@mhingston5/conduit 1.0.0

package/src/gateway/gateway.service.ts

@@ -0,0 +1,345 @@
+import { Logger } from 'pino';
+import { UpstreamClient, UpstreamInfo } from './upstream.client.js';
+import { AuthService } from './auth.service.js';
+import { SchemaCache, ToolSchema } from './schema.cache.js';
+import { JSONRPCRequest, JSONRPCResponse, ToolPackage, ToolStub } from '../core/types.js';
+import { ExecutionContext } from '../core/execution.context.js';
+import { IUrlValidator } from '../core/interfaces/url.validator.interface.js';
+import { metrics } from '../core/metrics.service.js';
+import { PolicyService, ToolIdentifier } from '../core/policy.service.js';
+import { Ajv } from 'ajv';
+import addFormats from 'ajv-formats';
+
+export class GatewayService {
+    private logger: Logger;
+    private clients: Map<string, UpstreamClient> = new Map();
+    private authService: AuthService;
+    private schemaCache: SchemaCache;
+    private urlValidator: IUrlValidator;
+    private policyService: PolicyService;
+    private ajv: Ajv;
+    // Cache compiled validators to avoid recompilation on every call
+    private validatorCache = new Map<string, any>();
+
+    constructor(logger: Logger, urlValidator: IUrlValidator, policyService?: PolicyService) {
+        this.logger = logger;
+        this.urlValidator = urlValidator;
+        this.authService = new AuthService(logger);
+        this.schemaCache = new SchemaCache(logger);
+        this.policyService = policyService ?? new PolicyService();
+        this.ajv = new Ajv({ strict: false }); // Strict mode off for now to be permissive with upstream schemas
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        (addFormats as any).default(this.ajv);
+    }
+
+    registerUpstream(info: UpstreamInfo) {
+        const client = new UpstreamClient(this.logger, info, this.authService, this.urlValidator);
+        this.clients.set(info.id, client);
+        this.logger.info({ upstreamId: info.id }, 'Registered upstream MCP');
+    }
+
+    async listToolPackages(): Promise<ToolPackage[]> {
+        return Array.from(this.clients.entries()).map(([id, client]) => ({
+            id,
+            description: `Upstream ${id}`, // NOTE: Upstream description fetching deferred to V2
+            version: '1.0.0'
+        }));
+    }
+
+    async listToolStubs(packageId: string, context: ExecutionContext): Promise<ToolStub[]> {
+        const client = this.clients.get(packageId);
+        if (!client) {
+            throw new Error(`Upstream package not found: ${packageId}`);
+        }
+
+        let tools = this.schemaCache.get(packageId);
+
+        // Try manifest first if tools not cached
+        if (!tools) {
+            try {
+                // Try to fetch manifest first
+                const manifest = await client.getManifest(context);
+                if (manifest) {
+                    const stubs: ToolStub[] = manifest.tools.map((t: any) => ({
+                        id: `${packageId}__${t.name}`,
+                        name: t.name,
+                        description: t.description
+                    }));
+
+                    if (context.allowedTools) {
+                        return stubs.filter(t => this.policyService.isToolAllowed(t.id, context.allowedTools!));
+                    }
+                    return stubs;
+                }
+            } catch (e) {
+                // Manifest fetch failed, fall back
+                this.logger.debug({ packageId, err: e }, 'Manifest fetch failed, falling back to RPC');
+            }
+
+            const response = await client.call({
+                jsonrpc: '2.0',
+                id: 'discovery',
+                method: 'list_tools',
+            }, context);
+
+            if (response.result?.tools) {
+                tools = response.result.tools as ToolSchema[];
+                this.schemaCache.set(packageId, tools);
+            } else {
+                this.logger.warn({ upstreamId: packageId, error: response.error }, 'Failed to discover tools from upstream');
+                tools = [];
+            }
+        }
+
+        const stubs: ToolStub[] = tools.map(t => ({
+            id: `${packageId}__${t.name}`,
+            name: t.name,
+            description: t.description
+        }));
+
+        if (context.allowedTools) {
+            return stubs.filter(t => this.policyService.isToolAllowed(t.id, context.allowedTools!));
+        }
+
+        return stubs;
+    }
+
+    async getToolSchema(toolId: string, context: ExecutionContext): Promise<ToolSchema | null> {
+        if (context.allowedTools && !this.policyService.isToolAllowed(toolId, context.allowedTools)) {
+            throw new Error(`Access to tool ${toolId} is forbidden by allowlist`);
+        }
+
+        const parsed = this.policyService.parseToolName(toolId);
