
+  const queryParams = [...params, ...prepared.limitParams];
+  const [result] = await pool.query(prepared.sql, queryParams);
+
+  if (Array.isArray(result)) {
+    const rows = result.length > prepared.limit
+      ? result.slice(0, prepared.limit)
+      : result;
+    return {
+      data_source_id: normalizedDataSourceId,
+      row_count: rows.length,
+      limit: prepared.limit,
+      limit_applied: prepared.limitInjected || rows.length < result.length,
+      rows,
+    };
+  }
+
+  return {
+    data_source_id: normalizedDataSourceId,
+    affected_rows: Number(result?.affectedRows ?? 0),
+    changed_rows: Number(result?.changedRows ?? 0),
+    insert_id: result?.insertId ?? null,
+    warning_status: Number(result?.warningStatus ?? 0),
+  };
+}

package/mcp-servers/mysql/index.js

@@ -3,161 +3,89 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 import mysql from 'mysql2/promise';
-
-function requiredEnv(name) {
-  const value = process.env[name];
-  if (!value) {
-    throw new Error(`${name} is required; configure the remote Tencent MySQL connection in .env`);
+import { pathToFileURL } from 'url';
+import {
+  createCredentialBrokerClient,
+  createDataSourcePoolRegistry,
+  executeSql,
+} from './core.js';
+
+const TOOL_SCHEMA = {
+  data_source_id: z.string().describe('数据源 ID（当前实现映射为 credential_id）'),
+  sql: z.string().describe('要执行的 SQL。支持参数占位符 ?'),
+  params: z.array(z.any()).optional().describe('SQL 参数数组（按顺序对应 ? 占位符）'),
+  limit: z.number().int().positive().optional().describe('结果行数上限。默认 200，最大 1000'),
+};
+
+function isExecutedDirectly(metaUrl) {
+  const entry = process.argv[1];
+  if (!entry) return false;
+  try {
+    return pathToFileURL(entry).href === metaUrl;
+  } catch {
+    return false;
   }
-  return value;
 }
 
-const pool = mysql.createPool({
-  host:     requiredEnv('DB_HOST'),
-  port:     Number(requiredEnv('DB_PORT')),
-  user:     requiredEnv('DB_USER'),
-  password: requiredEnv('DB_PASSWORD'),
-  database: requiredEnv('DB_NAME'),
-  waitForConnections: true,
-  connectionLimit: 3,
-});
-
-const server = new McpServer({ name: 'mysql-jobs', version: '0.1.0' });
-
-// ── search_jobs ───────────────────────────────────────────────────────────────
-server.tool('search_jobs',
-  '搜索职位。支持按关键词、公司名、职位类型、工作地点过滤。返回匹配的职位列表（不含完整描述）。',
-  {
-    keyword:  z.string().optional().describe('搜索关键词，匹配职位名称或描述'),
-    company:  z.string().optional().describe('公司名（模糊匹配）'),
-    job_type: z.string().optional().describe('职位类型，如 实习、校招、社招'),
-    location: z.string().optional().describe('工作地点，如 北京、上海'),
-    limit:    z.number().optional().describe('返回数量，默认 10，最大 50'),
-  },
-  async ({ keyword, company, job_type, location, limit = 10 }) => {
-    const max = Math.min(limit, 50);
-    const conditions = ['is_valid != "false"'];
-    const params = [];
-
-    if (keyword) {
-      conditions.push('(job_title LIKE ? OR job_description LIKE ?)');
-      params.push(`%${keyword}%`, `%${keyword}%`);
-    }
-    if (company) {
-      conditions.push('company_name LIKE ?');
-      params.push(`%${company}%`);
-    }
-    if (job_type) {
-      conditions.push('job_type LIKE ?');
-      params.push(`%${job_type}%`);
-    }
-    if (location) {
-      conditions.push('work_location LIKE ?');
-      params.push(`%${location}%`);
-    }
-
-    params.push(max);
-    const sql = `
-      SELECT job_id, job_title, company_name, salary, work_location, job_type, degree, tags, publish_date
-      FROM job_details
-      WHERE ${conditions.join(' AND ')}
-      ORDER BY created_at DESC
-      LIMIT ?
-    `;
-
-    console.error(`[mysql-mcp] search_jobs: ${sql.replace(/\s+/g, ' ').trim()} | params: ${JSON.stringify(params)}`);
-    const [rows] = await pool.query(sql, params);
-    if (rows.length === 0) {
-      return { content: [{ type: 'text', text: '未找到匹配的职位。' }] };
-    }
-
-    const text = rows.map(r => [
-      `job_id: ${r.job_id}`,
-      `职位: ${r.job_title} @ ${r.company_name}`,
-      `类型: ${r.job_type ?? '-'}  地点: ${r.work_location ?? '-'}  学历: ${r.degree ?? '-'}`,
-      `薪资: ${r.salary || '未披露'}`,
-      `标签: ${(() => { try { return r.tags ? JSON.parse(r.tags).join(', ') : '-'; } catch { return r.tags ?? '-'; } })()}`,
-      `发布日期: ${r.publish_date ?? '-'}`,
-    ].join('\n')).join('\n\n---\n\n');
-
-    return { content: [{ type: 'text', text: `共 ${rows.length} 条结果：\n\n${text}` }] };
-  }
-);
-
-// ── get_job_detail ────────────────────────────────────────────────────────────
-server.tool('get_job_detail',
-  '根据 job_id 获取职位完整详情，包括职位描述全文。用于写手生成文案前获取完整信息。',
-  {
-    job_id: z.string().describe('职位 ID（从 search_jobs 结果中获取）'),
-  },
-  async ({ job_id }) => {
-    const detailSql = `SELECT jd.*, c.industry, c.scale, c.type as company_type, c.logo_url FROM job_details jd LEFT JOIN companies c ON jd.company_id = c.company_id WHERE jd.job_id = ?`;
-    console.error(`[mysql-mcp] get_job_detail: ${detailSql} | params: ${JSON.stringify([job_id])}`);
-    const [rows] = await pool.query(detailSql, [job_id]);
-
-    if (rows.length === 0) {
-      return { content: [{ type: 'text', text: `未找到 job_id=${job_id} 的职位。` }] };
-    }
-
-    const r = rows[0];
-    const tags = (() => { try { return r.tags ? JSON.parse(r.tags) : []; } catch { return []; } })();
-    const text = [
-      `【职位详情】`,
-      `职位名称: ${r.job_title}`,
-      `公司: ${r.company_name}${r.industry ? `（${r.industry}）` : ''}`,
-      `公司规模: ${r.scale ?? '-'}  公司类型: ${r.company_type ?? '-'}`,
-      `薪资: ${r.salary || '未披露'}`,
-      `工作地点: ${r.work_location ?? '-'}`,
-      `职位类型: ${r.job_type ?? '-'}`,
-      `学历要求: ${r.degree ?? '-'}`,
-      `技能标签: ${tags.join(', ') || '-'}`,
-      `发布日期: ${r.publish_date ?? '-'}`,
-      `截止日期: ${r.close_date ?? '-'}`,
-      `原始链接: ${r.job_detail_url}`,
-      ``,
-      `【职位描述】`,
-      r.job_description ?? '（无描述）',
-    ].join('\n');
-
-    return { content: [{ type: 'text', text }] };
-  }
-);
-
-// ── list_jobs ─────────────────────────────────────────────────────────────────
-server.tool('list_jobs',
-  '列出最新职位，支持按类型、地点过滤。用于浏览近期职位。',
-  {
-    job_type: z.string().optional().describe('职位类型过滤，如 实习、校招、社招'),
-    location: z.string().optional().describe('工作地点过滤'),
-    limit:    z.number().optional().describe('返回数量，默认 20，最大 50'),
-    offset:   z.number().optional().describe('跳过前 N 条，用于分页'),
-  },
-  async ({ job_type, location, limit = 20, offset = 0 }) => {
-    const max = Math.min(limit, 50);
-    const conditions = ['is_valid != "false"'];
-    const params = [];
-
-    if (job_type) { conditions.push('job_type LIKE ?'); params.push(`%${job_type}%`); }
-    if (location) { conditions.push('work_location LIKE ?'); params.push(`%${location}%`); }
-
-    params.push(max, offset);
-    const listSql = `SELECT job_id, job_title, company_name, salary, work_location, job_type, degree, tags FROM job_details WHERE ${conditions.join(' AND ')} ORDER BY created_at DESC LIMIT ? OFFSET ?`;
-    console.error(`[mysql-mcp] list_jobs: ${listSql} | params: ${JSON.stringify(params)}`);
-    const [rows] = await pool.query(listSql, params);
-
-    if (rows.length === 0) {
-      return { content: [{ type: 'text', text: '暂无职位数据。' }] };
+export function createMysqlMcpServer({
+  env = process.env,
+  fetchFn = globalThis.fetch,
+  mysqlModule = mysql,
+  logger = console.error,
+} = {}) {
+  const brokerClient = createCredentialBrokerClient({
+    fetchFn,
+    serverUrl: env.SERVER_URL,
+    machineApiKey: env.MACHINE_API_KEY,
+    agentId: env.AGENT_ID,
+    workspaceId: env.WORKSPACE_ID,
+    bundleId: env.GOVERNANCE_SPAWN_BUNDLE_ID,
+  });
+  const poolRegistry = createDataSourcePoolRegistry({
+    createPool: mysqlModule.createPool.bind(mysqlModule),
+    logger,
+  });
+
+  const server = new McpServer({ name: 'mysql-universal-sql', version: '0.2.0' });
+
+  server.tool(
+    'query',
+    '执行通用 SQL。调用时通过 data_source_id 走 credential broker 动态获取 DB 凭证并路由连接。',
+    TOOL_SCHEMA,
+    async ({ data_source_id, sql, params = [], limit }) => {
+      try {
+        const payload = await executeSql({
+          dataSourceId: data_source_id,
+          sql,
+          params,
+          limit,
+          fetchCredentialEnvVars: brokerClient,
+          poolRegistry,
+        });
+        return { content: [{ type: 'text', text: JSON.stringify(payload, null, 2) }] };
+      } catch (error) {
+        logger(`[mysql-mcp] query failed for data_source_id=${data_source_id}: ${error.message}`);
+        return {
+          isError: true,
+          content: [{ type: 'text', text: `query failed: ${error.message}` }],
+        };
+      }
     }
+  );
 