+        const upstreamId = parsed.namespace;
+        const toolName = parsed.name;
+
+        // Ensure we have schemas for this upstream
+        if (!this.schemaCache.get(upstreamId)) {
+            // Force refresh if missing
+            await this.listToolStubs(upstreamId, context);
+        }
+
+        const tools = this.schemaCache.get(upstreamId) || [];
+        const tool = tools.find(t => t.name === toolName);
+
+        if (!tool) return null;
+
+        // Return schema with namespaced name
+        return {
+            ...tool,
+            name: toolId
+        };
+    }
+
+    async discoverTools(context: ExecutionContext): Promise<ToolSchema[]> {
+        const allTools: ToolSchema[] = [];
+
+        for (const [id, client] of this.clients.entries()) {
+            let tools = this.schemaCache.get(id);
+
+            if (!tools) {
+                const response = await client.call({
+                    jsonrpc: '2.0',
+                    id: 'discovery',
+                    method: 'list_tools', // Standard MCP method
+                }, context);
+
+                if (response.result?.tools) {
+                    tools = response.result.tools as ToolSchema[];
+                    this.schemaCache.set(id, tools);
+                } else {
+                    this.logger.warn({ upstreamId: id, error: response.error }, 'Failed to discover tools from upstream');
+                    tools = [];
+                }
+            }
+
+            const prefixedTools = tools.map(t => ({ ...t, name: `${id}__${t.name}` }));
+
+            if (context.allowedTools) {
+                // Support wildcard patterns: "mock.*" matches "mock__hello"
+                allTools.push(...prefixedTools.filter(t => this.policyService.isToolAllowed(t.name, context.allowedTools!)));
+            } else {
+                allTools.push(...prefixedTools);
+            }
+        }
+
+        return allTools;
+    }
+
+    async callTool(name: string, params: any, context: ExecutionContext): Promise<JSONRPCResponse> {
+        if (context.allowedTools && !this.policyService.isToolAllowed(name, context.allowedTools)) {
+            this.logger.warn({ name, allowedTools: context.allowedTools }, 'Tool call blocked by allowlist');
+            return {
+                jsonrpc: '2.0',
+                id: 0,
+                error: {
+                    code: -32003,
+                    message: `Authorization failed: tool ${name} is not in the allowlist`,
+                },
+            };
+        }
+
+        const toolId = this.policyService.parseToolName(name);
+        const upstreamId = toolId.namespace;
+        const toolName = toolId.name;
+
+        const client = this.clients.get(upstreamId);
+        if (!client) {
+            return {
+                jsonrpc: '2.0',
+                id: 0,
+                error: {
+                    code: -32003,
+                    message: `Upstream not found: ${upstreamId}`,
+                },
+            };
+        }
+
+        // Lazy load schema if missing (Phase 1)
+        if (!this.schemaCache.get(upstreamId)) {
+            await this.listToolStubs(upstreamId, context);
+        }
+
+        const tools = this.schemaCache.get(upstreamId) || [];
+        const toolSchema = tools.find(t => t.name === toolName);
+
+        if (context.strictValidation) {
+            if (!toolSchema) {
+                return {
+                    jsonrpc: '2.0',
+                    id: 0,
+                    error: {
+                        code: -32601, // Method not found / Schema missing
+                        message: `Strict mode: Tool schema for ${name} not found`,
+                    },
+                };
+            }
+            if (!toolSchema.inputSchema) {
+                return {
+                    jsonrpc: '2.0',
+                    id: 0,
+                    error: {
+                        code: -32602, // Invalid params
+                        message: `Strict mode: Tool ${name} has no input schema defined`,
+                    },
+                };
+            }
+        }
+
+        if (toolSchema && toolSchema.inputSchema) {
+            const cacheKey = `${upstreamId}__${toolName}`;
+            let validate = this.validatorCache.get(cacheKey);
+            if (!validate) {
+                validate = this.ajv.compile(toolSchema.inputSchema);
+                this.validatorCache.set(cacheKey, validate);
+            }
+            const valid = validate(params);
+            if (!valid) {
+                return {
+                    jsonrpc: '2.0',
+                    id: 0,
+                    error: {
+                        code: -32602, // Invalid params
+                        message: `Invalid parameters for tool ${name}: ${this.ajv.errorsText(validate.errors)}`,