-    const text = rows.map(r =>
-      `${r.job_id} | ${r.job_title} @ ${r.company_name} | ${r.job_type ?? '-'} | ${r.work_location ?? '-'} | ${r.salary || '薪资未披露'}`
-    ).join('\n');
+  return { server, poolRegistry };
+}
 
-    return { content: [{ type: 'text', text }] };
-  }
-);
+export async function startMysqlMcpServer(options = {}) {
+  const { server } = createMysqlMcpServer(options);
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error('[mysql-mcp] Server started (universal SQL mode)');
+}
 
-// ── start ─────────────────────────────────────────────────────────────────────
-const transport = new StdioServerTransport();
-await server.connect(transport);
-console.error('[mysql-mcp] Server started');
+if (isExecutedDirectly(import.meta.url)) {
+  startMysqlMcpServer().catch((error) => {
+    console.error(`[mysql-mcp] failed to start: ${error.message}`);
+    process.exitCode = 1;
+  });
+}

package/mcp-servers/mysql/manifest.json

@@ -1,16 +1,18 @@
 {
   "id": "mysql",
   "name": "MySQL MCP Server",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "runtime": "node",
   "entrypoint": "index.js",
   "tool_declarations": [
-    { "name": "search_jobs", "classification": "cacheable" },
-    { "name": "get_job_detail", "classification": "cacheable" },
-    { "name": "list_jobs", "classification": "cacheable" }
+    { "name": "query", "classification": "mandatory" }
   ],
   "smoke_test": {
-    "tool": "list_jobs",
-    "arguments": { "limit": 1 }
+    "tool": "query",
+    "arguments": {
+      "data_source_id": "smoke-test-data-source",
+      "sql": "SELECT 1",
+      "limit": 1
+    }
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightcone-ai/daemon",
-  "version": "0.13.0",
+  "version": "0.14.0",
   "type": "module",
   "main": "src/index.js",
   "bin": {