+                    },
+                };
+            }
+        }
+
+        const startTime = performance.now();
+        let success = false;
+        let response: JSONRPCResponse;
+
+        try {
+            response = await client.call({
+                jsonrpc: '2.0',
+                id: context.correlationId,
+                method: 'call_tool',
+                params: {
+                    name: toolName,
+                    arguments: params,
+                },
+            }, context);
+            success = !response.error;
+        } catch (error: any) {
+            success = false;
+            throw error;
+        } finally {
+            const duration = performance.now() - startTime;
+            metrics.recordToolExecution(duration, toolName, success);
+        }
+
+        if (response.error && response.error.code === -32008) {
+            // Potentially refresh cache on certain types of errors
+            this.schemaCache.invalidate(upstreamId);
+        }
+
+        return response;
+    }
+
+    async healthCheck(): Promise<{ status: string; upstreams: Record<string, string> }> {
+        const upstreamStatus: Record<string, string> = {};
+        const context = new ExecutionContext({ logger: this.logger });
+
+        await Promise.all(
+            Array.from(this.clients.entries()).map(async ([id, client]) => {
+                try {
+                    const response = await client.call({
+                        jsonrpc: '2.0',
+                        id: 'health',
+                        method: 'list_tools',
+                    }, context);
+                    upstreamStatus[id] = response.error ? 'degraded' : 'active';
+                } catch (err) {
+                    upstreamStatus[id] = 'error';
+                }
+            })
+        );
+
+        const allOk = Object.values(upstreamStatus).every(s => s === 'active');
+        return {
+            status: allOk ? 'ok' : 'degraded',
+            upstreams: upstreamStatus,
+        };
+    }
+    async validateTool(name: string, params: any, context: ExecutionContext): Promise<{ valid: boolean; errors?: string[] }> {
+        const toolId = this.policyService.parseToolName(name);
+        const upstreamId = toolId.namespace;
+        const toolName = toolId.name;
+
+        // Ensure we have schemas
+        if (!this.schemaCache.get(upstreamId)) {
+            await this.listToolStubs(upstreamId, context);
+        }
+
+        const tools = this.schemaCache.get(upstreamId) || [];
+        const toolSchema = tools.find(t => t.name === toolName);
+
+        if (!toolSchema) {
+            return { valid: false, errors: [`Tool ${name} not found`] };
+        }
+
+        if (context.strictValidation) {
+            if (!toolSchema.inputSchema) {
+                return { valid: false, errors: [`Strict mode: Tool ${name} has no input schema defined`] };
+            }
+        }
+
+        if (!toolSchema.inputSchema) {
+            // No schema means any params are valid (unless strict mode, which we handled above)
+            return { valid: true };
+        }
+
+        const validate = this.ajv.compile(toolSchema.inputSchema);
+        const valid = validate(params);
+
+        if (!valid) {
+            return {
+                valid: false,
+                errors: validate.errors?.map(e => this.ajv.errorsText([e])) || ['Unknown validation error']
+            };
+        }
+
+        return { valid: true };
+    }
+}

package/src/gateway/schema.cache.ts

@@ -0,0 +1,46 @@
+import { LRUCache } from 'lru-cache';
+import { Logger } from 'pino';
+import { metrics } from '../core/metrics.service.js';
+
+export interface ToolSchema {
+    name: string;
+    description?: string;
+    inputSchema: any;
+}
+
+export class SchemaCache {
+    private cache: LRUCache<string, ToolSchema[]>;
+    private logger: Logger;
+
+    constructor(logger: Logger, max: number = 100, ttl: number = 1000 * 60 * 60) { // 1 hour TTL default
+        this.logger = logger;
+        this.cache = new LRUCache({
+            max,
+            ttl,
+        });
+    }
+
+    get(upstreamId: string): ToolSchema[] | undefined {
+        const result = this.cache.get(upstreamId);
+        if (result) {
+            metrics.recordCacheHit();
+        } else {
+            metrics.recordCacheMiss();
+        }
+        return result;
+    }
+
+    set(upstreamId: string, tools: ToolSchema[]) {
+        this.logger.debug({ upstreamId, count: tools.length }, 'Caching tool schemas');
+        this.cache.set(upstreamId, tools);
+    }
+
+    invalidate(upstreamId: string) {
+        this.logger.debug({ upstreamId }, 'Invalidating schema cache');
+        this.cache.delete(upstreamId);
+    }
+
+    clear() {
+        this.cache.clear();
+    }
+}

package/src/gateway/upstream.client.ts

@@ -0,0 +1,244 @@
+import { Logger } from 'pino';
+import axios from 'axios';
+import { JSONRPCRequest, JSONRPCResponse, ToolManifest } from '../core/types.js';
+import { AuthService, UpstreamCredentials } from './auth.service.js';
+import { ExecutionContext } from '../core/execution.context.js';
+import { IUrlValidator } from '../core/interfaces/url.validator.interface.js';
+
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+import { z } from 'zod';
+
+export type UpstreamInfo = {
+    id: string;
+    credentials?: UpstreamCredentials;
+} & (
+        | { type?: 'http'; url: string }
+        | { type: 'stdio'; command: string; args?: string[]; env?: Record<string, string> }
+    );
+
+export class UpstreamClient {
+    private logger: Logger;
+    private info: UpstreamInfo;
+    private authService: AuthService;
+    private urlValidator: IUrlValidator;
+    private mcpClient?: Client;
+    private transport?: StdioClientTransport;
+
+    constructor(logger: Logger, info: UpstreamInfo, authService: AuthService, urlValidator: IUrlValidator) {
+        this.logger = logger.child({ upstreamId: info.id });
+        this.info = info;
+        this.authService = authService;
+        this.urlValidator = urlValidator;
+
+        if (this.info.type === 'stdio') {
+            const env = { ...process.env, ...this.info.env };
+            // Filter undefined values
+            const cleanEnv = Object.entries(env).reduce((acc, [k, v]) => {
+                if (v !== undefined) acc[k] = v;
+                return acc;
+            }, {} as Record<string, string>);
+
+            this.transport = new StdioClientTransport({
+                command: this.info.command,
+                args: this.info.args,
+                env: cleanEnv,
+            });
+            this.mcpClient = new Client({
+                name: 'conduit-gateway',
+                version: '1.0.0',
+            }, {
+                capabilities: {},
+            });
+        }
+    }
+
+    private async ensureConnected() {
+        if (!this.mcpClient || !this.transport) return;
+        // There isn't a public isConnected property easily accessible, 
+        // usually we just connect once.
+        // We can track connected state or just try/catch connect.
+        // For simplicity, we connect once and existing sdk handles reconnection or errors usually kill it.
+        // Actually SDK Client.connect() is for the transport.
+        try {
+            // @ts-ignore - Check internal state or just attempt connect if we haven't
+            if (!this.transport.connection) {
+                await this.mcpClient.connect(this.transport);
+            }
+        } catch (e) {
+            // connection might already be active
+        }
+    }
+
+    async call(request: JSONRPCRequest, context: ExecutionContext): Promise<JSONRPCResponse> {
+        // Helper to determine type safely
+        const isStdio = (info: UpstreamInfo): info is { type: 'stdio'; command: string; args?: string[]; env?: Record<string, string>; id: string; credentials?: UpstreamCredentials } => info.type === 'stdio';
+
+        if (isStdio(this.info)) {
+            return this.callStdio(request);
+        } else {
+            return this.callHttp(request, context as ExecutionContext);
+        }
+    }
+
+    private async callStdio(request: JSONRPCRequest): Promise<JSONRPCResponse> {
+        if (!this.mcpClient) {
+            return { jsonrpc: '2.0', id: request.id, error: { code: -32603, message: 'Stdio client not initialized' } };
+        }
+
+        try {
+            await this.ensureConnected();
+
+            // Map GatewayService method names to SDK typed methods
+            if (request.method === 'list_tools') {
+                const result = await this.mcpClient.listTools();
+                return {
+                    jsonrpc: '2.0',
+                    id: request.id,
+                    result: result
+                };
+            } else if (request.method === 'call_tool') {
+                const params = request.params as { name: string; arguments?: Record<string, unknown> };
+                const result = await this.mcpClient.callTool({
+                    name: params.name,
+                    arguments: params.arguments,
+                });
+                return {
+                    jsonrpc: '2.0',
+                    id: request.id,
+                    result: result
+                };
+            } else {
+                // Fallback to generic request for other methods
+                const result = await this.mcpClient.request(
+                    { method: request.method, params: request.params },
+                    z.any()
+                );
+                return {
+                    jsonrpc: '2.0',