package/src/chat-bridge.js

@@ -115,6 +115,7 @@ const DEFAULT_TOOL_CLASSIFICATION = {
   update_goal_field: 'mandatory',
   supersede_goal_field: 'mandatory',
   request_credential_auth: 'mandatory',
+  register_data_source: 'mandatory',
   bind_workspace_scenario: 'mandatory',
   create_workspace: 'mandatory',
   rename_workspace: 'mandatory',
@@ -170,6 +171,7 @@ const CACHE_INVALIDATION_TOOLS = new Set([
   'update_goal_field',
   'supersede_goal_field',
   'request_credential_auth',
+  'register_data_source',
   'bind_workspace_scenario',
   'create_workspace',
   'rename_workspace',
@@ -246,6 +248,7 @@ function inferToolForApi(method, apiPath, body) {
   if (method === 'POST' && cleanPath === '/goal-fields/update') return 'update_goal_field';
   if (method === 'POST' && cleanPath === '/goal-fields/supersede') return 'supersede_goal_field';
   if (method === 'POST' && cleanPath === '/credential-auth/request') return 'request_credential_auth';
+  if (method === 'POST' && cleanPath === '/api/data-sources') return 'register_data_source';
   if (method === 'POST' && cleanPath === '/orchestrate/decision') return 'write_governance_decision';
   if (method === 'POST' && cleanPath === '/orchestrate/correction') return 'write_governance_correction';
   if (method === 'GET'  && cleanPath === '/orchestrate/context') return 'get_orchestrate_context';
@@ -1117,6 +1120,45 @@ server.tool('request_credential_auth',
   }
 );
 
+// ── register_data_source ───────────────────────────────────────────────────────
+server.tool('register_data_source',
+  'Register a workspace data source without binding credential yet. Returns a one-time secure auth URL (10-minute expiry) that should be sent to the user via IM.',
+  {
+    workspace_id: z.string().optional().describe('Target workspace id. Defaults to current workspace context if omitted.'),
+    display_name: z.string().describe('Human-readable data source name.'),
+    source_type: z.string().describe('Data source type, e.g. "mysql", "postgresql", "api", "csv", "rss", "google_sheets".'),
+    schema_hint: z.any().optional().describe('Optional schema hint JSON for downstream query planning.'),
+  },
+  async ({ workspace_id, display_name, source_type, schema_hint }) => {
+    const targetWorkspaceId = (workspace_id ?? currentWorkspaceId ?? WORKSPACE_ID ?? '').trim();
+    if (!targetWorkspaceId) {
+      return { isError: true, content: [{ type: 'text', text: 'workspace_id is required (no current workspace context).' }] };
+    }
+
+    const body = {
+      workspace_id: targetWorkspaceId,
+      display_name,
+      source_type,
+    };
+    if (schema_hint !== undefined) body.schema_hint = schema_hint;
+
+    const data = await api('POST', '/api/data-sources', body);
+    return {
+      content: [{
+        type: 'text',
+        text:
+          `Data source registered.\n` +
+          `workspace_id=${data.workspace_id ?? targetWorkspaceId}\n` +
+          `data_source_id=${data.data_source_id}\n` +
+          `source_type=${data.source_type ?? source_type}\n` +
+          `expires_at=${data.expires_at ?? 'unknown'}\n` +
+          `secure_auth_url=${data.secure_auth_url}\n\n` +
+          `Send secure_auth_url to the user in IM so they can complete credential binding securely.`,
+      }],
+    };
+  }
+);
+
 // ── request_approval ──────────────────────────────────────────────────────────
 server.tool('request_approval',
   'Request human approval before executing a sensitive platform action (posting, sending, publishing). Returns an action_id. After the human approves, call execute_approved_action with that ID.',

package/src/mcp-config.js

@@ -58,7 +58,8 @@ function baseEnvForServer(serverKey, { serverUrl, authToken, agentId, workspaceI
     return { SERVER_URL: serverUrl, MACHINE_API_KEY: authToken, AGENT_ID: agentId };
   }
   if (
-    serverKey === 'publisher'
+    serverKey === 'mysql'
+    || serverKey === 'publisher'
     || serverKey === 'platform'
     || serverKey === 'research-fetch'
     || serverKey === 'market-data-query'