+                    id: request.id,
+                    result: result
+                };
+            }
+        } catch (error: any) {
+            this.logger.error({ err: error }, 'Stdio call failed');
+            return {
+                jsonrpc: '2.0',
+                id: request.id,
+                error: {
+                    code: error.code || -32603,
+                    message: error.message || 'Internal error in stdio transport'
+                }
+            };
+        }
+    }
+
+    private async callHttp(request: JSONRPCRequest, context: ExecutionContext): Promise<JSONRPCResponse> {
+        // Narrowing for TS
+        if (this.info.type === 'stdio') throw new Error('Unreachable');
+        const url = this.info.url;
+
+        const headers: Record<string, string> = {
+            'Content-Type': 'application/json',
+            'X-Correlation-Id': context.correlationId,
+        };
+
+        if (context.tenantId) {
+            headers['X-Tenant-Id'] = context.tenantId;
+        }
+
+        if (this.info.credentials) {
+            const authHeaders = await this.authService.getAuthHeaders(this.info.credentials);
+            Object.assign(headers, authHeaders);
+        }
+
+        const securityResult = await this.urlValidator.validateUrl(url);
+        if (!securityResult.valid) {
+            this.logger.error({ url }, 'Blocked upstream URL (SSRF)');
+            return {
+                jsonrpc: '2.0',
+                id: request.id,
+                error: {
+                    code: -32003,
+                    message: securityResult.message || 'Forbidden URL',
+                },
+            };
+        }
+
+        try {
+            this.logger.debug({ method: request.method }, 'Calling upstream MCP');
+
+            // Fix Sev1: Use the resolved safe IP to prevent DNS rebinding
+            const originalUrl = new URL(url);
+            const requestUrl = securityResult.resolvedIp ?
+                `${originalUrl.protocol}//${securityResult.resolvedIp}${originalUrl.port ? ':' + originalUrl.port : ''}${originalUrl.pathname}${originalUrl.search}${originalUrl.hash}` :
+                url;
+
+            // Ensure Host header is set to the original hostname for virtual hosting/SNI
+            headers['Host'] = originalUrl.hostname;
+
+            const response = await axios.post(requestUrl, request, {
+                headers,
+                timeout: 10000,
+                maxRedirects: 0,
+            });
+
+            return response.data as JSONRPCResponse;
+        } catch (err: any) {
+            this.logger.error({ err: err.message }, 'Upstream MCP call failed');
+            return {
+                jsonrpc: '2.0',
+                id: request.id,
+                error: {
+                    code: -32008,
+                    message: `Upstream error: ${err.message}`,
+                },
+            };
+        }
+    }
+    async getManifest(context: ExecutionContext): Promise<ToolManifest | null> {
+        if (this.info.type !== 'http') return null;
+
+        try {
+            const baseUrl = this.info.url.replace(/\/$/, ''); // Remove trailing slash
+            const manifestUrl = `${baseUrl}/conduit.manifest.json`;
+
+            const headers: Record<string, string> = {
+                'X-Correlation-Id': context.correlationId,
+            };
+
+            if (this.info.credentials) {
+                const authHeaders = await this.authService.getAuthHeaders(this.info.credentials);
+                Object.assign(headers, authHeaders);
+            }
+
+            const securityResult = await this.urlValidator.validateUrl(manifestUrl);
+            if (!securityResult.valid) {
+                this.logger.warn({ url: manifestUrl }, 'Blocked manifest URL (SSRF)');
+                return null;
+            }
+
+            // Fix Sev1 approach: Use resolved IP
+            const originalUrl = new URL(manifestUrl);
+            const requestUrl = securityResult.resolvedIp ?
+                `${originalUrl.protocol}//${securityResult.resolvedIp}${originalUrl.port ? ':' + originalUrl.port : ''}${originalUrl.pathname}${originalUrl.search}${originalUrl.hash}` :
+                manifestUrl;
+
+            headers['Host'] = originalUrl.hostname;
+
+            const response = await axios.get(requestUrl, {
+                headers,
+                timeout: 5000,
+                maxRedirects: 0,
+            });
+
+            if (response.status === 200 && response.data && Array.isArray(response.data.tools)) {
+                return response.data;
+            }
+        } catch (error) {
+            // Ignore manifest errors and fallback to RPC
+            this.logger.debug({ err: error }, 'Failed to fetch manifest (will fallback)');
+        }
+        return null;
+    }
+}